What is your security setup these days?

Hey gesc, can I ask why do you use Avast over the other better AV's out there?

dja2k

 

Fort Knox:
*firewalled router
*KAV 6
*system safety monitor (paid version)
*firefox (with no script)


testing:
*firewalled router
*Prevx1R
*I.E.

 

Acronis True Image Home as image backup software
FirstDefense-ISR as immediate system recovery, ...
Faronics Anti-Executable, installed in a frozen FDISR-snapshot (test mode)
Mozilla Firefox + adblock + noscript for surfing.
Mozilla Thunderbird for ignoring and removing spam-emails at once.
Look 'n' Stop supported by D-Link DI-604 router.

Security setup isn't finished yet.

 

Desktop:

Nod32
BOClean
Zonealarm free firewall
SAS(on demand)

Laptop:

Antivir Personal Edition Classic (free)
Jetico Personal Firewall
BOClean
Ewido (on-demand free)

 

new
retired machine and trying out SmoothWall firewall.
trying Virtual PC.

ongoing

 

Thanks dja2k, I often check what you and WSFuser are using.

 

i was having some BSOD while playing UT2004 and thinking it was LnS i switched. unfortunately the BSOD is somewhat random and cannot be forced, so my thoughts could be wrong.

i know ewido offers an online scanner, but are u using others too or which ones?

 

I use ewido online scan and also the Trend Micro's Anti-Spyware for the web. They might give some false positives, but I know which ones aren't.

Wow guys! I like to thank all of you for keeping this thread alive. I see we still get new comers. That is great!

dja2k

 

Wireless router
IE 7
Spywareblaster
WFW
BD 10
GESWall

Ewido on demand

 

I am using:
SAS
Spyware Blaster
Nod32
Counterspy Manually

This is what happened when I ran SAS and all it found was 7 cookies I then ran Counterspy with this result:
http://i88.photobucket.com/albums/k180/irvdk/CS.jpg

Irv

 

Irv - excellent example - no single application can get every spyware item every day - there are many items we (SUPERAntiSpyware) detect that CounterSpy (or others) won't detect. That is why users should run at least 2 on-demand scanners. With the number of new spyware items coming out daily, no single company can be expected to get everything, every day - it's just the plain reality in the spyware game.

I would be curious to see exactly what was detected under those items - were they actual files, or traces? I would also be interested in receiving the samples and I will update our definitions if necessary.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

 

Nick,
Here you are:

Spyware Scan Details
Start Date: 9/8/2006 4:11:55 PM End Date: 9/8/2006 4:43:12 PM Total Time: 31 mins 17 secs
Detected spyware
Backdoor.NancyAjram Backdoor more information...
Details: NancyAjram is a Backdoor Trojan that gives an attacker unauthorized access to a compromised computer. Status: Deleted

Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions HKEY_CURRENT_USER\Software\Cygnus Solutions
Hero Screen Recorder 2.0.2 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted

Infected cookies detected
c:\documents and settings\iry\cookies\irv@secure.emetrix[1].txt
statcounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted

Infected cookies detected
c:\documents and settings\iry\cookies\irv@statcounter[2].txt

 

Thank you for providing the information. It appears what was basically located were cookies.....hence the \cookies\ folder path and the irv@<domain>.txt syntax - nothing harmful. All of us vendors have to detect cookies because if we don't this type of thing happens - people feel they have real "spyware" when infect they are harmless text files aka "cookies"

Here is my blog with information regarding cookies:
http://superantispyware.blogspot.com

I would be curious to see what files were located under the Backdoor.NancyAjram to see if it was an active life infection or just traces left over.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

 

Nick not sure what it is that you want:

Backdoor.NancyAjram Backdoor more information...
Details: NancyAjram is a Backdoor Trojan that gives an attacker unauthorized access to a compromised computer.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions
HKEY_CURRENT_USER\Software\Cygnus Solutions


"more info"
Backdoor.NancyAjram
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Backdoor
Category Description A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Level Moderate
Level Description Moderate risk threats are often bundled with functionally unrelated software or installed without adequate notice and consent, and may display unwanted advertising on the user's desktop. Such threats may track users' online browsing habits and transmit non-personally identifying data back to a server in order to target advertising. These threats may be configured to start automatically with the operating system, use an auto-updater that the user cannot control, or install other functionally separate programs without adequate notice and consent.
Advice Type Remove
Description NancyAjram is a Backdoor Trojan that gives an attacker unauthorized access to a compromised computer.
Author Khaled El-Mir
File Traces
%DESKTOPDIRECTORY%\NancyAjram Backdoor by Khaled\client.exe
%DESKTOPDIRECTORY%\NancyAjram Backdoor by Khaled\NancyAjram.exe
%SYSTEM%\NancyAjram.exe
%WINDOWS%\Desktop\NancyAjram Backdoor by Khaled\client.exe
%WINDOWS%\Desktop\NancyAjram Backdoor by Khaled\NancyAjram.exe
C:\dlls\ArabicStrip.wma.exe
C:\dlls\************.mpg.exe
C:\dlls\****Movie.wma.exe
C:\dlls\HotMovie.wma.exe
C:\dlls\MissLebanon.jpg.exe
C:\dlls\MyFirstSex.wma.exe
C:\dlls\SexCaptured.jpg.exe
C:\dlls\SexMovie.mpg.exe
C:\dlls\SexyArabicGirl.jpg.exe
C:\dlls\SexyHaifa.jpg.exe
C:\dlls\SexyLebaneseGirl.jpg.exe
C:\dlls\SexyNancy.jpg.exe
C:\dlls\StolenSexVideo.wma.exe

 

It looks like there were just a couple of registry keys (harmless) detected - so the infection was not actually live on your system (it appears).

So, to clarify, what SUPERAntiSpyware missed, was a couple of cookies and a registry key trace - nothing harmful. I was concerned that SAS left behind something harmful and I wanted to make sure we updated our definitions as necessary - it looks like in this case, things are ok as the items located did not appear to be harmful (which is good for your system)

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

 

Porn sites, cookies, and infected files. Just my kind of talk to prove that no one is safe behind a computer while surfing for porn.

dja2k

 

Hello,
I must disagree.
Mrk

 

Well I forgot to mention, no one is safe without the right protection and security.

dja2k

 

That's exactly what makes it so strange. I was not and have not been to a porn site for the last 9 years. So my question is how did that come about?

 

I also find it strange. That you haven't been to a porn site for 9 years!!! What's wrong with you!!! Hehe, only kidding. I just thought that a little amusing. And more so the fact that you were so precise. 9 years. Most people would say 10 years or "For over 5 years". Saying 9 years is very precise, as though you are keeping track. My last visit was about 9 hours ago but it's easier for me to keep track as that's not really a long time ago is it?

Happy surfing!

muf

 

Wife caught me and in no uncertain terms made it clear that there would be no more of that!!!

 

Thats why you should stay late in the office and watch it there.

Anyways about that porn site stuff, most days, software crack and serial number sites have a lot of advertising from other sites that deal with porn. Also pirated software sites do the same. That is the only way they stay alive, no one else who actually provide support for illegal activity like that, but porn sites.

dja2k

 

I'm very lucky. My wife see's it as 'bloke' stuff. She doesn't mind. How lucky am i?

muf

 

I'm pretty settled on my security setup, but I'm also always on the look-out for somthin' new to try:

Belkin Pre-N Router w/ firewall & SPI enabled
OutPost Firewall Pro: Plugin's: AntiSpyware, Attack Detection, DNS Cache, HTTP Log.
NOD32: Scans C Drive daily
ewido 4.0 Plus: Scans C drive daily
Socket Shield 1.0
SSM 2.1.15.588 Paid Version
FD-ISR Instant System Recovery : Daily, Daily Archive & Weekly Archive B-U's
ATI Ver.3677 System Image : Daily & Weekly B-U's
Genie Back-Up Manager Pro Ver 7: File Back-Up : Daily & Weekly B-U's
Firefox: Adblock Plus, Adblock Filterset G. Updater, NoScript, CookieSafe, Tweak Network, Mr. Tech Local Install
IE 7 beta

...screamer

 

@screamer - why do u run daily scans on your disk? isnt it a bit much.