You can only have 4 Anti-Malware apps: What would you run?

Just a cautionary advice to yourself or anyothers seeing this as a potential security solution.What is stated is correct for rollback/imaging as long as 2 potential events/scenario's do not occur.

1) If bad code runs on your machine borks SU then your rollback is shot.Relying soley on Avast AV for def based protection against malicious code is a false sense of security.

2)Session infection- in all theories if again bad code executed on your machine(not picked up by Avast) that there is the potential for security compromise.
If you are using this 'puter for holding sensitive data then in all theories if a backdoor/PSW trojan installed past Avast you have no other checkpoints to ensure the security of that session or data contained apon that PC.

Although theses are outside possibilities and not forgone conclusions i for one would not be happy with these potential *weak* points in your chosen 4 antimalwares unless of course you/i had nothing on my PC i was'nt prepared to share with 3rd parties of the criminal kind

I would add at least a software firewall to control outbound communications from this computer

It is often overlooked by folks that although imaging/rollback is excellent for recovery but offers no current session security as such !

HTH

 

Well, my point was that Window Washer or something similar is a utility that you should run regularly anyway (I do once a day), so I don't feel that it is appropriate to add the time it takes to run, maybe a minute or two, to the overall scan time regardless of which AS you are using, and any such cleaner will cut the scan time with any AS because it is deleting files that would otherwise be scanned, unless your app is set up to ignore them.

About Process Explorer, I usually have it running all day anyway, not just before a scan, and it comes up almost instantly. Watching its own process on the table, I find that it doesn't take up much cycle time at all, so it is not burdensome on my system. It's invaluable when my system seems very slow to respond for some unknown reason - is it me, or a server or something else external to me? PE lets me see what processes if any are soaking up the CPU time. Very handy.

My response is similar with defragmentation of the hard drive: it's a utility you should run occasionally anyway. I run mine every week or so. Depending on the amount of downloading and updating, I guess it takes 2-3 minutes if done regularly. I don't defrag before every scan as I don't think it is necessary.

I see what you are saying. I claim a 16-17 minute full scan, but I am not including in that figure the run times for other utilities that shorten that scan time. My point is that I run these utilities (WW and Disc Defragmenter) anyway, so I don't feel it is appropriate to add their running times to the total. Process Explorer is a different animal from the other utilities mentioned, and is irrelevant.

 

quote from diskeeper website
"Automatic online directory consolidation boosts virus scans, back-ups and file searches"
lodore

 

This is my current set-up. I feel, for my machine it is a good balance of performance and security.

Xp firewall (with xpfiremon)
App/Reg Defend
Avast (Web/Network/P2P/Standard shields enabled)
Spywareblaster

I also use FF with noscript and the missus uses Opera.
I feel quite safe with this setup and never discover any malware on my system (scanning with several on demand scanners), other than the odd cookie.
For my machine this setup is quite light, together running at about 28mb RAM and more often than not zero CPU.
This is also a totally free setup which gives me protection equal to many paid for apps/suites IMO.

 

1. Hardware Firewall
2. Firefox - no scripts
3. Mail provider scanning www.netaddress.com
4. system images - to restore if ever anything bad got thru

 

I've had this config for quite a while and it's served me well:

OutPost Pro
AVG AS
NOD32
SSM

Also run FF w/ no script and adblocker plus exclusively

 

Thanks, fcukdat. I totally spaced having a hardware firewall and LnS outbound firewall installed.

In any case, Shadowsurfer (not Shadowuser. Brain cramp) is history. I got it into shadowmode and then shadowmode wouldn't deactivate. My computer wouldn't reboot, and when I had to hard boot it by turning it off and on, Shadowmode was still there. Tried a number of times and finally spent a full 45 minutes plus this morning trying to get rid of Shadowsurfer before it would finally uninstall.

It's a shame. I liked the concept, but there ARE times I'd prefer not to be in Shadowmode. I'm back to Bufferzone. It works.

 

If I had to choose just four:

Norton Internet Security - AV, firewall, antispam, now has AS - mostly recommended for the first two items

Spy Sweeper (currently version 5.2)

SpywareBlaster

Windows XP Service Pack 2 and associated updates - necessary plugs for Microsoft products

Not an easy choice to make, as there are plenty of other good antimalware combinations that would no doubt provide as good (or maybe better) protection, but I consider these the nucleus of my well-protected system.

 

I'm sure that at least some other Imaging programs must work this way but Acronis is able to restore even when it is not possible to boot.

My main system is partitioned as C: for XP and programs F: for data and G:
for images. If I couldn't boot I would simply boot from the emergency CD.

C: and F: are imaged daily so it is true that I have no current security and could find I had lost a days work but as I haven't seen any real malware in years I guess I could live with the loss.

I wouldn't trade Acronis for all available Malware programs paid for or free.

 

How does Acronis work? Does it make an image on a partition of the hard drive, or does it copy to an external drive? Probably gives you the option for either, I would guess.

If on a partition, you must be cooked if your hard drive crashes; that happened to me once.

If an external drive, any idea what is available to back up say 20 gig from the hard drive? Are they available that large? I've been thinking about external backup, but haven't gotten around to it for lack of knowledge.

 

Long View,

I believe that you are missing the underlying point made by fcukdat. You're focusing on loss of files and/or file corruption. When malware was simple cybervandalism, that was the primary concern and any system recovery measure should be ably up to that task.

However, objectives have changed over time. Recovery as the primary objective harkens back to the days before malware was a money making enterprise. The primary objective of some malware these days is to separate you from your money/assets/personal information/identity. If this information is harvested and transmitted within a login session, it's really irrelevant whether you restore your PC to its previous state or not since the mission of the malware has been accomplished and there is no further need for activity. In fact, if you think about it, in some ways your approach is the best case scenario for a software-based thief since you have just wiped all evidence of the trespass.

Now, is this a problem you need to continually obsess over? Of course not! However, if you are implementing measures against potential problems, it is important to understand the scope of the solution employed. You may already have an alternate security solution in place in addition to backup. However, using a system backup approach as a substitute for a security solution is not it.

Blue

 

I take your point about harvesting - Acronis would be of no value. For what its worth I primarily rely on my hardware firewall, and Firefox - no scripts to protect me here. My mail is scanned before delivery and every so often I load up a number of malware programs (AVG AS, A2, etc) -- run them and find nothing - and then restore my previous image. I have run thru a series of anti-virus programs and haven't seen a virus for years. Probably the malware writers have taken over control of my life years ago and I just don't realize it

 

This is next on my shopping list http://tomshardware.co.uk/2006/08/24/seagate_500_gb_external_hard_drive_goes_esata_uk/

 

If Long View runs his restore program with a hardware firewall and (probably) another software firewall, how will the information be stolen during the login session?

I still don't see a reason for anything but a good firewall, my Deep Freeze and Anti-Executable -- and my own common sense. How will my money/assets/personal information/identity be stolen? Could you give us a scenario? Maybe I'm missing something!

Gerard

 

its possible if:

1. the AV misses the malware

and

2. theres no program (like a software firewall) to stop the malware from connecting out

 

I don't even run an onboard AV. I run Deep Freeze and then Anti-Executable will stop any malware from executing and yes, my firewall will stop any unwanted outbound connections. What malware would frighten you in this scenario?

 

I have experienced that "EXACT" same disturbing scenario. This is what i discovered thru trial and error to remedy, or should i say "workaround" it.

ShadowSurfer for whatever reason is "stuck" in Shadow mode after each reboot. No matter what i try it stays stuck and will not REBOOT right after i select "Disable ShadowMode". I know it's designed to keep my unit safe but at my own discretion in my own time thank you.
When it comes up next boot after you have to manually RESET by pressing the off button on PC, use a good Task Manager like AdvanceProcessTermination by DiamondCS. Mine is Version 4.0 w/ 2 sets of Kernel Kill, i only need #1.
Terminate BOTH SS process files: suatshut.exe & shadowsurfer.exe
At least this is been method, crude but makes Shadowsurfer tolerable instead of ditching it.
Next i go to ADD/REMOVE PROGRAMS in Control Panel and Uninstall, it throws up a message at times saying ShadowMode is still enabled and must be Disabled before Uninstalling. Bah!! I do it anyway then Reboot manually again w/ the RESET button, next time the PC boots up guess what?
Hooray! Finally out of ShadowMode, tray icon & background wallpaper bears this out. I know is a pain in the neck, but untill i find a replacement for ShadowSurfer or discover a permanent remedy, this procedure pulls my PC out of that mode, THEN IF IT TICKED ME OFF REAL BAD, i can really UNINSTALL it from the PC since ShadowMode is indeed "Disabled" and not locking the station anymore.

 

"Next i go to ADD/REMOVE PROGRAMS in Control Panel and Uninstall, it throws up a message at times saying ShadowMode is still enabled and must be Disabled before Uninstalling. Bah!! I do it anyway then Reboot manually again w/ the RESET button, next time the PC boots up guess what?
Hooray! Finally out of ShadowMode,"

Yep, exact same situation I ran into. At least I know it isn't my PC.

Every single thing you mentioned, I had happen. I finally got rid of it, although I still have the .exe on another drive, along with the key, although I doubt I'll ever use it again.

With your permission, I'd like to copy your post since it's more detailed than I can do and email them about the problem.

 

In the original post by OP last page there was no mention of a software firewall although this was included in a subsequent reply later on.If you read from the last post of the last page onwards you will see where you have reversed the the arguement

You are technically correct on what you say i for my crimes use only software firewall,process firewall and IDS as core security policy but and this is the big *but* we are secure with our setups because we understand what they are doing and how to make decisions/rules etc.

This however would be far beyond your average Joe user ability to utilize effectively.So we should all remember what works for us might not necessarily work for the next person

 

Gerald,

Typically, the role of a hardware firewall is to only reject unsolicited inbound communications with outbound allowed to freely leave. If a software firewall is used, it will generally flag communications made by an unapproved application or using unapproved ports, it doesn't know the intent of those packets.

The information can be stolen if the user provides it in another context within session. This is purely hypothetical at this point. You're focusing on specific avenues to compromise. I'm saying restorability does not equate to security, no more.

Let me start by noting that I believe there are many routes to an appropriate level of security. Those routes span running a machine completely bare of added security products and using the native configuration capabilities of the OS and associated applications to completely lock down the system to using a handful of added security related products. Both extremes and the intervening scenarios are valid approaches for different usage profiles and/or user levels of expertise. One size doen't fit all, but maintaining that image restoration is equivalent to having good security simply misses the point. As I mention above, image restoration maintains good operability, not good security. They are different end goals and this is the specific point that my comment was directed towards. No more, no less. It is important to understand what specific actions accomplish and what they don't accomplish. Facile restoration does not make a system secure.

Your own setup goes well beyond what I was discussing. It doesn't have an AV, but it does implement a whitelist strategy through AE. It is not foolproof since you are still, in principle, susceptible to script based incursions using approved applications and if you decide to install a downloaded application, and it brings along a companion or two, nothing in your setup flags that aside from, as you note, your own commonsense. Is it sufficient? Much more than likely, I personally wouldn't recommend any changes or additions in your case.

The other point that should be made is that measures to take should not simply be based on the frequency of the event, potential severity should also be a factor. Frequency should influence your attitude towards things. My own experiences would suggest individual exposures on a year type timeframe, not a daily or hourly event as some of the paranoia rampant here and elsewhere might suggest.

Blue

 

Update:

NOD32
AVG Anti-Spyware
SpywareBlaster
SUPERAntiSpyware Professional

 

Sandboxie

DropmyRights

AVG antispyware

NAT Route your internet connection.

 

ProSecurity
NOD32
Comodo Firewall
Vmware

 

This thread is going on forever.
I refuse to reply, because the answer is my set-up. I don't have more than 4 apps!

 

I'm using

ZA Antivirus 7 (Kaspersky Engine)
AVG Antispyware (free, on demand)
McAfee Site Advisor
CCleaner

Use Firebird instead of IE.