I have software, to protect my software, to protect my software,etc.

I started thinking today about a couple of things said to me in the past that for some reason hit home. The first I remembered was back when we were testing the original Avira Suite and we talked about how well it went with other applications. I think it was smustaca who said," Why dont you just use the suite."
Nah, that was unthinkable.

The other day, my good friend Jerry M was telling me that he is still using the Kaspersky suite with the good old Systweak key. He said he would not trade version .125 for the world. I then starting thinking of all the software I have either bought, trialed, beta-tested over the last 2 years. I could not even think of every application that was added to protect, what another application might let through, that another piece of software might not handle.

I realized this is crazy, actually borderline obsessive. I have been trying to find 100 percent protection by adding and changing applications and two things struck me like lightning. One, I come here to find products to accomplish this, but yet I know from all here it cant be done. And two, when was the last time I turned my computer on to find a man with a gun, pointed at my face from the screen.

Yes, disasters can happen, like what happened to Larry, but, I really think with just a good suite, the chances equate out to about what having lightning strike you are. It doesnt matter if it is Panda, Kaspersky, Norton, Avira, Eset or the rest, but at some point you just have to trust in what you have and not drown in what you continue to add.

 

So True, I browse the forums and see the latest and greatest
must have innovations in software discussed at length, you
know the kind designed to fill that "gap" in your protection,
and I find myself trialing it for a few days, a week, some a
month and than asking myself do I really need this and so
far the answer has been no although I am downloading
SafeSpace as I am typing this....

Wake

 

That is so true trjam. I have come to the same conclusion.

 

I partially agree. A suite (or just the AV component), a reasonably up-to-date software base and a bit of brain.exe will keep you malware-free most of time. It's incredible that, despite having all odds against them, AVs manage to give "decent" protection to most people. However, there are people who are magnets to malware, no matter the security software used.

That's the problem of people who try to apply the "layered approach". They think that the layered approach means piling up software to close the holes which might even not exist. I will put an example of how a "rational" layered security setup works with minimal resource consumption, zero conflicts/issues and with few (if any) security software:
- Backups (system images and data backup safely stored)
- LUA + SRP + SuRun (for convenience purposes)
- Hardware-DEP for all applications.
- Up-to-date Windows installation.
- Up-to-date third-party apps (Adobe, Quick Time, Java, Office suite, media players, archive utility, etc)
- Firefox + Adblock Plus + NoScript (all up-to-date) and Thunderbird + Allow HTML Temp (up-to-date) + server-side checking of mails (MailWasher, POP Peeper, etc) + good mail provider (removing of spam, executables and viruses)
- Prevx CSI + good AV + ISR solution (Returnil, Deep Freeze, etc)
- Common sense/brain.exe/safe computing (which things you should/shouldn't click, which sites you should/shouldn't visit, which things you should/shouldn't download/run/execute).

Questions:
- How many layers of security are there in my example? There are EIGHT layers of security
- How many security software did I use in my example? There are THREE (Prevx CSI + good AV + ISR solution) security apps and they're all disposables
Do you see what I mean?

Now, I'll put this security setup to work.
Browse mostly trusted sites. Trusted sites are hacked on a daily basis, but the chance of getting an infection on a trusted site is far far lower than if you visit crack and porn sites (disclaimer: I do visit porn sites). Don't be fooled by ads telling that you're infected or prompts to install "missing codecs" or "software updates". Also, only download trustworthy software from trustworthy sites and do all the checks you deem necessary (scanning with AV/Virustotal/online sandbox, checking hashes/digital signatures, reading EULAs, etc). Handle mail attachments with care (specially those from trusted sources, because it's common to lower the guard when you receive something from trusted peers) and don't follow links in mails. Only pay attention to mails you requested and delete the rest.
The above measures (safe computing/brain.exe) will keep you far away from even encountering malware.
Now, what would happen if I visit a hacked trusted site?
First, it will need MY permission to run scripts. Suspicious IFRAMES and abnormally-long/nonsense scripts will surely raise my doubts.
Second, most exploits attempt to use a vulnerability in browser plug-ins, so if a site wants me to run Quick Time and it never did this before that's another suspicious thing.
Now, suppose that I give that hacked site permission to execute scripts and call QT.
Third, it needs to exploit an unpatched vulnerability. That's highly unlikely because I keep all my software up-to-date.
Fourth, if it manages to exploit an unpatched vulnerability because I forgot to patch or the vulnerability is exploited before a patch is released, there's a high chance that DEP will kill the exploit attempt if it's a bufer overflow.
Fifth, if DEP doesn't kill the exploit (because it's not a buffer overflow or something else) it will need to bypass LUA + SRP, which is very very very unlikely (excepting privilege scalation vulnerabilities) because the writable folder in LUA (%USER%) doesn't have execution permissions (SRP).
Sixth, if it manages to bypass LUA + SRP (and the AV), then I'm infected. Not a big deal, a reboot with my ISR and I'm clean again.
Seventh, if it's a Robodog-type malware (bypasses ISRs), it will survive the reboot. Not big deal, I have backups of my data and system images. A system restore can de done in under 15 minutes and I'm back in business.

Conclusion: I have LOTS of security layers but I use few (if any) security software.
I know that this approach is not for everyone, but you can take a bit from here and there and build a setup which will deal with almost all malware and facilitate an easy/fast/pain-free/fear-free recovery.

 

Hi Wake2, this is what I would call "Security Testing Software addiction" I understand what you mean I suffer from the same disease.

Right using only EQSequre, DefenseWall and Avira free

 

Yep I've come to the same conclusion by going through the same process. Now it is just NoScript, Sandboxie, Antivir Premium and some commonsense. (Though I'm trialing Mamutu from the GOTD promotion).

 

After several decades of over useing security apps last year I decided to quit being the paranoid computer use I was acting like. Slimmed down the security and amazing as it sounds I still have not become infected. All of those years and dollars wasted on software. I like the way my comp. runs now, it really flies without the best part of a dozen security apps running It took a while but finally learned

bigc

 

Luckily for me, I got either free software or free after rebate and I still haven't been infected in a major fashion.

 

bigc, what did you settle on. Seems you have bounced a little in the last few months on the AV.

It is an addiction though. Hell, I have already loaded SafeSpace back on since posting this thread. Is there a pill for this.

 

I can identify with this (I'm also trialing Mautut from GOTD offer). This is part of the problem, there's always something new, free, interesting, etc. to try. It never seems to end (even when I say I'm done and sticking with what I have, I end up trying more software).

 

I understand Lucas,your approach is not for everyone,at least not for me.

I keep it simple software wise and let reign brain.exe as a major component to my setup,its basically transparant,behind a natrouter config. to my wishes,then Sandboxie and Returnil as a virt. protection,Boclean for the RAM and that's it.

Will never forget that i owe respect to the guys at Leappfrog and Storagecraft for their very usefull stuff,using it daily.

Ditched all the resident stuff and once in a while scan my system with SAS and CureIt. For downloaded files Virus Total is my next station.

My system and internet are flying and also equally surprised that all that resident stuff bogged my system so heavily in the past.

 

Isn't all of this as simple as "all things in moderation"? Some of us have managed to put down one addictive behavior or another, only to watch ourselves pick up a new one. Fortunately, security software addiction is not damaging to the spirit and the body like some of the other joneses are... but it does deserve much of the same respect as a behavior capable of spinning out of control. There is lots to be fascinated and captivated by here, so it should come as no surprise that some of us are seduced by security software. And the way I see it, there is just enough truth and validity to the dark side to keep a goodly number of us jumping around trying to protect ourselves from the perceived danger. I'm glad you started this topic. I feel like I've attended a meeting now.

 

@trjam so very true and good post.I came to the point I had to tell my self enough is enough and settle its all fun for a while to try this try that add this to that etc but after a while it gets old but at the same time a great experience with products and fun for a while anyways.

 

If you like to test software (new concepts, betas, new releases, competition offerings), do it on a VM/spare machine. If you're testing software because you want to fill a gap in your security or your unsure of your current security setup, that's bad.
Once you understand what malware can/can't do and how it lands on your PC, choosing a security setup should be pretty straight-forward.

 

I do use a test machine because I enjoy trying new
software, but sitting between me and the security
software that I do use is me, and common sense,
not to mention my wife, and a budget.

Frankly I pretty much follow the rule of keeping it
simple, but can't seem to help myself when some
new intriguing software comes out and than I just
have to try it.

Wake

 

I like software security in "threes", with the emphasis on "lightweight". My most recent settled on: Sandboxie for surfing in, Jetico 2 firewall (with, admittedly, a bit of a built-in HIPS) and Nod32 for on-demand only, except for real-time email scanning. The router I don't really count because it's hardware. I've never liked all-out lua/srp/limited accounts, but I do have my XP Pro hardened with some considerable restrictions placed on key system directories and other folders. Of course everything's up to date and Acronis TI used for backups. For sure, too much is too constrictive,though we all have our preferences and comfort levels.

There was mention about software testing addiction. I have that disease too.

BTW, I'd sure like to see Easter comment in this thread

 

Agreed wholeheartily.

As both a former security forum Moderator and HijackThis Specialist, it didn't take long before afflicted users panic rubbed off on me too

Trouble then was there were no HIPS, sandboxie was very new, and about everything we used to help users amounted to homemade fixes with batch files, scripts, you name it. Oh yeah, we could suggest AVG or A2Squared and a few others and remind users to stay updated, but that didn't stop malware from once again penetrating thru, either deliberately targeting the security apps themselves or the user pulling a blooper by installing something malicious or even clicking on a coolwebsearch link, remember them?

When i finally got my reprieve from those duties as a malware fixer or whatever, to exercise my own surfing rights on the web, i started loading up with everything i could possibly download, trial, then purchase. The rest i left up to chance but as time went along and i found these new innovations popping up at Wilder's here, i was right back at it again, piling on the layers against potential attacks from the unknown as well as running headlong into local researching all the viruses and malware i could lay my pointer on

It's still easy though to grow complacent just as it is to go on overkill too with way too many security apps. Striking that perfect medium can become a balancing act with so many more choices we have now, and i admit, i too suffer from the addiction of trying out everything new.

 

Speaking of addiction......I have my computer pretty much where I want it with Sandboxie, either DeepFreeze or FDISR (I change occasionally), and Faronics AE.

Today, not many minutes ago, I was downloading SafeSpace, and caught myself asking Why? I'd finally gotten the beast set up to where it runs good, with no slowdown, and I'm downloading something else.

I canceled the download. How about That!! I resisted temptation, all on my own.

Somebody needs to start a thing called Computer Anonymous and develop a step program to help computer addicts.

 

Hi

Just passed 3 years since I joined here and like trjam, I can't remember all the security software and utilities that I've tried.

In those 3 years, to my knowledge, nothing has infected my computer.

I've just reread my first ever post here and this is what I had in 2005


Spybot
Ad-aware
Ewido(on -demand free version)
Spyware Blaster and Guard
Bit Defender(on demand free version)
Zone Alarm Security Suite (full paid version)
Firefox browser

Have also trialled TDS-3 and Trojan Hunter

I somehow suspect that I had I kept that set-up all the way to today, I still would not have had any problems.

Have I wasted my time ? No, because I have learnt a lot.

Have I wasted any money ? Probably, yes.

The circle is now complete. No security whatsover on XP. It doesn't connect to the web anymore.

All browsing now will be done through Linux.

Sad times really. No more testing this that and the other.

Can I keep it up ? Probably not

 

Maybe i am different to many in such a way that in place of adding i like the whole idea to get me security setup as smal as possible without compromising it. I have a strange pleasure in trimming my setup to its bare essentials,making it as light and transparant as possible.But then you have to know your stuff very well and also something about your own inclinations and paranoia.

 

Oh well, better overkill than sorry right?

 

No, its all about finding a delicate balance.

I suppose that for many the real dangers are reside in their own minds !

 

I've been running without AV, with Windows Firewall and no router for 2½ years. I just checked my system for virues with ESET's online scanner... guess what? No threats detected whatsoever.

That only proves that common sense is enough for security.

 

The problem with a layered approach, is that like food is an incredibly good thing for you being obsessive about it is not.

Everything must be done intelligently, from exercise to eating, right down to how you setup your security...

 

So you basically running without additional protection Hmmm.

Sure common sense is needed most, but sometimes we make mistakes on behalf of common sense. I like a minimal setup myself but its always a comfortable thought that something is protecting my back.