Easiest To Use Proactive Security App. & My Setup

What is the easiest to use and effective proactive security application(paid or free) that uses little resources(RAM) and is a good value? Online Armor? ProcessGuard? RegDefend? Others? My security setup is as follows:

UnHackMe
Look'n'Stop
Counterspy
TrojanHunter
Task Catcher
WinPatrol
NOD32
WormGuard
SpywareBlaster
Harden-It
Samurai
Spybot Search & Destroy
Ad-Aware SE

I would greatly appreciate any comments or opinions on this matter.


Peace & Love,

CogitoErgoSum

 

Hopefully you do not run most of these programs in real time?

Of the the ones you list, I have used both Process Guard and OnLine Armor and PG was definitely the lighter of the two. SafeNSec is also very light in real time.

However, rather than adding more programs, I would look closely at your present setup and see whether you really need ALL of these for effective protection.

 

Thanks Blackcat for the advice.


Peace & Love,

CogitoErgoSum

 

Whats your operating system ?


These may not be needed.....just over-doing it


UnHackMe
Counterspy
Task Catcher
Harden-It
Samurai


TrojanHunter if you are using win2k or XP go for ewido instead


The above are all good programs just duplicates of other programs you are using. WinPatrol will do a fine job of warning.

 

Thanks Beef for your input. FYI, my OS is WinXP SP2.


Peace & Love,

CogitoErgoSum

 

You are definately wrong about not needing Harden-It and Samurai. They are very good hardening programs that a lot of people around here recommend using. I myself am using SafeXP, Harden-It, Secure-It, IE-SpyAd, Enough is Enough, BugOff, and Samurai. With all that, my system is still fully functional and very securely hardened.

dja2k

 

** please excuse my briefness its due to having a severe flu**



dja2k

Friend its ok to disagree....thats what discussion is all about...polite and friendly discussion is what sharing is .


dja2k, may I ask what it is you are very securely hardened against? An if in fact as the other poster stated..you did get CWS....obviously something you are doing is not working.
Bloat is bloat......duplicate programs is panic ware....an ware is a classic sign of a Nooob. No one said that the programs were bad...just that they may not be needed......an that decision belongs to the computer owner.

"They are very good hardening programs that a lot of people around here recommend using. " That may be true...but so what? Its nice to have the support of others but very foolish to "follow the Herd"

These comments are also directed at the orginal poster. Each person should consider what is best for his computer.

 

TYPO CORRECTION:


should read:

"an panic ware is a classic sign of a Nooob"

 

CogitoErgoSum,

Blackcat provides excellent advice, which is worth some expansion.

While it is prudent to have some level of backup, it is very easy to go overboard and create system instability and/or severe drag in the process. We all have out personal levels of comfort in these matters, but when you start, the questions to ask are really not at all obvious.

The realtime setup that I use is somewhat spartan, and evolving over time. However, there are some clear design rules that I follow.

• It always starts with a decent NAT/SPI router to move control of unsolicited packets off the PC. There has been some dicussion over at Broadband Reports on the need of a software firewall if a router is used (see Leo Laporte says software firewall not needed!,El Cheapo Router Challenge, First winner - El Cheapo Router Challenge) I do tend to use a software firewall for application based network activity control. While I am decidedly on the side that it is not absolutely required for a home user, I must admit feeling a little naked without one running these days - an example of where my personal comfort level plays a big role in the final decision.
• After that it is a strong AV, and I generally recommend one that obtains an Advanced+ grade in either the demand or proactive detection tests performed by av-comparatives.org. At the current time, that pool is comprised of, in alphabetical order, BitDefender/Kaspersky AV/McAfee/NOD32/Symantec-Norton.
• I prefer two levels of backup to my primary AV. My impression is that the greatest potential vulnerabilities to a file scanning signature based AV are various steps a malware author can use to obscure the signature, or lack of a signature due to new malware. To address this, I use a memory scanning AT (BOClean), which doesn't scan files, but scans process memory in which the obscuring measures do not exist and a behavioral/proactive application that flags actions which could be viewed as potentially malicious. For the latter role, I use SafenSec, although there are a number of other suitable applications. The role of SnS is primarily to signal when registry entries are added/altered (particularly in the auto-start section of the registry) or if files in key system folders are added/edited/deleted. It does have other functions, but these are critical. Online Armor mentioned by Blackcat plays a similar role.

So there you have it, 3-4 applications in total. I do have a bunch of other tools installed, but they are only run on-demand and infrequently at that. Naturally an imaging tool (I use Acronis True Image, but have stayed at the version 8 level until version 9 matures....) is also very strongly recommended.

In your own case, before removing any of the applications you list, look at how they are setup. Are realtime components running? Rather than an uninstall for duplicate measures of this type, would a simple disabling of autostart/realtime monitoring make more sense since at least the capability will be readily available if required? For the parts that remain as realtime components, consider their function. Do you have all the recommended bases covered? What are those bases? Well, my own list is:

• A general tool to flag malware files - a classical AV/AT
• Monitoring process memory
• Monitoring of potentially malicious actions (registry edits, other approaches to autostart a process, file add/edit/delete, tampering with another process, etc.) regardless of origin.
• A tool to control outbound communications

You'll notice that I don't have specific tools covering spyware, keyloggers, and the like. They are handled quite well by the applications that I listed, and I do have spyware scanners installed which I use on a very infrequent basis (my system invariably comes up clean - but external confirmation is a nice practice).

Finally, don't hesitate to change up the mix from time to time as you learn about the available applications, current threats, and likely exposure points based on you own system usage profile.

Blue

 

BLUE

well put...very impressive.

 

Thanks dja2k and BlueZannetti for the input.


Peace & Love,

CogitoErgoSum

 

Sorry that my post was taken it that manner. It wasn't ment to come out offensive. I was just thinking of what CogitoErgoSum stated asking, "What is the easiest to use and effective proactive security application(paid or free) that uses little resources(RAM) and is a good value?"

dja2k

 

Here's a couple of excellent Apps to add that i wouldn't be without and have proved themselves time and time again.

. . .

Watcher

Monitors new entries in your System, StartUp and Registry etc, with various options to keep or delete etc. For 98/ME/XP etc

http://www.donationcoders.com/kubicle/watcher/index.html

. . .

Winsonar 2005 XP

Freeware Edition is a program specifically designed for process monitoring and system protection from unknown processes: Kills unknown EXE's instantly ! Also has Port Monitoring if required. For 98/ME/XP etc

http://digilander.libero.it/zancart/winsonar.html

. . .


StevieO

 

dja2k

Thank you for posting back....an hey there is no problem....lets be friendly and learn together...thats what its all about..kind of an "us against them" thing......I am sure there is lots that I could learn from you an perhaps in return I can share a tip or two with you.
My outlook on computer security is found to be rather ususual these days......for several years lots of people have been fighting off spyware so thats what they know......on the other hand my concern has been computer security.....preventing hacking....an all that other stuff.....an people are not use to seeing that kind of attitude.......
always I remain open minded and eager to learn whatever I can from whom ever offers to share their knowledge
so please excuse me if it appeared I was trying to be a know-it-all......in fact I was really being very sincere.......an as you can see I don't mind explaining myself if given the opportunity......


Well dja2k, its nice meeting you..if ever I can be of some help to you just give a call........

Warm Regards

 

Yeah winsonar is a good free app to kill unknown processes that haven't been added to a trusted list. It also has some registry protection as well. By the way, if you plan to use winsonar, I advice using it in FAST SCAN mode for a while until you add the programs you normally use to the trusted list or else they will not run.

dja2k

 

Thanks StevieO for your input.


Peace & Love,

CogitoErgoSum

 

Online Armor, yes.. but first on my list is DropMyRights.

 

Thanks Notok for the advice.


Peace & Love,

CogitoErgoSum

 

This approach is rather questionable because of an existing design flaw in Windows. There are scenarios in which applications, which were started with lower rights, can break out from this security context and gain admin rights.

A better and safer approach is working under a user account with limited rights and use Aaron Margosis' excellent recommendations and tools.

 

Thanks tlu for your input.


Peace & Love,

CogitoErgoSum

 

Well for people who insist on running in administrator mode, dropmerights is as good as it gets for free.

Of course, you are one of the minority here, who champions running with limited rights, which is fine but it makes running and installing none standard security software (a very important pastime here) somewhat harder. For example control over PG is almost none-existent if you don't run as admin as you yourself have noted.

 

No problem here - just start PG with the "runas" command. Other software requiring admin rights can be started using the MakeMeAdmin batch by Aaron Margosis.

 

Of course. Processes with reduced token privileges can also still communicate with system processes as well. The DropMyRights page does outline the limits of what it can do for you, and why you should still run as a limited user (including links to Aaron Margosis' page) There are privilege escallation exploits that would work under a limited user account as well, including shatter attacks, buffer overflows, third party application vulnerabilities, the default screensaver, and any number of things can are more likely to be exploited (and have been). There have been lots of these things patched already, like the printer spooler service, and I'm sure that we will see more. DropMyRights or running under a limited user account is no substitute for other security measures, but it does help, and it uses no resources. IMO it's a very basic measure that you build on from there.. the ultimate goal is to prevent malware from getting on your system in the first place.

The particular scenario you linked to could probably be worked around by disabling the Secondary Logon service, I would imagine, since this disables the "runas" function, and malware wouldn't be able to install as a service without using another privilege escallation exploit. Thanks for the link, though, I do appreciate that

 

Indeed, and because of this I'm still convinced that a limited user account account is the superior approach. You have no write access to the system folder, no write access to a large part of the registry, and there are lots of other advantages. This makes it lot more difficult for malware to harm your computer (although I definitely agree with you that other security measures are still necessary). Working as a limited user is not that problematic as many Windows users mght think once you're used to it. And the mentioned MakeMeAdmin batch makes it even more comfortable.

As for DropMyRights, the crucial problem is Windows messaging. Let's say you are running IE with limited rights, there is still explorer.exe running with admin rights. This process can be "telecontrolled" by some malware to start another program with admin rights.

On the other hand, shatter attacks in a limited user account can't cause much damage except for badly programmed services (which do exist despite the warnings by Microsoft).

 

You definitely won't get any argument from me about running as a limited user, and I'm absolutely not trying to disagree with you that DropMyRights is "just as good", but keeping in mind that most users can't or won't, DropMyRights is the next best thing. (Yes, I've been to Aaron Margosis' blog, it's linked on the DropMyRights page in the heavy warnings that DropMyRights is no replacement for running under a limited user account.)

There are plenty of exploits either way you go (with DropMyRights or using a limited user account) which is why I think hardening, getting all patches & service packs, and using at least the basics is also necessary (btw, the makers of ComputerSecurityTool also make a free tool to remove the Windows Messenger, also NetMeeting). With DropMyRights you do have the same restrictions, it's just a matter of the exploits available to bypass them. Hardening and using other security software will help that. If you can get a sandbox like DefenseWall, then that's even better (with DefenseWall it won't even be able to see that explorer exists). Since not that many people use DropMyRights, I tend to think that if any exploit is going to be used by malware to get around it, it's going to be an exploit designed to elevate privileges from a full limited user account, in which case you're going to need other defenses anyway.