What is your security setup these days?

If you are doing an experiment then I'll be interested in seeing if something happens to your machine... Please let us know. Otherwise a computer without a decent AV nowadays is like driving a car in the middle of gun fire.
Even one of those freebies AVs might be useful, warning you of an intrusion and giving you enough time for a quick reboot. I read in another post that even in 'shadowmode' a trojan could theoretically reformat your HDD... If it is indeed possible, you might have difficulties starting windows again upon rebooting.

 

Hi,
I love these kinds of posts. It's like those redneck conventions where people bring their guns and then show off with telling ...
So, here are my lists:


Least burdened machine (but not necessarily least protected):
SPF Free firewall
AVG anti-virus
MSAS anti-spyware


Most heavily burdened machines:

1

Real-time
SPF Free firewall
AVG anti-virus
MSAS ant-spyware
SpywareGuard
SpywareBlaster
SnoopFree anti-keylogger
Attach Shield Worm Suppression

On-demand
Ad-Aware SE
Spybot S&D
Ewido anti-trojan
A2 anti-trojan

Another 30+ installers present, but not used, including SSV, RKR, UnhackMe, Blacklight, VLNSearch, DLLCompare, WinPatrol, and more more.

Tweaks
a variety of services disabled blah blah etc.
using BugOff, SafeXP, WWDC, HTAStop, and some more patches

2

Real-time
Kerio 4.2.2 free / used to be Jetico
no anti-virus
MSAS anti-spyware
AntiExecutable
SnoopFree anti-keylogger
Attach Shield Worm Suppression
Proxomitron web-filter (with Kye-U filters)
AnalogX ScriptDefender
SpywareBlaster
RegProt
MJ Registry Watcher
DefenseWall

On-demand
Ad-Aware SE
Ewido anti-trojan
A2 anti-trojan

Tweaks
a variety of thingies disabled through restriction policies


All Windows machines running also:
CCleaner
DropMyRights
Firefox browser with limited privileges, plus extensions including noscript, adblock plus with filterset.g, refcontrol, useragentswitcher, and more.
Opera browser
Lynx browser

Most Windows machines also hooked into ICS


Linux machine:
Suse 10, integrated firewall + BitDefender AV

Mrk

 

Okay I was getting more familiar with NOD32 since it was a while since I last used it and um don't remember how the web scanenr worked, but why am I able to download zip\rar files with viruses. I remember that Kav didn't allow it to even be downloaded, but am I wrong, didn't NOD32 do that too or does it only catch it on execution?

dja2k

 

XP Pro SP2

ZoneAlarm Pro 6.1
NOD32 2.5
SpySweeper 4.5
BOClean 4.20.002

Not sure if I'm going to keep BOClean around much longer. Definitely has impacted my system to the point of being intrusive (Laptop 2.0GHZ Pentium M, 1GB RAM, 5400 RPM HD). One of the benefits of 4.12 is that I never knew it was there. Hopefully Kevin can rethink his approach and release a new version or update that takes care of the sluggishness 4.20 causes.

 

One reason people don't use AV is that they don't feel they can depend on it being reliable.

A few weeks ago, isc.sans.org included this about Sober in its daily diary:

http://isc.sans.org/diary.php?storyid=880
IMPORTANT: Antivirus software does not provide any reliable protection against current threats. Viruses like Sober tend to change every few hours well in advance of AV signature updates. The fact that an attachment did not get marked is no indication that it is harmless. We do receive reports of up to date versions of AV software missing some of the recent Sober variants.
____________________________________________

So, what are the methods of those who don't use AV? A look at how these worms (and trojans) propagate is revealing.

W32.Dasher.C
http://securityresponse.symantec.com/avcenter/venc/data/w32.dasher.c.html

When W32.Dasher.C is executed , it performs the following actions:

Creates the following files:

%System%\wins\SqlExp.exe
%System%\wins\SqlScan.exe (A port scan utility)
%System%\wins\svchost.exe
_________________________________________


Worms and Trojans have to execute (install) to deliver their payload, and their execution can be prevented by various methods of intrusion protection that have been discussed in other threads, but may be worth revisiting.

An interesting term used by several companies is default-deny:

Host Threat Prevention: a New Weapon in the War against Desktop Threats
http://www.hurwitz.com/newsletters/...eapon-in-the-war-against-desktop-threats.html

Traditional approaches to PC security-anti-virus software and personal firewalls-only partially address security threats in the form of malicious executables that are becoming more frequent and more sophisticated.

Host Threat Prevention is based on the principle of default-deny, in which everything is automatically prevented except that which has been explicitly approved. In short, the default position is always 'no'.
__________________________________________


That is another way of describing "white list" technology:

An Ounce of Prevention
www.infosec.co.uk/ExhibitorLibrary/ 123/An_Ounce_of_Prevention.pdf

A major side-benefit of whitelist-based application control is the inherent stability it offers the computing environment...
This includes creating and enforcing a whitelist of approved applications for corporate endpoints so that unforeseen threats are blocked by default.

If you think about how many new threats and vulnerabilities become known every day, and how much quicker they will occur in the future, whitelist application control seems to be common sense. There are several whitelisting software solutions on the market;
_________________________________


There are other methods, combined with common sense regarding use of email, and other safe computing habits that protect one from viruses and trojans without using AV, if he/she so chooses.


regards,

-rich
________________
~~Be ALERT!!! ~~

 

Hi,
I have to strengthen rich's statement.
I use AVs out of habit. Truth to be told, I never checked a file and found a virus with it. And if I download a file and want to execute it, then I will have known that a file is safe. And if a certain file raises a doubt with me, that is I desire to check it with AV or AT, then it will not run on my computer ever.
AV gives you a sense of security - not necessarily security - but for those who want the sense - AV is a good thing. The same goes for AS, AT etc.
And those whose' AVs flag viruses, worms and trojan once a week or so due to their internet habit (unless purposeful) should perhaps revisit their habits.
Sarcasm: hentai.exe is not a cool japanese anime video ...
Mrk

 

Didn't realize that as a gun owner who attends these conventions that I was a "redneck". Just thought I was taking advantage of the ability to use my second amendment rights to protect my family from would-be intruders who intend harm during the middle of the night as well as my freedom to assemble however I please....

 

Hi,
I apologize if you were offended.
It was meant as sarcasm and not personal attack against anyone.
I am into guns myself quite a lot and have nothing against people who have little arsenals stored in their cellars.
Peace,
Mrk

 

It's indeed an experiment, but somebody has to put ShadowUser in an extreme dangerous situation.
My final goal is to prove that SU isn't that safe and tell ShadowStor about it in order to bring them back in humility mode.

 

I don't like to enter into any deeper discussions here coz m not expert and not a lawyer... and also not a licensed health care practioner.

As of now here's my security set-up:

Firefox 1.5 -w No Scripts and SpoofStick extensions
Windows XP SP2 Firewall (set to no exceptions)
Avast Home Edition Antivirus (everything enabled and set to high,..e.g. Network Shield, WebScanner etc..)
With BitDefender 8 free, ClamWin, and Dr. WebCure IT free- back-up scanners

Anti-Spywares active: Microsoft AntiSpyware Beta,WinPatrol & SpywareGuard
On demand scanner: Ewido free, Spybot, A-Squared, Ad-Aware SE Personal,
CWShredder, Spyware Doctor (unreg) and X-Cleaner.

Immunizer: SpywareBlaster, Spybot immunizer, and IE-SpyAd

Hardening: SafeXP, Harden IT and Windows Worm Doors Cleaners

Process and Registry Protection: ProcessGuard and GhostSecurity Suite

As I'm trying to minimized the load on my RAM memory... I think my set-up is already good for ordinary surfers.

 

Mrkvonic

This posted in thread No 31..

"AV gives you a sense of security - not necessarily security - but for those who want the sense - AV is a good thing. The same goes for AS, AT etc."

Don't agree.....solid AV's & AT'S give you solid security (if practised with safe browsing habits).....implying that they only give you a sense of security is misleading IMO.....

 

On WinXP SP2 Pro...

Real-Time:
- CHX
- NOD32
- Ad Muncher
- HostsMan
- Arovax Shield

On-demand:
- ewido anti-malware plus
- CounterSpy
- Spybot - Search & Destroy

Others:
- Harden-It
- SpywareBlaster

 

@Rmus

You've taken my statement out of context: It was meant to Erik Albert who is trying out ShadowUser with 'just' a firewall.Personally if I had to choose between ShadowUser and NOD32 as my only protection, I would certainly go for ShadowUser. On the other hand I don't care about being 'minimal' and my second line of defense in terms of feeling safe is certainly NOD32. I also think AVs nowadays are covering more fields than just viruses(trojans,spyware,rootkits) why do you think TDS disappeared?

People talk about safe computing habits:One shouldn't do this or that. Why?
I want my computer to go anywhere, visit any site if I want to, feel free to browse and have the feeling It can be done without having my system compromised. With my set-up I can do it, and not because I want to test it, I just call it freedom.

Finally I think if you run something like ShadowUser, a good AV, and a decent firewall, you should be protected from new and old threats.

 

Hi,
In your surfing history, how many times your AV / AT alerted you about a threat? Disregard changes to hosts file, homepage and small things like that you do yourself. I mean serious things! Real-time blocking of a trojan or virus executing...
Mrk

 

I just don't understand why so many users are a fan of all these AV/AS/AT/AK scanners.
These scanners have alot of disadvantages you know :

1. Scanners collect the bad objects of the bad guys in a definition database.
which is the most unreliable, unpredictable, uncontrollable source you can think of.
If I would collect anything, I would collect the good objects of the good guys,
because that source is reliable, predictable and above all controllable.

2. Malwares need to be DISCOVERED first by researchers, if they don't find them and the heuristics don't find them, you are infected.

3. There is a time gap between the discovering of the malware and the updating of the definition database.
During that period you are vulnerable.

4. There is a possible time gap between the updating of the definition database and running the scanner.
During that period, you are vulnerable. Not every user runs his scanner in time and even scheduled scanners run only one time.

5. Each scanner has it own definition-database and these databases are different in quantity and identity, which means you need more than one AV/AS/AT/AK scanner to catch as many malwares as possible.
If you believe in the av-comparatives, you need KAV + NOD32 + McAfee to catch as many malwares as possible.
AS/AT/AK scanners aren't as mature as AV scanners, so you need even more scanners.
That makes at least 10-15 scanners and those who have less scanners are less protected.
In theory you need all scanners and certainly not ONE.

6. Each scanner has an increasing definition-database, which also means that the TOTAL scan-time increases every day.
Some scanners have already more than 100,000 definitions. What will it be in the next five years : 500,000 ?
How long will the user be happy, when it takes hours to scan his computer ?
That's a time bomb. Or the definition databases will explode or the user will explode, losing his patience.

7. Each scanner has grosso modo the same definitions and only the differences makes the scanner special, which also means that these scanners search for grosso modo the SAME malwares, which results in alot of wasted time.

8. Heuristics have also false positives and that makes scanners dangerous for less-knowledgeable users, because they will remove them and damage their own computer.

Maybe I'm too stupid, not being a security expert

 

Sigh, listen to Erikalbert he knows what he is talking about. He may not be a security expert but he is a application analyst.

Shadowuser is the solution!

HIPS are too difficult to use.

 

Personally I use an antivirus program plus a HD imaging program. Nothing beats reformatting the HD when the worst happens. For most users, they have a relatively stable collection of installed programs which evolve/upgrade/uninstall slowly through time, so updating a periodical/incremental HD backup or image is not too troublesome. A shocking trend I read about here is that people try loading more and more different security programs on their systems, to the extent of giving the CPU the blunt of just running them. I think human pyschology is the more important factor than the real need for most.

 

OK, I edited my post to remove reference to your statement.

regards,

-rich
________________
~~Be ALERT!!! ~~

 

Mine is pretty simple.....

First and foremost, I use Firefox and sometimes Opera.

I harden Windows XP, place all my applications and OS on the C: partition, I point ALL files to a separate partition. I then use Drive Image 2002 (still the best, imo) and make an image of the C: drive. I can then put that 'just right' image back on the C: drive whenever necessary.

As far as security tools, I use a Linksys firewall/router, Zonealarm Free (old version, smaller footprint), Deep Freeze and a Faronics app called Anti-Executable. I tried Deep Freeze with Process Guard and several other similar tools but found anti-ex the best of the bunch. Whatever you use, I am a big believer in whitelisting. Also, I see some here use ShadowUser and that's a good program too, a little different approach than Deep Freeze from what's left on the actual disk after reboot (if that's a concern), but I highly recommend SU or DF either one.

I rarely run an anti-virus but when I do it's an online scan from Trendmicro and/or McAfee.

Outside of anti-ex and Deep Freeze I run nothing in real-time. Unless you consider AdMuncher a security tool. I run it all the time and couldn't surf without it.

Oh wait....I also run WinPatrol in the background because I now have 2 gigs of memory and I take no performance hit. I've used it so long is rteally the only reason I use it. It's a GREAT program, but I don't feel I really "need" it.

All the real-time and on-demand scanning would be a waste of my time with the above setup. I have been running all of the above for two-years and have never had a single problem. Actually, I used to use another product before anti-ex, but same kind of thing. But what's in this post above is all I have, and all I need. Other's mileage, as the saying goes, may vary.

 

Haha....no problem, Mrk, I just didn't know if you were poking a little fun at and including yourself, or making some sort of a political staement. It's all good.

 

You didn't have to edit your post, my comment was for argument sake, I hope I didn't hurt your feelings.

All the best,

Jack

 

No, not at all. After reading ErikAlbert's post, I had been jotting down some thoughts on AV, and just used your post as a lead in!

-rich

 

I also opted for AE after looking at PG, preferring something a little more restrictive. To use another company's description: Default-Deny. Also, I was a bit concerned about using more than one product that operates at the kernel level, and Faronics has designed AE to work alongside DF.

But as you say, any White List product is a big plus in your arsenal.

regards,

-rich
________________
~~Be ALERT!!! ~~

 

I would tend to agree that most of these scanners shouldn't be the bedrock of your computer's security. I went about 9 months without doing a single scan on my comp. I finally updated Ad-Aware and did 3 or 4 online AV scans. The results? I had 2 tracking cookies on my system. The most valuable security/privacy apps on my computer right now are CHX, ProcessGuard, Proxomitron (neat little program, this) and CleanCache. When I reformatted a few weeks ago, I went through the whole routine of SafeXP, Harden-It and Secure-It, as well as shutting down services that I don't need but which could be problematic.

I do scans right now because I'm on a spanking new format and this is the time I tend to be anal about things.

 

Netgear DG834G V2 fw:3.0.125
KAV Pro 5(extended database)
WINDOWS PRO SP2 FIREWALL
Ad-Aware SE Pro v1.06
SpyBot 1.4