A group of softwares, choose only one - Version 2

Discussion in 'other security issues & news' started by Mrkvonic, Feb 5, 2006.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    I gave too many options last time, and they were too easy.
    Now, only 3 options:

    Windows firewall
    Kaspersky anti-virus
    SpywareBlaster
    IE browser

    Jetico firewall
    AVG anti-virus
    Proxomitron web filter
    Firefox browser

    Netveda firewall
    Ad-Aware & Spybot
    PestPatrol anti-spyware
    Ewido real-time
    Opera browser

    Mrk
     
  2. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Gee . How about version 3 and 4 and 5 .......
    I would choose between # 1 or nothing at all . Not sure which . # 2 and # 3 are not even options as the all around protection is little to none anyway .:cool:
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    I wanted to make it harder.
    What's wrong with 2 or 3? You got good browsers, good firewalls, solid ids...
    Mrk
     
  4. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    # 2 uses AVG . Much too weak . # 3 has no AV at all .
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Imo they're all ***tty options.:thumbd:
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    I know they are not what you expected.
    The question is how do you cope?
    AVG is not a bad anti-virus at all.
    And do you need it at all?

    Option 2
    EVEN IF AVG is weak, you got Jetico for application control, Proxomitron for web contents and privacy and exploits.

    Option 3
    No AVG, but you have Ewido real-time and PestPatrol to stop nasties, and non-IE browser.

    Mrk
     
  7. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I am with zap on this though . But , having to pick ONE , that was my choice . I prefer none of the above but , a little bit is better than no bit :D
    As for # 3 with Ewido . Sorry but , Ewido is NOT an AV . You basically have no AV in 3 . It will detect some but , you cannot be safe with that as your AV . # 2 ? Say what will . AVG stinks . Some people in here like it but , that is because they have no idea how much better many of the others are .
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    You say AVG stinks, it's like saying Golf stinks because Ferarri F50 is so much better. Especially since you can have your Golf for free.
    Now, you say much better - in what terms exactly? If you tell me, I have been online for 4 years, used AVG for 2 years, had 3-4 major infections, then without changing my surfing habits, I switched to a better AV and they helped stop those infections AVG was previously incapable of even detecting, then I could say you're right, in your personal experience, AVG stinks.
    But ...
    Is this the case? Or you tell me online comparatives are your only argument?
    In my personal experience, av is a nice-to-have, but I never had it alert to anything, be it mail, browsing or downloaded files. I can tell you, I use AVG. And I use on-demand scans with 5-6 others anti-virii, and they too find the exact same amount of viruses like AVG - 0. Is BitDefender, Clam, Dr.Web, Kaspersky, and Antivir good enough backup for you? And they return the same results as AVG. So why is AVG so bad?
    People like to throw words 'software rocks' and 'software sucks' casually. For instance, I would never bash Norton products, if I did not have experience with it. Friends, who using Norton got infected whereas alternative avs helped detect and remove the infections. But I do not hate Norton because they are a big brother company. The same way, I have no opinion about PCcillin or Panda or similiar, because I have had no experience with those, and as such, my bias is at its resting balance.
    In several threads, I asked people how many virii they helped stop dead with their products - very few people answered, with answers being - zero. I do not talk about people for whom security is hobby and they deliberately infect themselves. I'm talking casual day-to-day use of the computer. How many people had their av popup and scream? How often?
    There's lots of malware out there, but in 90% of cases people infect themselves. They do the crucial download, click, execute. Very few things happen by themselves.
    Now, tell me honestly - how long have you been online? How many virus infections did you have, what products were you using at that time etc.
    Mrk
     
  9. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    @Mrkvonic 1st I am enjoying your topics. Thank you.
    But to address your last post. I agree with hollywoodpc. Ime AVG is a toy compared to Avast.
    I've had both NOD32 & KAV alert to virii & trojans. When I had either running resident. Also in some cases these 2 AV's cancelled, deleted, or stopped & or alerted on virii & trojans.
    Oh & ime on computers running AVG, making sure of the settings, updated & running a full scan. Then uninstalling AVG & installing Avast. Making sure of the settings, updated & running a full scan. Avast would find multiple nasties that AVG missed. Oh & in these boxes AVG usually consumes more resources than Avast. And not one compartive AV test online that I've seen rated AVG ahead of Avast.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Then I'm either incredible lucky, wise or stupid. Because I never found any nasty with any av you can imagine. And never did AVG let me down. Maybe I live in my little bubble of innocent happiness. Still, with massive amounts of porn I download, p2p, gaming, whatnot, I never had any software ever give one sign of life... Oh yes, MSAS did alert me when I inserted a new network card. And Ad-Aware found ONE tracking cookie. And Ewido found FOUR tracking cookies.
    So, what am I - lucky, wise or stupid?
    Mrk
     
  11. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    From what you said. I'd say MSAS & ewido & luck have saved you. But, maybe I missed you saying this. Have you scanned using online scans such as Trend Micro, Symantec, Bitdefender, eTrust or McAfee FreeScan? Maybe you are infected?
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    I'm sorry but you completely missed my point.
    I'm saying that despite my heavy interest in 'dodgy' stuff, all I ever come up with is COOKIES. Not because malware does not exist. It just does not wanna mess with me. I'm being polite, malware's being polite, we keep distance.
    Nothing saved me, because there is nothing to save.
    Infected is a broad word, because I use 5-10 computers at 3 different places.
    And still, I'm not infected. I don't need scanners. I just know.
    I do once in a while, for the sake of fun, run 1,223 different scanners. But I'm telling you, from my experience, you don't need anything, maybe a firewall and a good browser - firefox.
    So what I'm doing differently that you get hit with malware, and I don't?
    Back to original question - am I lucky, wise or stupid?
    Mrk

    P.S. Oh sorry, I do once in a while find FPs. And after software updates, they are corrected.
     
  13. Milken

    Milken Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    20
    Selection 1, LOLOLOL that's ridiculous, Windows firewall AND Internet Explorer, spyware blaster is a good add on for IE

    Selection 2 Proxim does ALOT but I'm not that familiar with it.

    Selection 3 Well, Opera and Netveda seals the deal. Opera is the toughest to exploit, not alot of code written for it. Netveda can atleast close all ports, provides inbound and outbound protection, it also has some trojan, backdoor blocking.

    I'll take 3, 2 is very close because it has AVG instead of Ewido. I'd rather have a safer browser than virus protection.

    2 or 3 is doable, 1 LOLOLOL
     
  14. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Maybe I go to "dodgier sites. I know thats not a real word.:D
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Here's my reasoning for the choices:
    1 - No go, it's got IE.
    2-3 - which one to choose, I'd say 2.
    Reason - Jetico has a powerful application control. Proxomitron + Firefox with extension cleans the browsed pages like Hellfire. AVG will in that nature provide more protection, as you will scan downloaded files mainly for viruses and some trojans, but Ewido and PestPatrol will mainly catch trojans and very few viruses. In general, the competition is close between AVG vs Ewido in those terms, but Firefox is more tweakable than Opera and Jetico is more powerful than Netveda. But still, both reasonable choices for everyday users.
    Keep on, lads.
    Mrk
     
  16. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Pls forgive me joe, but my answer could be...None of the above. :D
     
  17. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    You are not forgiven.
    You must choose one of the stated. It's that or 3 years penalty of using 14.4k dialup on unpatched windows me - what do you choose?
    Mrk
     
  18. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mrk,

    That's cold, have a little mercy! At least a slower dsl line....

    I'd go with option 1, with complete order of preference being 1, 3, then 2. My rationale is that KAV 6.0 is quite a bit more than a standard AV with the new proactive detection module, so you get heavy duty coverage up front. ICS is enough to tame unsolicited inbound threats. Spywareblaster plugs the most obvious IE issues. Not a package I'd opt for if allowed to design from the start, but close to some I use.

    Blue
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Thast's not cold. You want cold?
    Cold is using AOL browser on 14.4k dialup on unpatched windows me. That's cold, with 14" CRT screen set on 60Hz refresh rate at 5900K color depth.
    Could you give reasons why 3 and 2 come second and third?
    Mrk
     
  20. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    LOL. Blue is kind of cheating by specifying KAV 6 and then talking about ICS. You might as well say you have a hardware firewall while you are at it.

    Anyhow, I don't mind either 1,2,3

    Personally I think whether you pick 1,2,3 depends on your subjective assessment of which risks are more likely.


    If I pick 1, it means I'm not worried about IE problems. I'm confident of setting up IE tightly, and discount the probability of zero day exploits targetting IE. I'm also am confident in Windows firewall to bound inbound, or I cheat like Blue by saying I'm shielded within a network. I don't have any outbound protection, but hopefully, KAV will keep malware from being installed in the first place so it doesn't matter anyway.

    In this setup, I'm not too sure about the point of spywareblaster, since i will probably turn off activex anyway, but it doesnt hurt if they find someway to worm into my trusted zone.


    Pick 2, seems to focus on browser related exploits. Firefox is solid enough and add proxomitron and browser based exploits almost cannot happen. The weak point however is from self installs of malware (say in warez or cracks) or adware bundles.

    The latter might possibly be caught by AVG because some are pretty wide spread, the former probably not.

    Moreover If one is in the habit of downloading warez and cracks, on top of lacking 'common sense', AVG probably cannot keep up. In such a case, you can probably mitigate this by online scanning at Jotti's etc (is this cheating?).

    If that should fail Setup 2's Firewall is pretty powerful, so it can possibly catch run of the mill malware 'phoning home' by catching memory injections and whatnots.. But it still might be too little too late..

    Pick 3 is a mixed bunch. Opera itself means like 2) driveby downloads and exploits are very unlikely.

    In additional there seems to be overkill against adware type programs, because between Ewido (a top notch antispyware i found based on experiences of friends who use it to clean up such nasties) , ad-aware&spybot and pest patrol, not much can get through in that area.

    Ewido and Pest patrol in addition claim protection against more blackhackerish malware like rootkits, keyloggers, backdoors etc hidden in trojans.

    So what isn't covered? Worms perhaps? But it states on Ewido's homepage that they cover worms too.

    If we believe all that the only class of malware they don't cover is viruses. But viruses or at least file infectors are pretty rare these days and most antiviruses, are really covering worms....

    In any case, I suspect, despite what Ewido says, their weak point is likely to be common fast spreading worms send through email. So they bloody suck if tested against the wildlist. But who knows?

    If my analysis is correct, I would choose this setup, if I wasn't worried about worms. E.g I use a solid email client, and i never ever open attachments without confirming it with the sender

    So which do I pick in the end? Probably 2. Then 3 , then 1.

    I would pick 3) if my analysis of Ewido's capabilities is correct, but since it's just a guess, it's probably safer to go with 2) and be extra careful with downloads.

    1) is perfectly okay really, objectively I know a properly secured hardened IE browser is almost as solid as firefox/opera as many people have shown, but for some reason I can't shake the unreasonable fear that IE is just less safe.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Nice one, devil. You don't get the 14.4k punishment.
    Mrk
     
  22. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I think this is an interesting exercise because it forces people to think exactly what areas of vulnerability they are more afraid of . Are you more afraid of getting killed by a browser exploit/driveby download? Or do you fear, some nastie hidden in the program you downloaded and installed?

    E.g Mrkvonic like me probably has a slightly overblown fear of IE problems. While Blue doesn't fear this area as much being a IE user.

    Mrkvonic isn't as worried about downloads and hence doesnt need a top notich AV, because he doesn't download illegal programs.

    Still Mrkvonic, I can see the idea of tradeoffs for setup 1 and 2.

    But what was the point of setup 3?

    A kneejerk reaction (as in hollywood's post #4) would be to dismiss 3, despite the amount of firepower in the scanner section, good browser, good firewall because there isn't a AV.

    But what does that really mean?

    The perception of Ewido is mainly that of a anti-trojan one that handles rootkits, backdoors, some kinds of keyloggers and darker side of trojans.

    But from reactions from people who use the product to rid themselves of adware/spyware I also know Ewido is actually a top notch, spyware/adware remover (Spyaxe, CWS etc) perhaps even better than ad-aware. Boclean I hear is also equally good in this respect.

    According to Ewido's website, they cover also Worms. So what exactly does a Antivirus cover that Ewido does not?

    Viruses? But viruses are rare these days. Most of the wildlist are worms (or at least classed as worms)!

    I'm so confused. If AVs are starting to cover trojans, perhaps software we perceive as ATs are covering traditional AV ground as well? For sure, they cover the ground of ad-aware, spybot...

    Perhaps that's why Ewido is called Antimalware suite....
     
  23. RobZee

    RobZee Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    290
    Location:
    Texas
    For the record.........

    dodgy
    adj dodgier, dodgiest

    colloq:
    1. Difficult or risky.
    2. Untrustworthy; dishonest, or dishonestly obtained.
    3. Unstable; slightly broken.

    Etymology: 19c.
     
  24. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Hi Mrkvonic,

    I would have to go with #2:

    Jetico firewall
    AVG anti-virus
    Proxomitron web filter
    Firefox browser

    As it's the one that makes most sens. (Not up for debate this is base of the available options) why?

    Well as much as Jetico is not the best thing theres is in a firewall you can have descent protection with low mem usage/cpu and still perform great. It has descent configuration that if in the proper hands you can tight it up and be more at ease over the internet.

    Now AVG anto-virus is free (but not all free av's are good) although this one is doing great for the middle man and can keep the nasty things at bay. Now an AV is not for worms, trojan, spyware and the likes it's againts viruses, anything beyond that is an added bonuses. As every software there's on the market each of them have their own quirks.

    Proxomitron web filter is a great web filetering tool, setup correctly it can be the best thing for filtering and surfing online without to wonder if you'll get infected by those so called Java/Script/ActiveX content that can be found, do note that this is just one layer and alone it can't stop everything and YES it's possible to still get infected with something.

    FireFox is also a light program to run for web browsing it is an alternative to IE which owns pretty much the market. But also like all application getting popular attention you are bound to find that even FF is the target of Java Exploit, buffer exploit, parsing and such so thereof you can find extensions that can help you such as AdBlock/Noscript etc...

    Now this defines my choice for #2.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi Mrkvonic

    Again I have to ask. What is the point of this? There are an infinite number of combinations that can work. It depends on need, the computer, the personality. Why should one even bother with what at best is a mind game. Please explain.

    Pete
     
Loading...
Thread Status:
Not open for further replies.