Adding Firewall, Real-time Protect Against Vundo, Look N See, Do I need HIPS?

Discussion in 'other anti-malware software' started by idbit, Dec 9, 2008.

Thread Status:
Not open for further replies.
  1. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Hi, I'm not sure if I'm posting this in the right forum. I recently had a Vundo infection that I took care of. I really have no idea how it happened. No porn. No video downloads. I was using Norton AV and that's about it. So now I'm on the ball and here's what I have running real-time:

    Avira AntiVir Premium
    SuperAntiSpyware paid version
    Spyware Blaster
    Spybot SDHelper and Immunize
    Belkin router

    So it looks like I still need a software firewall to cover the outgoing. On the surface, it looks like Look N See would be perfect for me. I like the fact that it's easy on system resources. Only thing, I would still have no HIPS protection. I don't how important that is. I'm really concerned about that mystery Vundo infection. I'm not sure if my current setup would have me covered. Can somebody help me add the last piece or two to my puzzle?

    Thanks alot!
    IB
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It's very important. In fact, it's critical.
     
  3. TrojanHunter

    TrojanHunter Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    151
    Location:
    United Kingdom
    On the outbound firewall filtering subject, I do find filtering handy, but can it really stop malware from communicating out? I mean some malware can pose as a legitimate process, as to fool the user.
     
  4. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Thanks. I'm starting to think I wasted my money on the real-time anti-spyware. If I were to add something like DefenseWall HIPS, would that clash with anything on my list? If a malware tries to initiate, am I going to have two or three programs popping up at once?
     
  5. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    91
    SAS is great, just probably needed more for on demand, sanity checks...and your PC will appreciate not having two real-time scanners. You should have no issues running Defensewall with Avira, and Popups from Defensewall are minimal, at best. Until Defensewall adds outbound protection, I would suggest adding Online Armor free and look into a good imaging package. :thumb:
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    defensewall almost blocks malware silently 90% of the time:thumb:
     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    My vision is simple (deep IMHO)- HIPS and firewall are the first layers of your computer's defense as they do not require signatures of already known malicious modules. The next layer is anti-virus, it will clean up files it already knows as malicious. Anti-spyware are, mostly, useless nowadays as automatic tools. They can be usefull as a set of tools for manual malware cure process (as AVZ, for instance), but no more.

    And, as you asked about my program- no, there should be no conflicts.
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    HIPS is essential to defend a system. That is.
     
  9. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Thanks for all the suggestions. The more time I spend on this site, the more I realize I still have alot to learn! I'm going to spend some time reading up on the sandbox and imaging software.
    IB
     
  10. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Give Defensewall a shot.
    And Returnil free.
    I don't use Sandboxie but it is a good program too.
    Good luck.
    Hugger
     
  11. 3xist

    3xist Guest

    This is true. Prevention is your first line of defense, followed by detection (Antivirus) and a cure such as Returnil, Comodo DiskShield BETA, etc. Layered security is the only way forward in our days, If you don't have Prevention (HIPS) it's like having a Burglar Alarm in your house without no door.
     
  12. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    100% agree, i go even more extreme , i dont use no real time av / spy<crap>ware etc...

    i use sandboxie eaz fix (fdisr sec pc) + on demand scanners only.
    i run this way more than 2 years , never got no virus or even no single malware

    demand scanners can be run what ever u feel u need to scan , most of them are free and equal to the paid version (same sig data base) minus the "real time protection" :)
     
  13. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    So it looks like the HIPS program will be important. I do spend alot of time on password-protected sites.

    On the sandboxes, how cumbersome are they in daily use? I'm constantly moving files around on the hard drive, renaming files, etc. Will the sandbox get in the way of that? What I'm getting at - What activities will be limited, if any?

    Thanks!
    IB
     
  14. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    with sandboxie, whenever u download something in sandboxed browser or w/e your using, it gives u a pop up option to restore the file outside of the sandbox if you want to, or you can say no and keep it in the sandbox. so it shouldnt get that much in the way, takes like a second to click restore and the added protection is definetly worth that time.
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i like sandboxie alot but when it comes to save files thats where i dont like it,let's say some one at home open a file that was recovered from the sandbox and it happens to be malicius then what,you may get infected.doble layer here is a must,if i am the only one using my pc, sandboxie will be more than enough for me cause i know that anything that i recovered from the sandbox i will run sandbox.
    note:if you happen to have sandboxie and defensewall,anything you recover from the sandbox to your documents when run ofcourse will run untrusted by default,so you are still safe when double layer it.
     
    Last edited: Dec 10, 2008
  16. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    ye double layers would be best, but as long as you KNOW what ur downloading it shouldn't be a prob, thats why it may not be for the average user who just accepts everything.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    exactly:D
     
  18. 3xist

    3xist Guest

    You need triple layers, (3 layers):
    Prevention
    Detection
    Cure

    In that order. :)
     
  19. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Thanks for the all input! :) Just one hypothetical: Let's say for some reason, I want to rename an Excel file that resides in folder: MyDocuments\folder1. So I startup the computer, haven't done anything yet, open Windows Explorer and navigate to MyDocuments\folder1. I click on the file I want to rename, press F2 to rename, type in the new name and hit Enter. Will I receive a warning to approve this? Or does that depend on how I have things configured?
    -IB
     
  20. 3xist

    3xist Guest

  21. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Hi, I think I'm close to a verdict on my setup. You guys probably forgot my post already, had to put out some fires yesterday. :) At this point, I think I'm going to avoid adding a sandbox. So for real-time protection, it's either:

    Avira AntiVir Premium - AV
    Belkin router
    Online Armor Personal 3.0 - outbound firewall and HIPS

    OR

    Avira AntiVir Premium - AV
    Belkin router
    Look N Stop - outbound firewall
    DefenseWall - HIPS

    I'm reading alot of great things about Look N Stop as a stand-alone outbound firewall. Only thing, I would need to add a stand-alone HIPS program. I would probably go with DefenseWall. But I think I would rather go with just one program to cover firewall and HIPS - just for the sake of simplicity and to avoid conflicts. Online Armor 3.0 gets great reviews. I would really like to just install it and get it all over with. But would I be missing any kind of needed protection? I'm mainly worried about keylogger protection and the issue here where a trojan got by most HIPS protection: DefenseWall, SBIE and SSM bypassed by Trojan - something to do with child/parent handling. Would Online Armor be deficient in any of those aspects? Thanks for the help!
     
    Last edited: Dec 12, 2008
  22. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    I think you mean look n stop? I think the first combo is more secure, the second combo is easier.
     
  23. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    Look'n'Stop and DefenseWall work excellent together. :thumb:
    No conflicts here. :D
     
  24. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Yeah, that's Look N Stop. Oops. Coolio, when you say the first combo would be more secure, are you talking about the Matousec Firewall Challenge? If that's the case, from what I'm reading, you really can't judge LNS by those tests. That's why the separate HIPS is needed. If Online Armor would protect me better, that's good news to me.
     
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    personally the 2nd combo gives u more control and protection at least in my opinion.
     
Loading...
Thread Status:
Not open for further replies.