Am I Missing Something?

I was wondering if I might be missing something that would complete my system security. I currents have and use:

Process Guard full
VBA32
LookNstop
Hostman
MRU Blaster
NecroFile
RegWatcher
Spyware Blaster
Ewido (free)

I am trying to get a "complete" protection file for RegWatcher (registry protection) that would help. Would it be worth it to swtich to Asquared and use the personal version?

 

Your security looks pretty good, you might like to check out other peoples setups in the link of my signature.

Cheers

 

Your setup looks really good, the only thing you might add would be a script blocker of some sort, a dedicated anti-spyware scanner (for on-demand scans), and do some hardening. See the links in my sig

 

Yes you are missing a good Virtualization product for security like AntiMalware or sandbokie ... cause all the software you have are "Security after the fact" , meaning that they protect after things are already in your computer ... Virtualization gives you the edge ...

part of that, nice collection even tough i will replace the LocknStop with Outpost, but it's a may favorite

Painkiller

 

Thanks for the replies. Process Guard was proactive, I thought. Also RegWatcher is a polling app put is configured to do so every 1 second. What would you recomend as far as "virtualization" security?

I have the script host turned off on my system, so would it still be necisary to have a script blocker? I do use Ewido for on-access malware/spyware scanning, is that not enough? As far as hardening tools I have secure-it and harden-it.

I don't think I'm going to do that. LnS uses less resources, and they just came out with 2.05p3 which is pretty sweet and I use a tweaked version of phantom's ruleset so I think I'm safe there. Also the cost of ownership is less; one you buy a licence you own it forever and don't have to keep buying it every year.

 

N8chavez

If you wish to try a virtualization program, both sandboxie and antimalware are free (with AM you just have to register at their forums first). There are other sorts that are very good but payware - ShadowUser, ShadowSurfer, DeepFreeze, SurfinGuard Pro <can't think of any more off the top of my head>.

Process Guard works well with them (haven't heard of conflicts...but then each setup is different). It is a good program by itself, just a differen't concept of protection.

For on demand scanners, it's always best to have more than one (a couple of free ones is fine - even some online scanners like Kaspersky if you are interested)

Not sure about your other questions.

 

Ah, sounds perfect then As for anti-spyware, Ewido will catch the nastiest of stuff, but no one scanner will catch them all. It's best to have 2 or 3. You could get Spyware Doctor and Ad-Aware and you'd be pretty well off. As Vikorr pointed out you could also use online scans. See the second page in my sig for plenty of online scanners.

I forgot to mention, too, that there wouldn't be much use in getting a2 personal with PG, they do mostly the same things (with just a few slight differences), and PG is more reliable IMO.

My thoughts exactly. LnS is the best

Personally instead of using programs like ShadowUser, DeepFreeze, SurfinGuard Pro, etc., I use DropMyRights, which is free and uses no resources. I have also been using the DefenseWall beta (https://www.wilderssecurity.com/showthread.php?t=98240) which has been nice, although some things could still install.

 

Ah nice.. Now you need a firewall, several scanners -one for each class of threat (KAV,Boclean,Unhackme,spysweeper) , HIPS software (eg Online Armor) and finally "virtualization"/sandbox software to be safe.

Though the last 2 probably, conflict a bit.

I.E , Sandboxed programs will probably be extremely restricted in behavior anyway to ever trigger off HIPS.

I use dropmyrights too. And secureit adds 3 levels of userrights to the context menu for running new applications. Allows you to safely run untrusted app as a guest account for example.

What advantages does defensewall beta have over this?

 

Yup, you can also get the shell extension for DropMyRights if you don't use SecureIt. Since I use PivX PreEmpt, there's no point in also using SecureIt. The shell extension also adds the ability to run the program with reduced CPU priority.

DefenseWall will also block memory attacks like hooks, physical memory access, etc (in addition to file & registry restrictions). It's also supposed to include buffer overflow and some privilege escallation protection later on. It works similarly to DropMyRights in that Untrusted apps launch in a reduced security context, any processes it spawns are also in that context, and you don't get any alerts asking you to allow/deny.. it just blocks the attempt, writes to the log, and turns the tray icon red.

 

I have a licence for Regrun II gold, but was wondering if I should use RegWatcher. I don't like the polling aspect of Regrun. Yes, RegWatcher polls too but you can customize the timing. I don't really use all the features of regrun. Should I stay with RegRun or use RegWatcher and add backgroup antispyware; such as Ad-aware plus.

Also which one do you think offers the better protection in general and against the attacks listed here (as far as registry protection goes): https://www.wilderssecurity.com/showthread.php?t=103492

 

If you go into the settings you can change the interval that RegRun polls, too. It really is worth going through all the features and aquainting yourself with all that RegRun can do, it's really a very good program.. and there's more great stuff on the horizon (RegRun has the most comprehensive registry monitor by default.)

 

How close can you make the timings? I've only been able to get them as clase as 1 minute apart. Also, I heard they are working on a proactive registry tracer module.

I must be missing something then. Is there a tutorial somewhere. I one at their site wasn't that helpful It would be nice to know all that it could do, and how to do it.

What is on the horizon, for example. Anything to get excited about? Also, judging by this thread (https://www.wilderssecurity.com/showthread.php?t=32823) RegWatcher is the best. I cannot seem to get RegRun to pass all of Regdefend's tests.

 

I would be wondering the opposite of using the extra features RegRun which I use. I already run RegDefend 2 which covers most of the RegRun registry entries, but I will be disabling the registry tracer due to too many extra pop-ups that need confirming when I already confirmed in RegDefend. The OnSecure boot is great as well as the extra Script Blocking. Anyways, should someone stay with RegRun Gold for the extra protection and not its registry tracer?

dja2k

 

Don't know why Notok, but I couldn't install the DropMyRights extensions. I might be wrong, but I clicked on the install.bat, nothing happened.

dja2k

 

1 minute is the closest at this time.. maybe I understood, but I thought that's what you wanted to conserver CPU time. 1 min has been working just fine for me, though. And yes, I heard the same thing, which is one of the things I was reffering to about 'good things on the horizon'.

The help file is pretty good, but I got the most out of just going into everything and seeing what all it does. You have undoubtedly got things that you could remove from startup, such as qttask.exe (from QuickTime) and realsched.exe (from Real Player), so you could experiment with those. As long as you don't fully delete anything, you can disable and re-enable things.

Now that I look at it, you may be right, although I do see several things missing on the RR list in that first post.. don't really have the inclination to comb through the whole thread, though. With RR, MJ's, and RD (and I'm sure others) you can add anything you want, though. RR definitely has a comprehensive set of points covered, I don't know that you really need much more. As for what's coming up, I'll let the official word come out on that because I was told as a part of the beta testing and don't really feel at liberty to divulge everything the developers say during the course of testing (I hope you understand..). I'll say that Dmitry has been great about taking in suggestions, though, and already had some great additions planned.. once done, I'm sure we'll see RegRun mentioned around here a lot more.. overall I think it will be easier to use and a little more proactive in some ways, the new registry protection being one of the main things.

 

You probably have to run it from the command line. If you installed it to the default location, I would remove it and reinstall it to some place easy (like C:\DRM\), then go to Start > Run, type "cmd" (without quotes), type "cd \", then "cd drm" (or go to wherever you installed it), then "install", and it should go.

 

This link has complete instructions for setting up and using DropMyRights.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp


Ron