Am I Missing Something?

Discussion in 'other anti-malware software' started by n8chavez, Oct 1, 2005.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I was wondering if I might be missing something that would complete my system security. I currents have and use:

    Process Guard full
    VBA32
    LookNstop
    Hostman
    MRU Blaster
    NecroFile
    RegWatcher
    Spyware Blaster
    Ewido (free)

    I am trying to get a "complete" protection file for RegWatcher (registry protection) that would help. Would it be worth it to swtich to Asquared and use the personal version?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Your security looks pretty good, you might like to check out other peoples setups in the link of my signature.

    Cheers :D
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Your setup looks really good, the only thing you might add would be a script blocker of some sort, a dedicated anti-spyware scanner (for on-demand scans), and do some hardening. See the links in my sig :)
     
  4. Painkiller

    Painkiller Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    42
    Yes you are missing a good Virtualization product for security like AntiMalware or sandbokie ... cause all the software you have are "Security after the fact" , meaning that they protect after things are already in your computer ... Virtualization gives you the edge ...

    part of that, nice collection even tough i will replace the LocknStop with Outpost, but it's a may favorite ;)

    Painkiller
     
  5. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown

    Thanks for the replies. Process Guard was proactive, I thought. Also RegWatcher is a polling app put is configured to do so every 1 second. What would you recomend as far as "virtualization" security?

    I have the script host turned off on my system, so would it still be necisary to have a script blocker? I do use Ewido for on-access malware/spyware scanning, is that not enough? As far as hardening tools I have secure-it and harden-it.

    I don't think I'm going to do that. LnS uses less resources, and they just came out with 2.05p3 which is pretty sweet and I use a tweaked version of phantom's ruleset so I think I'm safe there. Also the cost of ownership is less; one you buy a licence you own it forever and don't have to keep buying it every year.
     
    Last edited: Oct 1, 2005
  6. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    N8chavez

    If you wish to try a virtualization program, both sandboxie and antimalware are free (with AM you just have to register at their forums first). There are other sorts that are very good but payware - ShadowUser, ShadowSurfer, DeepFreeze, SurfinGuard Pro <can't think of any more off the top of my head>.

    Process Guard works well with them (haven't heard of conflicts...but then each setup is different). It is a good program by itself, just a differen't concept of protection.

    For on demand scanners, it's always best to have more than one (a couple of free ones is fine - even some online scanners like Kaspersky if you are interested)

    Not sure about your other questions.
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Ah, sounds perfect then :) As for anti-spyware, Ewido will catch the nastiest of stuff, but no one scanner will catch them all. It's best to have 2 or 3. You could get Spyware Doctor and Ad-Aware and you'd be pretty well off. As Vikorr pointed out you could also use online scans. See the second page in my sig for plenty of online scanners.

    I forgot to mention, too, that there wouldn't be much use in getting a2 personal with PG, they do mostly the same things (with just a few slight differences), and PG is more reliable IMO.

    My thoughts exactly. LnS is the best :)

    Personally instead of using programs like ShadowUser, DeepFreeze, SurfinGuard Pro, etc., I use DropMyRights, which is free and uses no resources. I have also been using the DefenseWall beta (https://www.wilderssecurity.com/showthread.php?t=98240) which has been nice, although some things could still install.
     
  8. Pollmaster

    Pollmaster Guest

    Ah nice.. Now you need a firewall, several scanners -one for each class of threat (KAV,Boclean,Unhackme,spysweeper) , HIPS software (eg Online Armor) and finally "virtualization"/sandbox software to be safe. ;)

    Though the last 2 probably, conflict a bit.

    I.E , Sandboxed programs will probably be extremely restricted in behavior anyway to ever trigger off HIPS.

    I use dropmyrights too. And secureit adds 3 levels of userrights to the context menu for running new applications. Allows you to safely run untrusted app as a guest account for example.

    What advantages does defensewall beta have over this?
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yup, you can also get the shell extension for DropMyRights if you don't use SecureIt. Since I use PivX PreEmpt, there's no point in also using SecureIt. The shell extension also adds the ability to run the program with reduced CPU priority.

    DefenseWall will also block memory attacks like hooks, physical memory access, etc (in addition to file & registry restrictions). It's also supposed to include buffer overflow and some privilege escallation protection later on. It works similarly to DropMyRights in that Untrusted apps launch in a reduced security context, any processes it spawns are also in that context, and you don't get any alerts asking you to allow/deny.. it just blocks the attempt, writes to the log, and turns the tray icon red.
     
    Last edited: Oct 4, 2005
  10. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I have a licence for Regrun II gold, but was wondering if I should use RegWatcher. I don't like the polling aspect of Regrun. Yes, RegWatcher polls too but you can customize the timing. I don't really use all the features of regrun. Should I stay with RegRun or use RegWatcher and add backgroup antispyware; such as Ad-aware plus.

    Also which one do you think offers the better protection in general and against the attacks listed here (as far as registry protection goes): https://www.wilderssecurity.com/showthread.php?t=103492
     
  11. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    If you go into the settings you can change the interval that RegRun polls, too. It really is worth going through all the features and aquainting yourself with all that RegRun can do, it's really a very good program.. and there's more great stuff on the horizon ;) (RegRun has the most comprehensive registry monitor by default.)
     
  12. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    How close can you make the timings? I've only been able to get them as clase as 1 minute apart. Also, I heard they are working on a proactive registry tracer module.

    I must be missing something then. Is there a tutorial somewhere. I one at their site wasn't that helpful It would be nice to know all that it could do, and how to do it.

    What is on the horizon, for example. Anything to get excited about? Also, judging by this thread (https://www.wilderssecurity.com/showthread.php?t=32823) RegWatcher is the best. I cannot seem to get RegRun to pass all of Regdefend's tests.
     
    Last edited: Oct 26, 2005
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I would be wondering the opposite of using the extra features RegRun which I use. I already run RegDefend 2 which covers most of the RegRun registry entries, but I will be disabling the registry tracer due to too many extra pop-ups that need confirming when I already confirmed in RegDefend. The OnSecure boot is great as well as the extra Script Blocking. Anyways, should someone stay with RegRun Gold for the extra protection and not its registry tracer?

    dja2k
     
  14. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Don't know why Notok, but I couldn't install the DropMyRights extensions. I might be wrong, but I clicked on the install.bat, nothing happened.

    dja2k
     
  15. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    1 minute is the closest at this time.. maybe I understood, but I thought that's what you wanted to conserver CPU time. 1 min has been working just fine for me, though. And yes, I heard the same thing, which is one of the things I was reffering to about 'good things on the horizon'.

    The help file is pretty good, but I got the most out of just going into everything and seeing what all it does. You have undoubtedly got things that you could remove from startup, such as qttask.exe (from QuickTime) and realsched.exe (from Real Player), so you could experiment with those. As long as you don't fully delete anything, you can disable and re-enable things.

    Now that I look at it, you may be right, although I do see several things missing on the RR list in that first post.. don't really have the inclination to comb through the whole thread, though. With RR, MJ's, and RD (and I'm sure others) you can add anything you want, though. RR definitely has a comprehensive set of points covered, I don't know that you really need much more. As for what's coming up, I'll let the official word come out on that because I was told as a part of the beta testing and don't really feel at liberty to divulge everything the developers say during the course of testing (I hope you understand..). I'll say that Dmitry has been great about taking in suggestions, though, and already had some great additions planned.. once done, I'm sure we'll see RegRun mentioned around here a lot more.. overall I think it will be easier to use and a little more proactive in some ways, the new registry protection being one of the main things.
     
    Last edited: Oct 27, 2005
  16. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    You probably have to run it from the command line. If you installed it to the default location, I would remove it and reinstall it to some place easy (like C:\DRM\), then go to Start > Run, type "cmd" (without quotes), type "cd \", then "cd drm" (or go to wherever you installed it), then "install", and it should go.
     
  17. Ron2069

    Ron2069 Registered Member

    Joined:
    Mar 8, 2006
    Posts:
    1

    This link has complete instructions for setting up and using DropMyRights.
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp


    Ron
     
Loading...
Thread Status:
Not open for further replies.