AntiVirus/AntiTrojan Question

Discussion in 'other anti-virus software' started by kerberos, Dec 18, 2004.

Thread Status:
Not open for further replies.
  1. kerberos

    kerberos Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    7
    Re: Virus/Trojan Help. Please Help Me Out.

    Hi All!
    I'm new to the forum, I've been lurking around (a bit like a trojan he he) and thought I'd post my 1st and say hello to you all. I'm not sure what the actual protocol is for newbies so apolgies that my 1st post is here.
    I just wanted to say that I am extremely impressed with the way that everyone presents their posts and replies on this forum, you are all friendly, polite and all are willing to help, and that is so nice to see, i'll be lurking alot now I know you are all decent people. (Although I don't think I have the tech ability to reply and try to help with most of the questions that are asked.)
    I was just wondering about a couple of things and hope somwone could answer them for me.
    I absolutely loved the "general cleaning" post, what a great help!
    However, i was curious about what anti virus software and trojan software etc I should have on my pc. Do I pretty much uninstall anything that the download section gives less than 3/4 stars and plump for the software that have been given 5.0 stars?
    Is this what you guys have, al the ones that have been given 5.0 stars and generally ignore the rest?
    Also, I was wondering about the actual process of the cleanup. Would it not be better in general to totally reinstall your operating system and then all your apps and software etc...and then make a ghost copy of your clean & fresh install so the next time your pc messes up you can just reinstall your ghost image while the computer chugs away while you have a nice hot cup of coffee?
    I'm not sure if this is a silly way of looking at things but I was just curious about whether this is a reasonable solution as well.
    Hope to speak to you all as I progress into computers and expand my knowledge.
    Have a good Xmas all!
    p.s. I'll still be lurking in case anyone has a question or comment for me.
    Best regards,
    Kerberos.
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Kerboros,

    I will try to give an answer but it is complicated question that can be approached from a variety of perspectives. But this is what I did when I was in a similar position as yours. I was looking for comprehensive coverage and since my computer is rather new and I primarily browse the Internet (no real gaming), this is what I did:

    1) Installed Windows XP SP2 with the lastest updates

    2) Took an image copy using Image for DOS (Terabyte Unlimited) and Norton Ghost 2003 under DOS. (Either can be purchased for under $20 online). I used a Maxtor External USB 2.0 drive.

    3) Primary software protection includes:
    a) ZoneAlarm Pro firewall
    b) ProcessGuard 3.0 for software and DLL injection protection
    c) KAV 4.5 (not 5.0) AT/AV protection with extended databases.
    d) Ad-aware and Spybot for on-demand spyware scanning

    4) Took another image copy under DOS.

    This I feel is excellent core protection and I do not think it is necessary to have much more. However, In addition, because of previous purchases, I will run the following programs in real-time or on-demand:

    1) Ewido (there is a good thread showing the additional protection that Ewido may provide over and above basic AV protection)
    2) BOClean - redundant but it doesn't hurt anything. Sometimes I will shut it down if I am running a full AV or AT scan.
    3) Giant AS - I purchased it early on. I have been getting more and more FPs lately. I am not sure I would purchase it again, given my new setup. Usually I run in on-demand nowadays.

    For on-demand I use:

    1) NOD32 from time to time to back up KAV I like it and I think for me it gives me added comfort since there are things that slip by KAV - this happened as recently as last week. NOD32 on-demand caught it first and it was then verified by KAV and an online malware scan.
    2) TDS-3 for AT. It is very trustworthy and one of my early purchases.
    3) Port Explorer - there are other tools available to scan ports but I purchased this as a package along with TDS-3 and Wormguard. They have served me well.
    4) Regseeker to clean junk off that is left behind by all of the software that I try out and get rid of. Regseeker is reliable but needs to be watched. I have had no problems, but others have.
    5) CWShredder, Fluxscan, jpeg scan are specialty scans that I run when I think there may be a problem. They have never found anything, but I like to scan for completeness sake.
    6) HijackThis is a great tool especially when you are trying to get others to help you out on forums like ComputerCops.

    Well that is about it. Basically, ZAP, KAV, and PG 3.0 are the really key components and I think it is a pretty hard barrier. After that .. well it is a matter of resources and browsing habits. I like backup scans because sometimes I am not sure, and I would like to be sure. But if you have an image copy and a good core defense - as well as backups of your data files - I think you can do with a basic set of firewall, AT, and process protection. Not very complicated at all.

    Hope this helps,


    Rich
     
    Last edited: Dec 18, 2004
  3. kerberos

    kerberos Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    7
    now THATS a great answer.

    Thanks Rich. :)
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Kerberos,

    I follow a strategy similar to that described by richrf. I generally run "light" on the realtime with a fair amount of on-demand backup.

    I use two boot partitions which are basically the same aside from installed AV. The running applications are and that's it for realtime protection. On-demand coverage/diagnostics/analysis includeI also have on hand the following useful utilitiesThere are a few other things installed (like the full version Arcavir - excellent heuristic engine) which I periodically enable/employ.

    Blue
     
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Re: Virus/Trojan Help. Please Help Me Out.

    Hi Kerberos and welcome!


    As there are so much info in forum about this i will give an short answer.

    For anti- viruses, any one of the following will give you good protection:
    Kaspersky, Nod32, F-Secure, F-Prot, McAfee, DrWeb or BitDefender.

    For an anti-trojan solution:
    BOClean, TDS-3, Trojan Hunter or Ewido.

    For spyware:
    Ad-Aware, Spy Sweeper, Spybot or Giant. Ad-Aware has a free version and Spybot is free the rest you have to pay for after the trial. Ad-Aware (if you pay), SpySweeper and Giant has real-time monitoring.

    The key to all this is to trial them and see which one you like most. The best way to do this you actually describe yourself in this:
    This way you don't have remnants from the other products possibly creating conflicts and destorting your view on these. It's quite time consuming of course. ;) :)
     
    Last edited: Dec 18, 2004
  6. kerberos

    kerberos Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    7
    Guys, this is GOLD DUST! You have no idea how much you're helping me here.
    I'm now the proud owner of a Shuttle PC that's pretty powerful, I'm looking after it as I'm so proud of it! Some excellent links there.
    Thanks guys. :cool:
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Glad the advice is helpful to you. One more thing that I should mention is that I use Firefox 1.0 for browsing and online email through Yahoo which actually has excellent filtering/anti-AV tools nowadays. I also use Thunderbird for email when I need it. I do not store passwords on my computer. Getting rid Explorer and Outlook Express was a major aspect of my strategy. Getting rid of Windows (more strategic in nature) is another part. ;)

    Rich
     
  8. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Welcome to the Wilders! You have already gotten plenty of good advice, so I will be short. If money is an issue Ewido would be fine, but my preference in AT would be BoClean. If you have other AT doing a file scan, it is good advice to shutdown BoClean.

    And I find much help from good people here as well. :)
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Kerberos, welcome to Wilders.

    This is what is set up on my system currently with Windows XP Pro. They all play together nicely and are very simple to use, update and maintain:


    1. Acronis True Image (paid product) – Total system backup, and incremental backup to various media, including CD/DVD, additional Hard Drive etc. Use this when you have first installed a FRESH copy of windows and again when you have installed all your KNOWN stable programs, do this BEFORE you have transferred your data onto the system. Even better still, have your data on a different partition as well as a BACKUP Drive.
    http://www.acronis.com/


    2. Nod32 – Anti-virus (paid product) – Anti-virus software.
    http://www.nod32.com.au


    3. Spyware Blaster (FREE) – Spyware Prevention.
    http://www.javacoolsoftware.com


    4. Spyware Guard (FREE) – Real time scanner for Browser Hijack prevention.
    http://www.javacoolsoftware.com


    5. Spybot Search and Destroy (FREE) – Spyware removal and protection, with registry monitor. If running the above 2 programs, your system should remain fairly clean.
    http://beam.to/spybotsd


    6. AdAware (FREE, paid PRO product available) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
    http://www.lavasoftusa.com


    7. Security Patches (FREE):

    BugOff.exe
    http://www.softpedia.com/public/cat/10/17/10-17-218.shtml

    dsostop2.exe
    http://www.nsclean.com/freebies.html

    htastop.exe
    http://www.nsclean.com/freebies.html

    TweakUp.exe
    http://www.softpedia.com/public/cat/12/1/12-1-30.shtml


    8. Zone Alarm (FREE, paid PRO product available) – Firewall with visual outgoing alerts.
    http://www.zonelabs.com


    9. Proxomitron (FREE) – Proxy. This allows a program (local or remote) to sit between your web browser and the Internet at large, to monitor everything and change it if you want to.
    http://www.sankey.ws/proxomitron.html


    10. Kye-U's filters (FREE) – Rule Sets for Proxomitron giving greater protection against exploits.
    http://www.kye-u.com/proxo/forums/i...topic=131&st=0#


    11. Ewido (FREE, paid PRO product available) – Anti-Trojan.
    http://www.ewido.net/en/


    12. IE Spyad (FREE) – Adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.
    http://www.spywarewarrior.com/uiuc/resource.htm


    13. Mozilla Firefox (FREE) – Safer Web Browser - try some of the exploit tests in the "Polls" section here at https://www.wilderssecurity.com/index.php it's scary stuff, enough to have most sensible people start looking for better solutions. The programs listed here should be enough to thwart the majority of these current exploits.
    http://www.mozilla.org


    14. Mozilla Thunderbird (FREE) – For email. I don't use it because I only have Hotmail.
    http://www.mozilla.org


    15. Prevx (FREE, paid PRO product available) – Host Intrusion Prevention.
    https://www.prevx.com/


    16. Hosts File (FREE) – Website Filter blocks garbage websites.
    http://accs-net.com/hosts/get_hosts.html


    17. MJ Registry Watcher (FREE) – Registry Monitoring.
    http://www.jacobsm.com/index.htm#sft


    18. Keymaker (FREE) – Password Generator.
    http://www.toolsforselling.com/v1/1/password.htm


    19. Replicator (FREE) – Backup program.
    http://www.karenware.com/


    20. Crap Cleaner (FREE) – Deletes all Temp files and MRU (Most Recently Used).
    http://www.ccleaner.com/


    21. Process Guard 3 (paid product) – Locks down and protects all your programs at the lowest level in Windows.
    http://www.diamondcs.com.au/


    22. Netgear FR328S ProSafe Firewall (paid product) – Cable/ADSL Hardware firewall and Router with External Modem backup facility.
    http://www.netgear.com.au


    The above will give you a very tight system. Ultimately it comes down to safe practices, and it is always best to practice and think of safety, otherwise it will remind you and it won’t hold back in doing so... it's a bit like gravity, very unforgiving...

    You may also want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    Hope this helps.

    Let us know how you go…

    Cheers :D
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Here's some more for the list:

    Prevx - behavior blocker, should something slip past your scanners, this will alert you to actions commonly taken by malware and allow you to 'deny' infection. Free and inexpensive paid versions available.

    RegRun - Comprehensive suite of tools that alert you to system changes commonly made by malware, allowing you to reverse those changes. Also many good tools for keeping your system in good shape if you install a lot of software. RegRun does too much stuff to really summarize in one paragraph, but the basics are that it's a very comprehensive replacement for MSConfig and system monitor.

    Qwik-Fix System hardener/pre-patcher. Pivx identifies security vulnerabilities and creates work-arounds for those vulnerabilities. Qwik-Fix auto-updates and applies those workarounds until the software vendor can put out a patch (mostly Microsoft), effectively patching your system until an official patch is available.

    SafeXP - Free system hardening utility. Run it, check options to disable vulnerable components of Windows, and then you don't have to worry about it again :) Covers some different ground than Qwik-Fix.

    BugOff - Another free utility to resolve some Windows Vulnerabilities. Lots of other good stuff on this page, too, including HijackThis and the original CWShredder (all made by the same person.)

    Windows Worms Door Closer - Closes netbios ports and such, effectively closing the door to worms that load themselves up on your computer without you knowing. This gives stronger security against more than just worms. See the rest of the site for info on firewalls.

    Javacool's software - Free and effective anti-spyware solutions, all of his stuff is highly recommended by just about everyone here, including myself :)

    XPSecurity - Security tweaker for WindowsXP SP2, this program is becoming more impressive with every build. This doesn't do the same things as SafeXP or Qwik-Fix, but gives you access to all of XPs security settings in one place, with a few other goodies.

    Sentinel - Integrity checker that utilizes your anti-virus program to check system files at startup for changes, and scans any files that have been changed for viruses. This is especially good if you have an antivirus that has more options for on demand scanning than it does for real-time scanning. Most AVs do these days. You can employ up to 2 antivirus/anti-trojan scanners with it.

    Tech-Protect - Free shell for F-Prot for DOS (free) that will virus check a file when it executes, also auto-updates. Great little utility, lots of other great (non security related) stuff on that page too. :)

    DropMyRights - Nice little utility to run a program in a limited security context. This is meant to run such things as your browser and email as a limited user from an administrator account. If you already run as a limited user, this can drop your browser's/email's rights even further. Great utility, may not be suitable for inexperienced users, however.

    Proxomitron with Kye-U's filters (see the thread titled "Browser Security Pack") - A free content filter, Kye-U's filter pack filters javascript exploits used to compromise your browser. Gets rid of ads and malicious scripts from the websites you visit! Sadly Proxomitron will not be updated, but a new spin-off called Proximodo is in development (early stages right now.)
     
  11. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Bluezanetti, you recommend KAV WS instead of Personal or Pro, Why? what is the difference? I think I have read somewhere that WS will work with a Personal key file, is this true? Thanks in advance.
     
  12. nod32_9

    nod32_9 Guest

    I want SPEED and STABILITY. That's why I install and auto load the ABSOLUTE minimum number of applications to get the job done. The only two proggies running full time are Zone Alarm Pro 4.5.594 and the free Avast Home email scanner (no full-time antivirus protection).

    I keep only the operating system (unpatched WXP Pro SP1) in the C primary active partition. This allows me to backup/restore windows (image file) in less than 5 minutes.

    Bug free since 2001. It's better to start out light and add more security stuffs if required. Just make sure that you have several good backup image files in case of a disaster. Oh yes, the time to test the imaging software is when you've just clean-installed windows. I would recommend Bootit NG. The older version of Drive Image 5 is easier to use, and is also highly recommended.

    Your #1 defense against PC baddies is the backup software (Bootit NG, Drive Image 5, Drive Snapshot, etc...). The firewall and antivirus program form the second line of defense. And finally, there's the user. Treat each new website like a stranger at your front door.
     
  13. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    flyrfan111,

    I don't want to go too far afield of Kerberos' original topic, but it does speak to an issue we all face when we pull the trigger on a specific purchase, selecting between closely competing options.

    For me it's a cost issue. Five home PC's are outfitted with it, and a volume discount was the initial driver (it was the same story with Outpost Pro - went with the family license, ditto for BOClean - their license structure is very friendly to a multiple PC home). To me it appears to be functionally equivalent to Pro for the 5.0 version level, at the 4.5 version level it was Personal with network support. If you need to outfit multiple PC's and wish to go with a paid solution, it's a very good option.

    Right now it appears that ICE Systems still offers single WS licenses at the same cost as Personal. IMHO, WS is a better buy. I went with a multiple unit purchase, and KAV WS was the only platform discounted at the time, so that's how I went. Right now, a 5 pack direct from KL goes for $173 (vs. $207.50 for 5 Personal licenses). As I recall, that discount is roughly what I received. I purchased from ICE Systems and very highly recommend them - they do provide value added service - akin to the personal touch offered by Lisa and crew from KAV UK.

    It's not so much that I recommend KAV WS over either KAV Personal or Pro, it's simply what I use, it's the version that I have direct experience with.

    That said, I would not use the Personal version myself these days. I prefer to have the higher level of configurability. If the WS option were not available to me, I would have upgraded all my licenses to the Pro level at renewal time a couple of months ago.

    Blue
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    For speed and stability I definitely recommend the hardening/tweaking utilities. The only one that installs and runs resident is Qwik-Fix, but if you really want to you can always disable it from starting during boot (in both the startup registry and services) and update manually. The others don't even install, but they will disable unnecessary Windows components leaving you with an even faster system.

    I can't say that ZoneAlarm would be my first choice in terms of performance, however. For that I would choose Kerio 2.x, x-Wall, or Look n Stop, and NOD32 anti-virus.
     
Loading...
Thread Status:
Not open for further replies.