Discussion in 'other security issues & news' started by GUI_Tex, Feb 4, 2006.
I have adaware, spybot, ms antispyware, norton, ewido, and zone alarm, and a few miscelaneos tools.
And that's overprotected? Deep Freeze, Process Guard full, Kaspersky antivirus, Core Force, Spywareblaster and Snoopfree for "regular" operations, pluse Sandboxie or VMWare for "known malware sites" browsing, Ewido (free), Lavasoft Ad-Aware, Spybot Search & Destroy and of course KAV for scanning, I wipe all free space with Eraser (once in a while), I keep every personal documents encrypted with GnuPG or TrueCrypt, check all suspect connections with the Ethereal sniffer, all passwords encrypted with Password Safe, never use IE (either Firefox or Opera), never store passwords or permanent cookies for any browser... and that's just on the Windows machine (the OpenBSD machine has even more paranoid settings... actually, much more) and I use only sneakemail for every mail contact (haven't received a single piece of spam in years)...
I didn't realize my post went through..
well that's good to hear those tools work for ya..
The most heavily impregnanted machine I use that runs regularly:
Jetico firewall (with full app control)
Proxomitron web-filter (with Kye-U filter)
AVG anti-virus with BitDefender, ClamWin on demand
Microsoft Anti-Spyware in real time
Ewido, A2, Ad-Aware and Spybot on demand
Attack Shield Worm Suppression
Firefox browser with Adblock, Noscript, Block Cookies and more.
AxCrypt, DriveXML, SnapShot, ERUNT for backups
CCleaner, TU2006 for cleaning
NTREGOPT, Pagedefrag for optimization
HijackThis, A2 HijackThis, Autoruns
Additional Restriction Policies enforced per need
Additional tweaking using BugOff, WWDC, SafeXP per need
Another 100+ utilities installed and ready to use
The above PC is used mainly for my experimentations, proof of concept thingies and finding best performance / least incompatibility issues in order to use on other more practical PCs.
Is it overprotected? Yes. Do I need all this above? No. Hobby? Yes.
What do you need, practically - firewall, anti-virus and non-IE browser is enough; wanna get funky - throw in a real-time anti-spyware and anti-trojan and you're set. Wanna try different approach - go with sandboxing or HIPS, but you can achieve similar results using Restriction Policies.
Theoretically, if I may be bold and audacious, you can get away without firewall by using nat/ics, and you might not need anti-virus if you use common sense, fairly impregranted browser (firefox with extensions, including Dr.Web extension - anti-virus runs on server), and for the sake of fun, Proxomitron web filter.
From what u mentioned, I think i am pretty OK with my security (minimal).
firewall - lns
av - nod32
brower - opera
antispyware - spyware doctor (ditched my spysweeper)
antitrojan - none (can prevx be considered as an antitrojan?)
I am a very safe surfer. Does P2P (ditched my peer guardian coz makes my surfing slow).
Prevx is not anti-trojan. You might wanna consider Ewido with real-time protection or the free version which is on demand. But if you don't mind spending money, do it.
As to Spyware Doctor, it is reasonably ok, so is Spy Sweeper, but so is MSAS, which is free.
I use PeerGuardian while downloading and feel no difference. Just enable only the p2p filter. Contrary to popular sayings, p2p of itself is not dangerous. It becomes dangerous when you use bundled crap applications and download cracks and all sorts of exe. No different than downloading an exe from the internet via browser. But for movies / music, it's innocent. Just make sure your p2p application is fully patched and cannot be exploited.
I don´t think I´m over protected actually I think I´m under protected, nowadays the internet can be very hostile so it´s best to cover most if not all system areas that might be exploited in attacks. At the moment I´m not fully satisfied with my setup, so I´m keeping my eye on certain interesting apps. I´ve already tested quite a few HIPS but so far they all have their drawbacks, so I hope to see them improved.
If you're looking to trim down the number of apps running real-time, I think you could safely just use Prevx1. The database is quite similar to an anti-trojan, it just isn't a scanner. With anything unknown, though, it will first give you a chance to deny it from starting, and if you allow it then it can give you information on how it's acting. You could use the free versions of a2 and/or Ewido just for scanning with, but it will also work just fine with a realtime guard, like Ewido, if you want to run both.
Separate names with a comma.