Basic security questions

Discussion in 'other anti-malware software' started by dw426, Jan 3, 2007.

Thread Status:
Not open for further replies.
  1. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hi everybody, I'm brand new to the forums :) I've been following along at websites such as this, CastleCops and Wilders for a good while now. I'm pretty much a newbie when it comes to security stuff, and, lol, I've had some frustrations and head scratching sessions when trying out new apps. I've often gone overboard with apps and had to reinstall just to get things working again :)

    So, I just have a few things to run by you guys and gals so I know where I stand security-wise and to prevent my head from spinning further. I'll do my best to get straight to points and sort of catagorize my questions. I sometimes get unintentionally long-winded, so please be patient with me :)

    Ok, first of all, I know what I basically should always have. That being a firewall, anti-spyware, and anti-virus. Here is my current setup:

    Windows XP Home SP2--all patched up.

    Comodo Personal Firewall--no hardware firewall at the moment, though I'm not having any issues so far.

    Anti-Vir Free Edition

    SuperAntiSpyware

    Spyware-Terminator--Real-time and HIPS both enabled

    SpywareBlaster

    A-Squared Free

    MVPS HOST

    Edexter--so I can finally access Windows Update again, lol.

    PeerGuardian 2

    SiteAdvisor

    Firefox 2 with AdBlockPlus and NoScript

    IE 7 locked down with settings advised at the MVPS HOST website

    Am I doing pretty good here or am I missing out on anything very important. I understand that things like ProcessGuard and SSM are being used alot, but are they an absolute MUST? With the HIPS enabled on SpywareTerminator, I still get told a lot about when DLLS and things are trying to go active, and I understand that that is also what things like SSM do basically.

    I want to be as secure as possible, and am very interested in learning much more about security, but as I mentioned earlier, I've had some bad times with maybe installing TOO much and my system getting all weird on me. I even went so far as to try these sandboxing things and a program called "All-in-one Secretmaker", both of which left me wanting to smack my computer (to be fair it's quite likely it was just an ID10T situation).

    My last concern is SiteAdvisor and alternatives to it. You see, SiteAdvisor tends to do funny things. For instance, in IE, a bad page is blocked period, but in Firefox, those same sites are accessible. That seems kind of dangerous to me, even if Firefox doesn't support good or bad Active-X. Also, SiteAdvisor seems to like to change its mind often as to whether a site should be red, green, or yellow.

    This is especially seen in Firefox 2 with NoScript. I read an article on SiteAdvisor today about specific websites and how they are rated (not too fond of letting users decide, no offense meant to them, but that leaves open the possibility of shall we say preferential treatment). Anyway, I tested out a website known to be bad because I noticed that turning NoScript on and off made SiteAdvisor change its color.

    I tried a place called "Sexocean" (yep, porn site, lol). Now this place is known for all kinds of crap trying to invade you. I turned off NoScript and kept AdBlockPlus on, and SiteAdvisor turned grey, meaning it had no idea what was on the site. I turn NoScript back on, and SiteAdvisor goes green and says every thing is A-OK. Is this due to NoScript blocking all the malware scripts at the website?

    I'm kind of leery about trusting SiteAdvisor for these reasons. That being said, I'm aware of programs such as SiteHound (tried that today and the stupid thing would parse the URLs every time and never load the database to protect me, I quickly tired of trying), Dr Web LinkChecker, and such. I would prefer, even though yes it's a privacy concern, to have an alternative that checks the sites I visit as I go along such as SiteAdvisor, but is this Dr Web worth looking into?

    I apologize for being so long, I'm just trying hard to take preventative measures and stop wasting time overloading myself on apps, especially ones that just don't seem to work. Thank you for taking time to read this, I hope to learn as much as I can and maybe one day being the one answering questions :)
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    I think you have way too many security apps.
    That said, I think the first question you need answer is:

    Am I confident enough in myself to know alone what's best for me? If not, what are the methods to improve my knowledge / skill that I will be able to rationalize my security setup?

    You should invest in knowledge needed to answer these questions rather than in security applications that might forestall or invalidate the need to address them.

    The very fact you're doing what you're doing speaks of a curious mind and that is a good thing.

    I think the site-checkers, anti-phishing, anti-pharming are a total waste of bytes. Useless. It's up to the user to control his system rather than place the fate of his machine in hands of some bot / list thousands of miles way.

    I'm not sure what Edexter does...

    SuperAntiSpyware and Spyware Terminator are kind of redundant.

    Hosts file and SpywareBlaster are not needed if you don't use IE.

    Firefox with Noscript is enough to make your browsing peaceful and quiet. And as you might have seen for yourself, nothing dramatic happens when you Fox a porn site.

    Ask yourself these:

    If something did threaten your machine:

    Will you able to recognize the threat?
    Will you be able to counter? - read YOU not software.

    Further:

    Do you understand how the OS works?
    Do you understand the services, processes, networking?
    Do you understand how a person's machine can be hacked?
    Do you have a basic set of principles by which you use your machine, check your email, do online stuff etc? What is your strategy?
    How do you tell apart good from bad?
    Do you understand how you can functionally block the major vulnerabilities of the system you use?

    A side question, would you allow scvhost.exe to connect to windowsupdates.com?

    Mrk
     
  3. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Autopatcher XP is nice http://www.autopatcher.com/autopatcherxp/


    Aah, sneaky :) ...must...read ...carefully
     
    Last edited: Jan 3, 2007
  4. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Ive two links for you ;)
    the first is a (rough sketch) checklist plus on hardening and setting up security for W2K\XP
    (you have any specific questions about a step I'll elaborate)

    the second would be a review of classic attack vectors

    when setting up a defense in-depth its important to cover as many bases as possible and not necessarily rely on security applications XYZ to bounce every bit of nasty code, more important is to be alerted that your security might have been breached and to make a total recovery back to a known secure state painless and quick. (then you address how to fix the hole)

    You can go a long way (as alluded to by Mrkvonic) if you modify how you employ your aps (sandboxes\virtualization) abstain from employing some aps\protocols (IE, activeX, constrained javascripts) and generally get to a point where you can recognize when something has gone wrong (employing a rule based firewall, HIPS\ familiar with legitimate processes\applications,)


    Blind Faith, leads to blind spots
    Welcome to the Forums :D
     
    Last edited: Jan 3, 2007
  5. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I have AVAST antivirus, a hardware firewall and Windows firewall enabled and am running the current BufferZone free. That's it.

    Using this setup for the past couple of weeks, nothing has gotten onto my computer. I clear BZ at the end of every session and run Ccleaner. I could as easily retire Ccleaner. There's been almost nothing to clean.

    I have NOT messed with the more dangerous side of the web, though, such as downloading from warez or similar sites. My bet is, BZ would work just fine in protecting my computer.
     
  6. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    do you know what DNS poisoning is?
    Cross site scripting?
    You virtualized every session?

    the web is like quantum physics not newtonian physics
    its all probabilities of being where you think you are
    not definitive reality. You likely havent been to the "bad side"
    but its impossible to rule it out. (easily)

    Its also damn hard to rule out something you cant see
    you have a high confidence you havent been subverted becuase your security reports your clean
    but the security is being monitored by what?

    (The Filechecker forum is here)

    I can see your posts and know your up on this stuff but maybe youve forgotten the context of this thread?
    (read my rhetorical questions shouldnt be taken as an attack, but provided for the OP's benefit)
    Virtualization is a great tool but again blind faith in a single ap is eventually misplaced.
    ;)
     
    Last edited: Jan 3, 2007
  7. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Thanks much, Ice Czar for the links. I have heard of both and read some on it, but not that detailed.

    Having read that, I'll say that as far as I know I haven't been to any darker websites. I've had no problems so far, using my habit of cleaning BZ at the end of each online session and running Ccleaner to remove history and all else from my box.

    I also understand that nothing is 100% guaranteed safe, and your point is well taken. It's given me something to think about.
     
  8. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Hello Chuck57


    I think your setup is fine and more of 'Thinking About' tends to lead to that vicious circle of adding more security programs 'Obsession' to achieve that '100% Security'. I've done it, you've done it and many others too!. Once you accept the fact that 'Nothing Guarantees 100% Protection', it's much easier to realize that one can still get close to it with a minimal setup.
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Wow, I asked a bunch of questions and Mrkvonic bombards me with even more (I mean that joking manner), lol. But that's cool, I like that. I'll hit your last question first, would I allow "scvhost" to access Windows Updates. Actually, that sounds very suspicious to me. As I understand it, it should be svchost.exe. I believe that malicious files often rearrange their name and stick themselves in the system32 folder. And as far as Windows Updates go, http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us is the correct address for Updates. S no, I don't think I would allow either action.

    The next question is am I confident enough to know what to do without security apps telling me what these processes might be and from what location are they starting. That my friend is a big ole no :) As you said though, I need to and would really enjoy the process of learning how. I do indeed have a curious mind, which ha led to more reinstalls than I will admit to, lol. I agree somewhat with your advice against link-checking and such apps as SiteAdvisor in that I need to be in control of where I go. The only issue seems to be nowadays people seem to be putting this malicious script and virus crap on every type of website, not just the crack and porn sites.

    You can always try and research a website, sure, but the web is a big, big place, and not everyone has been everywhere most likely. Oh, here is the link to the explanation of Edexter http://accs-net.com/hosts/eDexter.html. Evidently a HOST file can interfere with accessing not only bad sites, but good sites too. Especially, as in the case of Windows Updates, if they are hosted on a known ad server. Which in Windows Updates' case seems to be Akamai. So Edexter creates this "personal server" that somehow or another filters it or something and lets you access sites in these situations. As you can tell, I really don't know, it just works. Which also brings me to wonder is an app that lets me bypass my own protection, being the HOST file, a good thing? Jeez, now I'm getting suspicious of my own protection, lol, though that may be a start in the right direction.


    "Do you understand how the OS works?"...Well, not enough to give you a confident answer. I hate to be thought of as completely oblivious to how my own OS works, but I'd rather be honest and learn than act like I know to save face and end up with problems I can't ask about because I tried to act smart and don't want to be embarrased when I get called on it.

    "Do you understand the services, processes, networking?" Vaguely about networking. I know how to set up a router and I know that the firewall on one protects you by being the first thing a hacker gets to instead of being able to go straight through the modem.


    "Do you understand how a person's machine can be hacked?" Well, I know that often trojans, viruses and spyware sometimes come piggybacked with programs and somehow invisibly install in the background when installing said program. I also know sometimes it does it right out in the open and the EULA tells you it will, but the person just clicks yes to everything because they want their neato software and their pirated downloads right this minute, not after reading some long EULA.

    "How do you tell apart good from bad?" I honestly try and let my security apps do that. Now if Comodo pops up that something is trying to do this or that and it either doesn't tell me or doesn't know what application started it. I'll try to deny it and see if anything stops working. The problem with Comodo right now is that it refuses to remember my answers. I'm always telling it "yes, firefox can access the net, calm down", or other such things. If a particular process that none of my apps knows pops up trying to do something, I will often Google it. Do I do it all the time, no, and that is my own fault if something then goes wrong.

    "Do you understand how you can functionally block the major vulnerabilities of the system you use?" I know how to use tools to do so, such as the ones at GRC.com, anti-spyware, firewall, and anti-virus apps. I can also lock down IE if I know what to look for in the settings. Basically no I don't know how to without apps or having to read a step-by-step thing. But again I'd like to fix that.

    "Hosts file and SpywareBlaster are not needed if you don't use IE." Please don't take this the wrong way, I do mean well, but it just doesn't sound like any other advice I've been given. Even though Firefox doesn't support Active-X, aren't there still many other methods of bad things getting on? Javascript and Java are supported, and javascript seems to be a big way of getting crap on systems. I like Firefox and do trust it a bit more than IE (even if the thing crashes more often than Windows with each release Mozilla throws out, at least in my experience), but isn't it still vulnerable to a lot of things to? And, I thought SpywareBlaster really healped out with the blocking of known bad 3rd party cookies and such? Granted the thing never makes a peep about anything, so it's like it isn't installed anyway.


    And, lastly, even though Firefox is deemed much safer than than IE (though I have to admit seeing the settings of IE and knowing I can change them all comforts me a bit more than seeing the options of Firefox and being either able to block cookies outright or allow them outright, or either this or that but no in between), it can still visit and be affected by websites and activities that a HOST file blocks can it not? Again, it goes back to the whole thing of the net being a big place. I certainly wouldn't be able to tell good from bad on all websites, so it's nice having a HOST file that has done that research. I'm aware though that they often can block mistakenly, can block too much, and can go out of date very quickly, as IESpyAds evidently has from what I have been reading.

    Cprtech, I looked at that Autopatcher site, it looks good, but is it not safer to go to Windows Update itself and knows it's a safe place to patch up? I don't download every single update they offer, some are for earlier versions of Windows programs, some are not needed, and some I don't want hnging around, such as some Peernet thing they keep asking me to install to "make P2P" better....I don't think so, sounds like a spying program to see if I'm doing any P2P. I don't like the whole WGA thing either, but it's installed.

    Ice, I'll check out and read those two websites, maybe it'll get those dusty old wheels in my head turning again :) Thanks everyone for your input and suggestions. Like I said, I'm more than willing to learn and listen.

    EDIT: Oh, Mrkvonic, I forgot to answer your last question, "Do you have a basic set of principles by which you use your machine, check your email, do online stuff etc? What is your strategy?"...Well, I do my email checking at my ISPs' website, I don't have a stand-alone app, but have used Thunderbird in the past. If I download anything, I run spyware and virus checks on the file or, if it's a number of files in a folder, the whole folder, first before I open anything. I also usually use EULA Analyzer to read the EULAS before installing. I do use P2P, the vast majority being Bittorrent and rarely Emule. And checking out the files first applies to those two apps also. Since I use Siteadvisor, if a search result is yellow or red, I don't click, if grey I think about it first and make a decision. If I am surfing and hit a yellow or red, I get out, and, if grey, I read the page without clicking anything and make a decision as to whether I should stay or not. I always keep AdBlockPlus and NoScript going and adjust their settings depending on how the website is acting. If it won't load prperly I might let the top-listed script in NoScript through and see if that fixes it without letting the other scripts through.
     
    Last edited: Jan 3, 2007
  10. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    actually if every session was virtualized I dont see how youd have possibly been compromised short of an exploit for Bufferzone which is unlikely
    or some inappropriately trusted file or ap you installed directly (that passed muster with the AV)

    my point was that from both his software list and your lean setup there appeared to be a few classes of security either not mentioned (hardening the OS itself) or missing, monitoring your critical files, security exe & dll, AND security benchmarks (IceSword\Rootkit Revealer\Baseline security analyzer ect)

    I do consider a HIPS a critical piece of software these days, not necessarily as a defense mechanism but as at least another tripwire. It provides you with information that should be researched and thought about before being allowed to execute. But the real clue youve been subverted is changes to security aps, basically making your tripwires too complex for automated malware to subvert them all, and a portion of that is your security logs (auditing objects, ect)

    ;)
     
  11. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Actually the two products "play well" together and both offer different types of protection - no single product can get everything on a given day, so using SAS or ST as on-demand for additional checking of the system is actually a good idea - SAS does not consume a large amount of system resources so there is no harm in leaving it in place.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Nick I did not mean to discredit your app. I meant the dual protection is redundant. Go with one or the other. In this case, SuperAntiSpyware.

    BTW, I have been testing SAS lately, it's a solid product. It has a nice growth potential.

    Mrk
     
  13. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    I didn't take it as a discredit at all! I was simply bringing up the fact that no one (SAS or ST) can catch everything on a given day - so having both does not "harm" the system or slow it down.

    Thank you for the kind comments regarding SUPERAntiSpyware - we are working hard to keep improving the product, the detection rates and user friendliness.
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Ack, sorry, been having to edit my reply to you guys for spelling and when I've forgotten to answer something because I was away for a bit and the thread went on without me, lol. Anyway, my reply is all corrected now so please, if you see anything I'm doing that needs to be changed, let me know :)
     
  15. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I enjoy this type of discussion, where various viewpoints are presented on different aspects of security.

    A question now presents itself: If a program like BufferZone, Sandboxie, or DefenseWall is available, that will essentially protect your system, if used with a good antispyware system, or antivirus and a firewall, what's the need for more?

    Virtualization seals your system from most things, or probably all. Sandboxie isn't exactly virtualization as I understand it but it does stop nearly everything. What might get through, your antivirus or antispyware takes over. The firewall, either hardware or software or both will do that part.

    So, is any more layering really necessary and when does paranoia (speaking from personal experience) begin to develop? I finally sat back, took a hard look at things, and trimmed WAY down, picking the few pieces I thought were most effective and dumping the rest. Does this mean I'm going to stop playing with other software -- I doubt it. I'm obsessed with trying new things. But, my basic protection will probably remain with BZ, firewall, and antivirus/antispyware.
     
  16. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    I run a very lean setup as well, but the depth is greater than what your describing.

    Virtualization if employed religiously will eliminate exposure to the vast majority of threat vectors. But not totally eliminate them. There will still be direct "trust" issues when installing applications or even employing data that could contain malware not identified by an AV.

    Since they are likely automated trying to break them with hardening is cheap insurance. Provided its not in the way of how your employing the computer. In addition employing a HIPS provides you with too much information to ignore in my book, it can help you assess how much trust you are willing to place in an ap\data and act as a trip wire.

    And finally security logs and real time monitoring of critical applications along with known clean security benchmarks provide you with a very high confidence at no additional cost and little resource use.

    these are layers of defense both above and below the ones most commonly discussed in here.
    But they are important and generally cost nothing.

    Final point is virtualization is now in ascendancy, that wont last forever
    things change sometimes suddenly, which is where the depth and complexity of trip wires comes in.
    A direct exploit of a trusted ap, the OS, ect cant really be ruled out,
    when that happens "generally" an attempt is made to subvert security
    better to know something fishy is going on than a false sense of security
    it may evade your AV, your firewall, your hips, your sandbox,
    but likely it will need to do something that will get logged since its damn hard to do all of them at once
    (unless there is a real person behind the attack cleaning up after themselves which is again unlikely)

    we start to get into smaller and smaller areas of probability
    but the real question isnt "is this obsession"?
    but rather what kind of return on investment do we get?
    since these are largely steps that are simply labor without monetary investment....
     
    Last edited: Jan 3, 2007
  17. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500

    isn't emule an infected application?
     
  18. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    MalwareDie, I've never found any detections in the Emule program itself, no. It's definately risky behavior using, I admit that, so I try to be as cautious as I can. Again I don't really use it much, only if Bittorrent doesn't have what I'm looking for. I'm using P2P less and less these days because of the dangers and also because I don't feel like having to mess with legal problems :)
     
  19. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    On a fresh install, Autopatcher is excellent because you don't even need to be connected to the internet. You can also choose exactly what you want to install, and there is only one reboot required during the entire process. The only problem with Autopatcher is the updates come out a little later than Microsoft's.

    There is nothing wrong with the WGA because it is required for the automatic checking/downloading of MS updates, but just stay clear of the notorious WG Notification tool. It behaves as spyware and is not required. You could go directly to the MS Download Center and download/install critical and other updates from there, avoiding even the WGA tool for all but a few select d/loads such as WMP 11 and Win defender, to name a few, but that is rather tedious. Autopatcher is slick and effecient.
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Well Cprtech, I'm gonna keep that website bookamrked then, because let me tell you, having to download, at last count, 70-something updates every time I reinstall is well beyond being a pain in my rear:)
     
  21. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Hope you like it. Just be sure to install SP2 first (if you have re-installed Windows XP), unless it is already integrated in your XP cd. As for installing Autopatcher, it is important to install the releases in the exact order they were released in. November 2006 Full would be installed first, followed by December 2006 Update next. Just choose: "Upgrade a Full Release" when prompted during the install of the december update. I would also unplug from the Internet and shut down all real-time running apps before you install and run Autopatcher.
     
  22. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    FYI - A HOSTS file (restricts access to sites, etc.) and Spywareblaster (blocks ad and tracking cookies, etc.) work whether you are using IE, Firefox, Opera, etc.
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    A few answers:

    eMule is open-source and unbundled. You can even edit the code and compile it yourself.

    P2P is not risky or dangerous. This is a huge misconception. What is risky is when people start downloading keygen.exe or alike for some software they do not wish to buy and then run it, not quite sure whether it is a trojan or not. But in itself, the P2P is harmless and can be used effectively and without dangers to share content.

    Using a P2P client is no different than using a browser. Of course, RIAA and MPIA have spent huge amounts of money spreading the word that P2P is malicious.

    There are a few applications that come bundled, but this is no different than any other application that comes bundled.

    As to the Hosts file and SpywareBlaster: Using Hosts file is the wrong way of doing it. It's called blacklisting. This means allow except explicitly deny. The right way of doing it is deny except explicitly allow. For example, Noscript is the right way of doing it.

    Using hosts can slow down your surfing. And if by some chance you get infected, there could be good entries in that file and you won't be able to tell why you can no longer connect to some AV vendor. You'll have to go through a few thousand entries.

    Furthermore, you should decide what sites you should visit or not. And finally, how many sites are blocked by hosts file - 10,000, 100,000, a million? Windows does not work well with big text files. And considering there are about 10 billion registered sites out there, you are not really doing a very effective filtering.

    The same applies to site advising software. Why should someone else decide for you what is good or bad? And what will happen if you visit such a site? After all you said you're using Noscript.

    Firefox is vulnerable, you say. Well, it does have its weak spots, but they are usually fixed quickly and efficiently. But it is inherently far more secure and is not embedded in the system like IE. All that said, I have yet to see an example where a person enters a 'malicious site' using Firefox and exists infected, even with all scripts enabled.

    Cookies are harmless.

    Spyware Blaster works mainly with IE. Which means that if you do not use IE, you reap no benefit from it. But if it's a question between Hosts file and Spyware Blaster, then by all means, go with Spyware Blaster.

    As to it not making a peep...

    You can install 55GB of software that sits in the background. That's not the point. You should not be using Spyware Blaster because it takes no resources and sits in the background. You should use it IF and BECAUSE you understand what it does and how it relates to what you do.

    Don't use software just to have it.

    Finally, telling apart good from bad. Letting your software decide for you is not the best choice. You have far greater chance of landing on a bad application doing that than posting here on Wilders and asking for recommendations.

    Let's say you downloaded a file called grqaa.exe. You scan with your resident anti-virus. Nothing. You scan with your on-demand anti-virus. Nothing. So, is it safe? What now? How many anti-virus scans before you're sure?

    You start installing and it asks to connect somewhere. Do you let it? After all, lots of legitimate apps connect to their servers when they install. And you really want this app. So, what do you do?

    And if you get infected, despite your best efforts, what's your rescue strategy? Even before that, how will you know you're infected?

    Mrk
     
  24. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    "Of course, RIAA and MPIA have spent huge amounts of money spreading the word that P2P is malicious." Yep, they've tried to "say hello" to me in Bittorrent, but Peerguardian blocked them, :thumb: The thing with the Host file is that I actually do need IE sometimes, if it weren't for Windows Updates and other members of the household using IE specific websites, nah, I wouldn't go near it. So that is why I have it mainly, though I was under the impression it protected you very well. I can assure you that upon installing, going line by line manually adding trojan and parasite-specific websites to the Restricted Zone is not something I want to have to do again for a while, that was horrible.

    As to SpywareBlaster, well, again, I was just trying to keep myself protected and everyone on the different forums seemed to consider this a "standard" That along with Ad-Aware and Spybot, which I just don't see a need for when I already have SuperAnti-spyware and Spyware-Terminator. But then again, who's to say they themselves aren't giving me a false sense of security. I totally agree with the point you seem to be trying to make, it should be ME that decides what is good and bad, what my software should be allowed to do and not to do, and so on and so forth. Being a newbie to security and all these thousands of DLLS and every other process under the sun makes me nervous to mess with anything for fear of screwing something up badly, which is why I've been relying on these "standard and trustworthy" apps to do the job.

    As far as NoScript goes, so many different scripts get blocked on a website that I have a hard time figuring out which one to let loose and which one to keep locked up. Basically, when confronted with this, I've been unblocking the top listed script, usually the website name, and keeping the rest blocked. If the page won't load properly, I'll unblock the next in line and so forth until the website displays right. Usually this happens on media and image sites, otherwise blocking all doesn't seem to cause issues. I never permanently allow, just temporary. NoScript is awesome, I have no doubt it's saving my behind, but it sure gets me confused trying to know a good script from a bad one.

    The Host file seems to speed me up since it's blocking a lot of ads from loading. In all honesty that was my original intent really, to block the ad servers. It's nice to not have blinking banners everywhere. I just don't have the cash for things like AdMuncher for IE, so it seemed like a nice idea to block ads and bad sites in one shot. It doesn't seem to slow me so far (fingers crossed)

    Now, if I download a file and run my AV app and spyware apps on it and it finds nothing, then I look to the EULA usually. That's about all I know to do as far as checking a file for malware/viruses. If it asks to connect during install, well, yes, I do let it. This is also when Spyware Terminator kicks in and starts pop-up hell about the different DLLs it is loading and asking whether to let them through. I figure if it was a clean scan, then it must just be the programs files setting themselves in the right place and such.

    If I get too badly infected or something important just stops and I cannot get things back into shape, I reinstall. I don't keep important documents and such on the system, so I usually will just lose the programs I installed. I have IE to ask for 1st party cookies and block 3rd party ones. I'm not so afraid of cookies as they can be cleaned out with CCleaner, but if I can block most of them, life gets easier. I just wish Firefox 2 didn't take the "enable all cookies or block them all" attitude for the same reason, I might need 1 cookie but not the rest.

    The more I think about the situation and the more replies I read, the dumber I feel about putting so much in the hands of applications instead of deciding what I want to do with MY system instead of my system deciding what I want to do. What can I say, I guess I have read too many security forums and become paranoid.
     
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Firefox has both ad-blocking and cookie control extensions.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.