Brand New Security Apps Needed

Discussion in 'other software & services' started by EASTER, Apr 9, 2009.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I say that because the AV's & other combos are stuffing more and more features into their programs and IMO is only going to complicate matters for the basic users who are in search of a lite but formidable security program that can pretty much cover most if not all possible intrusions or exploits.

    One need only look at the Installer MB's and see theres going to be a ton of entries written into their registry as well as drivers and dll's in System 32. My question is when does this stop?

    I won't mention names becuase it wouldn't be fair to the vendors for one thing, but these security apps seem to be cramming more and more so called features into them and worse of all forming them nearly into an entire suite.

    I may be overstepping my observations into this but pete sakes it seems users are not only falling to confusion but running into issues that straighway give them concern whenever they experience issues that encourages some frustration and leads them to look to other programs less BULKY.

    What ever happened to Firewall makers make just firewalls like many used to specialize at, and HIPS creators stay focused and release simply HIPS and not add, and add, and add to the point that their respective products end up creating confusion because every new addition or setting demands the user to learn the ins and outs of another new feature, then another, and so on.

    I don't discount their (some vendors) abilities to accomplish their newfound and implimented add-on features but IMO it seems we're being bombarded with new add ons to what once was a LITE and more user-friendly settings instead of practically taking on the same learning curves that the very engineers themselves had to discover in order to try to make their product perform so many tasks at the same time which in many cases causes users to school themselves just to get that program to perform and protect in the manner they need it to protect possible intrusions onto their PC's.

    EASTER
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ha. You are living on same planet I am Easter. The do one thing and do it well planet.

    I think perhaps we are fast becoming an endangered species :D

    I cannot agree more, that I would like just a firewall. Just a browser. Just a hips. Just a cd burner. Just office/excel. Just a cd burner. Just ......

    Well, I think the jig is up. I think all those peeps who don't care to learn about a computer, who get infected constantly, have now used thier powers of persuasion to even affect us more learned users. I mean, how many firewalls now are just firewalls? New ones? Any? I don't need all the stuff most of them do. Nor do I want them. Give me 5 programs, each optimized and fast with very low resources, let me pair them together for the combo that fits my needs.

    Alas, to target the majority, the companies need to have the appearance of a streamlined package that encompasses all needs you might have. A veritable swiss army knife lol.

    I guess when 90 some % of the world uses one platform, and 90 some % of the jerks in the world target that platform for nefarious purposes, that is where 90 some % of the profit lies for software companies. To be expected I suppose. Please forgive me if the actual % is 88 or something. You get the point.

    Oh, almost forgot the Mac users ;) You dont' actually get to whine about these things because you are absolutely safe on a Mac. So, you can go back to playing backgammon. I have to play some Crysis now. (sorry, could not resist)

    Sul.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi Easter,

    Very pertinent observations about the state of the security products industry!

    I would argue, however, that rather than a need for new security applications, a more basic need is that users understand what it is they are protecting against before deciding what to install as protection.

    For all of the sophistication of new malware -- how it hides once it infects, how it sets up to carry out the payload -- nothing has really changed in the delivery mechanisms: how the malware gets on to the computer in the first place. There are two basic methods.

    1) Social Engineering -- user consents to install something that is bad

    Malware Spreads by Visiting Malicious Websites
    http://www.cio.in/news/viewArticle/ARTICLEID=5800121
    The vulnerabilities are those that install by

    2) Remote Execution Methods

    These are exploits that target vulnerabilities in an Operating System, Browser, Microsoft Applications (MSPowerPoint, MSWord, SnapShot Viewer), 3rd Party Applications (Adobe Reader, Flash, RealPlayer, Quicktime) where malware executables are downloaded/installed in the background.

    Analyzing a malicious pdf - Troj/PDFJs-A
    http://realsecurity.wordpress.com/2008/09/04/analyzing-a-malicious-pdf-trojpdfjs-a/
    Once users understand what they are protecting against, they realize that not much is really needed for basic protection. The first method is where the user is most vulnerable, since she/he agrees to grant installation privileges:

    DNS changer Trojan for Mac (!) in the wild
    http://isc.sans.org/diary.html?storyid=3595
    The second method is certainly the easiest to protect against. For preventing installation of unauthorized executables, there are numerous "simple," low overhead solutions, including:

    • those built in to the MS Operating System: Firewall; User Accounts; Software Restriction Policies.

    • simple, stand-alone applications, where the new AppGuard is very promising indeed.
    No need for complicated, bloated security products, IMO.

    ----
    rich
     
    Last edited: Apr 9, 2009
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Simplicity does not sell. Simplicity and liteness are contrary to the very nature of computers. If simplicity sold, computers would not exist, nor be as wildly and widely popular as they are. We'd all be reading newspapers and doing jigsqaw puzzles by the fire instead. Many of us have grown so attached to our computers, they have become almost appendage-like. Reliance on the computer morphed quickly into fascination and tinkering, which transformed many of us into major and minor geeks. We (you?) may claim to need simplicity, but deep down inside, we want complexity. Whether all that resonates or not, allow me to suggest this... we have long since crossed over the line that separates "ease of operation" from "full time learning curve". It all went by so quickly, many of us can't remember what it was like to conduct our business and our lives any other way.

    John Trudell, a Santee Sioux Indian, has said, "The civilized world has been turned into an industrialized reservation with a technological reality. Everybody who lives in this techno-civilization is literally an Indian now."

    More Trudell, from Rich Man's War...

     
  5. Defcon

    Defcon Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    332
    1. People buy products based on marketing, not on the actual worth. Savvy consumers, like the crowd at Wilders, is of course an exception. So companies need to keep expanding those bullet lists and 'what's new and improved'

    2. Disagree about separate programs. The distinction between antivirus, antimalware, HIPS betc is a bit blurry and not something an end user shoud know or care. There are good technical reasoms to combine them which is why all the enterprise vendors have unified security engines (Endpoint, Stirling etc)

    3. I completely agree with Page42. I don't want to tweak advanced settings or tweak firewall rules. But even if a product had 100% effective security, people would still want these 'features' so they can do something which goes beyond security,, and because they can. The best guard is one you never see!
     
  6. raakii

    raakii Registered Member

    Joined:
    Sep 1, 2008
    Posts:
    593
    The need of new security app is universal.I badly need a shadow defender like app that can support reboot.There are still programs that are extremely efficient and light weight .Eg. Drive snapshot.Tough there is tendency for developers esp from microsoft to write bloated sofwares.Wat is needed are few very good software rather then plenty of bit and pieces softwares.
     
    Last edited: Apr 9, 2009
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Maybe the solution to brand new security apps needed is - no apps?

    It's a revolutionary idea, isn't it? Try running the machine without anything but a decent firewall/browser and you'll experience a revelation. Not only will things work faster, more smoothly, with less bugs and conflicts, you will also see that it does not take Rambo-ware to keep the machine in a good functioning state.

    Here's something nice, you might wanna take a look at:

    uptime.png

    This is a Windows machine with only 2GB ram, running 2-3 instances of virtual machines almost constantly, plus gaming, 3d interior design software, and whatnot. And it's running up nice for almost 40 days. Not bad, eh? How many days would it haved lived loaded with 34 "anti-X" thingies?

    Regards,
    Mrk
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I am thinking of doing something very similiar. Dumping everything and just using Sandboxie.
     
  9. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    My setup is already minimalist since last year:
    DW and Kerio 2.1.5
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well everything you say is true. I'm behind a hardware firewall and look into the logs periodically. Anyone that runs like this knows exactly what you mean.
     
  11. RAD

    RAD Registered Member

    Joined:
    Apr 2, 2007
    Posts:
    332
    Why do good apps add new features and eventually become bloated pieces of crap ?

    Why did IBM once dominate the computer world and is now a no-show ?

    Why was Norton once respected ?

    Why was Hewlett Packard once a mighty engineering powerhouse and now just a 3rd rate reseller of Chinese crap ?

    Why are Gibson guitars grossly overpriced lumps of crap ?

    Why was VISTA an abject failure ?

    Why have pioneers continually rejected the established societies and moved Westward fror freedom and independence?

    It is the inevitable evolution of all things human. :D
     
  12. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    My question is, do you run as a user or admin? Is your firewall a relatively simple one like xp firewall, just stopping inbound? Or is it application aware?

    I avoid firewalls now when possible, because unless I just want to see what is happening for more detail, they do nothing for me. I use xp firewall and a router, plus some ipsec rules.

    But then, I run as admin, so I also use SRP with Basic User. I use sandboxie often, but not always. I play with AppGuard and older Cyberhawk, but find myself leaning towards not using them.

    So what is special about your suggestion? Is it a user account that makes you feel this minimalist approach is sufficient? Or your firewall that is more advnaced? Or (as I think it is) that you are knowledgable enough to both steer clear of potential problems as well as capable to fix any problems.

    No attitude presented by myself at all here. I think most would agree that you are quite knowledgable. I just find myself disappointed more and more by the 'suites' and all the improvements of 'good old standby' programs. I find I want less complications. But I think this is because my understanding has grown so much that I understand why I don't need these things. Is this also true for you, that you are to the point that many tools are now eclipsed by a properly setup environment, because of the knowledge to do so?

    Sul.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    User: both admin and regular.
    Firewall: simple inbound, more complex outbound, router, all cases.

    But the simplest case: router + firefox. That's all.

    The magic is: don't download crap and execute it and you'll be fine.

    Cheers,
    Mrk
     
  14. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ah. So you open new stuff to try in sandbox or vmware? That is how I do it. Very similar philosophies overall.

    Sul.
     
  15. Judge Dee

    Judge Dee Guest

    Last year I bought both NIS and KIS. I've taken them both off, not because I hated them, but because of what you say.
    It seems that in 2003 when I had LooknStop and DrWeb, everything felt simpler and lighter.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Hi

    Every response seems to be in perfect sync in whats taking place now. What used to be a pure firewall, HIPS, etc with excellent protections for years to come are now cramming HIPS and everything but the kitchen sink in the mix, not only complicating matters but running up their own bills trying to add this and that as though they were in some kind of competition to lure users/customers to their products because it has what others have specialized in for years. And in my opinion, is accellerated user complaints if not pure frustrations when something goes wrong with one element of the many they have integrated into them. Customers get tired of waiting for a fix and what do they do? They jump ship and the company loses revenue from such practices because how many times do we read well i dropped this app because of this or that, and it all boils down to vendors heaping more and more so called improvements as though we would never need any other vendors products because, "we have what they have in our program and it's all you need. To that i say Bahhh!

    The truth is theres absolutely nothing wrong with a Layered Approach from our choices of the variety out there that can not only lighten the load, but fill in gaps when one of their all-in-one elements fails to perform, and we all know it only takes a single malfunction from a Suite or combo product to collapse the entire defense mechanisms claimed to keep us safer then the other guys.

    So you guys hit the nail squarely on the head with all your responses and if this keeps up we all may end up turning to Virtual Machines in the end to stop the risks that lie in a single combo program that claims to do better then what the others can, and i agree, it;s all about the MONEY! anymore. The more added, the more costs that go along with it. Pure and simple deduction from the facts.

    I dunno about the rest, but the excitement and protection was more then adequate when vendors stayed with what they do and have done the best, and not try to out do or copy what they should consider their equal partners in overall Windows PC security.

    Thats why i believe we all are thirsty for new, even individual innovations, not being cornered by the behemoths some companys are building into their programs.



    EASTER
     
  17. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    I am almost at turning point, where I just install a suite + DW or nothing. For simplicity sake, but also for performance.

    The only problem is my dad does banking on this computer, and my sister downloads a whole lot of junk. But I am also a bit of a risky surfer.

    So for now my setup stays :(
     
  18. Arup

    Arup Guest

    The fact that AV companies are getting into Firewall really bears no good, they should truly concentrate on what they do best, thats create good AVs. However the current trend being that HIPS is something that all AV companies have to consider for prevention along with signature based AVs as there is no other choice.
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    What new stuff :) Can you please give me an example of what qualifies as new stuff? Opera update? IrfanView update? OpenOffice 3? I don't just randomly test stuff for the sake of testing.

    When it comes to trying new technologies, like for instance, iCore, I use a dedicated test machine / virtual machine. But not because I fear malware, because tests are done in "the lab."

    But if there's something "stinky" I think might be bad for my machine - I simply don't run it.

    Mrk
     
  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ok. I definately resemble that remark ;)

    Really, I get what you mean. But let's take a very small example. Perhaps you are looking at some highly recommended freeware alternatives to that god-awful slow Adobe reader. It would make sense that you would want to test a few of them out to see if they are better, and furthermore, if they attempt outbound network access. If they drop libraries all over the place. You know I am sure, of all the goodness that comes with that. Or for another example, let's say you have a small server up for a game, maybe Call of Duty. You may desire to acquire the logs and parse them for display on a website. Or maybe you wish to run a remote console application for that game. Again, these would be for me legitimate reasons to investigate new software.

    Depending on what the new software is, I either start it up in Sandboxie, or for more hardware based software, vmWare. I do have many machines I could stick them on that would be of no concern to lose the OS, as your "lab". But really I wonder of your thoughts on why Sandboxie or vmWare would not be suitable. Not to say that you said they were or were not, just new viewpoints can only improve my own.

    Thanks for the time to answer geekness.

    Sul.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    I did not say vmware is unsuitable. It's excellent. But it's mainly for testing, not for security as the title of this thread suggests.

    Testing = YES! Security - no need.

    Now, servers, that's another issue. Remote console, as well. that's geeky stuff.

    Alternatives to existing software like Adobe Reader, from the perspective of an average user? Someone who can't go to wilders, for instance, and ask difficult questions?

    Well, Mac, Linux?

    Or maybe following just a few simple principles ... we'll talk more about this, gotta go to enjoy some photosynthesis, it's sunny outside.

    Mrk
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    If anyone asks me (and they didn't, hehe), a big reason for all the big suites and anti-this and anti-that, is because the media (news channels, computer mags, the works) scares the public half to death with month long reports on the Confickers of the world, corporation data breaches and all that jazz. So they do the scaring, and the software companies throw up big neon signs saying "100% Total Protection!". That goes for parental controls, ID protection, and everything else completely unnecessary that they toss into these huge resource killing suites.

    If all the average joe ever pays attention to is the "doomsday" reports of mass worms, botnets and all that, he'll never know that simply not willy nilly executing everything will keep him safe and sound.
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :D :D :D When was the last time you guys bought a new cellular/mobile phone. Try asking for a phone which just allows you to telephone and look the sales guy/girl seriously in the eyes. :D
     
  24. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Ya got that right. :rolleyes:
    I recently tried just that..:doubt:
    I notice Nokia has unretired some older engineers to 'develop' just that..
    TV on a 2 inch screen: puhleez. :p
    Twittervomit, Myvomitspace, facevomitbook....:gack:
    Ok some peeps might get some benefit from 'phone mail' :cautious:
    Just have to be so very important to need to be 'in touch' all the time..afaics it's teenyboppers who use all this gunk..
    AFAICS: if you are really really important and powerful: you dont have to bother with all this ;)

    Anyhoo, bit OT, just a small rant prompted by Kees and related to this thread by noting absurd overcomplication of stuff.
    Router, FF, VMs, textmail ONLY ; KISS.
    Need to keep an eye on some of the public access/donation sites: you tube, heh heh, Google search results..:cautious:
    Leave mal testing to others, trying to get back to a more spartan approach: Linux. Even some of the distros: TOO MUCH STUFF...:eek:
    .. we are but a drop in the bucket..
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Knowledgabe users are not a large enough group to keep a software vendor in business. You don't have to look any farther than SSM to see that. A one time sale to a limited group of users equals no income. Vendors make their living from the average users, the ones who couldn't put together a decent security package by themselves if their lives depended on it. As for the rest of us, we don't need any new security software. Everything we need to make a system bulletproof has been available for some time. The only security app worth looking at that's fairly recent (in comparison) is Sandboxie. I might make it an addition to my regular package as an additional layer of isolation for the attack surface. Beyond that, I don't see where we need anything else that we don't already have.

    We have software that can:
    Control applications and their activities in great detail,
    Protect the registry from all changes,
    Filter internet traffic of all types to/from each application,
    Filter the web content in any manner we want.

    What else do we need?
     
Loading...
Thread Status:
Not open for further replies.