Complete Protection?

Discussion in 'other security issues & news' started by Anubis Prime, Jan 1, 2005.

Thread Status:
Not open for further replies.
  1. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    Greetings all!

    I'm currently using NOD32 set up with all the "bells and whistles" activated per this forum. I also run Spybot S&D resident (teatimer and IE protection) as well as Adaware SE Plus with Adwatch resident running. Thirdly, I check for Spware Blaster updates once a week or so (non-resident program).

    After reading through some of the threads, I note some are using products such as TDS-3 and Ewido and I also noted some feel it necessary to run these programs in addition to NOD32. I am fully aware that NOD32 is plainly (and preferentially) an antivirus program, not necessary an "anti-trojan" system. My question is: Do I need to be running some other anti-trojan program? I thought that up until this point that Spybot and Ad-aware along with NOD32 were adequate (of course along with fully patched-up windows). Am I wrong? Naive and uninformed? Or just lucky so far?

    Opinions please?
    (I apologize if I've posted this in the wrong area of the forum)

    Dom
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I personally haven't had anything slip by NOD32, however I got TDS3 because of it's additional tools for detecting & dealing with trojans outside the scope of an antivirus program. What you can always do is get the free scanners and run them frequently, especially on anything you've downloaded. If you find that it's picking up files that NOD32 is missing, you can consider getting the full version of your AT of choice. Another thing you can consider is getting some preventative software that blocks certain actions rather than detecting specific files. I reccommend preventative software with ANY setup, really. Even with the very best of all types of scanners, there will undoubtedly be SOME things that can slip through. ProcessGuard, Prevx, RegRun, & System Safety Monitor are the ones that come immediatly to mind, these will all give you greater control of what happens on your system.
     
  3. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    Thanks for your reply...



    So...Adware and Spybot resident programs are not enought with NOD32o_O

    Dom
     
  4. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    Just today, ewido picked up two trojans that NOD32 had missed. Without it, I would have been in big trouble.

    NOD32 is still an excellent AV, but if you are what could be considered a "high risk" user, an AT to supplement your defense is almost certainly a good idea.

    As far as I know, Spybot and Ad-Aware do not offer any specifically anti-trojan protection.

    www.ewido.net for a free trial version

    One more thing...the reason I reccomend ewido over TDS-3 for you is because ewido also includes some anti-spyware capabilities that are beyond the current scope of TDS-3.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    What were the trojans and did you submit them to Eset?
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It really depends on you and what you want. If you want the very lightest setup then you're probably ok with NOD32 as-is. I have not experienced any trojans slipping by NOD32 personally.. in fact having a RAT that deleted a LOT of important stuff from my harddrive is what brought me to NOD32 in the first place. The fact is, however, that no scanner will ever be 100%. However if you want an ever more secure setup there are lots of options available to you, not just more scanners. If you don't feel safe enough with just NOD32, then by all means get some more software. If your existing scanners aren't satisfying you, then more scanners probably won't help.

    My recommendation would be to run some free scanners to help you determine if you actually NEED more, and get your system secured and prepared for new/unknown threats by adding some preventative software. Between NOD32's heuristics and your preventative apps, you can get better coverage from 0-day attacks than any scanner combo.

    edit: yes, if you are a "high risk" user and encounter a lot of little known trojans, then adding a specialized anti-trojan is not a bad choice. Either way, however, multiple layers that approach security from different angles are always the best way you can go because you won't have to worry about whether your chosen scanners will detect specific threats as much.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This is what works really well for me, very simple to use and maintain.

    You may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    Let us know how you go…

    Cheers :D
     
  8. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    I tried Trojan Hunter and Ewido. TH made NOD32 go nuts with it's own temp files causing FPs.

    Ewido made NOD32 virtually unresponsive (in cancelling or ok'ing option menus).

    Will keep trying...
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    My advice would be similar to Notok's and I would certainly do what BlackSpear does and maintain at least one clean image copy that you can always use as a failsafe measure. Personally, I would recommend either Image for DOS (Terabyte Unlimited) or Ghost 2003. Both run under DOS.

    I would also agree you should scan using online scanners such as McAfee's or maybe install a free version of KAV 4.5 (you can get it from ICE Systems) with the resident scanner turned off. And try out KAV scans (maybe with extended databases) for a trial period to see what is going on. Ewido free would also be a good trial software.

    I would definitely look into installing ProcessGuard 3.0 Free and I would highly recommend the paid version which proactively prevents the installation of really nasty malware such as keyloggers and rootkits. The trial version will prevent dll injections which is a great facility to have - and for free!

    Hope this helps you a bit in your decision making process.

    Rich
     
  10. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    downloaded spywareguard. No hiccups so far...
     
  11. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    thank you all very much for all of your consideration and help.
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The best recommendation is strongly dependent on how you want your system to behave, its configuration, and available resources.

    Like a number here that use NOD32, I run BOClean as a second tier protective measure. There is only one time where BOClean captured something NOD32 let pass, and that was a purposeful challenge test that I performed going to a known malware infesting site. Even at that, the piece that NOD32 let through would have been caught on a scan with "Potentially Dangerous Applications" checked.

    BOclean is light, rock solid, as close to set it/forget it as I've experienced. I still have and use TDS-3 for diagnostic purposes, but BOClean is an excellent complement to NOD32 since they both have a run light operating ethic. Licensing terms are also generous for home use.

    Aside from Outpost Pro firewall to control outbound traffic, my prime security detail running realtime is an AV (NOD32 or KAV)/BOClean/ProcessGuard. That's it. Everything else I run on demand as indicated.

    For general surfing, NOD32 alone is enough. To cover some domains not fully handled by NOD32, an AT with realtime option is useful - and BOClean/TDS-3/TH/Ewido all provide that option. The specific choice among these depends on desired traits and personal preferences.

    Blue
     
  13. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    Yes, everything was submitted and I am awaiting their addition.
     
  14. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    Well, I took the plunge and purchased BOclean. Works well...

    Anyone figure out the exclude AMON thing? (bet it's in another forum :))
     
  15. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Is a direct link to the suggested solution close enough?

    Blue
     
  16. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    Thanks...
    Yes, after further checking I found that:
    C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE

    worked for me...only because it is exactly as it is in my registry HKlocalmachine--sofware--microsoft--windows--currentversion--run key

    it solved the problem of boclean popping up every 10 secs in AMON.


    This forum is great, and another great reason I'm happy to own NOD32. Everyone has been patient and helpful.

    I very much appreciate it.
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    My pleasure Anubis Prime!

    Blue
     
  18. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    So...to conclude this thread...

    I am running NOD32--tweaked out.

    BOClean

    Spybot teatimer and IE protection resident

    and Adwatch resident.


    Now I actually feel better, and safer.
     
    Last edited: Jan 2, 2005
  19. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    Hi and Happy New Year to All,

    I might be out of order with this query but hope that Blackspear (and others too) won't mind if I ask a question about one of the programs he mentioned in his link. I am interested in finding out whether 'Crapcleaner' is simple and safe to use for somebody who is absolutely terrified of messing too much with the registry.

    I use most of the programs mentioned in these posts and they all play very well with NOD32. My system stays clean and fast and I want to keep it that way hence the interest in garbage removal.

    Elray
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It is fine, VERY simple to use and does a nice a job, you shouldn't have a problem at all...

    Cheers :D
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    In my opinion you are running VERY light, as an absolute minimum with my clients, I have them run Nod32 tweaked to the max, ZoneAlarm, Spyware Guard, Spyware Blaster, Spybot Search and Destroy - Immune and Tea Timer features used, Ad-Aware SE

    Cheers :D
     
  22. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    Blackspear,
    Sorry, didn't give you the big picture in my posts...just the resident programs.

    I have an SPI firewall enabled router coupled with Windows firewall (SP2), and I also run Spyware blaster in addition to the 4 resident items (tweaked NOD32, Adaware SE-adwatch,Spybot teatimer/IE resident, BOClean)

    Any bettero_O

    Dom
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Getting there, the Windows firewall is slightly better than useless as there are NO outgoing notifications, thus one of the FREE firewalls such as ZoneAlarm will alert you to something that tries to access the internet from your computer. Spyware Guard will alert you to an attempted change of your home page (something quite a number of nasties try to do these days).

    Just trying to get you a little safer, prevention is better than cure ;) :D

    Cheers :D
     
  24. Anubis Prime

    Anubis Prime Registered Member

    Joined:
    Dec 26, 2004
    Posts:
    30
    Much appreciated...

    My goal is also to stay as light as possible. I figure two firewalls (hardware plus software; albeit windows firewall) should be adequate. I fear from past experience of feeling the frustrating effect of using 3rd party firewalls. I've had them interfere with browsing, throttle my internet connection, and just kill resources. I do see your point of wanting to be notified of outbound connection attempts...Though I've since poked around in the Windows firewall settings (SP2 version is vastly different than the previous version as you know). There is a setting box which states: "Display a notification when Windows Firewall blocks a program".

    One other question: Does it matter that spyware guard hasn't been updated since 2003o_O
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'd agree with Blackspear here.

    My logic is as follows. With the SPI enabled router, you've largely moved the functionality of the XP SP2 firewall off the PC to another device. It's basically not doing a whole lot in your case since it's really an in-bound protective measure and the router is covering you there. Third party firewalls also provide outbound connection monitoring and blocking. This is something that consumer level routers and the XP SP2 firewall lack, and it can be useful.

    If you're like me and don't want to get involved with arcane rule making and understanding all the details of network communication protocols, going with a nice free or paid firewall that handles things on an application basis is an excellent compromise. I use Outpost Pro paid version (they have a great deal going on now - single user license with a lifetime license for the usual $40 price - good until Jan 10, see here), many folks use ZoneAlarm Free with equal success. Both are solid options, and there are additional ones out there. Here's a good link on what's available.

    Blue
     
Loading...
Thread Status:
Not open for further replies.