Confused with all the security options...

I've just re-installed Windows XP and am now looking to beef up my security.
I've been looking through these forums for a couple of days and I'm getting really confused with the amount of different security options and would just like a little advice...

At the moment I have the following
Avast Home with Standard Shield, Email Shield and Web Shield enabled.
Kerio 2.x with very tight rules.
Spybot 1.4 rc2 without any resident protection enabled at the moment.

What I'm looking for now is some extra registry/startup protection and some sort of decent application control.
I've downloaded RegProt and RegWatcher which I will be trying out before deciding on one or the other, would one of these provide good registry protection? Or can anyone recommend something better?
I've tried Prevx home quite a while ago but got a bit tired of the sheer amount of popups.

Regarding app control, I've tried Kerio 4 but am not convinced it does the job that well (if I give permission for explorer.exe to run firefox.exe it also gives permission for explorer.exe to run any application in future without asking, is this right or wrong?)
I've also tried System Safety Monitor - I was very happy with it at first but found it to be very unstable on my comp and even after uninstalling it I was getting problems with the computer startup taking up to 20 minutes.
I tried installing it twice and ended up with the same problems which is why I've ended up re-installing Win XP. What would be a good alternative.

As far as I'm concerned this would provide me with enough protection. Ideally I would prefer one single program to go along with Avast Kerio and Spybot that would protect registry, startup and had application control (like ssm).
Also I'm only interested in free software - I too many other commitments at the moment to be paying out for software. Also I spend about 75 percent of my computer time on Linux and will probably phase out windows altogether at some point so I don't want to buy something I might only use for a couple of months ( but then I might not phase it out, I don't know).

Sorry for such a long and babbling post, I'll blame it on lack of sleep, but I hope someone out there can advise me.

Finally, here's a little more info -
Single pc running Win XP and Linux, not connected to any other computers.
I connect to the internet with a dial-up modem at the moment, but will be going to broadband soon.

 

Most people swear by KAV as the best AV/AT. I haven't switched yet as my AV + AT combo is perhaps just slightly better in total, but I'm waiting to see what KAV 6 is like, and I may well switch to it.

You'll also find that for added security, many people use a combination of either Process Guard/RegDefend or Process Guard/PrevX. Either of these two combo's will give you very strong protection (as long as you take the time to learn them) most especially from Trojans/Worms/Spyware, and also some from Virii (the PG/PrevX combo being better against virii - preventing infection of your protected apps)

--------------------------------------------------------------------------

If you go the PrevX path again, I'd go the Pro version, as once you have it trained (you can add rules) you will not get the volume of Popups that you do in PrevX Home. My Pro version is very very quiet unless I am installing a new application...for all my updates etc I have created custom rules so that I dont get popups.

Process Guard provides protection to your executables from Change/Termination (which trojans target to infect or disable). The point of a trojan infecting an autostart process is that it can do its work happily without you ever knowing (like keylogging/password/finance info theft). Process Guard also protects from global hooks that keyloogers use to operate. It protects from rootkit installation (used by remote access trojans to give someone total control of your comp), and from driver/service installation (used by trojans again). It also has a 'execution protection' setting whereby any executable must have permission to run (permit/deny once, or permit/deny always). PG is fantastic defence against the very worst kinds of trojans.

The idea of RegDefend is that most Trojans/Worms/Spyware want to autostart, but to do this, they have to change the registry. So RegDefender protects the autostart parts of the registry. Also, whereas other Registry monitors 'poll' the registry (ie they search it every so often for changes), RegDefender intercepts attempts to change the registry and asks for permission to do so <so it's a much stronger protection>.

I haven't yet seen a post where someone with the PG/PrevX or PG/RD combo has been infected, so I'm presuming they both work very well (so long as you know what you are permitting/denying.)

I heard a rumour in these forums that the next version of PrevX is going to have much stronger Reg protection. I'm hoping it's so, as I havent been able to find any official confirmation.

 

You could always use Microsoft Anti-Spyware with the real-time protection, you should reallly consider an additional app for spyware anyway. A couple of other options are Spybot's TeaTimer and WinPatrol, WinPatrol offering the greater registry protection.

 

Hi fannymite,

I concur with Vikoor's comments and recommendations. My own preference has been for the KAV/ProcessGuard/RegDefend combination. There are forums on this board for PG and RD. KAV's forum is elsewhere. If you decide to get any of these programs, you might want to stop by the forums for purchasing/installation/usage tips.

Rich

 

Or try Safe 'n Sec (I'm trialing it for myself right now)

 

my advice is to enable the network shield of avast too,to enable more protection.regarding your other questions somebody else may give a better answer.
process guard is recommended here very highly,but its not free,prevx new versions have improved lately,not used them personally..

 

Thankyou for the responses, after doing some more reading around the net also, I decided to go for the Process Guard/Prevx choice.
I tried installing the free versions initially just to make sure there were no conflicts or anything, unfortunately I now have the same problem I had when I installed SSM.

Here is the problem, which has eventually caused me to re-install Windows 4 times in the past week -
After installing SSM (and now Prevx), when the computer starts up it is taking around 10 - 20 minutes to finish starting up. It seems to be explorer.exe which is hanging so I am unable to do anything until it kicks in.
Once this has happened once it happens every startup, even after removing SSM/Prevx and countless other programs and after a system restore.

I'm 100% certain it isn't any kind of malware doing this, before re-installing Windows this time I disconnected my Linux hard drive, reformatted my windows disk and even removed the battery for half an hour and as yet am still not connected to the internet in Windows, I downloaded prevx from another computer and saved it to cd.
However, I do mainly use Windows for customizing and making themes for programs etc and I'm thinking this could be the cause.
I have modded certain system files and use the follwing programs which may be causing problems -
Windowblinds
Objectbar (which has caused quite a lot of conflicts with other programs)
Bootskin
Logon Studio

All these programs and system mods worked fine for about 6 months before I installed SSM and after re-installing Windows they have all been working fine until I installed SSM again or now Prevx.

With SSM the problem started after a couple of hours of use, with Prevx it happened straight after install.

I'm reluctant to get rid of my themeing stuff since Objectbar and Windowblinds are the only software I have ever paid for.
If this is a program conflict problem then I think the security stuff will have to go because if security programs stop me using the computer the way I want to then that's just as bad as having malware.

I've used Avast and Kerio alone since I started using Windows without a single virus or any other security problems.

[EDIT] After a little poking around, I noticed in the XP event viewer a lot of errors relating to Background Intelligent Transfer Service.
There were various reports of BITS hanging or failing to start.
I've tried disabling it as a service since I don't think I need it and so far Windows is starting up normally.
I've just tried installing Prevx again and things are still working fine.

So now I'm thinking of trying SSM again. Would this be a better option than Prevx or would both work together?

 

Don't know where the conflict exists sorry, but it's a shame that its happening.

The only thing I can suggest is that you try the RegDefend Trial along with PG.

There is another choice, in Abtrusion, which creates a 'white list' of all programs on your computer, then stops any new/modified programs from executing, but I hear if you do anything like update frequently or the likes that it can be a pain (not too familiar with it sorry).

 

I'm going to respect your wishes to recommend only freebies and resist the urge to name my favourite payware.


I wouldn't worry about not using the KAV/Regdefend/PG combo if you are really short of cash.

Personally I think your setup of all freebies can be tightened by simply getting MSAS, plus MJ Regwatcher (regprot is clearly inferior) to watch the registry


I would add either prevx home or SSM or PG free (or all 3!) to further tighten security, but if you really have a lot of problems , then I wouldnt borther. It would be a very big irony if in the course of improving your security , you actually caused more damage.

Prevx, SSM, Processguard work fine on my computer, maybe I'm lucky. Another freebie worth trying is maybe Antihook.

Whether you benefit more from using SSM or Prevx or both would depend I guess on whether your firewall has good application control.

if you are really concerned about application control the freebie firewalls Jetico gives you more than you can hope for. You might not like configuration hell though.. With jetico you could *probably* do away with SSM.

Prevx covers a slightly different area, with pretty good non-polling coverage of the registry as well as other sensitive file areas, and could add some more protection.

 

I have MJ RegWatcher ready to install, I just haven't got around to it yet what with the problems I've been having.
Disabling BITS in XP services has certainly solved the startup problems I've been having.
I tried running ssm and Prevx together but it wasn't working at all, I used Prevx to install ssm as a trusted app but on startup, both were in the task manager processes but I couldn't get either to actually work. I've removed both and may try installing ssm first.

One thing slightly bothers me about Prevx - as soon as the computer starts up, pxagent.exe starts dialing up and connecting to their servers. I've now read that other people have noticed this and although it seems harmless, I still don't like the idea.

I am using Kerio2 firewall which doesn't have any app filtering and although Kerio 4 does, I'm not convinced of it's effectiveness.
I have tried Jetico and quite liked it but when it comes out of beta it will be payware so i don't want to get used to it.

So I would certainly like some kind of application filtering, are there any free programs that just do app filtering and nothing else?
If I don't find another app filtering program I reckon I will be using the following -
Avast
Kerio 2
Spybot
SSM, maybe with just the app filtering enabled and no reg protection
MJ RegWather
ProcessGuard free

One other thing, what is MSAS?

 

The downside to PrevX Home is the number of times it dials home and the number of popups (from what I've been told though, if you deny pxl1.exe permission to run in PG you'll still get the prevx protection, but it wont dial home...never tried that myself as I have the Pro version which doesnt dial home).

MSAS is Microsoft Anti-spyware

 

I eventually decided to not use Prevx anymore because when I was doing anything caused pop-ups from both Prevx and SSM at the same time it caused my comp to suddenly reset.
Also I had tried to block the program calling home with SSM but it was still dialing up, though my firewall was blocking it from actually sending anything. (But after seeing your post it turns out I was blocking the wrong file, I was blocking pxagent.exe)
At the moment I'm trying the following -
ProcessGuard free, which I like and will most likely be keeping now.
SSM which I like and although my startup problems are solved it still forgets permissions and also crashes occasionaly and totally freezes up my comp, which I then have to reset. I am only going to use it until I can find something else that controls applications in the same way.
SnoopFree - ssm also protects the same things as this but since I'm not planning keeping ssm I may well stick with this.
What I really want now is application control then I should have most bases covered. I can't seem to find any free apps that do it the same way as ssm.

Gosh I'm so picky.

 

Have you tried MJ Registry Watcher right here at Wilders

Cheers

 

I did try it but it wasn't working at all well on my comp.
It started up but when I brought up the options window nothing was working.
There was text at the bottom suggesting it was scanning but it wouldn't let me click on anything.
Also I ran a couple of tests and it failed them without giving me a single alert so it obviously wasn't actually scanning.
Chances are it's yet another Objectbar related problem.
I'm really considering doing away with it now I've seen the sheer amount of apps it has problems with.

 

I have noticed (and reported this) also. The problem is with programs that attempt Physical Memory access (e.g. Java programs - and your browser when running a Java applet, 3dMark and some games).

To fix this, go to the related program(s) in SSM's Application Rules (javaw.exe in the case of Java programs/applets) and enable the "Allow misc low-level operation" in the System Control tab.

 

I tried this which worked for a while but since SSM keeps forgetting it's settings it wasn't long before I found myself unpluggin the computer yet again.
I've had more computer problems in the last week whilst trying out this security software than I've had since I got my computer.
I blame Objectbar once again, it seems it has it's fingers in so many pies, so to speak, that it basically does a lot of the jobs malware does.
I tried disabling learning mode in ProcessGuard and the first time I tried to launch a program from Objectbar a PG pop-up appeared and the computer froze in the same way it did with SSM. Unfortunately, any program I launch I launch from either Objectbar or Object Dock.
I'm just going to have to give up trying and go back to just using Kerio and Avast.
Thanks for all the suggestions, most of these programs looked very good but as long as I want to keep using Objectbar I'll have to stick to basic security.

 

SSM should not be forgetting its settings unless it has expired (in which case you should get an expiry message when it starts up) - the expiry date should also be shown in the Information tab. If it has expired, then download the current version from http://mc.webm.ru/ssm.zip.

Another possibility to check is that you have write access to the configuration file (*.ssm.cfg) in the SSM Program Files folder.

 

I only downloaded it for the first time last week and it said it expires December 2005.
There are no problems with writing to the file either.
It didn't forget all settings, it is just certain programs that it had asked me about before and I know I clicked on always allow, after a couple of reboots it would ask me again for some of them.

I though it may be my computer shutting down before SSM had chance to write to the file but even when I shut down SSM first before shutting down it still happened.
I can only imagine the amount of times the program crashed corrupted the file every so often.

I have read of a lot of people having similar problems and others having no problems at all so maybe there is some conflict somewhere with other programs.

 

Are you running SSM as a service or in multi-user compatibility mode? If multi-user, each user login has its own settings so could it be that you are accessing programs under different users?

Note that SSM rules depend on the initiating program also - if you run program X via the Start Menu then this counts as being run by explorer.exe. If you then use another program to run X (e.g. a launchpad program, via a command prompt window or on system startup - userinit.exe for example) then SSM will prompt again. This is normal behaviour - but the settings in the Application Rules box (low-level, etc) should apply to X in every case.

Another possibility is if you have set any Advanced Rules to restrict which programs can call what. If you receive repeated prompts when the programs in question are being run from your desktop or an Explorer window, then check for anything set on explorer.exe.

 

I've decided to persevere with SSM but I'm still having some problems.
I'm running SSM as a service and it's single user comp anyway.
I run virtually all programs from Objectbar and that has been causing so many freeze-ups but I've found a way around that problem by allowing OB to run unclassified apps. This is the only solution I can find.
My major problem at the moment is that on startup an SSM pop-up appears then disappears before I can read it or click on it. It's obviously something that needs to run because my comp refuses to start properly after and freezes. I then have to reset which of course means SSM doesn't run on next boot.
So then I stop it from starting up on the next boot then start it manually but there is nothing in the logs telling me what the program is that SSM is trying to alert me about on startup.
This is getting just a little frustrating.
It was starting up ok for a few hours and I haven't installed anything new that would be trying to run on startup so it looks like another case of forgotten permissions.

 

Try running SSM in compatibility mode instead - service mode is a recent addition so is more likely to have issues.

 

I tried running in compatibility mode when I first tried it and it was even worse.
I've been running it as a service just for a day or so.

 

Compatibility mode should cause less problems during Windows startup - as for the prompting problem it may be worth seeing if it is Object Bar specific by running without it for a while (if you are an Object Desktop subscriber, you may wish to check out Tab Launchpad - a simpler and faster way of running programs than either the Start Menu or Object Bar).

 

I have tried running without Objectbar and I certainly get a lot less trouble but most of the time I spend on Windows I'm customizing and making themes and at the moment I'm very much into Mac themeing so OB is a big part of that.
This is something that helpes me relax and takes my mind off other things and that is more important to me than how secure my computer is. I want things to be fairly secure to avoid the hassle and inconvenience if I do get an attack but if I allow security programs to inconvenience me and change the way I use my computer then what's the difference?
Anything important is backed up anyway and I use Linux for any really important stuff.
I'll probably keep trying with SSM for a couple more days and see how things go.
It might settle down.

 

Hi,

Of all of the products you have mentioned, I found SSM to be the most unstable. Others on this forum have also noted their problems with stabilizing SSM. You may be attempting to support a most difficult configuration (e.g. Objectbar + SMM) that may be impossible to stabilize.

Rich