Discussion thread for reorganization of "Probably the Best Free Security List in the World"

Discussion in 'other security issues & news' started by MrBrian, Aug 21, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I've been working on reorganizing http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm. The new list won't be publicly available until it's finished.

    So far I've looked at current sections 2, 3, 4, 5, 7, 8 (partially), and 10. I welcome thoughts on how you'd like the items in those sections organized into categories, subcategories, and maybe even sub-subcategories. One thing to note is that not all intrusions involve malware. If you have any ideas about the categorization of the items in the other sections, that's fine too.

    Some of the list authors favor listing a given item only once in the list, while some other list authors favor listing a given item in every applicable category, or at least the most applicable categories. Do you have an opinion on this?

    I also welcome any other thoughts on what you'd like changed from the current list. I am/will be checking every existing list link and taking appropriate action when a problem is noticed.
     
  2. guest

    guest Guest

    Well, perhaps to remove paid software since it's a freeware site. I honestly don't understand why mentioning paid software is allowed in this particular list while mentioning them in other articles will make the mods hammering you. Also, might as well separating pure firewalls and firewalls with CHIPS.

    I personally would differentiate between HIPS (as an umbrella term) and CHIPS, and sandboxing and policy restriction. But that's just me.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I didn´t know that you made the list. :thumb:

    Can you perhaps make the "Section Index" click-able (instead of the dropdown menu)? It´s handy for people who have disabled Javascript.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I didn't start working on it until April 2014. Ako is the one who makes the final decisions, at least amongst the list authors.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    That's a good point.

    There hasn't been a final decision made about the navigation structure of the new list. My idea is to have maybe 20-45 separate pages, an index page that links to all of the other pages, and maybe a custom Google search engine to see what page(s) a given item is in. Having one huge page is no longer an option because it was apparently causing server problems; that's the reason why there are four separate parts in the current list.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    CHIPS=Classical HIPS?

    HIPS is a phrase with apparently no standardized definition. For example, at https://www.wilderssecurity.com/threads/hips-model.181819/ HIPS is used broadly.
     
    Last edited: Aug 23, 2014
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The top-level categorizations that I'm currently using (for the sections I've looked at) are:

    Introduction
    Key Legend
    New Items in This List
    Anti-Malware Software - Real-Time - Signature-Based
    Anti-Malware Software - Real-Time - Other Technologies
    Anti-Malware Software - On-Demand - Target=System - Signature-Based - All Types of Malware
    Anti-Malware Software - On-Demand - Target=System - Signature-Based - Only Certain Types of Malware
    Anti-Malware Software - On-Demand - Target=System - Other Technologies
    Anti-Malware Software - On-Demand - Target=Single File - Signature-Based
    Anti-Malware Software - On-Demand - Target=Single File - Other Technologies
    Anti-Malware Resources
    Virtualization

    Known problems with this:
    1. Not every threat is about malware. So what should I change "Anti-Malware Software" to? "Host-Based Intrusion Detection/Prevention"? "Threat Protection"? "System Protection"? "Endpoint Security"?

    I'm thinking of changing "Anti-Malware Software - On-Demand - Target=System - Signature-Based - All Types of Malware" to "Anti-Malware Software - On-Demand - Target=System - Signature-Based - Most Types of Malware" and "Anti-Malware Software - On-Demand - Target=System - Signature-Based - Only Certain Types of Malware" to "Anti-Malware Software - On-Demand - Target=System - Signature-Based - Few Types of Malware."

    Any feedback is welcome.
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Idea: For real-time software, there could be these categories:

    Real-Time Protection - Antivirus and Anti-Malware
    Real-Time Protection - Host-Based Intrusion Detection/Prevention

    "Real-Time Protection - Antivirus and Anti-Malware" would include only software that uses signatures, while "Real-Time Protection - Host-Based Intrusion Detection/Prevention" would contain software that uses techniques other than signatures. Do you think this is better or worse than post #8?

    There would also be other categories, such as "Real-Time Protection - Firewalls."
     
  10. guest

    guest Guest

    IMO the simpler the better. I'll personally go with #9.

    NOTE: I meant if it's a popup HIPS it should be called CHIPS (yes classical HIPS). HIPS is an umbrella term so IMO it should be made clearer. But that's just me.
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    1. Do you agree or not with categorizing by real-time vs on-demand?

    2. If I were to use this categorization for realtime security software:

    Real-Time Software - Antivirus and Anti-Malware
    Real-Time Software - Host-Based Intrusion Detection/Prevention
    Real-Time Software - Firewalls

    should "Real-Time Software - Antivirus and Anti-Malware" contain only signature-based programs?

    3. Should partition/disk virtualization programs such as Returnil go into "Real-Time Protection - Host-Based Intrusion Detection/Prevention" or a separate "Virtualization" category?

    4. Better: "Real-Time Software - Host-Based Intrusion Detection/Prevention" or "Real-Time Software - Other Real-Time Software"?
     
  12. guest

    guest Guest

    IMO...

    1. I prefer separating real-time and on-demand categories.
    2. Yes.
    3. Real-Time Protection - System Virtualisation.
    4. Depends on the context. Real-Time Host-Based Intrusion Detection/Prevention seems better but there might be some security software which can't be categorised and/or will create objections if being included in that category, so Real-Time Protection - Others (or something along that line) might still also be needed if you see the necessities for that.
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    For those answering "yes," do you prefer "Real-Time Software - Antivirus and Anti-Malware" or "Real-Time Software - Signature-Based Antivirus and Anti-Malware?" The latter is longer but also more specific about what's included.
     
  14. guest

    guest Guest

    IMO Real-Time Software - Antivirus and Antimalware should already be easily recognised as signature/blacklisting approach by most people.
     
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    How about this?

    Anti-Intrusion - Real-Time - Non-Network - Signature-Based (Includes Signature-Based Antivirus)
    Anti-Intrusion - Real-Time - Non-Network - Non-Signature-Based
    Anti-Intrusion - Real-Time - Network (Includes Firewalls)
    Anti-Intrusion - On Demand - Non-Network - Signature-Based
    Anti-Intrusion - On Demand - Non-Network - Non-Signature-Based
    Anti-Intrusion - On Demand - Network

    Issue: how to define "real-time" vs "on-demand?" One possible way: real-time means that while the given software is running, the detection/protection provided is immediate. According to this definition, WinPatrol Plus, Sandboxie, and VirtualBox are real-time, while WinPatrol Free and TCPView aren't real-time. Agree with this definition or not?
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The problem is that there are programs such as some anti-rootkit programs that don't use signatures and yet could be considered anti-malware.
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If I use the categorizations from post #15, I believe that (almost) everything from this thread would fit into these two categories:

    Anti-Intrusion - Real-Time - Non-Network - Non-Signature-Based
    Anti-Intrusion - Real-Time - Network (Includes Firewalls)
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    How about this?

    Anti-Intrusion - Data Loss Prevention
    Anti-Intrusion - Post-Execution - Prevention
    Anti-Intrusion - Post-Execution - Detection Only
    Anti-Intrusion - Just Before Execution - Blacklisting (Includes Antivirus Software)
    Anti-Intrusion - Just Before Execution - Whitelisting
    Anti-Intrusion - Just Before Execution - Program Examination
    Anti-Intrusion - Pre-Execution - Blacklisting
    Anti-Intrusion - Pre-Execution - Whitelisting
    Anti-Intrusion - Pre-Execution - Program Examination
    Anti-Intrusion - Pre-Execution - System and Program Hardening
    Anti-Intrusion - Network-Level (Includes Firewalls)
     
  19. guest

    guest Guest

    Reply to post #15, #17 & #18
    The Anti-Intrusion part is kind of confusing.

    Reply specifically to post #15
    I actually agree with that definition, but it may double (triple, quadruple and so on) the products' names. Unless it isn't considered as a problem.

    Reply specifically to post #16
    But can't they be included in a specific category such as: Real-Time Software - Non-signature based Antimalware?

    Reply specifically to post #18
    Too complicated IMO. It might confuse the readers since most people are not familiar with some of those terms.

    P.S.: What? Not many people reply to this thread? Wilders I am disappoint.
     
    Last edited by a moderator: Aug 24, 2014
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @GrafZeppelin: I'm using "intrusion" to mean this. If I were to keep that word, it would be explicitly defined for the user. I don't want to use "malware" instead of "intrusion" because not all intrusions involve malware (see post #1). Do you have a suggestion for what word to use instead of "intrusion?"

    What other words from post #18 do you think readers would be unfamiliar with? Instead of "blacklisting," should I use "block known bad" and instead of "whitelisting" should I use "allow only known good?"

    I am happy that post #18 got rid of "real-time" and "on-demand" because the distinction isn't always clear to me. For example, is ToolWiz Time Freeze realtime or on-demand? Is WinPatrol Free realtime or on-demand?
     
  21. guest

    guest Guest

    Well, people might wonder what does anti-intrusion suppose to mean and they probably will start asking "do I need an anti-intrusion aside of my antivirus?" kind of questions. Even on Wilders people differentiate anti-virus and anti-malware and some of them even recommend to have both anti-virus and anti-malware.

    The word "intrusion" is indeed a great idea, but I just viewed it from the broader audience's perspective.

    Perhaps if I may...

    Anti-intrusion - Signature-based Malware Detection (this category is for antiviruses, antimalwares, antispywares and the likes)
    Anti-intrusion - Complementary Malware Detection (this category is for on-demand scanners (for daily usages), system analysis tools and the likes)
    Anti-intrusion - Network Intrusion Prevention and Detection (this category is for firewalls and the likes)
    Anti-intrusion - Host Intrusion Prevention System (CHIPS, behaviour blockers, anti-loggers and the likes)
    Anti-intrusion - Execution Control (this category is for whitelisting-based anti-executables and the likes)
    Anti-intrusion - Threat Containment and Policy Restriction (this category is for sandboxes, policy restrictions and the likes)
    Anti-intrusion - Exploit Mitigation (this category is for EMET and the likes)
    Anti-intrusion - Full System Virtualisation (this category is for light virtualisation apps, VMs and the likes)
    Anti-intrusion - Web Browser Extension (this category is for web browser-based javascript blockers, ad blockers, web reputation checks and the likes)
    Anti-intrusion - Web Filtering (this category is for alternative DNS services, HOSTS files, standalone ad blockers and the likes)
    Data Security - Backup and Imaging (this category is for imaging apps, snapshot apps, file/folder backup apps and the likes)
    Data Security - Encryption (this category is for file encryptions and the likes)
    Data Security - Privacy and Anonymity (this category is for VPNs, Tor, proxies and the likes)
    Data Security - Password Security (this category is for password managers, virtual keyboards, input obfuscation tools and the likes)
    System Maintenance - Vulnerability Check (this category is for vulnerability scanners and the likes)
    System Maintenance - System Optimisation (this category is for tune-up utilities, defragging apps, cleaners and the likes)
    Miscellaneous - Malware Removal (this category is for rescue CDs, Linux boot environment, aggressive scanners and the likes)
    Miscellaneous - Security Test (this category is for leak-tests, anti-logger tests, DNS-leak tests and the likes)
    Miscellaneous - Recommended Links (this category is for online analysis websites, how-to tutorials, security articles, security forums and the likes)
    Miscellaneous - Not Recommended Tools (this category is for apps that have not passed editors' judgements)
    Miscellaneous - My Choices and Tips (this category is for editors' security setups and personal advices)
     
    Last edited by a moderator: Aug 24, 2014
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @GrafZeppelin: Thank you much for taking the time to give a categorization! I'll look at it more carefully next weekend.
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @anyone: In general, do you prefer a categorization with more levels in the hierarchy or fewer?
     
  24. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    The list is supposed to be for the public, not for the Wilders users, so I would definitely choose less. Too many categories would be confusing and people would ignore them anyway. I would already remove: Best Free Rootkit Scanner and Remover - they belong to the anti-malware cathegory obviously. I wonder, what happened to the neat categorization, that was there before? You could choose on top of the webpage: realtime or on-demand AV, AS, HIPS, firewall and such, now it is gone? o_O

    EDIT: I see, they use a list instead, very bad idea. I overlooked it, because it is listed only in http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm and not in http://www.techsupportalert.com/pc/security-tools.html There is just a lot of text, a lot. People do not like to read that much. :cautious:
     
  25. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Latest proposal:

    Endpoint - Security - Software - On-Going Protection or Alerts - System - Blacklist
    Endpoint - Security - Software - On-Going Protection or Alerts - System - Other Than Blacklist
    Endpoint - Security - Software - On-Going Protection or Alerts - Network - Blacklist
    Endpoint - Security - Software - On-Going Protection or Alerts - Network - Other Than Blacklist
    Endpoint - Security - Software - No On-Going Protection or Alerts - System - Blacklist
    Endpoint - Security - Software - No On-Going Protection or Alerts - System - Other Than Blacklist
    Endpoint - Security - Software - No On-Going Protection or Alerts - Network - Blacklist
    Endpoint - Security - Software - No On-Going Protection or Alerts - Network - Other Than Blacklist
    Endpoint - Security - Operating System and Application Configuration
    Endpoint - Security - Resources
    Endpoint - Confidentiality - Software
    Endpoint - Confidentiality - Operating System and Application Configuration
    Endpoint - Confidentiality - Resources
    Endpoint - Availability - Backup
    Endpoint - Availability - Rescue
    Endpoint - Miscellaneous
    Non-Endpoint - Security

    This doesn't include the lowest-levels. The lowest levels would probably be similar to what GrafZeppelin proposed in post #21.

    Explanation:

    Endpoint - your Windows PC
    Non-Endpoint - routers, etc.

    Security - broad term that includes integrity, confidentiality, availability
    Confidentiality - subset of security
    Availability - subset of security
    Miscellaneous - includes somewhat security-related items such as partitioning software

    Software - adding software to hopefully increase your security
    Operating System and Application Configuration - changing configuration of software you already have for better security, either directly or via additional software
    Resources - guides or anything else that doesn't fit into the above two

    On-Going Protection or Alerts - when software is running, software gives real-time protection or detection alerts
    No On-Going Protection or Alerts - anything not in above

    System - all functionality except network functionality
    Network - network functionality

    Blacklist - known bad items are detected/blocked
    Other Than Blacklist - techniques other than detection/blocking of known bad items

    Feedback is welcome.
     
Loading...