Do I need Real-Time Ewido Scanner

Discussion in 'ewido anti-spyware forum' started by KDNeese, Dec 23, 2005.

Thread Status:
Not open for further replies.
  1. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I have been using Ewido for several months now and really like it. I have a fairly new computer (less than 6 mos old), so (knock on wood) have not had any problems whatsoever with Ewido. I am currently using the free version simply for scanning, but have been so impressed with it that I have seriously considered getting the Plus version for the real-time capability. However, I was wondering if that would be overkill or really necessary considering the other apps I run. Right now I am running the following as resident real-time scanners:

    NOD 32
    Sunbelt-Kerio Personal Firewall (paid version with HIPS)
    Counterspy
    Winpatrol
    SpywareGuard
    SpywareBlaster

    I also use the Opera (8.5.1) browser, so about 98% of the garbage, tracking cookies and such that I used to clean on a daily basis have completely disappeared. The thing I was wondering was whether having Ewido running resident would be duplicating efforts considering the other apps I'm running. I know that Counterspy is very good as far as spyware, but am not sure how well it deals with trojans and such that seems to be Ewido's specialty. I also know from experience that NOD32 does an excellent job of catching trojans before they download. There have was an instance where I inadvertently went to a bad website and NOD32 stopped 4 trojans in their tracks.

    The thing is, I work on other people's computers quite frequently and often see the devastation that spyware, viruses and other malware can cause. It has maken me very, very careful (almost to the point of paranoid). Like the old saying goes, "An ounce of prevention is worth a pound of cure." Since it usually takes me two or three days of tinkering to get all of the crapola off of people's computers, I want to take the necessary steps to keep that stuff from getting to my computer in the first place. That being the case, would it be worthwhile to have Ewido running resident alongside my other apps, or would it be necessary? Since I don't know EXACTLY what malware each app goes after, I would appreciate any input on this from somewhat more technically astute in this area.
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Depends on your surfing habits. If you visit high-risk sites then the Ewido Guard would be good protection to run alongside NOD.

    But if you are a low-risk surfer, then stay with the free version.

    And don't forget that most AV's will jump on a trojan before the AT has a sniff.

    However, take a look at the new version 4, which is due for release early in the New Year, then you may find the commercial version more tempting.
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If you are worried about redundancy how come you are running Counterspy, WinPatrol and SpywareGuard all together?

    You only need CounterSpy (or WinPatrol if you prefer it).

    Ewido would be doing a slightly different job, so in my opinion it would be far more sensible to run Ewido alongside NOD and CounterSpy instead of using WinPatrol/SpywareGuard.
     
  4. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    Actually, avoiding redundancy is the point of asking the questions I am asking. I'm trying to determine what I can start weeding out. I'm not a real technical person and don't understand all the inner-workings of the AS apps. If I did, I wouldn't need to ask questions at this forum. I did uninstall SpywareGuard after learning it didn't add anything to what I already had, so was unneeded. Also, I have found that Winpatrol often alerts me to events that Counterspy does not, for whatever reason. I've used Winpatrol for so long that I would feel naked without it. Mostly use it to monitor the Hosts File, Startup programs and active tasks (items that are disabled in Counterspy active protection). Counterspy doesn't give me much info about currently running apps, a BHO list (at least that I've seen), or running services, but Winpatrol does. So I can live with running those two together. I also like Winpatrol's ability to enable or disable startup programs or services, which Counterspy does not (at least to my knowledge). So, at least for me, Winpatrol does some things that Counterspy does not, and vice versa. But I don't have them doubling up on duties that they both are capable of performing. Also, I have disabled some monitors in Counterspy because it has often made changes without asking me, while Winpatrol allows me to accept or deny changes. One example is when I installed the Zone Alarm firewall, Counterspy viewed it as a malicious program and would not allow it to run at system startup. It did not ask for my approval - just gave me a message that the new startup program had been disallowed. I really didn't like that at all, especially since I WANTED Zone Alarm to run at system startup. And so, that monitor went bye bye, so just monitor new startups with Winpatrol now. I guess that is the best answer as to why I run both Counterspy and Winpatrol. I do want to take a look at the Version 4 of Ewido. I have found Ewido 3.5 to be a pretty decent on-demand scanner, but don't really know about its real-time capabilities as it has never detected anything in real time. My NOD32 always catches anything before it does. If they offer a free trial of the new version I will at least try it out, as Ewido seems like a very good product.
     
  5. Following the blue plan. This is what you should have.

    Antivirus: NOD32
    Memory scanner: Ewido
    Firewall: Kerio
    HIPS/behaviorial blocker : Winpatrol and/or the real time monitor of Counterspy (though there are arguably better choices for this position)

    I intend to agree that it is better to keep Counterspy rather than winpatrol, but if you want both, and set them up for minimal overlap, it's your choice.

    Between the first 2, you have a solid signature based protection. Excellent heuristics plus powerful memory scanner.

    Compared to the standard prefered wilders setup, your 4th line of defense is a bit unusual though. A lot of people prefer one of the following instead of winpatrol and/or counterspy

    Online Armor
    Safe n sec
    Prexv1
    Processguard/appdefend +regdefend
    Antihook
    Defensewall host

    Winpatrol is not bad either of course.
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    System Tools/My PC Explorers in Counterspy will give you a great deal of info about Running Processes, Startups, BHOs, Active X, etc; together with the ability to block/stop etc.
    If you have disabled some monitors in CS then it is not surprising WP alerts you to things CS does not. When installing important security progs such as FW or AV you should disable CS first. However supposing ZA was indeed a dangerous prog - from the sound of what you are saying CS was on the ball and stopped it from autostarting while WP could have let it through!

    Winpatrol plus is a nice prog and if you prefer it that is fine. However the point of your original question is that you can justifiably run Ewido alongside your AV and AS (whichever one you choose) and thereby obtain an extra layer of protection. The reason being (as is stated in the post above) that ewido will be scanning memory while your AS is looking for changes in system variables.

    I know the matter is further complicated by the fact CS will also be examining processes attempting to execute on your system, and comparing them with its list of known baddies, but even so I would be happier with Ewido plus either CS or WP than I would with CS + WP instead of ewido.
     
Thread Status:
Not open for further replies.