Do I need Wormguard?

Discussion in 'WormGuard' started by Antarctica, Mar 12, 2005.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    I been wondering for a while if I should also acquire Wormguard, but I can't see with my actual configuration if that would give me more security or not. I already feel a little bit paranoid now :eek: and I don't want to spend more money without a good reason.

    Here is what I have. L'N'S, PG,TDS-3,Port Explorer,RegDefend,Nod32, Ad-Aware and MS Antispyware. I also have Spywareblaster and Spybot S&D.

    Thank you for your help. :)
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Antractica, WG is a very nice little script and worm etc. defender with virtually no overhead and will catch things that your current set up will not.
    Try renaming a notepad file like test.txt to test.txt.exe and you will see that it can be executed albeit doing nothing. With WG installed you will get an immediate warning with the ability to safely view the file or allow it.

    Give it a try :) Pilli
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Hi Pilli, Thank you for your answer.


    O.K. excuse my ignorance :oops: , I am the only user of my PC and I still don't see exactly how someone from "outside" could modify something like you mention.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    The file could arrive from the internet or in an email as part of a download & because WG uses heuristics it does not rely on updates to signatures.

    An exmple of double extensions could be like. this:
    test.txt_____________________________________________________________________.vbs

    Had to use underscores instead of spaces as the spaces would be removed by the forum software. In that example one could miss the fact that the file was a double extension .vbs which could be dangerous if clicked
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Thanks Pilli for this explanation.

    May be I should try it out then. :)
     
  6. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Pilli knows better than I . But I disagree . My setup is similar . With what you have , you are fairly well protected from worms . However , if you have the money , there is nothing wrong with more layering . Especially with a program that uses nothing as far as resources go . Good luck
     
  7. dog

    dog Guest

    To throw my 2 cents in ... I wouldn't be without the added protection WG provides. It's one of four prevention programs I'd never go without; outside of the standard setup of FW (H & S), AV & AT ... The Four are: PG, SSM, WG and Jason's new RegDefend. They're all simply marvellous. ;)

    Steve
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Throwing in a big money bag here:
    WG saved my precious computer's life rather often, you can modify what more you like to be blocked if you like, i do like the warnings for possible suspicious files containing double extensions or embedded stuff, etc.
    And like with all diamondCS products we are in command allowing a possible file or denying it any further execution.
    You could grab the test files in the stickeys on top of the TDS forum, can paly them (or not, should cause alerts) with WormGuard and from TDS.
    Have fun trying and testing your system!

    Taking the rest of that big money bag back with me as WormGuard was not so expensive after all.
     
  9. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    :D :D

    Hi Jooske and dog,

    Thanks for your input. I will give it a try next week. First I d'like to solve that problem with OupostPro Installation.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You might like to have wormguard protection closed when setting the firewall or even during it's installation.
    On my systems it's not an issue, but for some people's systems it is important. And you know to close all scanners including their resident protection during such installations.
     
  11. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Sorry for posting in a old topic. But I've the same question and found it not necessary to make a new topic. Should I try Wormguard because my antivirus(BitDefender) has script protection and look also at files with double extensions.

    Thanks in advance.
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The proof of the software is into trying it on your own system Niels. Hope you like it, i do!
     
  13. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Thanks for your reply. I think that I will try Wormguard.
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Let us know how it goes!
    I felt so proud today with a little script and wormguard jumping up on it, so my script was really doing something. Nothing bad but wormguard is better sure then sorry :)
     
  15. Hard_Warrior

    Hard_Warrior Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    17
    If I may ask, how is this sort of functionality different from PG stopping an illicit execution?
     
  16. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    PG only seems to monitor .exe and .dll (run by rundll32.exe) in its executable protection - it doesn't prevent scripts.

    WormGuard protects the script extensions like *.vbs *.hta *.jse etc

    WG also doesn't ask you to allow each new script that runs (like PG does for exe's). Rather it checks the scripts heuristically to see what they can do, and if it's dangerous, you then get a popup.
     
  17. Hard_Warrior

    Hard_Warrior Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    17
    Understood, and thanks for the run-down.
     
  18. spyluckyone

    spyluckyone Registered Member

    Joined:
    Aug 5, 2005
    Posts:
    2
    Location:
    Seattle, WA. USA
    Do I need this software even though I am connected too the Internet thru a firewall and a router??
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    In a word - yes :) WormGuard works heuristically and does not rely on signature files, this does create is a slighter greater chance of getting false positive alerts but in my experience these are few and far between.

    HTH Pilli
     
  20. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I'd hesitate to say "need" but script-based malware is a possible attack vector (as are downloaded files and webpage exploits) not addressed by firewalls (though some do offer limited webpage filtering).

    There are other ways of dealing with scripts however and you may wish to consider those first.
     
  21. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Above posts don't quite answer why the question was asked in the first place :)

    Even thought you are sitting behind a software firewall and router <which is good, because a firewall is needed>, There are still a few main ways to 'possibly' get infected...most relate to executable files, or scripts :
    1. Openning an email attachment
    2. Openning a file sent via Instant Messenger
    3. Drive by downloads while surfing the internet (IE hardenning or firefox should solve 'most' of this)
    4. P2P programs (many have spyware built into them)
    5. P2P programs (dowloading certain types of files, most notably executables, is very risky)
    6. P2P programs (they act as a server, which may be vulnerable to hacker attack)
    7. Downloading an unknown program from the internet (always try and find multiple reviews from sites you trust before running an unknown program)
    8. Installing copied programs from burnt CD's. <any file from another computer is a possible source of infection>
     
  22. ---

    --- Guest

    Vikorr

    Well, I bet he knew all that :)

    It's not as if he's asking if a firewall and router ALONE is sufficient.

    Hint : Look at his setup.

    I would say Paranoid2000's link is the best answer in this thread.
     
  23. spyluckyone

    spyluckyone Registered Member

    Joined:
    Aug 5, 2005
    Posts:
    2
    Location:
    Seattle, WA. USA
    THanks for the Advise and the Help here. :D I appriciate this allot! :D
     
  24. Carloswoody

    Carloswoody Registered Member

    Joined:
    Aug 14, 2005
    Posts:
    2
    I have tried just about every test made for wormguard and NOD32 version 2.5 has caught them all.
    Do I really need wormguard?
    Remember, I am using the new NOD32 version.

    Thanks everyone :rolleyes:
     
  25. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Well, since I ask the original question, I think I will report my experience since the installation of WormGuard.

    Strangely WormGuard has popup three or four times to warn me of a possible
    infection with a .doc (Word) document. Since I was sure of the source, I choose to open it anyway without any problems.

    I still don't know why WormGuard has triggered. o_O
     
Thread Status:
Not open for further replies.