Do I need Wormguard?

I been wondering for a while if I should also acquire Wormguard, but I can't see with my actual configuration if that would give me more security or not. I already feel a little bit paranoid now and I don't want to spend more money without a good reason.

Here is what I have. L'N'S, PG,TDS-3,Port Explorer,RegDefend,Nod32, Ad-Aware and MS Antispyware. I also have Spywareblaster and Spybot S&D.

Thank you for your help.

 

Hi Antractica, WG is a very nice little script and worm etc. defender with virtually no overhead and will catch things that your current set up will not.
Try renaming a notepad file like test.txt to test.txt.exe and you will see that it can be executed albeit doing nothing. With WG installed you will get an immediate warning with the ability to safely view the file or allow it.

Give it a try Pilli

 

Hi Pilli, Thank you for your answer.

O.K. excuse my ignorance , I am the only user of my PC and I still don't see exactly how someone from "outside" could modify something like you mention.

 

The file could arrive from the internet or in an email as part of a download & because WG uses heuristics it does not rely on updates to signatures.

An exmple of double extensions could be like. this:
test.txt_____________________________________________________________________.vbs

Had to use underscores instead of spaces as the spaces would be removed by the forum software. In that example one could miss the fact that the file was a double extension .vbs which could be dangerous if clicked

 

Thanks Pilli for this explanation.

May be I should try it out then.

 

Pilli knows better than I . But I disagree . My setup is similar . With what you have , you are fairly well protected from worms . However , if you have the money , there is nothing wrong with more layering . Especially with a program that uses nothing as far as resources go . Good luck

 

To throw my 2 cents in ... I wouldn't be without the added protection WG provides. It's one of four prevention programs I'd never go without; outside of the standard setup of FW (H & S), AV & AT ... The Four are: PG, SSM, WG and Jason's new RegDefend. They're all simply marvellous.

Steve

 

Throwing in a big money bag here:
WG saved my precious computer's life rather often, you can modify what more you like to be blocked if you like, i do like the warnings for possible suspicious files containing double extensions or embedded stuff, etc.
And like with all diamondCS products we are in command allowing a possible file or denying it any further execution.
You could grab the test files in the stickeys on top of the TDS forum, can paly them (or not, should cause alerts) with WormGuard and from TDS.
Have fun trying and testing your system!

Taking the rest of that big money bag back with me as WormGuard was not so expensive after all.

 

Hi Jooske and dog,

Thanks for your input. I will give it a try next week. First I d'like to solve that problem with OupostPro Installation.

 

You might like to have wormguard protection closed when setting the firewall or even during it's installation.
On my systems it's not an issue, but for some people's systems it is important. And you know to close all scanners including their resident protection during such installations.

 

Sorry for posting in a old topic. But I've the same question and found it not necessary to make a new topic. Should I try Wormguard because my antivirus(BitDefender) has script protection and look also at files with double extensions.

Thanks in advance.

 

The proof of the software is into trying it on your own system Niels. Hope you like it, i do!

 

Thanks for your reply. I think that I will try Wormguard.

 

Let us know how it goes!
I felt so proud today with a little script and wormguard jumping up on it, so my script was really doing something. Nothing bad but wormguard is better sure then sorry

 

If I may ask, how is this sort of functionality different from PG stopping an illicit execution?

 

PG only seems to monitor .exe and .dll (run by rundll32.exe) in its executable protection - it doesn't prevent scripts.

WormGuard protects the script extensions like *.vbs *.hta *.jse etc

WG also doesn't ask you to allow each new script that runs (like PG does for exe's). Rather it checks the scripts heuristically to see what they can do, and if it's dangerous, you then get a popup.

 

Understood, and thanks for the run-down.

 

Do I need this software even though I am connected too the Internet thru a firewall and a router??

 

In a word - yes WormGuard works heuristically and does not rely on signature files, this does create is a slighter greater chance of getting false positive alerts but in my experience these are few and far between.

HTH Pilli

 

I'd hesitate to say "need" but script-based malware is a possible attack vector (as are downloaded files and webpage exploits) not addressed by firewalls (though some do offer limited webpage filtering).

There are other ways of dealing with scripts however and you may wish to consider those first.

 

Above posts don't quite answer why the question was asked in the first place

Even thought you are sitting behind a software firewall and router <which is good, because a firewall is needed>, There are still a few main ways to 'possibly' get infected...most relate to executable files, or scripts :
1. Openning an email attachment
2. Openning a file sent via Instant Messenger
3. Drive by downloads while surfing the internet (IE hardenning or firefox should solve 'most' of this)
4. P2P programs (many have spyware built into them)
5. P2P programs (dowloading certain types of files, most notably executables, is very risky)
6. P2P programs (they act as a server, which may be vulnerable to hacker attack)
7. Downloading an unknown program from the internet (always try and find multiple reviews from sites you trust before running an unknown program)
8. Installing copied programs from burnt CD's. <any file from another computer is a possible source of infection>

 

Vikorr

Well, I bet he knew all that

It's not as if he's asking if a firewall and router ALONE is sufficient.

Hint : Look at his setup.

I would say Paranoid2000's link is the best answer in this thread.

 

THanks for the Advise and the Help here. I appriciate this allot!

 

I have tried just about every test made for wormguard and NOD32 version 2.5 has caught them all.
Do I really need wormguard?
Remember, I am using the new NOD32 version.

Thanks everyone

 

Well, since I ask the original question, I think I will report my experience since the installation of WormGuard.

Strangely WormGuard has popup three or four times to warn me of a possible
infection with a .doc (Word) document. Since I was sure of the source, I choose to open it anyway without any problems.

I still don't know why WormGuard has triggered.