Do WS Forum Members Run too Many Security Programs

When security apps start duplicating coverage, there's too many or they've been badly chosen. It's easy to look through the threads and find examples of users running 2 or more HIPS, firewalls, etc. The only reason I can see that someone would run more than one HIPS or internet firewall is because they don't trust them to do the job. If someone has so little trust in a firewall or HIPS that they feel the need to add another, why keep the first one? I lurked at this forum for a couple years before registering and remember seeing threads where users complained that one of their installed HIPS was conflicting with another one they installed and wanted the vendors to "fix the problem". The vendors should have refused to fix these user caused "conflicts" of apps that never should have been installed on the same OS. IMO, by altering their products to accomodate this duplicate coverage, they weakened their own products.

Layered security is not a big pile of security apps.

 

Forget the hips, forget the AV, forget the anti this anti that, forget the firewall even. Just use Linux.

 

Yes it is true and i agree with you but for example in my case - i use Online Armor - which offers Firewall and classical HIPS protection, second security application which i use is DefenseWall. DW offers HIPS too, but it isn't classical HIPS which i more prefer. DefenseWall covers my security layers on another level as a sandbox policy software.

 

Of course they do, it's Wilders tradition, lol. I stopped with the tradition long ago and *shock!*...my computer works, doesn't crash, and I don't need to email support, lol. I run sandboxie, Avast, and Spywareblaster, nothing more.

 

Thanks Beavenburt for that comment.

I just had to chuckle whern you wrote that because theres been a tinge of truth to it at least for me. I remember getting loaded down with the old style adware & malwares that peaked up my CPU or else finally pushed explorer over the edge to crash.

I've run into the same thing occasionally before when heaping a load of security programs to prevent malwares.

That was very humurous to read but in many cases can & is very true.

As of this post a rating of 57 to 18 seem to confirm this.

EASTER

 

I have Ubuntu on one old desktop, and I appreciate the fact, the reality, the philosophy behind the Linux project (I'm actively trying to learn to use this operating system).

I've also tried unsuccessfully to get my printer, scanner, and what not to work with Ubuntu (some people say sure it's possible), after one week I gave up, because I have other infinitely more interesting things to do with my time.

I'm keeping Ubuntu on that computer, but to slam Windows as an insecure OS is ridiculous to say the least. Microsoft has paid a huge fine to the European Anti Trust commission for bundling Media Player with the OS. By the same token, I would expect the same fines to be given to companies like HP, Lexmark etc. for not supplying clear support for at least some Linux environments.

Last but not least, if Linux or one of its many incarnations ever reached half of the popularity that Windows enjoys, it would without any doubt become a target of malware, needing some kind of security.

 

I dunno how relative this would be, or efficient, but IMO the limiting of activatable file extensions would have a dramatic impact on malwares PERIOD!

It's like the governments of the world, the more staff & offices that are created, the more budget is needed to fund their everyday activities efficiently. A poor analogy i agree, but just look at.................better yet, can anyone with absolute certainty produce the number of file extensions at any given moment or time can activate with a windows O/S to produce a desired or fashioned effect?

My pet peeve. WAY TOO MANY EXTENSIONS THAT CAN BE LAUNCHED AND THUS EXPLOITED FOR DISRUPTIVE OR MALICIOUS PURPOSES.

That's long been a disaster in the making which is already taken the entire globe of developers to address.

 

I like to *think* I don't, but I've changed so often I sometimes forget what I'm running.

Right now, Shadow Defender carries the weight. I've got the latest Threatfire for backup and, if I'm in the mood, I'll substitute Sandboxie for Shadow Defender.

Firewall is hardware on our Linksys router and another Hardware firewall on our modem.

That's it....

I also have free MBAM and SAS - both on demand that I run once a week each. I've also got an old version FD-ISR but I don't really count that as security.

 

IMHO it's vitally important given the newer techniques of today;s malware to actively run an armada or fleet if you will of security apps to better stave off and repel potential new 0-days, or else if thats more then you're comfortable with or your system can handle, all i can suggest is run virtual systems like RETURNIL RVS for one in tandem if you so choose with Sandboxie or others of your choice like DEEP FREEZE w/Anti-Executable and a firewall or router.

Regardless of your choice, your treasure guard is always a reliable series of images from a reputable backup program safely stored away in event of some forced intrusion on your good machine.

EASTER

 

Those "newer techniques of today;s malware" are only effective against default-permit oriented security policies. When tried against a system protected by one of the oldest security concepts, a default-deny policy, those techniques fail. The only modification to a basic default-deny policy that I would deem necessary is extending it to the activities of the allowed processes, primarily the attack surface and effectively isolate it from the OS components and from other applications. Code that exploits an application is useless if that application isn't allowed to do what the code asks of it. It doesn't take an armada to accomplish this. One well configured classic HIPS will cover it. Software restriction policies and limited user accounts would cover most of it.

Some people here won't like what I'm going to say, but that changes nothing. This is for those who are strictly interested in protecting their system and doesn't include them who study malware as a hobby or a livelyhood. If you're trying to protect your system by learning and keeping up with every new technique malware uses to get past your defenses and every new method and location malware uses to hide on your system, you're like a puppy chasing your tail. There's no end to it. Windows will NEVER run out of unpatched holes because it was designed to be default-permit in its operation with everything integrated together, as is most of the user software. Security patches are nothing more than another example of that policy, the equivalent of plugging one hole in a window screen. "This type of code can be used to compromise the system so we'll block that specific activity with a patch."

The time you spend learning what all the different kinds of malicious code do and learning to detect/block/remove them would be better spent learning your own operating system and the apps you use. Determine what each one needs to function and what other processes each one needs access to in order to perform the work that you do. Learning the needs of your applications and system components is no harder than learning how malware infects your system, and there's a lot fewer system processes than there are types of malware. Many of the executables on XP for instance will never be used on a normal home system. The big difference is that learning the basics of your system has an end to it. When the specifics of your policy are set, you're done. You don't have to go back into it every time a new zero-day exploit is found. It doesn't matter if a particular rootkit infects your BIOS or if another one hides in an alternate data stream. If it can't run in the first place, it can't hurt you.

I've been using a default-deny based security policy for going on 5 years now. I use P2P and download executables and software with it. I'm not a safe surfer. I attack phishing sites. I let others use my PC whenever they need to. I break all the rules except for one, which is I don't allow an unknown to run on my system. In the last 5 years, the full system backups I maintain have never been used because of malware. Default-deny works and it's worth the effort it takes to learn your system well enough to set it up. Windows comes with the basic tools that are needed. The rest can be obtained for no cost. Stop wasting your time and money. Secure your OS permanently and be done with it!

 

...for some it is an addiction they can not help themselves...

experimentation however is the best teacher... and we all benefit from the shared knowledge. If you are savvy enough to fix what you might break because of the addiction then no harm is done.

PC security addiction is a much better affliction then most any other addiction Carry on....

 

That's one of the advantages of using classic HIPS to set the priveledge levels. You can set the access priveledges and restrictions for each process or program individually. You can also specify them differently for each user. It's also much simpler to elevate to an administrator mode when necessary. On my PCs, SSM fills this role. With SSM, going from user mode to administrator mode is as simple as entering the password that connects the UI. I haven't tried any other classic HIPS but they're probably just as capable.

IMO, installing software shouldn't be allowed under a limited user account or in user mode. If software can be installed, so can adware, malware, etc, which defeats the whole purpose a limited account. If installing and updating software is treated as an administrative task, the risk of malware installing while in user mode is nearly eliminated.

 

I think Leo is making much ado about nothing. I run under a LUA all the time and when I want to install software I save it to a file and logoff then login as an administrator. No problems thus far and all it takes is a few seconds.

 

Well Now, quite a read.

As a malware researcher for many moons myself, i don't bother with LUA/SRP preventions at all. Why? Because it's imperative to determine that these security apps which so many seem to stockpile for active service on the web either work, or they don't.

Further, i don't subscribe to VMware to run malwares for testings. What's the benefit or education in that? And besides now days malwares are designed not to run when they detect a virtual environment anyway.

I choose, like fcutdat, to enter the snakepits full of fangs with the armour i go into them with. If the machine comes out unscathed after some time in the playpen, then the security programs have proven their worth whether freeware or commercial. On the other hand, if not, then a limitation exists that needs to go back to the workshop for an overhaul,

More On Topic: YES! WS Forum members in the majority run too many safety programs because of the UNCERTAINTY if one or two their arsenal fail, they still have secondary backup security systems in place to fill that gap if needed.

EASTER

 

Sandboxie on my desktop and ShadowDefender on my laptop, along with the other stuff I mentioned, seems to work fine. I'm a safe surfer, but even 'safe' websites these days seem to collect stuff.

I got hit with that damned antivirus2008 (I think) with my laptop just last week. After a brief instant of panic, I remembered I had ShadowDefender engaged. Since it was too late, and the thing was there, I let it go for a minute, just to see what it did, and then rebooted and all was well. This was on a presumably safe site that I'd been to many times before without a problem.

Oddly, McAfee didn't register a thing. Not very comforting, unless the av2008 was a very new variant. In any case, ShadowDefender proved its worth.

That's my exciting story. Other than months ago when my wife got hit with something similar on a graphics site she frequents, and it took hours to get rid of (thanks for nothing Norton AV), we've since been safe and secure with Sandboxie and ShadowDefender.

 

Sandboxie and Shadow defender are really good apps.I ofcourse u need a antivirus for malware detection and imaging for recovery .I wont mind installing such great apps ,when majority of other users install so many apps for desktop enhancements and others.ISRs like FD-ISR are luxury indeed and i dont need running all time.

 

Out of curiosity, do you remember allowing any executable? What browser were you using? Easter was mentioning "fcutdat", who uses ProcessGuard to stop any executables, and according to his experiences as well as from other members, nothing will download automatically into your machine unless you 'allow' it.

If that happened with your laptop, having Vista you should have been alerted by UAC, did it pop an alert?

 

It's a site that was in my bookmarks and I've used many times in the past few years. It's gone now.

Yes, I did allow an exec. but it was to open a file to some American Old West history information, and that av2008 or similar appeared and started running.

I have Vista sp1 and no, no alert popped up, which surprised me too. I get the warning when I try to open CCleaner, my screenplay writing program, MBAM and others, but not when it should alert. My browser is IE7, although I'm looking at a new one I found, called Orca.

In any case, I let the malware play for a minute or so to see what it did, after a second or two of panic when it started, and then rebooted and all traces gone - thanks to ShadowDefender. I know this malware isn't one of the deadly ones. It's more a major nuisance.

 

So it means that malware (or some of it) has already managed to get around UAC, didn't take long! Still you were using IE7 which we all know is the most popular and most vulnerable of all browsers. I wonder what would have happened, had you used Firefox or Opera in the same circumstances.

Thank you for sharing the experience.

 

Well I thought I might have a say in this too. Sincerely sorry for my English by the way I'm not very good at it

I myself sometimes take a double take seeing the various stuff installed by some members here. I wonder if their usefulness weighs out their resource consumption or if the members just install all of them to give themselves a peace of mind and not thinking about the practicality of their security setups. I'm sure a lot of users here are pretty computer fluent and can make the differences between rogues, spyware, malware from legit applications. I run a single scanner (Norton AV 2009) for the sole purpose of scanning malware infested removable drives and nothing else. I could use the computer forever without using an antivirus and not get infected by anything because I know what I'm doing online/offline on my computer. Might replace it soon with Prevx Edge since it seems to detect these forms of malware as welll. Even if I did insert removable drives without anything installed I know how to open them without getting infected but it's easier letting something else do the work. I could make and send a custom trojan binded to a custom emoticon on Windows Live Messenger to someone and no antivirus on earth would protect against it. I ask this from the guys that run 10 security applications one on top of another. How many times have you been protected from a legitimate piece of malware since you installed all of those apps? Could those pieces of malware have slipped through if you took off one of your applications? If you have never encountered a virus since you've installed those applications ask yourselves do we really need all of these? Would it make a difference at all if I just keep one or two of my apps running instead of all of these since I probably have a lower chance of getting infected than getting cut down by a falling lawnmower? I'm saying this because I know a lot of you are really knowledgeable with this field. A single scanner/behaviour blocker/sandbox is enough for most of us in my honest opinion. Or maybe even just keep a clean image of the system and revert back to it if anything happens. It's not going to be everyday you'll get infected by malware to run everything on top of each other. The only reason I keep Comodo Firewall running is because I like to see what goes in and out of my computer not because I use it's firewall component nor if the Defense+ would actually catch anything malicious within this millenium. Sometimes it's a lot more trouble than it's worth and I might even remove it one of these days.

 

I couldn't agree more. As a matter of fact I use an antivirus for the same reasons that you've mentioned, my computer is often exposed to other people's infected flash drives, and in order not to infect other people, if I'm alerted about anything (the rate of infection of flash drives is from my experience 1 every 3 drives) I reboot my system as a precaution.

I have noticed, however, that most members nowadays run their machines with a lot less compared to a few years back, which shows a definite trend towards having a basic setup and more confidence in their own judgment.

 

x2 Absolutely no reason AT ALL to run 10 security programs.

IF your that paranoid-bored, unplug your computer,find a new hobby / profession,because your missing out on waaay more fun and enjoyable things out there in life.

 

Do you know what I do if I find a friends flash drive infected. I create a folder called autorun.inf in it and give it +rsh attributes and remove permissions for it for all users. So basically the drive is protected forever from those trojans unless the person formats it. Yeah I know I'm a good person

Wow I guess I haven't seen how it was back then. I can only just imagine.

 

What I find amazing is that only one person in this poll thinks that people run too few security programs. This means that no one else has raised an eybrow for those who have said they use just

1) Router/Firewall

2) Opera/Firefox​

The first takes care of all Port-based exploits, such as Slammer, MSBlaster, and the current Conficker worms.

The second takes care of web-based exploits since all such exploits in the wild target IE. Just look at the patches each month from Microsoft.

I asked several who use the above how they deal with:

1) Conficker.b USB exploit: protect USB/Autorun.inf. Various solutions

2) PDF exploits: use alternate PDF Reader

3) Flash exploits- banner ads, etc: Opera - flash block; Firefox - NoScript
​

When you think about it, all other exploits require the victim to agree to download.

Antivirus2009

​

Koobface




Storm e-cards - Valentines Day
​

and so forth.

Solution described by several: Don't install bad stuff!

Too simple? To dangerous? Some think not!

----
rich

 

Is 5 too much ?? If so I am security paranoid.