First & Last line of defense against malware

Discussion in 'malware problems & news' started by InfinityAz, Sep 20, 2006.

Thread Status:
Not open for further replies.
  1. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I know there are a lot of possible responses to this question due to all the different variables. There are many types of malware (e.g., virus, trojan, rootkits, spyware, adware, etc.) and many types of anti-malware (e.g., AV, AT, HIPS, IDS, firewall, etc.).

    What do you consider your first line of defense against malware, either general (e.g., AT) or a specific product (e.g., Boclean)?

    and

    What do you consider as your last line of defense against malware (i.e., this will catch it if it gets past everything else)? Also, either general or a specific product.

    To keep it simple you could use:

    First = ?

    Last = ?
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Too general a description: malware, because of the many attack vectors there are many first lines. But generally...

    First Line: Discrimination
    The good kind of discrimination, like the power of finely distinguishing the software you want from the malware you don't.
    Not the bad kind like racial discrimination.

    Last Line: Offline, disconnected, offsite backup.
    When all else fails, your proven, reliable backup will save you.
     
  3. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    First = anything that blocks executables (e.g. Process Guard)

    Last = anything that cleans system on reboot (e.g. Deep Freeze)
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    1st = XPL ScoketShield
    Last = BOClean
     
  5. herbalist

    herbalist Guest

    That is almost too general of a question. Not including common sense, the real "first layer", it depends on where the attack comes from. it My firewall, Kerio 2.1.5 is responsible for stopping most attacks from the net. For malicious web pages and other problems that use/exploit the browser, Proxomitron gets the call first, filtering out unwanted material. The majority of my internet applications connect thru Proxomitron. For exploits not filtered by Proxomitron, malicious code in downloaded files, e-mail attachments, etc, System Safety Monitor is first in line.
    My last line of defense is my system backups, which I've never had to use.
    Rick
     
  6. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    I totally agree with Rick

    1srt layer : my brain, common sense or call it like you want
    Last layer : instant restoration or image backup

    Regards
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I assume you asked about tools that concern malware directly (NOT experience or imaging tools) so:
    First line of defense: browser.
    Last line of defense: hijackthis tool.
    Mrk
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Right now :

    First = Frozen snapshot (FirstDefense-ISR) + Faronics Anti-Executable
    - FDISR's frozen snapshot removes all threats after reboot.
    - Anti-Executable stops the execution of all threats, except rare non-executable malwares and rare exploits.

    Last = Acronis True Image Home.
     
  9. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    First: CHX-I, SSM w/ disconnected interface, & SandboxIE
    Last: Antivir

    Cheers,

    Alphalutra1
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    First - FF with noscript run through Sandboxie.

    Last - Kav and Comodo FW.

    Just to be sure - Ghost images and a clone on a slave drive.:)
     
  11. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    First = Any Linux distribution (not root)
    Last = Image backup on DVD
     
  12. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    First SAV
    Last BOClean

    TrueImage is my fall back.
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    First: Settings (especially WinXP & browser - user is protected against zero day exploits).

    Second [optional]: Firewall or Router (to terminate all inbound attempts to the closed ports).

    Last: Any other aplication like AntiMalware, HIPS, etc (malware is allowed to get into the PC).
     
    Last edited: Sep 22, 2006
  14. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I agree, a secure browser & HijackThis!!!
     
  15. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    First and foremost patch your system with available security updates
    Then Get a great Firewall you can customise like Ghostwall - then test it (GRC.COM is good) or Auditmypc.com
    Go through all your settings and test for weaknesses - Then plug the holes
    GFI's Penetration and Port testing Tool works http://www.gfi.com/lannetscan/
    Get A Great Process Monitor like AppDefend - Please learn about your system.
    Get a great Antivirus NOD32
    Get A Great Antispyware - Spyware DR is my recomendation... The free stuff simply isnt doing the job anymore.
    Get a good Log manager - http://www.eventlogxp.com/ Configure your logs for full reporting and please... Monitor the logs!
    You want to protect your data? Encrypt the hell out of it. Sentry from Softwinter.com works or the "FREE" True Crypt http://www.truecrypt.org/

    Then Backup backup and backup again.

    Why I mention all this.... Not one or two tools can currently by themselves keep you safe, if you put your trust in any one tool or suite.... You are doomed!
    Besides if you harden every weak area of your system it will quickly deter hackers since they love an easy way in that is provided by unprotected systems...
     
    Last edited: Sep 30, 2006
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    First : myself.
    Last : switch off the modem.
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    First- My secret HIPS
    Last- Image for DOS
     
  18. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @Bellgamin
    Go on .....?
     
  19. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    First = Common Sense
    Last = Backup Image

    -- Tom
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I couldn't agree more.
     
Loading...
Thread Status:
Not open for further replies.