Help for a noob

Since I dont know where to ask this, I am putting it here.

I am a newbie seeking advice. I was under the belief that if I buy an internet security suite, my PC would be safe. So I had ZASS 7 installed. Until the day I was rudely jolted by the discovery of Savekeys Gold on my PC. (Detected by ZASS). Then I became paranoid and searched till I found this great place.

To cut it short, at present I am overwhelmed by the range of products/apps and need your guidance.

1. Can I use both Prosecurity and DefenseWall together on my PC without conflicts. As per the vendors, both are anti HIPS, but from my little understanding, PSS acts like guarding process, and other (DW) uses a trusted/untrusted classification. WHat excatly are their functions? DO they overlap, so that only one is enough?

2. Can you tell me whether the above two run on whitelist or blacklist. Is it correct that using whitelist based protection is better than blacklist based one?

2. If DW is running, is sandboxie required? Is it correct that defensewall uses sandbox model for untrusted applications?

3. Is DefensePlus better than free wehnus?

4. Prosecurity seems to ask before running any exe. Is it necessary to have some other specific execution blocker that can block executables from running? If yes, any suggestion?

5. I have webroot spysweeper. Is it sufficient to act as a Trojan remover too? Or do I have to get AVG Antispyware/ Trojan Hunter too?

6. Does SAndboxie like software really prevent all malware i the sandbox model? If so isn't that enough?

7. How safe are Tor and JAP for anonymous backdoor. It is often mentioned that they have backdoors built in. Is it correct?

8, Can you suggest some websites/links for detailed materials to learn against malware etc. Googling gives lot of sites no doubt, but only experts like you can say which one are really owrth it.

Thanks in advance for your valuable time.

Avboy

 

ProSecurity isn't program for n00bs. It's better to start with ThreatFire (Free) or Prevx (Paid). Yes you can run DefenceWall with Sandboxie if you like but it's not required. I give you a advice that first think what kind of setup you like to build. Good advices can found in this thread:

What is your security setup these days?

You can ditch AV, AT and so on active scanner if you cover those areas with something else. Many of us uses some virtualization program (plus sandboxie) and HIPS (plus FW). Those can do same than active scanners and even more. It's your decision...

 

Hi avboy!

1- You can if no conflict on ur system.

2- They don,t have any biult in black or whie list but u can use them to make ur own.
White list is better, more secure but less functionality.

3- Not needed. Use either one only.

4- I don,t know.

5- Not needed.

6- I will suggest only one good AV, it will work also as AS, AT and AbtiRootkit etc etc. What u r using now?

7- I have no idea. They say Windows itself has many builtin backdors. I don,t care infact.

8- Wilders

 

Thanks MikeNAS and aigle

Currently I am on NOD32 trial. Earlier used ZASS built in AV.

 

Anyone will do the job though I will prefer one with high detection rates.

 

The link above brings back to the same question. Too many products/solutions. Many of them overlapping. Anyway slowly coming to a shortlist of all the stuff. A few questions for you (or anyone else who would be kind enough to answer):

1. Threatfire is not on, as I want to use NOD32, and threatfire contains AV too => conflict. Doesn't defensewall do the same thing as Prevx?
2. Can you elaborate virtualization program? Do you mean VMWare like stuff? Or stuff like Returnil?
3. Can you explain why you mentioned Virtualization + Sandboxie? Are they different? I was under the impression that Sandboxie, Returnil etc create a virtual Disk on the physical disk, and that is virtualization. Please correct me.
4. Is OA v2 free a good firewall? Any place from where I can get Keiro personal firewall free? Sunbelt has made it a paid product. I am not just looking for free stuff. But if I am paying, I would like to pay even a few $ more and get one of the best products.

Best Regards,
AvBoy

 

Does NOD32 fall under this category (even AT and Anti Rootkit)? If No, is there any such product other than integrated security suites?

 

Depends upon your choice! There are many choices. Another thing is that how good it runs on ur machine and how much u like the extra features of them like schedules scans, update frquency, response time etc!

Try and choose what u like!

 

Threatfire Free doesn't contain AV as far as I know. You could try it out alongside any regular AV.

 

PS is a classical-style HIPS, it is using confirmation dialogs in case it detects some kind of potential dangerous actions. DefenseWall is a policy-based sandbox HIPS protection. Yes, you can use both without problems, but I would think twice about PS- do you really know what the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \CurrentVersion\Run is?

PS is using both whitelisting (allow ruleset) and blacklisting (deny ruleset). DefenseWall is using only whitelisting (internal list of the known-as-good hook dlls, for instance) and sandboxing.

I think, DW and SBIE is a little overlap. Yes, DW is using policy-based sandbox protection model.

Technically- yes, but it is only for the old-styled processors.

No.

Sandbox software is not made to prevent malware. It is made to dramatically reduce its infection rate and damage

You are already here.

 

Yes you are right. I stand corrected.

 

Thanks a lot for clarifying my doubts so clearly. I am really flattered that an expert developer like you took time off to answer newbie questions. I am sure now that not only I am at the right place but also the best place.

Best Regards
Avboy

 

Hi, I'd just like to say that with Defensewall and Sandboxie. Well they both provide excellent protection when in the hands of someone who knows how they work. My own experience(and i've purchased both). I couldn't understand Defensewall. I've installed it, uninstalled it many times but always uninstalled because I couldn't trust myself with it. I've been using security apps for about 10 years and I know how to configure rules based firewalls and such. But Defensewall i just didn't 'get'. Sandboxie is very easy to learn and understand. For a noob, my personal recommendation is Sandboxie. Not because it's better(and I don't believe it's worse) but because it's easier to understand while still providing excellent protection. One of the worse things you can do is use something you don't understand, then all that's waiting is for you to make the wrong decision and BAM!

muf

 

My advice

a) A good AV (freeware like Avast) + inbound FW
b) DefenseWall
c) ThreatFire (will warn against strange outbound connections to)

Easy and strong, spend your bucks on DW

Regards Kees

 

Hi!

Very interesting why you couldn't trust yourself with DW and what exactly you didn't understand with it?

 

There is nothing hard to understand in DW. It,s pretty simple to use IMO.

 

I really like DW but not sure if I need it. OA is free and that's much to me.

 

Well firstly there was this time when an activex control was installed and DW didn't do a thing. It could have been a dangerous one but fortunately it's one i wanted. I still expected DW to ask. Also it has this rollback function. Roll back to what exactly? How would you know when to roll back to? I could see entries in the log that were permitted but i didn't know whether they should have been or whether i should 'roll back'. All too confusing for me.

muf

 

I'm trialling Defensewall at the moment and I've found it a breeze. Very easy to understand after spending 10 mins reading the help file. In fact I've installed a trial copy on my wife's PC and so far the only comment has been "What's that little star next to Internet Explorer in the taskbar?"...in other words she hasn't even noticed it was there.

I tried various HIPs and most of them drove me mad with popups, even after following various guidelines to quieten then down or running learning mode. The only one I could live with was Online Armor, but that didn't play nicely on my PC and was way too resource heavy.

Geswall was nice too, very like Defensewall in principle, but doesn't appear to have solid development and support. And I don't like the principle of virtualisation (for various reasons) that Sandboxie uses.

So all being well with the rest of the trial, Defensewall it will be, probably with a second licence for the wife (and you don't get any more noob than her when it comes to PC security).

 

Because it is a normal, standard user's activity. Many "good" sites are requires ActiveX installation, for example, online anti-virus check systems. So, why to block it out? What are the reasons for that? Malicious software won't be able to auto-start if activated this way- just read a little more about ActiveX theory and how it communicates with Internet Explorer, trust me, it is a good reading to make many things much more clear about this technology.

One question here- does an "average Joe" user will be able to answer this question, if even you is not very clear with ActiveX?

This function is made to let professional guys remove malware manually, with this "one window" function. You see, this function is absolutely no critical in case of policy-based sandbox, it is absolutely critical only in case of sandbox with a total file system and registry virtualization. Inactive malware is harmless, it may lay down at your hard drive for years.

This case- you shouldn't.

You see, you think about policy-based sandbox in the terms of the one with the file system and registry virtualization. But the are a little ideologically and, thus, functionally different. Each isolation technique (virtualization and built-in policies) has its own pros and cons. Each person may choose the tool and ideology it likes and this is great, the only thing is very important here is not to think about one thing in the terms of the other's one (it is not only about security, it is about life itself).

 

We all must say "thank you very much" to Chachazz for such the great help file.

 

Thanks Ilya. I may try it again. I suppose my mistake could be that I was treating it as a sandbox application, and it's obviously not. But my problem now is that running both DW and SBIE would surely be overkill, yes? And to be fair I don't even know if they would play well together. Would i run DW sandboxed or just let it install and run as normal. Also, will it be able to perform it's policy restriction's on Firefox sandboxed by SBIE? As you can see, I have a few concerns about running them together.

muf

 

Defensewall IS a sandbox.

Yes, I think so. I see no problem if you choose SBIE over DW, I just wanted to know what exactly was a problem in understanding DW. Now I know that- SBIE .

They play together with no problems.

 

Will DefenseWall continue to work after the 30-day trial period, or would one have to buy the product after the trial?

 

I have to pay my bills- so, if you like software you should buy it. 30 days of the full-featured trial is more then enough to make the decision, I suppose...