Help selecting the right security apps

Discussion in 'other security issues & news' started by wolf_xl, Dec 3, 2005.

Thread Status:
Not open for further replies.
  1. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    My questions are kind all over the place so I hope this is the right place to ask them. Mods my apologies if its not.

    Having spent the last few days trawling through this and other sites I’ve become a bit lost. I need advice on selecting the current best apps for my laptop. I’d class myself as a high-risk user because of the amount of time I spend on P2P networks and dodgy sites. On my current setup (WinXP SP2; CPU AMD64 3000 and 1GB RAM) I have the following security apps already installed.

    Outpost Pro
    NOD32
    Process Guard
    Ad-Aware
    Spybot S&D
    Spyware Blaster
    Spyware Guard

    My current browser of choice is Firefox.

    Anti Trojan
    I used to have TDS3 but that’s been discontinued so I’m looking for another dedicated Anti Trojan. So far I’ve short listed it down to the following.

    Ewido (full)
    BoCleaner
    A2 (free)

    Could I run these 3 apps together with the ones above without problems? If not what would be the Ideal combination? Also should I be considering other apps like Online Armour and Trojan Hunter?

    Anti Spyware
    Similar question again; along with the apps above which one of these Anti Spyware’s is best for me? Or are there better ones that could be recommended?

    Webroot Spysweeper
    PC Tools Spyware Doctor
    Counterspy

    Should I be also consider adding Iespyad and Regdefend to my setup to?

    What do people here use to detect and remove rootkits?


    All advice and pointers are appreciated.
     
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    An anti-trojan (alot of folks here use Ewido) and RegDefend (from Ghost Security) might be the only other things you need. I have TrojanHunter and A2 (free) as on-demand scanners and use unhackme upfront.
     
  3. trawler67

    trawler67 Guest


    It looks like your set up is pretty good.

    But if you really feel you need additional programs to detect trojans, I like Ewido and A2 (both free) to run backup scans.

    For Spyware you could add Microsoft antispyware, it's also free. I would go with Spysweeper for any additional payware apps to detect spyware, if you feel you really need it. I don't like the other payware apps you mentioned.

    To find any possible rootkits I would recommend the free program RootkitRevealer. Along with Unhackme, as G1111 posted, for a good 2nd opinion to let you know if you have any rootkits installed. Blacklight beta is also a helpful (temporary) freebie. ProcessGuard should help prevent any installs of rootkits too, if it's the full version.

    For protection of the reg, Tea Timer has some protection, as does MS antispyware. But I suppose you are looking for something more comprehensive, so you could try MJ Registry Watcher. It's free and does a good job.

    You only really need IESpyad if you run IE. Firefox and Opera are better browsers imo, and you already run the Fox so that's good. It will help to keep you from getting all the crappy spyware.

    Good luck.
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    You may end up having to many security apps when your done. Here's some posts to check out. https://www.wilderssecurity.com/showthread.php?p=351107 and here. https://www.wilderssecurity.com/showpost.php?p=615819&postcount=2
     
    Last edited: Dec 4, 2005
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I would just say to go with Ewido. Ewido will cover both trojans and spyware. Combined with NOD32 and your other measures, like using Firefox, you should be pretty much ok. You could get CounterSpy or SpySweeper as an on-demand backup if you really wanted to, or you could just use their online/one-shot free scanners (in the second link in my sig). Getting something like Online Armor wouldn't be too bad of a choice if you wanted some generic protection.. if you do so, just turn off the execution protection in ProcessGuard. In the upcoming version OA will also be able to replace PG altogether.
     
  6. I would say get a deepfreeze, shadowuser, program

    I prefer Microsofts shared toolkit.

    Since MS merges it's toolkit with Windows.
     
  7. txz57

    txz57 Guest

    There's no way I would rely on only Ewido to find spyware. Anyone who recommends it as your only spyware defense clearly hasn't done any testing with the program. Ewido is halfway decent against some kinds of spyware but it's not wise to rely on it as your only defense. A combination of scanners would be far better. MSAS, Adaware, Spybot, and maybe SpySweeper would be a good combination and they will find a much wider variety of spyware than just Ewido. Add Ewido to that and you'll have good trojan defense too. Just do manual scans with most of the scanners, like SpySweeper, and you won't be overdoing it with too many realtime scanners running at one time that way. You can get permanent free versions of all of the above except SpySweeper.
     
  8. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    Hi everyone for for all the replies.

    I've decided to opt for Ewido and A2 (free) to complement my antivirus in torjan detection.

    As for Anti-Spyware what are your opinions on these highly regarded apps:
    Spyware Doctor
    Spysweeper
    counterspy

    Are any of the above available as a free on-demand scanners? (I know spysweeper isn't)

    Lastly from what I gather Online Armour is supposed to be vey good at protecting against malware/spyware and could be used to replace all the spyware apps I've listed. Whould you agree with this statement?

    My Process Guard licenese is about to expire in 6 days is Reg-Defend+App-Defend a better alternative?

    I know it's hard to compare security apps but your opinions are welcomed :)
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I've not used A2 (don't read anything into that), but I have used Ewido and it's a solid product.

    There's nothing free in that group AFAIK. If you have Ewido running realtime (i.e. you have the paid product - I assume the free above refers to A2 only, I hear it's a good option), there's overlap. It somewhat depends on preferences and exposure on how to go. Speaking personally, I'd leave it at Ewido.

    I would, spyware apps that is, not everything.

    Trial license? Right? As for your question, they are difference approaches to nominally the same end result - some flavor of signature free protection based on controlling application behaviors. RegDefend provides registry protection which is outside the scope of PG. There are obvious similarities between PG and AppDefend, there are difference as well. I'd trial and look at performance and how it relates to you. Remember, the folks coding all these options have a vision of how to best present their control options to a user. Some designs will click for you, others won't, and the converse is true for other users.

    Blue
     
  10. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    No I've had PG (paid) for almost a year and its done it's job very well. This time last year it was the best opton to protect against rootkits/keyloggers. My priorities have not changed since then, I still want the best. i'm just looking to see whats available. My list of apps seems to change by the hour. Here is a list I apps I'm currently considering:

    Outpost (Must have IMO)
    NOD32 (Must have IMO)
    A2 (free on demand scanner only)
    Ewido(full)
    Online Armor
    RegDefend & AppDefend
    Spyware Blaster
    Ad-Aware (free On demand scanner only)
    Spybot S&D (free on demand scanner only)

    I guess I wont need Spyware Guard if I have OA. And taking Blues advice I've dropped the pay-commercial spyware apps.

    I know there really isn't a right or wrong answer but is the above list the best current security option for a high risk surfer on P2P networks? I'm trying to reduce unnecessary overlap and redundancy.
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The licensing structure of PG isn't yearly like an AV. It's not going to expire.

    This more or less captures my approach, described somewhat more here. Arguably you'll have some overlap with OA and RegDefend/AppDefend, but there is also a lot of non-overlapping functionality. If they play together well, go with both.

    I know that some people can't envision life without an antispyware application, but there are some qualifiers around this that I should make explicit. For people that run a single average aggressiveness AV with marginal trojan coverage, use IE, and that's it, an antispyware application has merit. If you focus on selecting components so that the trojan downloader is handled or any installation is defeated, i.e. the spyware is dealt with peremptively, you probably don't need a dedicated antispyware product running realtime. For both cases, one of the free options (or a paid one for that matter) in an on-demand context is usually fine. In your case NOD32/Ewido should provide excellent coverage, and having AdAware/Spybot S&D as on-demand at the ready seals it.

    If you stuck to the letter of what I wrote in the two posts mentioned, you might wonder if you're running to many apps. Well, you're also doing P2P and high risk surfing. Play it as safe as possible and run a little heavy is my perspective, your potential setup looks solid as you've listed above.

    Blue
     
  12. tunnelvision

    tunnelvision Guest

    If I was going to do p2p a lot I would have a ton of scanners that could be used to scan any files I download.

    I would probably have 2 or 3 different antiviruses, minium. I would only run one resident. But having a few different antiviruses is critical IMO if your downloading from super extreme ultra highly untrusted sources like p2p. Or scan the files online at a free antivirus scan site.

    I would run a bunch of the different antispyware scanners, at least 4 or 5 different scanners to do scans on any files I downloaded through p2p. Again I wouldn't run them resident but I would use them to scan the downloaded files.

    I would run many antirootkit programs too. Same for keyloggers and trojans. But then if it was me I wouldn't even be downloading from p2p but that's just me, mr. paranoid. ;)
     
  13. About Antispyware.

    Whether to use AS in realtime for protection depends on what type of protection you are talking about.

    A lot of these defenses you are talking about are proactive type defenses, those that watch IE, LSPs, startups and other generic changes. You might not need it if you are running some supercombo of Online Armor/PG/Regdefend/Appdefend/Whatnot.

    So the question about whether to use AS depends on whether you think they detect *specific* malware files/processes better. In other words if I try to install some spyware bundled crap, will the AS warn me? Do they outdo Ewido,AVs in that area?

    I don't know.
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'm basing how I approach this on casual observations on my own systems over the past couple of years. The AV's have been constant at NOD32 or KAV WS, BOClean and a firewall (LooknStop or Outpost) have also been constant, and something in the proactive vein has generally been used (PG, AppDefend/RegDefend, OA, or SafenSec) as well.

    There was a time in the not too distant past when spyware did get through those defenses like they were a sieve. That no longer happens. Scans by any of the major dedicated spyware applications on my system turn up quite empty now.

    What has changed is that the trojan downloaders are being captured at the AV, stopping the cycle of exposure at the outset. That basically occurred at the same time the spyware problem ramped into public conciousness and AV vendors faced the question of why their products didn't adequately handle this junk, since most users buy an AV to handle malware and really don't want to, and shouldn't have to, bother with nuanced questions of malware type or origins. It's a pragmatic issue vendors of dedicated antispyware applications will have to face in the marketplace. Of course, some new scourge could emerge tomorrow and start the cycle anew.

    Blue
     
  15. Well Blue

    I don't know. But you are a security expert, or close to it anyway, and your systems are likely to be clean.

    Another problem is that not everyone is running first class AVs like KAV or NOD, or stuff like AVG might have weaker detection .

    Personally, based on limited observation I doubt the ability of AS really on catching such stuff anyway as they are run, at least some limited testing i did. After the fact detection they are good though.
     
  16. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    I didn't realise PG had no annual subscription tis is good news :) Well in this case I'm going to try and see how well PG, OA and App+Reg-Defend work with each other.And then decide what too keep. I may end up keeping all three if there are no conflicts and all the pop-ups aren't too annoying.

    I've decided to complement NOD32 with Bitdefender 8 Free as an on-demand only scanner.


    Just one question does anyone know of good 'sequential task scheduler'. I want to run Diskeeper 9 and the above scanners one after another overnight. The one on XP is time based which isn't what I want. I dont want my defrag to run in the middle of a AV scan. Any suggestons?
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    No, I'll go so far as to state that I'm an advanced user only :) I don't even scratch the surface of what real experts should know.
    I feel this is a real problem as well. Not running weaker detection per se, but running detection that doesn't match the challenge provided by surfing and usage habits.
    Don't have direct knowledge either way, but I could see it as being a consequence of many of them being young applications.

    Blue
     
  18. Anonym

    Anonym Guest

    More than enough! and surf smartly

    Setup should work well, just have ONE Antitrojan and ONE Antispyware running in real time.
     
  19. Anonym

    Anonym Guest

    ...almost forgot use a HOST file.
     
  20. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    Actually you've read my post wrong those were the apps I was considering. I've settled on the following:

    Outpost (Must have IMO)
    NOD32 (Must have IMO)
    Bitdefender 8 Free (On Demand)
    A2 (free on demand scanner only)
    Ewido(full)
    Spyware Blaster
    Ad-Aware (free On demand scanner only)
    Spybot S&D (free on demand scanner only)

    Going to give Online Armor, RegDefend & AppDefend and Process Guard (which I already have a full licence) a try to see how well they work together and with the setup listed above.

    Has anyone tried running OA, AD, RD, PG all at once? From what I understand they all kind of do the same job but with different approaches.
     
  21. Don't be modest Blue. Besides being an 'expert' is relative.
     
  22. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'm not, really, and it's not a false modesty. I do consider myself a world-class expert in my non-IT related day job, and apparently so does my employer :), so I have a sense of the level of knowledge required to reach that point. Folks like Happy Bytes, Jason_R0, IBK, and a number of others on this site are genuine experts in some aspect of computer security. I'm expert in security in the same sense that an Economics reporter is expert in Economics or a Science reporter is an expert in Science. I understand enough of the material to be a bit of an interpreter for those less knowledgeable, taking information that well known to the experts and making it a little more accessible to others, hopefully without mucking up the interpretation....

    Blue
     
  23. Hey blue what you said about yourself squares perfectly with my assessment of your expertise.
     
  24. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    I have mixed impressions now that I've given App-Defend, Reg-Defend and Online Armor a little try.

    First up App-Defend. To be honest I can't see the advantages of having this over process guard. The Network Access feature is nice but Outpost with its DNS rule handles that for me already. Now I'm only a novice when it comes to system components and what they do so some of the permission features in AD goes over my head. When I'm installing something I just don’t know what it does so I just say yes. I've even disabled it once when installing because of the number of popups it was producing. PG had more infrequent popups in my eyes. Nothing wrong with the app its just I lack knowledge to grant the correct permissions. Obviously I don’t say yes to anything that starts up when I'm not installing, I usually ask why? But PG does this anyway.

    RegDefend. Here again because of my lack of knowledge I just end up saying yes to everything. I have no idea as to how to configure this either.

    Online Armor seems to be very good. Its seems to do what it says without being to intrusive. It feels a little resource heavy but surfing through some dodgy sites as a test it blocked allot of unwanted cookies and some active-x attempts. Although NOD32 picked up Trojans trying to gain access through the browser before OA noticed them. The program guard feature of OA does it job well although I still don’t know how tracking changes works. GUI is easy to use and features are explained.

    As always HIPS are only as good as the user. One of the biggest challenges facing HIPS is to be intelligent enough to do the thinking for us dunces :)

    So from my first impressions I think I'll continue to use Process Guard with Online Armour. I may go for Reg-Defend as I feel my registry still needs protection. I have not decided yet.

    I think I'll give ShadowUser a try. The whole premise of this type of programme sounds interesting.
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'm glad...., I think....

    Blue
     
Loading...
Thread Status:
Not open for further replies.