How do you select security software?

I am posting this thread -- and, hopefully, in the appropriate forum -- to raise a matter that I do not believe has been directly raised before but which I believe would be of interest and usefulness to at least some readers of Wilders Security. This has to do with the selection criteria that one uses in determining what software security one has on one's machine and that one has been most pleased with.

I have tried out and used, at one time or another, literally dozens of security software on my computers, some of which I have first heard about in Wilder's forums. Like many individuals perhaps, I have had an excess of programs on my machine at one time or another, but through careful examination and experimentation, I have reduced that number significantly. The criteria I use in determining ultimately which security software I have used and kept on my machine long term, include the following:

1) ABILITY. Does the program do what its creators say it will do? And, is the product better than others in its class?

2) STABILITY. Does the program cause or tend to cause the Windows OS to crash or to behave erratically.

3) COMPATIBILITY. Does the program "get along well" with other security software. If not, then, which program or programs create issues with the tested program? And, if problems exist between the tested program and others, are the benefits that are to be derived from the tested program better than those that are obtained from the other incompatible program or programs such that it would be better to keep the tested program and to remove the others?

4) UTILITY. What are the long term prospects for the particular security software? Is it state of the art? Does it appear to be the sort of thing that will be preempted relatively quickly over time?

5) RELIABILITY/DEPENDABILITY. Are there any issues that crop up over time that seem to negatively effect (i.e., degrade) performance? Concededly, this would appear to be more of a hardware issue than a software issue. A software app generally works well or it doesn't. It does not tend to degrade over time -- at least that I have been able to see -- but, theoretically, this could be an issue and it is always one that is at the back of my mind.

6) SERVICE/SUPPORT. Does the seller of the product provide prompt, effective and meaningful assistance to a user in distress?

7) COST. For me this becomes a critical factor if a product has a price tag of several hundred or thousands of dollars. I realize that there are distinct markets for security software and hardware that are marketed first and foremost to large companies and security software and (less so) security hardware that are directed to the small business or to the non-business consumer.

That is my list.

In terms of the above factors, I would promote, first and foremost:

1) Faronics' "Anti-Executable"

2) SoftSphere's "DefenseWall"

3) Raxco's "First Defense"*

*Admittedly, "First Defense" is not a security product in the strict sense, but, in terms of salvaging a damaged system, it has definite security benefits.

In terms of what these products do and in terms of compatibility and stability, in particular, I have found no fault with the above products. Also, I have found support to be absolutely first class.

What criteria do others use in selecting security software? And, what, on the basis of that criteria, have users found most beneficial for their machines long term? I would like to compare notes. Thank you.

 

I have only one criteria

1. Known & Theorized Exploits

I adopt technologies and behaviors designed to detect, prevent or break the ever increasing strategems malware employs. That might be anything from safe hex, virtualization, proxy web services, recovery strategies, and various tripwires to the traditional detection \ prevention and system hardening.

I consider individual components less important than the redundancy of the security net itself and accept that any given technology may be subverted on occassion, but that the total complexity of the security net will at least keep a subversion from going totally undetected. (Unless there is a real person involved altering every log, as opposed to automated malware)

therefore I employ "classes" of security

1. Partitioning recovery strategies (15 > 20 minute delay for a known secure state recovery)

2. hardware firewall

3. OS hardening

4. Virtualization \ Sandboxes

5. Proxy services (meebo for IM as an example)

6. Adoption of more secure alternate software (Firefox\w noscript vs IE as just one example)
to eliminate attack vectors or provide targets with less return on investment to malware authors

7. Internal Controls
..a. Anti Virus
..b Software Firewall
..c HIPS

8. tripwires and benchmarks
..a rootkit detectors \ registry checkers
..b checksum verification of security aps
..c object auditing & other internal logs

9. external detection
..a external AV scans
..b external IDS
..c a zoo

over half my list is behavior modification and or employing freeware\opensource aps or integral OS security controls
since Ive accepted that subversion may occur, sensative data is stored on hard media that is only loaded as needed, and no passwords, accounts ect are cached. Hopefully I will have detected any keylogger before its able to capture anything important.

for the most part only number 7 gets discussed in here
a myoptic focus that doesnt bear up under its utility value
important certainly and a primary component but not the only one

 

Although it may not be admitted by all, GUI/user interface/eye candy is an important component of choosing a security program. Or, at least, it'll get someone to try the program. Not in all cases, but many.

 

heres my criteria:

1. EASE OF USE

2. ABILITY

3. PERFORMANCE (HIT)

4. STABILITY

5. COMPATIBILITY

6. SUPPORT

 

Hello,

Well, basically it goes - good compatibility, simple, stable and robust design, the simplicity of use, the reputation of the parent company, the price.

Of course, I'm not using that many security products ... but I'm constantly testing and checking.

Mrk

 

First: Quality of engine & definition. There are generally a few options that are recognisably well regarded and make the initial selection a little less overwhelming.

Second: Compatibility - where pre-existing software is non-negotiable

Third: Ergonomics

Fourth: Size of footprint

Where all these are roughly equal between 2 or more products then:-

Fifth: Terms of licencing

 

Before I pick a security software, I follow those rules in order (more or less):

1. Freeware - free ensures the quality, because developers put hearth into it.
2. No Adware/Spyware included - I check it at Softpedia, forums, online scan.
3. Ability - it is the best of its category, I gather info via forums & some tests.
4. No realtime process in the backround, I would use it as an ondemand scanner.
5. Feedback - it sugests, that developers care about users and that is awesome.
6. Trust - has to be gained, I feel safe with this soft, even if I know, that I am not.

GUI, performance, support are wellcome, but they do not affects my so choise much.

 

speaking of freeware and hearths
I know this is sort of the Pot calling the Kettle Black
but as the hearth is the heart of a home so is an ondemand dictionary the heart of a quick reply I sugests this one though there are others the choise is yours, your wellcome

sorry couldn't resist

 

Thank you all for your thoughtful and insightful responses that have also given me food for thought as I consider the ever growing complement of security software generated.

Assuming that a particular piece of security software is something I believe would be useful and practical on my machine, I agree with TOM_SK that the trust and feedback that the developer can give is an important consideration in engendering confidence in a particular security app.

eyes-open has mentioned, inter alia, ergonomics and size of footprint. Size of footprint has turned me off to McAfee and Symantecs which is one reason I prefer Kaspersky Anti-Virus, plus the fact that it appears to me to be one of the best as far as protecting the user specifically against viruses.

Mrkvonic mentions robustness of product and simplicity of design among others. Robustness alludes, I believe, to my criterion of reliability/dependability and is a better descriptor for what I had in mind. Simplicity of design brings to mind occam's razor as applied to theory and I think that the simplest design that can accomplish the same goal is probably the best as it would tend to accommodate other criteria such as compatibility and stability; and the factors of ease of use and performance as mentioned by WSFuser are two I haven't thought about consciously but are certainly uesful considerations. Along with ease of use of the program itself, I would add ease of installation. Some installs are impossible.

ACR1965 mentions "eye candy," which, I would add, would make a good app better and a poor one worse.

Ice_Czar sets forth in a thorough way what I allude to through use of the term 'utility.' Is the app the best at what it does and, ideally, "state of the art?" Ice_Czar's reasoning seems to go against the grain at Wilders, but at once suggests the veracity of relativism in any discussion of how one might establish the best security for his system. In that regard I recall reading a few posts in Wilders that go back quite some time in which a few pros argue, counter to the grain, that all one needs is a decent anti-virus program and good firewall and that's it. Certainly, that would help serve to avoid compatibility and stability problems but I wonder how true such a position would be today given the plethora of malware out there and given both the complexity of and lethalness of particular malware.

I, too, would like to cover all bases as Ice_Czar has apparently been able to do and redundancy and overlap is not necessarily a bad thing if, in fact, all these various apps can work in harmony with each other. Alas, I find that I am unable to accomplish that. And, this segues into a complementary issue: just what apps work together and which do not?

I have pointed out in other posts that while I am a fan of Raytown's PrivacyKeyboard, which is certainly one of the premier anti-keyloggers, it is very difficult to harmonize with other apps. Point in fact, PrivacyKeyboard does not -- at least on my machine -- get along well with Windows Defender. And Primary Response SafeConnect absolutely refuses to function if PrivacyKeyboard is installed, whether or not PrivacyKeyboard is enabled or disabled. Now that PestPatrol is part of the CA Security Suite, I cannot install CA Anti-Spyware for the life of me although, fortunately but curiously I am able to install the CA Anti-Spam app (previously Qurb). ProcessGuard + WormGuard I find get along well with RegDefend. I like RegRun but, upon installation, after a time, the program gives my computer fits. It may be that I just do not know how to use RegRun.

I also find two new schools of thought beginning to crystallize pursuant to the manner in which security applications are presented to the user. One school, which the major "pop" sellers apparently belong to (probably predicated on a naked attempt to corner the market than on a true desire to offer the user with the best security possible) argues that the "best" way to present security to the consumer is to offer a suite of security apps in one package. We see this with Symantec, McAfee, CA and eEye Digital Security (albeit the last, although big perhaps in the business world is not mainstream consumer oriented as the first three). On the other hand, there are the developers who concentrate on doing one or two things well. What comes to mind for me, when I consider these two schools of though -- and I confess that I do not know how good the analogy is -- pertains to hi fi equipment.

Manufacturers of low end stereo components and of so-called mid-fi equipment tend to favor the presentation of all-in-one components. For example a low end receiver includes power amp, preamp and tuner. That is anathema to the manufacturers of high end equipment. Way back in the 70's I bought separate components from a small California Company called Threshold that is now, unfortunately, defunct. Their separates -- power amps and preamps -- are military grade. My components work today as well as they did thirty years ago and what each component does, it does markedly well, better than any composite component that I had previously tested.

Similarly, attempting to load up a set of security apps in one suite often, I find, leads to problems not only in terms of minimal effectiveness of each component app but also problems in terms of compatibility and stability -- and not only between the particular suite and software from other manufacturers but among the various component apps within the suite itself. Case in point: has anyone ever encountered a compatibility problem between McAfee's Anti-spamware app and its anti-virus app? I could never get McAfee anti-spam to work. It constantly crashed my MS Outlook and seemed never to work as a component element of the suite. If it worked at all, it was as a separately installed app. It still tended to crash my MS Outlook.

Now, with MS VISTA about to make its debut, isn't it nice to know that we won't ever have to worry about security again -- thus making all my previous comments in this post about security redundant?