How many antimalware programs do you have intalled on your pc?

Discussion in 'polls' started by rOadToIS, Dec 24, 2008.

?

How many antimalware programs do you have installed on your pc?

  1. 1

    39 vote(s)
    28.5%
  2. 2

    31 vote(s)
    22.6%
  3. 3

    26 vote(s)
    19.0%
  4. 4

    12 vote(s)
    8.8%
  5. 5+

    29 vote(s)
    21.2%
  1. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Since you said "malware" I included my AV. 3 real time, each covering a different vector. 3 on demand.
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    1 real time (ESET) and 1 on-demand (SpybotSD) = 2
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The poll needs an option for "None". Some of us don't use "anti..." software.
     
  5. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,667
    Location:
    Philippines
    At the moment I have three anti-malware programs installed.

    1) Outpost Security Suite Pro 2009
    2) Spybot - Search & Destroy (No Immunize or Resident protection)
    3) Malwarebytes' Anti-Malware (Free version)
    4) Sandboxie

    Items two and three are only used occasionally, neither has even found anything. I am thinking of dumping number three soon and even possibly number two.
     
    Last edited: Dec 25, 2008
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Eset Av that's it.
     
  7. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    Do you feel safe with only one antivirus?
    :doubt:
     
  8. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Yes. :) However when the mood hits me I use competitors online scanners to double check Eset's results. Today I ran Symantec's and the previous time BitDefenders. Next time it may be Kaspersky's, who knows. I've got at least a half dozen to choose from.
     
    Last edited: Dec 24, 2008
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Two, Malwarebytes Free and SAS Free. Neither see much use since SandboxIE kicks every baddie in the hind quarters and tosses them out the door.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Not counting my AV, I use 2 on demand anti-malware scanners. I've also found out that maybe that's a good idea to have at least 2 as one of the anti-malwares doesn't detect 2 of the 3 samples I have.

    I'm using MBAM and SAS on demand and I just may add A-squared again as a third opinion.
     
  11. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Just norton 2009 at the moment.
     
  12. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    KISS

    (keep it simple stupid)

    I've ran Superantispyware and Malwarebytesantimalware,which are both FREE along with Avira Antivirus.

    No need for multiple upon multiple security crapola like some people think is necessary on these forums :thumb:
     
  13. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Norton IS 2009
    SAS
    MBAM
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    :eek: :eek:
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    None infact. Comodo av in CIS is turned off for real time. Just for play.
     
  16. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    I only use BitDefender Total Security 2009. For the rest I don't use any other scanners. From time to time I rand online scans or I use Drweb Cureit!.
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    If we talk about pure anti malware, only one: Avira Premium. My real indirect defense is a combination of virtualizer/sandbox/imaging system.
     
  18. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    You took the expression right off my face. Those programs have to be fighting like rabid dogs locked up together in cage.
     
  19. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    No conflict here. As I said, They each have a purpose. They are also set-up to protect each other from termination\alteration unless I allow it. The on demand are rarely used and only take up about 25 MB of hard drive space and of course 0 resource usage.

    I know online scanners are becoming the current rage. I am sure they have come a long way. However I still do not like their method, usually active x, nor do I totally trust their abilities.

    With this set-up, at idle, my PC has 26 processes running and 0% CPU usage. :D That includes my FW which I did not include in the count of anti-malware programs.
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    Where is the 0 choice?

    There's no need for them. If you don't install anything bad, there is no need for an anti-bad program. So keep it clean in the first place and there shalt be no dust.

    Mrk
     
  21. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    o_O Ok, I'll bite. What about all this drive by download and exploit stuff from visiting a legit site that's been hacked?
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    Drive-by-downloads only work in IE, so if you use a normal browser, this is a non-issue. The only thing that remains is social engineering and XSS, which are universal, but you can avoid this by 1) applying logic 2) using Noscript, a 300KB Firefox extension.
    Mrk
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    All of those "problems" can be mitigated using a thought out security policy based on default-deny, enforced by system configuration, software restriction policies, application firewalls (HIPS), or a combination of the above. If you don't let the malicious code execute on your system, there's no need for software to remove it.
     
  24. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    A good example is the current massive code injection exploit affecting many web sites.

    NICK ADSL UK posted an example of one:

    Mass Injection On John Sands Greeting Card Company Site
    http://securitylabs.websense.com/content/Alerts/3268.aspx

    s3c-watch analyzed the code. It is a package of exploits looking for unpatched vulnerabilities in IE, all of which attempt to download/install a trojan executable.

    Here is a list of some the exploits in this package. I identified some of them by looking up the CSLID # that is in the code. A quick search found the MS-# showing the date the patch was released for the exploits. You might wonder, Why would a malware author use exploits that have already been patched, some as long as 3 years ago? The answer should be obvious...

    Code:
    88d969c5-f192-11d4-a65f-0040963251e5
    XMLCore Services (MS06-061)
    
    F0E42D50-368C-11D0-AD81-00A0C90DC8D9
    ActiveX Control for the Microsoft Snapshot Viewer (MS08-041)
    
    BD96C556-65A3-11D0-983A-00C04FC29E36
    Microsoft Data Access Components (MDAC) (MS06-014)
    
    EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F
    Microsoft 'msdds.dll' COM Object  (MS05-052)
    
    obj=cobj("WebViewFolderIcon.WebViewFolderIcon.1");
    WebViewFolderIcon  (MS06-057)
    
    [U][B]3rd party applications[/B][/U]:
    
    77829F14-D911-40FF-A2F0-D11DB8D6D0BC
    NCT AudioFile2:[B] ActiveX[/B] - US-CERT Vulnerability Note VU#292713
    
    PDF
    obj = new[B] ActiveXObject[/B]("AcroPDF.PDF");
    
    Even in a 3rd-party application vulnerability, such as PDF, in order to make it a remote code execution (drive-by) exploit, an ActiveX object for IE is required.

    Exploit packages, such as MPack, have been for sale on the internet for a long time. See:

    https://forums.symantec.com/t5/Vuln...ssionid=4B66E8121EF706282E1608A569EDF88E#A104

    See the link in the above article to the MPack Toolkit for a good description of how these exploits work. Note that the malware executables are not stored on the legitimate site that has been hacked. The injected code simply sends the user to another site which will gladly distribute the malware by remote code execution free of charge!

    Having said that, no person I know who uses IE is bothered by such stuff. Taking one solution that noone_particular mentioned: I've sent every URL for an IE exploit that I could find to a user to test with Software Restriction Policies (SRP). No drive-by exploit is ever successful.


    ----
    rich
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I run older operating systems that don't have the ability to make software restriction policies. Instead I use SSM to accomplish the same result. In both cases, the end result is the same, the payload delivered via a drive-by, application exploit, etc will not be allowed to execute.

    Until users get past this default-permit mentality that allows an unknown to execute, this will be a continous problem. Internet content is only going to get more interactive, creating more vulnerabilities that can be exploited. These are not a problem in themselves as long as the payload they deliver can't execute.

    Is it too late to edit the poll? I'm certain I see 3 votes for "0" here so far.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.