I have software, to protect my software, to protect my software,etc.

Discussion in 'other anti-malware software' started by trjam, Feb 28, 2008.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I started thinking today about a couple of things said to me in the past that for some reason hit home. The first I remembered was back when we were testing the original Avira Suite and we talked about how well it went with other applications. I think it was smustaca who said," Why dont you just use the suite."
    Nah, that was unthinkable.

    The other day, my good friend Jerry M was telling me that he is still using the Kaspersky suite with the good old Systweak key. He said he would not trade version .125 for the world. I then starting thinking of all the software I have either bought, trialed, beta-tested over the last 2 years. I could not even think of every application that was added to protect, what another application might let through, that another piece of software might not handle.

    I realized this is crazy, actually borderline obsessive. I have been trying to find 100 percent protection by adding and changing applications and two things struck me like lightning. One, I come here to find products to accomplish this, but yet I know from all here it cant be done. And two, when was the last time I turned my computer on to find a man with a gun, pointed at my face from the screen.

    Yes, disasters can happen, like what happened to Larry, but, I really think with just a good suite, the chances equate out to about what having lightning strike you are. It doesnt matter if it is Panda, Kaspersky, Norton, Avira, Eset or the rest, but at some point you just have to trust in what you have and not drown in what you continue to add.
     
    Last edited: Feb 28, 2008
  2. Wake2

    Wake2 Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    205
    So True, I browse the forums and see the latest and greatest
    must have innovations in software discussed at length, you
    know the kind designed to fill that "gap" in your protection,
    and I find myself trialing it for a few days, a week, some a
    month and than asking myself do I really need this and so
    far the answer has been no although I am downloading
    SafeSpace as I am typing this....

    Wake
     
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    That is so true trjam. I have come to the same conclusion.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I partially agree. A suite (or just the AV component), a reasonably up-to-date software base and a bit of brain.exe will keep you malware-free most of time. It's incredible that, despite having all odds against them, AVs manage to give "decent" protection to most people. However, there are people who are magnets to malware, no matter the security software used.
    That's the problem of people who try to apply the "layered approach". They think that the layered approach means piling up software to close the holes which might even not exist. I will put an example of how a "rational" layered security setup works with minimal resource consumption, zero conflicts/issues and with few (if any) security software:
    - Backups (system images and data backup safely stored)
    - LUA + SRP + SuRun (for convenience purposes)
    - Hardware-DEP for all applications.
    - Up-to-date Windows installation.
    - Up-to-date third-party apps (Adobe, Quick Time, Java, Office suite, media players, archive utility, etc)
    - Firefox + Adblock Plus + NoScript (all up-to-date) and Thunderbird + Allow HTML Temp (up-to-date) + server-side checking of mails (MailWasher, POP Peeper, etc) + good mail provider (removing of spam, executables and viruses)
    - Prevx CSI + good AV + ISR solution (Returnil, Deep Freeze, etc)
    - Common sense/brain.exe/safe computing (which things you should/shouldn't click, which sites you should/shouldn't visit, which things you should/shouldn't download/run/execute).

    Questions:
    - How many layers of security are there in my example? There are EIGHT layers of security :eek:
    - How many security software did I use in my example? There are THREE (Prevx CSI + good AV + ISR solution) security apps and they're all disposables :eek:
    Do you see what I mean?

    Now, I'll put this security setup to work.
    Browse mostly trusted sites. Trusted sites are hacked on a daily basis, but the chance of getting an infection on a trusted site is far far lower than if you visit crack and porn sites (disclaimer: I do visit porn sites). Don't be fooled by ads telling that you're infected or prompts to install "missing codecs" or "software updates". Also, only download trustworthy software from trustworthy sites and do all the checks you deem necessary (scanning with AV/Virustotal/online sandbox, checking hashes/digital signatures, reading EULAs, etc). Handle mail attachments with care (specially those from trusted sources, because it's common to lower the guard when you receive something from trusted peers) and don't follow links in mails. Only pay attention to mails you requested and delete the rest.
    The above measures (safe computing/brain.exe) will keep you far away from even encountering malware.
    Now, what would happen if I visit a hacked trusted site?
    First, it will need MY permission to run scripts. Suspicious IFRAMES and abnormally-long/nonsense scripts will surely raise my doubts.
    Second, most exploits attempt to use a vulnerability in browser plug-ins, so if a site wants me to run Quick Time and it never did this before that's another suspicious thing.
    Now, suppose that I give that hacked site permission to execute scripts and call QT.
    Third, it needs to exploit an unpatched vulnerability. That's highly unlikely because I keep all my software up-to-date.
    Fourth, if it manages to exploit an unpatched vulnerability because I forgot to patch or the vulnerability is exploited before a patch is released, there's a high chance that DEP will kill the exploit attempt if it's a bufer overflow.
    Fifth, if DEP doesn't kill the exploit (because it's not a buffer overflow or something else) it will need to bypass LUA + SRP, which is very very very unlikely (excepting privilege scalation vulnerabilities) because the writable folder in LUA (%USER%) doesn't have execution permissions (SRP).
    Sixth, if it manages to bypass LUA + SRP (and the AV), then I'm infected. Not a big deal, a reboot with my ISR and I'm clean again.
    Seventh, if it's a Robodog-type malware (bypasses ISRs), it will survive the reboot. Not big deal, I have backups of my data and system images. A system restore can de done in under 15 minutes and I'm back in business.

    Conclusion: I have LOTS of security layers but I use few (if any) security software.
    I know that this approach is not for everyone, but you can take a bit from here and there and build a setup which will deal with almost all malware and facilitate an easy/fast/pain-free/fear-free recovery.
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Hi Wake2, this is what I would call "Security Testing Software addiction" I understand what you mean I suffer from the same disease.:D :)

    Right using only EQSequre, DefenseWall and Avira free
     
    Last edited: Feb 28, 2008
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Yep I've come to the same conclusion by going through the same process. Now it is just NoScript, Sandboxie, Antivir Premium and some commonsense. (Though I'm trialing Mamutu from the GOTD promotion).
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    After several decades of over useing security apps last year I decided to quit being the paranoid computer use I was acting like. Slimmed down the security and amazing as it sounds I still have not become infected. All of those years and dollars wasted on software. I like the way my comp. runs now, it really flies without the best part of a dozen security apps running:D It took a while but finally learned:thumb:

    bigc
     
  8. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Luckily for me, I got either free software or free after rebate and I still haven't been infected in a major fashion. :D :thumb:
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    bigc, what did you settle on. Seems you have bounced a little in the last few months on the AV.;) :)

    It is an addiction though. Hell, I have already loaded SafeSpace back on since posting this thread. Is there a pill for this.
     
  10. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I can identify with this (I'm also trialing Mautut from GOTD offer). This is part of the problem, there's always something new, free, interesting, etc. to try. It never seems to end (even when I say I'm done and sticking with what I have, I end up trying more software).
     
  11. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    I understand Lucas,your approach is not for everyone,at least not for me.

    I keep it simple software wise and let reign brain.exe as a major component to my setup,its basically transparant,behind a natrouter config. to my wishes,then Sandboxie and Returnil as a virt. protection,Boclean for the RAM and that's it.

    Will never forget that i owe respect to the guys at Leappfrog and Storagecraft for their very usefull stuff,using it daily.

    Ditched all the resident stuff and once in a while scan my system with SAS and CureIt. For downloaded files Virus Total is my next station.

    My system and internet are flying and also equally surprised that all that resident stuff bogged my system so heavily in the past.
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Isn't all of this as simple as "all things in moderation"? Some of us have managed to put down one addictive behavior or another, only to watch ourselves pick up a new one. Fortunately, security software addiction is not damaging to the spirit and the body like some of the other joneses are... but it does deserve much of the same respect as a behavior capable of spinning out of control. There is lots to be fascinated and captivated by here, so it should come as no surprise that some of us are seduced by security software. And the way I see it, there is just enough truth and validity to the dark side to keep a goodly number of us jumping around trying to protect ourselves from the perceived danger. I'm glad you started this topic. I feel like I've attended a meeting now.
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @trjam so very true and good post.I came to the point I had to tell my self enough is enough and settle its all fun for a while to try this try that add this to that etc but after a while it gets old but at the same time a great experience with products and fun for a while anyways.
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If you like to test software (new concepts, betas, new releases, competition offerings), do it on a VM/spare machine. If you're testing software because you want to fill a gap in your security or your unsure of your current security setup, that's bad.
    Once you understand what malware can/can't do and how it lands on your PC, choosing a security setup should be pretty straight-forward.
     
  15. Wake2

    Wake2 Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    205
    I do use a test machine because I enjoy trying new
    software, but sitting between me and the security
    software that I do use is me, and common sense,
    not to mention my wife, and a budget.

    Frankly I pretty much follow the rule of keeping it
    simple, but can't seem to help myself when some
    new intriguing software comes out and than I just
    have to try it.

    Wake
     
  16. wat0114

    wat0114 Guest

    I like software security in "threes", with the emphasis on "lightweight". My most recent settled on: Sandboxie for surfing in, Jetico 2 firewall (with, admittedly, a bit of a built-in HIPS) and Nod32 for on-demand only, except for real-time email scanning. The router I don't really count because it's hardware. I've never liked all-out lua/srp/limited accounts, but I do have my XP Pro hardened with some considerable restrictions placed on key system directories and other folders. Of course everything's up to date and Acronis TI used for backups. For sure, too much is too constrictive,though we all have our preferences and comfort levels.

    There was mention about software testing addiction. I have that disease too.

    BTW, I'd sure like to see Easter comment in this thread :D
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Agreed wholeheartily.

    As both a former security forum Moderator and HijackThis Specialist, it didn't take long before afflicted users panic rubbed off on me too :eek:

    Trouble then was there were no HIPS, sandboxie was very new, and about everything we used to help users amounted to homemade fixes with batch files, scripts, you name it. Oh yeah, we could suggest AVG or A2Squared and a few others and remind users to stay updated, but that didn't stop malware from once again penetrating thru, either deliberately targeting the security apps themselves or the user pulling a blooper by installing something malicious or even clicking on a coolwebsearch link, remember them?

    When i finally got my reprieve from those duties as a malware fixer or whatever, to exercise my own surfing rights on the web, i started loading up with everything i could possibly download, trial, then purchase. The rest i left up to chance but as time went along and i found these new innovations popping up at Wilder's here, i was right back at it again, piling on the layers against potential attacks from the unknown as well as running headlong into local researching all the viruses and malware i could lay my pointer on :doubt:

    It's still easy though to grow complacent just as it is to go on overkill too with way too many security apps. Striking that perfect medium can become a balancing act with so many more choices we have now, and i admit, i too suffer from the addiction of trying out everything new.
     
  18. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Speaking of addiction......I have my computer pretty much where I want it with Sandboxie, either DeepFreeze or FDISR (I change occasionally), and Faronics AE.

    Today, not many minutes ago, I was downloading SafeSpace, and caught myself asking Why? I'd finally gotten the beast set up to where it runs good, with no slowdown, and I'm downloading something else.

    I canceled the download. How about That!! I resisted temptation, all on my own.

    Somebody needs to start a thing called Computer Anonymous and develop a step program to help computer addicts.
     
  19. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    Just passed 3 years since I joined here and like trjam, I can't remember all the security software and utilities that I've tried.

    In those 3 years, to my knowledge, nothing has infected my computer.

    I've just reread my first ever post here and this is what I had in 2005


    Spybot
    Ad-aware
    Ewido(on -demand free version)
    Spyware Blaster and Guard
    Bit Defender(on demand free version)
    Zone Alarm Security Suite (full paid version)
    Firefox browser

    Have also trialled TDS-3 and Trojan Hunter

    I somehow suspect that I had I kept that set-up all the way to today, I still would not have had any problems.

    Have I wasted my time ? No, because I have learnt a lot.

    Have I wasted any money ? Probably, yes.

    The circle is now complete. No security whatsover on XP. It doesn't connect to the web anymore.

    All browsing now will be done through Linux.

    Sad times really. No more testing this that and the other.

    Can I keep it up ? Probably not :D :D
     
  20. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Maybe i am different to many in such a way that in place of adding i like the whole idea to get me security setup as smal as possible without compromising it. I have a strange pleasure in trimming my setup to its bare essentials,making it as light and transparant as possible.But then you have to know your stuff very well and also something about your own inclinations and paranoia.
     
  21. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Oh well, better overkill than sorry right?
     
  22. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    No, its all about finding a delicate balance.

    I suppose that for many the real dangers are reside in their own minds ! ;)
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I've been running without AV, with Windows Firewall and no router for 2½ years. I just checked my system for virues with ESET's online scanner... guess what? No threats detected whatsoever.

    That only proves that common sense is enough for security.
     
  24. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    The problem with a layered approach, is that like food is an incredibly good thing for you being obsessive about it is not.

    Everything must be done intelligently, from exercise to eating, right down to how you setup your security...
     
  25. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    So you basically running without additional protection Hmmm. o_O

    Sure common sense is needed most, but sometimes we make mistakes on behalf of common sense. I like a minimal setup myself but its always a comfortable thought that something is protecting my back.
     
Loading...
Thread Status:
Not open for further replies.