Is an Anti Keylogger needed with this setup

Discussion in 'other security issues & news' started by Dongwook, Nov 15, 2005.

Thread Status:
Not open for further replies.
  1. Dongwook

    Dongwook Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    6
    Do I still need a key logger?

    I have follwing programs in my system:

    1. PC-cILLIN ANTIVIRUS
    2. Trojan Hunter
    3. Spybot
    4. Adaware free version
    5. Microsoft Antispyware
    6. Sygate 5.5 free version
    7. EWIDO free version without realtime scanning
    8. Process guard free version
    9. I have a NAT router as well.

    Do I need to do more on this system with Anti-keylogger program? How safe is my system with my current set up? Am I missing anything? I uninstalled the Prevx since it conumes too much of CPU resources.
    Thanks for your comment.
     
  2. krump

    krump Guest

    Re: Summary of Anti-keyloggers


    Yes, I would consider using some type of AK with that set up. Maybe try Snoopfree or use Security Task Manager free version for a manual check every once in a while. I would also use Unhackme and/or RootkitRevealer to check for kernel based keyloggers.
     
  3. Dongwook

    Dongwook Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    6
    Re: Summary of Anti-keyloggers

    After getting your advice, my system is even more fully fortified. Now I have following in my system:

    1. PC-Cillin Antivirus only
    2. EWIDO
    3. TDS-3
    4. Spybot
    5. MS Antispyware
    6. Adaware
    7. Spyware Blaster
    8. Spyware Guard
    9. Unhackme
    10. SnoopFree
    11. ProcessGuard
    12. IE-Spyad
    13. Rootkit Revealer
    14. Hijackthis
    15. F-Secure Blacklight
    16. Security Task Manger
    17. Sygate 5.5
    18. NAT Router

    After reading some stuffs in Wilders Security Forums, I installed lots of programs. Yes I am pretty new to this community and did not know anything outside of Antivirus, antispyware, and firewall before I come into this community.

    Am I safe now? Which programs are redundant that I can get rid of? My computer does not have any software conflicts with the current set up. Should I just keep this setting?
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Re: Summary of Anti-keyloggers

    Dongwook,

    The question is not what is installed on your system, but what is running and why. I gave a somewhat personal perspective here and need not repeat the details. Using that view, what I'd reommend that you have running from your list is something along the lines of:
    • NAT router
    • PC-Cillin - I usually recommend something a little more comprehensive, but it should be quite fine for typical use profiles.
    • Ewido - you do have the paid version and are running the realtime guard, correct?
    • ProcessGuard - full or free version? Any registry protection? Sometimes this is through the AV or some of the other apps.
    • Sygate 5.5
    Don't worry about duplication at the install level if there are no realtime components running, disk space is cheap. Whether you need to go all out or not depends on your risk profile, as well as available cash for paid applications. In any event, running lots of realtime applications is not the solution, having a limited number of well selected ones is an approach that I do recommend and there are many combinations which yield the same result; having defensive cleanup applications installed (things like HiJackThis, etc.) and ready to go if needed is also advisable.

    Blue
     
  5. Iainbanks

    Iainbanks Guest

    Re: Summary of Anti-keyloggers

    Decent but not the best, better is NOD32 . We have support forums here for this Antivirus and it's one of the most popular antivirus here together with kaspersky.


    Not bad, but Boclean is pretty solid too.

    Not much use give no signature updates as it is discontinued.

    Dump spyware guard.
    Keep spybot,Adaware and MS antispyware for weekly on demand scans.

    I'm assuming you run Regdefend to cover registry and Wormguard to cover local scripts otherwise and online armor (see later) for everything else, otherwise use MS Antispyware real time protection.

    Appdefend is probably better than Proccessguard, or it will be better.
    And yes you need some good registry protection. Regdefend is good, real time customisable protection. Overlapps with Online Armor a bit, but for now OA protection of this area is limited.

    You might as well get the ghostsecurity set of appdefend+regdefend.


    Hmm not good. The future of Sygate is uncertain, now that the company has being bought over, have you considered using Looknstop ? It's fast , light and powerful. Sygate is not good because it has a well known serious bug with controlling loopback connections. Not good, given the stuff you run. Looknstop doesn't handle browser privacy though, so you will have to replace that with a content blocker like Admuncher which blocks referers, ads including inline ads and more!

    No antiphishing? No protection against DNS spoofing? Go get Online armor. You are protected against dns spoofing, because it uses alternative dns servers to check and reconfirm your location,

    No backups? Online armor can help track installs and reverse them.
    Online armor might be a good idea anyway, since it can help tighen up your browser defenses.

    No local scripting defense? Get Wormguard , it's amazing and can stop and analyze any script and tell you if it is dangerous. You can then stop it.

    You also need a proper backup solution, for example Acronis true image , we have the support forum here.

    Also you are browsing the net without an annoymizer, this means your ip is exposed, if you visit a website the webmaster get your ip address and they can track back to you to attack you. So maybe get ghostsurf

    Also you need to do some serious amount of system hardening, so that your system is inherently safe from attacks even without software. Preempt is good and can protect you from zero day exploits - Exploits that have no patch yet.

    Might also considering getting Bufferzone or vmware so you can run programs you are not sure of in them, while limiting damage.

    Do you have a good antispam filter? I recommend mailwasher pro, you can trap dangerous spam mail including viruses before it hits your inbox.

    That should be enough for now. There are still tons of things to do to further tighten your security though.
     
  6. Dongwook

    Dongwook Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    6
    Re: Summary of Anti-keyloggers

    Thanks for your insights. I learned a lot from your comment.

    At this point, these are 8 programs that are running real-time. I have not seen any major conflicts yet.

    1. PC-Cillin Antivirus only
    2. EWIDO paid version Real-time guard
    3. Microsoft antispyware
    4. SpywareGuard--->Is this necessary? It looks bit outdated
    5. SpoopFree (Free)
    6. Unhackme (Evaluation-Free)
    7. ProcessGuard (Free version)
    8. Sygate 5.5 (Free version )

    I might buy NOD32 in the near future following your advice. PC-Cillin does not seen to have a high detection rate. What is your comment on the current real-time set up? Can they all work properly?
    If I have to uninstall one real time program, I was gonna uninstall the SpywareGurad.
     
  7. Passing Thru

    Passing Thru Guest

    You might try AntiHook http://www.infoprocess.biz/ instead of PG Free. If you read the threads here you'll see its got a good rep, and it's free. Some of the progs recommended to you here e.g. Bufferzone are beta software. If you're a confident, experienced user then enjoy, otherwise it would be better to stick to the less problematic apps for the time being.
     
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    If you're using the real-time protection from MS Anti-Spyware, then there really is no need to use Spyware Guard. Spyware Guard is still fine as it is, since it just blocks certain behaviors it doesn't really need to be updated. Many do uninstall it in favor of something with more comprehensive protection, however. Online Armor is a good example.

    Personally I chose to use Ewido and NOD32 without a realtime anti-spyware app. After that I prefer to go with a behavior blocking app.. Prevx 1 and Online Armor make this easiest for beginners, and give you the best of both worlds (signatures and behavior blocking). On top of that, system hardening is something I definitely recommend, I've had tremendous results with it. PreEmpt is a great product, especially for those that don't have a lot of time to invest in it. I would also use WWDC, however, it is also perfectly safe.

    If you run at least WWDC, and make sure to use an alternative browser (like Firefox or Opera) and email (Thunderbird, Opera, PocoMail, Eudora or any number of others), then I think you would be pretty well good, for the time being, with what you have. You can then spend some time looking through your other available options, and find what suits you best (see the first two links in my sig). I think all of us first loaded up with everything when we came here, then we find our favorite apps and slowly trim out the fat. It's a good way to go, really, as you're much better off than most until you can find what works best for you.
     
  9. Dongwook

    Dongwook Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    6
    Thanks guys.
    All your imputs were very insightful for me.
    I made further changes to my system.
     
  10. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Well? Tell us what ya did. ;)
     
  11. Dongwook

    Dongwook Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    6
    Ok. Let me tell you what I did.
    Basically I came to the conclusion that I can not go all out and buy everything for every possible attacks. Based on my risk tolerance level, I decided to keep it simple. I am not running a server nor running any P2P software. I am just an active surfer. That's all. As long as, I stay away from potentially dangerous websites and be very cautious, I think I should be fine with the following set up:

    1. NOD32 (Real Time on, Paid version, trashed PC-Cillin)
    2. EWIDO paid version (Real Time on, paid version)
    3. A-squared (Free version on demand only)
    4. Tauscan (Free version on demand only)
    5. MS Antispyware (Real Time on)
    6. Spybot (Free)
    7. Adaware (Free on demand only)
    8. IE-Spyad (Free)
    8. Process Guard (Free, Real Time on)
    9. UnhackMe (30 day trial Free)
    10. SnoopFree (Free, Real time on)
    11. SecureIT (Harden the exploer and only use Non-admin)
    11. Sygate 5.5 (Free)
    12. NAT Router (SpeedStream 6520 with Built in Wireless Router)
    13. Rootkit Revealer (Free)
    14. HijackThis (Free)
    15. Security Task Manager (30 day Trial Free)
    16. Acronis True Image (Paid version)

    I trashed PC-cillin and bought NOD32. Acronis True Image seems to be a good back up program, so I bought it.
    I also dumped TDS-3 and SpywareGuard since they are not up to date. I undersatnd that SpywareGuard does not need to be updated but MS-Antispyware is essentially doing the same work. In addition, I have enough back up anti-trojan and anti-spyware programs to defend my system. Most importantly, I probably have to consider getting a new firewall since Sygate has been acquired by Norton. LookNStop seems pretty decent. A lot of people suggested me to add Regdefend and OnlineArmor for further defence, but I am not still convinced why I need these programs. It is perhaps due to my ignorance on certain type of attacks. I am not quite sure how my setup would not protect me safely versus someone who has OnlineArmor and Regdefend on top of my set up. Wouldn't my hardware and software firewalls protects me from the most of hackers attacks at the first place? and if I am stupid enough to visit some dangerous websites or download trojan/virus infected files, wouldn't my EWIDO, Unhackme, NOD-32, ProcessGuard, Snoopfree, all of software running on realtime protect me anyway?
    But I am definitely open to any inputs and suggestions. Thanks guys
     
    Last edited: Dec 7, 2005
Loading...
Thread Status:
Not open for further replies.