Is RealTime Antispyware Protection needed with FireFox?

Discussion in 'other anti-malware software' started by duke1959, Oct 15, 2006.

Thread Status:
Not open for further replies.
  1. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Hello. I'm currently running Comodo Firewall, with Antivir PE, and use Spyware Terminator as my RealTime AntiSpyware Protection. I also use AVG Anti-Spyware, Adaware, and SuperAntiSpyware for on demand. The thing is, I use FireFox as my Browser with McAfee Site Advisor, and even with my wife sharing the PC, they never pick up more than a cookie or two. I realise AVG is still more of an Anti-Trojan Scanner, so I would keep that, but I would like to do away with Adaware as on demand and ST as my RealTime Protection. What I wonder though, is am I making a mistake in feeling safe with primarily just FireFox? I was also thinking of maybe switching back to AOL AVS (Still not sure if it causes Chkdsk problems though) as it already has Spyware Protection along with it's Antivirus Protection, and then use WinPatrol Free which I also have, but don't use in RealTime, or add Arovax Sheild when the new version is released. Help would be appreciated with what others use or don't use.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    does having a realtime antispyware make u feel safer, or could u remove it and still feel protected?

    its as simple as that.

    i dont use realtime antispyware and my ondemand scanner is limited to ewido micro. all in all, i dont feel the need for more scanners beyond that and KAV.
     
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Personally I have not used real time antispyware for years (on demand a couple of times every year) so based on my experience trying to get infected: No you don't need RT antispyware with firefox. But of course I use Noscript extension and JAVA turned off and it takes care of internet based viruses too.
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I feel a real time antispyware app is needed for protection no matter what browser you choose to use.
    My basic thinking is i'd rather have it and not need it, than need it and not have it.
     
  5. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    I run an AV that includes protection for multiple types of malware. While its a terrific product, I ain't bettin' the farm on it. Along with an on access AT, I run Spyware Terminator for the level of real time protection that it offers. I also use the free version of SUPERAntiSpyware. ST runs very well on my system with no discernible system hit, and both it and SAS are good quality free products. Was a fan of Adaware, but no longer. Firefox isn't bulletproof. The cretins that be are always busy trying to crap on your cupcakes, so I say run those apps!
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    A real-time protection prevents the installation of malware and that is the very best protection you can get.
    When there is NO installation, malwares can't execute their evil job and you don't need to remove them either. Isn't that obvious and logical ? So it's all about preventing installation of malwares.

    If malwares install themselves on your computer, you have two extra problems :
    1. You need to stop the execution of installed malwares as complete as possible UNTIL they are removed
    2. You have to remove these installed malwares as complete as possible.

    If you find security softwares to do all that, you have a very good security setup.
     
  7. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I guess I just want a more set and forget type of set up. Although without doubt Comodo, Antivir and ST pretty much give me this, I just thought it to be even simpler to use AVS as both Spyware and Antivirus Protection, and then maybe a light weight HIPS like WP Free or Arovax Shield. I know ST has HIPS too so I'm on the fence about which way to go. I no longer get the nag screen from Antivir as I did the Safe Mode, Administrator deny avnotify exe. method mentioned in the Forum, but it would be nice to have definitions for Antivirus and Spyware to be updated in one product like AVS which uses the KAV Engine. So I guess my other question is. Which would offer better Spyware Protection and Detection, AVS or ST? I already know Antivir and KAV are very close in AV Protection and Detection.
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    id say a dedicated antispyware would have the upper hand, particularly for removal.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The trouble is that none of the security softwares are complete in doing their job and in many cases you don't even know exactly against what you are protected. That's why you need a layered security setup : what one security software doesn't do, might be done by another security software on your computer.

    For stopping the installation of malware you need CIPS for less-knowledgeable users and HIPS for knowledgeable users.
    CIPS = Prevx1, Online Armor, ...
    HIPS = ProcessGuard, System Safety Monitor, ...

    For stopping the execution of malwares, I can't give you any answers yet, I'm searching for them myself. Anti-Executable is certainly one of them.

    For removal of malware, you have lots of AV/AS/AT/AK-scanners or you use one of the rollback softwares.

    Your very last chance to get rid of all your troubles is a restoration of a CLEAN image file.
     
  10. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    There was a long running thread sometime ago with a title something like ‘Has your AT/AS ever stopped anything in real time?’

    At the time, I didn’t realize how pertinent that question really is.

    I’ve had all sorts of Trojans and spyware get into my system. What I’ve found is that if your AV does not pick it up, nothing else will.

    My AV has stopped many things in real time. Ewido active, PestPatrol active, Spyware Doctor, Ad-Aware Plus and others have all let everything pass right by. They can detect malware with a scan, but don’t seem to be able to stop it on the way in.

    So either you get the AV that has the best AS/AT available, or you choose another method to prevent infection. But for some reason, traditional AT and AS programs running actively don't seem to work.
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Wars against malwares is dependent upon whose is outsmart the other; antimalware programmers or malware writers. If both belong to same fittness/sport clubs,the chance of success is preditable, if not, then is everyone's guess. I used to be a firm believer of multi-layered defense system, put all my trust on all types of anti- apps. At the end, it fails. No matter how good your programs are, it only takes one single slip of care, bingo, here goes your defense . Firefox is a better security browser than IE, that does not mean it will protect you completely. Now I am taking a different approach, utilizing sandbox/virtuallization app such DeepFreeze Standard as my primary defense element, plus firewall,AV. As far as realtime scanner of AS is concerned, that can be put in the backroom for now. Since I can surf net w/ DF's frozen mode, all traces will be gone 100% after reboot, why would I worry about those infections at all? Nothing evil will stay behind!
     
  12. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    Alright I'm not trying to be rude here but I want people to realize that Firefox is no longer "secure through being obscure" and such. It's got a larger market share now. It's being attacked and targeted. True Mozilla is better with patching sometimes, but let's stop acting like Firefox is this big virus and spyware barrier when quite frankly it's not.

    You should still use a realtime antispyware IMO. Spyware Terminator is light, and it's set and forget. You're using it already and I don't understand why you would get rid of it, don't fix what's not broken!. Since ST is free and light and working, just leave it be in my opinion.

    I do know this is a security forum and most of you are smarter then me but my point is that I think people should stop fiddling with their setups so much. If it works, just use it. Your computer was made for work and play and if you spend all your time securing it you won't have time to do any of that. I use to be like that but I stopped myself. Use your computer, don't spend all this time securing it (in my opinion, and remember, I'm not trying to be rude here).

    I guess the bottom line is, Firefox won't nessecarily protect you and using a realtime AS is good or at least don't get rid of the on demand one.

    (And not trying to be rude here and this is minor but it's Firefox not FireFox.)
     
  13. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    I'm not sure it's as mutually exclusive as that:
    I use both a CIPs (PrevX1) and a HIPS (SSM) as although there is some overlap, a HIPS provides some finer tuning of control but PrevX avoids me having to use the grey matter too often when deciding what to allow.
    I don't think you need a real time AS if you are going to use a sandbox or frozen system for surfing (e.g. Deep freeze or FD-ISR frozen snapshot) but I'd certainly recommend one if you are not, providing there isn't too much of a performance hit and you've got enough RAM to play with.
    Frozen systems are probably the way most of us are going when online but this doesn't come without its own inconveniences (like updating Windows or AVs etc.). No solution is perfect and ultimately it depends on how much 'high-risk' sites you are going to and how paranoid/ obsessive you are.
    Basic common sense plus a CIPS/HIPS and AV plus Hardware Router are enough most of the time.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't need any finer tuning, because I have a black/white vision on malware. Grey doesn't exist, it's good or bad, black or white.
    Prevx1 has settings to block unknown and caution programs and that fits in my black/white vision.
    I don't need HIPS either, because Prevx1's Community Database decides for me what is black and white.
    Why would I become an expert, when other experts (Prevx1) do all the difficult work for me and much better than me.
    Even when Prevx1-experts make mistakes, I only have to report these mistakes and it will be fixed, just like I report false positives to scanner companies.

    Why do I need an AV ? My frozen snapshot cleans my snapshot better than any scanner(s) ever will.
    A frozen snapshot isn't inconvenient, it requires a new approach and other habits and also needs study and testing.

    I might use one of these sandbox softwares, because my security setup isn't finished yet, but I will never give up my rollback system, it's too good to ditch it.
    Rollback gives my computer back like it was yesterday and what worked yesterday will also work today, tomorrow and the day after tomorrow.
    No malware is going to change my computer, I'm the one, who will change my computer if necessary. My whole security setup is based on that principle from installation up to restoration and what is between them.
     
  15. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    I admire your confidence in PrevX1 but it's only as good as the experts as well as the community using it and the rapidity updates are offered.
    I like SSM because it provides a failsafe as I feel I know better than anybody else exactly what is on my computer.
    As for the AV I'd agree that there is no great need if you are going to reboot to a clean snapshot after every online 'episode'.
    I just hope that FD-ISR is bullet-proof against all rootkits and as yet I'm unconvinced.
    I'm afraid I feel frozen snapshots are not convenient for me rather than for everybody as a whole as I'd rather not look for and then manually download every MS patch or AV update.
    I would use them for any 'high-risk' surfing, it's just I'm too old to bother with porn or warez sites and too mean to file share.:D
     
  16. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    But Prevx1 could be circumvented just like any other software and then you'd kind of have a problem....well at least IMO.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I hope so too and I'm not convinced either. If I was I would be an idiot.

    Malwares have one thing in common : they change your harddisk in many ways, but they CHANGE it. Since a frozen snapshot removes any change, it will remove rootkits too. That's the theory of course. :rolleyes: For me to find out, if it's true.

    But I have my clean backups/snapshots in the background to remove them anyway. I have TWO kinds of backups : clean backups for restoration only and possible infected daily backups like everybody has.
     
    Last edited: Oct 16, 2006
  18. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    ErikAlbert

    Don't get me wrong, I admire your approach to computing security 'nirvana'.
    I wish I had your discipline and rigor with this....
    It just seems there is a slight contradiction in your apparent desire for a fully 'automated' protection system e.g. Anti-Executable, Prevx1, total separation of OS/data etc. using nLite and the requirement to 'hand' update Windows when using Frozen Snapshots.
    For me there has to be a balance between degree of user intervention and ease of use and for that I'd rather avoid frozen snapshots but trade that off against using real time scanners (however imperfect), whilst knowing that my security setup is not good as some others but like you having quick restore with a clean FD-ISR snapshot as well as a completely clean ATI image if the sh*t really does hit the fan.
     
  19. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    At what age does that happen?

    My computer will probably be a lot cleaner then.

    :blink:
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    L Bainbridge,
    Any bad comments are WELCOME. You can't hurt my feelings regarding softwares of my own ideas.
    It's difficult to explain, but that's the way I do my job.

    1. nLite is just a tool to create a new "Windows Installation CD", based on the original CD.
    nLite allows you to include slipstreaming, security/updatings patches, and customizing/tweaking all kinds of settings
    and removal of Windows components at FREE WILL.
    What many users do AFTER installing Windows, happens now DURING installing Windows, that's the only difference
    and that is alot more convenient. Also your Windows Update or automatic update will be shorter, because
    most security/updating patches are already included in the customized "Windows Installation CD".

    2. The frozen snapshot in my security setup has only one purpose.
    If any of my security software fails to do its job, my frozen snapshot is supposed to clean the mess.
    But I need these security softwares to stop the installation or execution during TWO reboots, because the frozen snapshot doesn't stop the installation/execution of malware, it only removes the malwares (changes) during the next reboot. The period between TWO reboots is normally equal to a working day of 8 hours.
    So I have a very good reason to use Prevx1, etc. ... in my frozen snapshot.

    Consider my security setup as one of the hundreds security setups at Wilders. :D
     
  21. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    Somewhere between puberty and senescence, I guess .
    Anyway, I was only referring to online porno_O
     
  22. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    ErikAlbert

    Agree with you totally on nLite- we've discussed it in an earlier thread.
    I do understand your setup and it does make a lot of sense, but it takes too much discipline for mere computing mortals like me, so I'm stuck with realtime scanners in an imperfect world.
    Lee
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That is not an argument for me not to use Prevx1, because any software can be compromised unexpectedly. This can happen to anybody.
    If I don't anchor anything in my frozen snapshot, the "change" that compromised Prevx1 will be removed during the next reboot.

    I also have two possible solutions when something serious happens :
    1. I have an archived snapshot that contains the original off-line installation of my frozen snapshot, which can be used to create a new clean frozen snapshot at any time.

    2. I also have an image file that contains the original off-line installation of my system partition, which can be used to create a new clean system partition at any time.

    As long I can recover, I'm safe. I only need my Acronis Rescue CD and my external harddisk to recover my two internal harddisks in the worst scenarios.

    And of course there are plenty of horror stories to discourage any user and make any security setup look useless, but those stories never happened to me.
    We will talk about this when it REALLY happens. :)
     
  24. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    In light of all the recent HIPS threads, I thought this may once again become a good question. I'm still not completely sure an Antispyware is needed with FireFox, but surely in todays times something like paid or free ProSecurity and SSM, or even Cyberhawk would be good to have when using FF, right? Also, Spyware Terminator has HIPS, and even Windows Defender which I heard has improved greatly, has some other types of protection independent of what browser you may use.
     
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    With all due respect, could you please show me one exploit that works in Firefox, as in "you visit a page and get owned"? I asked for this a thousand times and no one ever provided me with a single example.

    Those blanket-coverage sentences are a pure marketing propaganda. Nothing else. Fear mongering. Because once the common people realize that you do not need to spend 80-200 dollars on "protection" and that it can be accomplished fairly simply with a 5Mb free browser - superior one at that too - and a single 100Kb extension - lots of money-makers and war profiters will go down. For the time being, they will write articles claiming that "security experts" say Firefox is secure and all that .... but in recent months, there has been an increased "hacker" activity and Firefox has many bugs and exploits ...

    Extrementus Bovinus.

    On topic:

    I agree with sukarof. Real-time anti- is not needed. Of course, it's relative and depends 100% on the user. My needs do not require one. Firefox + Noscript is probably the highest level of web peace optimization you can get for Windows systems.

    Mrk
     
Loading...
Thread Status:
Not open for further replies.