Is running a million security programs necessary?

Discussion in 'other anti-malware software' started by jedispork, Mar 30, 2010.

Thread Status:
Not open for further replies.
  1. jedispork

    jedispork Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    16
    First post here. I've been a avira user for several years. I rarely have had any problems using avira alone. Lately I use adblock plus with the malware domains sub and also WOT. This very simple combo has done well for me. On occasion I will scan with malware bytes or super anti spyware.

    I'm discovering all different kinds of software here that I've never heard of. I've also skimmed through the "what security are you running" thread. I have been looking into defense wall, sandboxie, and online armor. My main issue is that they all cost money and the people that are at a serious risk for infection would have no clue how to configure and understand them. I'm still trying to figure out exactly what HIPS does in laymen terms. What one would you suggest to me for the best value on top of already using avira free?

    Another idea for me was to use a virtual box with ubuntu. I could take a snapshot with all updates and use that whenever I'm banking or whatever. Wouldn't this do the same thing as sandboxie? Using linux or a virtual box with it seems like a better solution than running a million security programs.

    thanks
     
  2. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Alot of people here believe in the layered security setup.

    Avira is good, but cant be 100% all the time.

    MBAM is also good and covers areas that Avira doesnt.

    Things you may want to look into are as you said, sandboxing, HIPs, plugging holes (system hardening), and definitely a backup solution.

    I use Spyware Blaster Home to plug browser holes. They have their own support forum here so thats also a plus.

    Comodo's Firewall with Defense + will cover your sandboxing and HIPS. They have included sandboxing softwares in their latest release.

    For backups Paragon is a great choice as is Macrium Reflect and Image for Windows.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    First off, you don't need nor will you ever need a ton of security. You have to understand something, as bad as the malware world is (and it is terrible and getting worse), it STILL requires either 1. Vulnerable software. 2. You doing something stupid. Take both of those out of the equation and there isn't a problem. Do you know what will happen if you start piling on security? You'll end up with a system that you don't want to screw with because of pop-ups every time your computer burps, or you change the clock or there's too much crap to have to keep updated, or a computer that might as well be a doorstop.

    HIPS, I hate them. I'm trying to learn them, but I can't stand them. There's nothing "laymen" about them, and they bark at you over legitimate actions FAR more than malicious actions. I've come to consider HIPS themselves to be malicious because their very nature begs someone to click allow just to shut them up, which of course renders them useless. Virtualization, good stuff, can be a pain in the neck when bookmarks, software updates, and so on get wiped out once the virtual environment is shut off or the sandbox emptied.

    I would pick virtual software over HIPS any day of the week and twice on Sundays if I wanted security without TOO much hassle. Really security boils down to you. Yes, there are 0-day flaws and there always will be. But, if you just refrain from high risk activity (P2P, especially hacked security software) and tweak your browser a bit, you can avoid all of these issues...seriously. You don't NEED anything beyond a patched OS and browser, an AV, and your brain.

    You're going to get told to LUA/SRP this, HIPS protect that, run this or that anti-malware real-time software. No, I'm telling you, your brain is all that rolled into one, and it doesn't cost a dime. There IS something to be said for protecting yourself against javascript exploits (which is basically THE most used drive-by exploit out there), and you CAN do it. However, beyond Firefox's NoScript extension, there isn't much to do with any other browser but turn scripting on or off. Turn it on fully, you risk exploiting. Turn it off and the web stops working pretty much.
     
  4. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    In the past, I've had my computer so loaded with security that I could barely use it.

    Now, I've trimmed down to Returnil and use MBAM (free) to check once a week. I run Google Chrome 5 beta browser.

    I think Returnil is enough by itself. Defensewall is another that can handle things alone, or Shadowdefender, geswall, Sandboxie or several other programs. By themselves, any one of them can do the job - my opinion only of course. I've used them all at one time or another. My computer has never been infected while they've been on the job.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    There you go, simple, quiet, effective. If you MUST do any risky activity (and there are legit reasons, not everybody is a pirate), then you probably should look into Sandboxie or something and configure it to only allow certain programs in the sandbox (for instance, only a media player or only a browser). That would be my only suggested change though.
     
  6. Watasha

    Watasha Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    233
    Location:
    United States
    The main reason I have what I have is because I like to play around with things. I could get by fine with CIS and maybe an on-demand scanner. The layered approach and HIPS works great for me. You may like virtual software more, I like my HIPS.:D
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    It really boils down to what you like and what you feel comfortable with :)

    I'm not comfortable without an AV and at least 1 on-demand malware scanner, but that's preference, not a matter of "need".
     
  8. ratwing

    ratwing Guest


    I say if you are happy stay as you are. You are fine.
    If you want,add Sandboxie free,set your default browser to allow its exe only to access the internet,and start/run.
    Enable "drop my rights" (in sandboxie) and Hammer down!!!
    This is all supposed to be fun,Right?

    If you are bitten by the "ultimate Security" bug,welcome it.
    Max out your machine,bring everthing to a slow crawl,and work DOWNWARD,
    from there.
    Many of us,have trod the same path.
    (even if we do not want to admit it.)
     
  9. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi,

    I also believe in the layered security setup:
    1. Prevention
    2. Detection
    3. Cure

    BUT It doesn't mean that I use all of these layers at the same time.
    The truth is the only one layer of protection is running here in realtime I mean first layer - Prevention (the most important IMO). Others I use from time to time, i.e. I use once per few months AV (Dr.Web CureIt!) and AM (MBAM) scan. The third layer (data/image backup) I use very very rare - but is there in case of emergency.
     
  10. jedispork

    jedispork Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    16
    Returnil looks interesting. Your entire windows install runs in a virtual mode? Then again couldn't you also do this with a virtual box and run windows inside of windows? I really don't mind paying for software under the condition that they have "life of the program" updates. So I'm still debating on trying out sandboxie or going with my idea of linux in a virtual box.

    I'm asking these questions for myself and to get pointers when helping others. I'm a big fan of passive security. I can put avira on my family's computer and let it be. Also with malware domains sub it updates on a regular basis with no user intervention unlike the hosts file. I would be curious to know how well malware domains compares to a good hosts file? I think being able to block the crap completely is a good strategy. I also skip over sites that come up red in WOT.

    I'm debating on buying avira premium for the web guard mostly for family. Maybe this could get them some more passive protection for java exploits without being a pro in hips or virtual software. I have tried noscript for a while and thought it was a pita. I've heard there are still ways for hackers to defeat noscipt, and it also relies on me knowing what I'm doing. I don't see the need to be this paranoid for reputable sites cleared by wot. If a site was hacked they could run bad code coming from their site and it could make it through NS anyway because the site would already be white listed.

    thanks again for the tips
     
  11. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293

    Returnil allows you to run in a virtual environment and if you get hit by malware,virus,etc etc,just reboot system and everything bad is cleared.

    It' must be understood though if you want to do banking or buying items online,it would be best to reboot the system to make sure everything is clean before you type credit / debit numbers etc.
     
  12. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    It's is the quality, not quantity.

    Eg. LUA+Sandboxie is rock solid.
     
  13. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Q: Is running a million security programs necessary?

    A: No. But for some people, it's a hobby.
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    1 or 2 is too much,heck maybe just one;)
     
  15. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    first i have an updated windows.
    then i have avira free+ pc tools firewall + malwarebyte (on demand scanner only)
    this is enough for me, I feel safe.
    and if these defenses fails i have my lovely IMAGE !!!
     
  16. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    I'll add my 2 cents in here, Most people on the forms like to test the products out and change there setup 5 times aday. There are over 50% here that do that just look day by day at there posts and set ups .One day its this and the next day its something else, I to believe in the layered approach. I didn't change my stuff to often but then again I don't test malware out. I try to stay away from it.:D
     
  17. Jav

    Jav Guest

    There is a little difference...

    With returnill (or any other similar virtualisation programs), you run your own system virtualised.

    With Virtual box (or any other virtual machines) you create new machine inside your own system.

    The biggest difference here is system resources.
    For example, if you have 4 GB of RAM.
    In first case you will use all 4 GB of your RAM.

    In second case, with virtual machines you can't use all your resources, as you should leave some for your own system.
    So you will probably use 2-3 GB of your RAM...

    And it's not only about RAM, same goes to CPU, Hard Drive and etc...

    So, in some way living inside Returnill is a bit easier than living inside virtual machine, with exception that you will have to come out (or add exclusions) of returnill to perform updates, install programs which require restart.

    ;)

    P.S. In my case in for real time defending I only use NIS 2010 and Windows own AppLocker..

    AppLocker is great function of the Windows, but I reading your post I would recommend it to you, as it will need a bit tweaking at the beginning :)

    But I will recommend you to consider at least LUA (Limited User Account, aka Standerd User), basically not running as Admin.
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina

    Some of us dont test malware, we are just bi-polar.:doubt:
     
  19. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    You could indeed just run a VM but of course you're then using far more resources sustaining both the host and guest systems.
     
  20. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    If hes strictly sticking to the VM then the host doesnt need anything running, no software to install, everything can be removed from start up, a few registry tweaks to speed some stuff up, optimize services and allocate all resources to the VM.
     
  21. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That's true but the host Windows along with the virtualization software itself will require both RAM and CPU cycles ,not an issue with a high-end setup but still worthy of consideration.Then there's reduced graphics performance for gaming,etc. under emulated hardware.

    Finally there's the question of an additional licence so if the host system isn't to be used at all then he'll be better using a resource friendly Linux distro with a Windows guest imo.
     
    Last edited: Mar 31, 2010
  22. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    So am I, that's why I don't use any security software real-time. One of the best things you can do for starters is not to run as admin. A limited user account will protect you from the vast majority of malware. If you want to expand on an LUA, you could add a software restriction policy. Here's a good explanation of how it works.

    I don't have any real-time security except a Linux firewall distro on an old IBM ThinkCentre. No real-time AV or desktop firewalls. I surf anywhere I feel like surfing and scan every two weeks or so with Avira, Malwarebytes and AVZ just for peace of mind and they never find anything.

    This is free security included in the OS. It doesn't cost anything, doesn't need to be updated and doesn't hog resources. You ought to give it a try, you can always go back if it doesn't work for you. Also do a forum search for SuRun. This makes using an LUA very convenient if you're running XP. It also works well with Vista.
     
  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    How true.

    HIPS is really the ultimate training tool IMHO. I have used many. Not so much for a hobby, but to REALLY see what was happening. Good old ProcessGuard was something that I did not have enabled all the time, but when I had questions, I ran it to see really what an application was attempting to do. There are more granular ones that enable you to see more if you want to know more, and less granular ones if you only want an overall snapshot.

    I don't use them anymore, nor firewalls, which are basically network HIPS now it seems. But one thing is for sure, if you want to learn, they are excellent teachers.

    Sul.
     
  24. lonelywolf

    lonelywolf Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    73
    Try avira free and shadow defender, you'll love it.
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Just understand why your running your particular setup. What bases does each program cover that another in your setup doesn't. The kiss principal should apply.
     
Loading...
Thread Status:
Not open for further replies.