is simple behaviour based protection on its own enough ?

Discussion in 'other anti-virus software' started by madpete, Aug 11, 2009.

Thread Status:
Not open for further replies.
  1. madpete

    madpete Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    10
    hello all . new poster so please excuse if this question is shallow . i use xp with xp FW and a BT Hub and am a very safe surfer - i use current affairs sites and imdb . occasionally i use cdcovers.cc for out of print or tv series dvd covers . I've been surfing and researching on the internet for 5 years now but my main machine use is file conversion and editingfrom vhs to dvd using ulead and lifeview tv programs which work well for me - therefore machine speed is v important . i have 1G of RAM and 80G hard drive . if i am surfing i have avira free and i always run malwarebytes to check after internet sessions . avira never flags anything up . mbam has caught odd spyware/malware successfully . bearing this in mind do i need a large AV running on my machine or will something like threatfire/prevx cover my needs ? I love to hear opinions but i also am aware of not starting an A vs B conflict . What are your thoughts - i am hear to listen . Many thanks Madpete
     
  2. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Hi madpete

    Firstly its good that your looking into types of security apart from AV's. For many people here it becomes a kinda hobby ( myself included ).

    IT Security in general is about learning
    1. what the risks are,
    2. What are the options for controling it
    3. what balance between risk and usability is good for you

    So I'd advice you to look at it from these different angles and then see whats right for you.
     
  3. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    ^^his post aside, im confident with avira and a behaviour based antimalware will be suffice, perhaps something like geswall would be appropriate, it adds a small complication but you get used to it and its impenetrable to drive-by-downloads
     
  4. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Hi there. Prevx is ideal if you are worried about resources. I have started using Prevx after hearing good things about its detection rates - but it's running almost with no knock to resources (both Prevx services are using 10.7mb of ram and virtually zero disk/cpu activity)

    Prevx allow you to use it as a free detection tool and if you discover any malware/virus you can pay for it to be removed. I think they do a one month license or a yearly. So there are a few options.
     
  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    madpete, if you consider the point 1 and 2, that are the objective standards for security, the answer to your question is that only a multi layer security system is " enough " to protect a pc.
     
  6. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    well my main setup is an AV (Avast Prof) and a BB (Mamutu) and nothing has got passed in regular use yet since i typically dont even run sandboxie out of pure forgetfulness :D and to date ive never had to use rollback rx for a malware related problem (just testing software)
     
  7. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    What about Defensewall, Hitman Pro and Shadow Defender.
    I also use Shadowprotect Desktop on my pc.
    Hugger
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    SSJ, I've read over your post regarding the rate of new malware releases compared to AV detections (which, as you said yourself in a separate post, 99% detection is being overly generous), and, though that post may be a very good argument in favor of behavior blockers and HIPS, I still contend that it takes an actual effort to get infected with anything. If you merely secure your browser and keep it patched, don't open unexpected attachments, scan files before opening, and don't click on "alarming" pop-ups and banner ads, you are *not* going to get infected.

    We spend a lot of time debating these programs and their usage, and throwing test after test against the latest and greatest malware, but we forget that the extremely vast majority of these infections are the result of another infection, "PEBCAK-itis". For those of you that just went "huh?", it means "Problem Exists Between Chair and Keyboard". No AV, firewall, or HIPS is going to prevent and/or fix that condition. If you do something stupid and click "yes" prompts all the way through, your security setup means jack.

    My only real-time is my AV, and I haven't been infected. By infected I mean a virus or malware has actually done something besides sit there. I've had loads of viruses and malware files, but my AV tells me about it and I delete the the problem, they never have a chance. So, yes, if you are talking relying solely on behavior blockers, they ARE enough, if properly understood and used. The only time ANY security software is never enough is when there is not a case of "PEBCAK". If there is a case of that, then there isn't a thing in this world that's going to be enough. So, there's my opinion on the matter.
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    as is with any security product then since none of them will cover everything.
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    As far as many never having ran any security software at all and KNOWING they never got infected, I buy what you are saying, but I don't necessarily buy what they may say. Unless you can analyze files, see obvious signs of pop-ups, redirects and the like and/or know what kind of subtle behavior to be on the lookout for, it's pretty difficult to KNOW you aren't infected with something. That's just my opinion though, maybe these people you know are completely right.

    I understand what you're saying about the theory that relying on behavior blocking alone is flawed. But, me, I keep a practical view on things as often as I can. In practice, and with that common sense and basic knowledge that both you and I are necessary, relying on a behavior blocker alone, again, in my own opinion, is perfectly reasonable and adequate. I will say however that I would prefer, with the aforementioned common sense and basic knowledge included, that users rely on a well known, well tested AV over a behavior blocker or HIPS. There is simply just too many ways for behavior blockers and HIPS to be used incorrectly, not so much in the case of an antivirus/antimalware application. Simple opinion from a simple man :)

    Edit: In response to your last post, the problem is "properly configured". Too few of the average population can even understand the prompts from these programs, much less tweak the settings for maximum protection. They end up in more trouble having these apps than they would without having them 9 times out of 10.
     
  11. thathagat

    thathagat Guest

    and
    true...but you know ssj that not many are willing to traverse this less travelled road to self enlightenment for it is not an easy ask for some as the time it takes is a deterrent or simple solutions with bullet proof security:rolleyes: are sought and advertised.....simple things as stated by dw426 are much needed
     
  12. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    :D :D :D
     
  13. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    ok enough of the arguing, lets concentrate on helping the guy not out-smarting the "opposition"
    this guy has said he doesnt visit too bad sites, every now and then sees hes got a little malware. hes asking if a behaviour blocker is the answer.

    as i said in the previous post i think geswall would be something for that, the only thing reaching your computer through geswall is things you download then then label "trusted" which sounds a good solution.
    why do i get the feeling the original poster has given up on reading this thread?
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Maybe I don't read too well but I don't see any "arguing" in this thread. I personally think we've given him both our opinions, it's up to him to decide where his risks are and if he needs to invest time into a behavior blocker or HIPs application. With the places he lists that he's going, he honestly doesn't need heavy duty protection, plus, he states he's a pretty careful person. Personally, if his machine needs to stay lean for the editing work he does, and he is satisfied that Avira and MBAM are doing their jobs, why clog up extra resources for programs he may not need?

    To the OP, yes, in my humble opinion, you're doing just fine with what you have. If you're machine is working good and Avira hasn't been throwing fits about infections, I have a feeling MBAM is catching some pretty mild "spyware", if it's catching real spyware at all. These programs treat system utilities and anything that works deep within the operating system as malicious, so keep in mind MBAM may be catching false positives and perfectly harmless programs that you yourself might be running.

    That's opinion though, obviously I wasn't there to see what MBAM caught. I do think though that unless you just feel comfortable doing it, you don't NEED anything else.
     
  15. madpete

    madpete Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    10
    i'm still here - this is a an excellent education for me and thank you all for your thoughts . when i see those statistics from ssj100 i think the only thing i can really trust is me ! ! i guess that's the whole point . i'm looking at what you've all said and what you are all using . i'm going to begin with trialling:thumb: one prog at a time :thumb: with AVIRA as an on demand checkup. i'll try geswall then comodo firewall then drivesentry . if anyone has further thoughts on these choices please do chip in . many thanks madpete
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    I've read now, I agree totally.
     
  17. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    flawed or not. its worked out for me flawlessly :doubt: and im by no stretch of the imagination a safe surfer but anything my AV didnt pick up my BB has alerted me to so far.
     
  18. thathagat

    thathagat Guest

    well look at it this way :
    1.secure your browser and keep it patched- always keep OS/software etc updated:thumb:
    2.don't open unexpected attachments-commonsense:thumb: this together with avoiding shady/illegal software keeps pc relatively clean
    3.scan files before opening-have a good av+as:thumb:
    4.and don't click on "alarming" pop-ups and banner ads-adblock/disable java script use noscript etc:thumb:
    5.use imaging/backup/sandboxing/virtualising software-most often suggested at wilders
    so what dw426 stated actually has deep rationale
     
  19. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    :thumb: Agree 100%
     
  20. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    If you start by understanding the risks, then you can counter them. Its important to focus on this as otherwise you can become confused about all the "solutions" available.

    Risks
    The risks in my view can be split up into.
    1) Malware , which you did not install / run.
    2 )Malware , which you did install / run.
    3) Malware Threat which does not fall into 1) or 2)

    My controls
    1) this is also called remote code execution or drive by download.Its the cause of a lot of internet scares.I stop it ( 100% IMO) by a default-deny security policy.

    2)I use a combination of actions to counter this.
    Trusted download sites , scan a file , run file in sandbox.
    This cannot be stopped 100% IMO, given human error.
    A BB can help here also

    3) Again I use a combination of actions to counter this.
    I use Windows FW , a encrypted folder , and a seperate full backup ( image ) of your PC to counter this.
    This is v. close to 100% Solution IMO for this risk.

    Hope this classification helps a bit and gives you some ideas.
     
  21. Fuzzydice45

    Fuzzydice45 Registered Member

    Joined:
    May 13, 2009
    Posts:
    108
    Location:
    Australia
    If i may jump in here..
    Would Online Armor (Paid) with the HIPS and Web Shield enabled provide decent security?
    I also have a hardware firewall so I don't need the inbound protection and the HIPS "should" protect anything going out.
     
  22. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    .

    1) Malware , which you did not install / run.
    Yes would block or alert on a lot ( say 80% ) of drive by downloads.

    2 )Malware , which you did install / run.
    Yes, would alert if install program acts "suspiciously" or installs a driver say.

    3) Malware Threat which does not fall into 1) or 2)
    Less so against this , image program is best here.
     
    Last edited: Aug 14, 2009
Loading...
Thread Status:
Not open for further replies.