is simple behaviour based protection on its own enough ?

hello all . new poster so please excuse if this question is shallow . i use xp with xp FW and a BT Hub and am a very safe surfer - i use current affairs sites and imdb . occasionally i use cdcovers.cc for out of print or tv series dvd covers . I've been surfing and researching on the internet for 5 years now but my main machine use is file conversion and editingfrom vhs to dvd using ulead and lifeview tv programs which work well for me - therefore machine speed is v important . i have 1G of RAM and 80G hard drive . if i am surfing i have avira free and i always run malwarebytes to check after internet sessions . avira never flags anything up . mbam has caught odd spyware/malware successfully . bearing this in mind do i need a large AV running on my machine or will something like threatfire/prevx cover my needs ? I love to hear opinions but i also am aware of not starting an A vs B conflict . What are your thoughts - i am hear to listen . Many thanks Madpete

 

Hi madpete

Firstly its good that your looking into types of security apart from AV's. For many people here it becomes a kinda hobby ( myself included ).

IT Security in general is about learning
1. what the risks are,
2. What are the options for controling it
3. what balance between risk and usability is good for you

So I'd advice you to look at it from these different angles and then see whats right for you.

 

^^his post aside, im confident with avira and a behaviour based antimalware will be suffice, perhaps something like geswall would be appropriate, it adds a small complication but you get used to it and its impenetrable to drive-by-downloads

 

Hi there. Prevx is ideal if you are worried about resources. I have started using Prevx after hearing good things about its detection rates - but it's running almost with no knock to resources (both Prevx services are using 10.7mb of ram and virtually zero disk/cpu activity)

Prevx allow you to use it as a free detection tool and if you discover any malware/virus you can pay for it to be removed. I think they do a one month license or a yearly. So there are a few options.

 

madpete, if you consider the point 1 and 2, that are the objective standards for security, the answer to your question is that only a multi layer security system is " enough " to protect a pc.

 

well my main setup is an AV (Avast Prof) and a BB (Mamutu) and nothing has got passed in regular use yet since i typically dont even run sandboxie out of pure forgetfulness and to date ive never had to use rollback rx for a malware related problem (just testing software)

 

What about Defensewall, Hitman Pro and Shadow Defender.
I also use Shadowprotect Desktop on my pc.
Hugger

 

SSJ, I've read over your post regarding the rate of new malware releases compared to AV detections (which, as you said yourself in a separate post, 99% detection is being overly generous), and, though that post may be a very good argument in favor of behavior blockers and HIPS, I still contend that it takes an actual effort to get infected with anything. If you merely secure your browser and keep it patched, don't open unexpected attachments, scan files before opening, and don't click on "alarming" pop-ups and banner ads, you are *not* going to get infected.

We spend a lot of time debating these programs and their usage, and throwing test after test against the latest and greatest malware, but we forget that the extremely vast majority of these infections are the result of another infection, "PEBCAK-itis". For those of you that just went "huh?", it means "Problem Exists Between Chair and Keyboard". No AV, firewall, or HIPS is going to prevent and/or fix that condition. If you do something stupid and click "yes" prompts all the way through, your security setup means jack.

My only real-time is my AV, and I haven't been infected. By infected I mean a virus or malware has actually done something besides sit there. I've had loads of viruses and malware files, but my AV tells me about it and I delete the the problem, they never have a chance. So, yes, if you are talking relying solely on behavior blockers, they ARE enough, if properly understood and used. The only time ANY security software is never enough is when there is not a case of "PEBCAK". If there is a case of that, then there isn't a thing in this world that's going to be enough. So, there's my opinion on the matter.

 

as is with any security product then since none of them will cover everything.

 

As far as many never having ran any security software at all and KNOWING they never got infected, I buy what you are saying, but I don't necessarily buy what they may say. Unless you can analyze files, see obvious signs of pop-ups, redirects and the like and/or know what kind of subtle behavior to be on the lookout for, it's pretty difficult to KNOW you aren't infected with something. That's just my opinion though, maybe these people you know are completely right.

I understand what you're saying about the theory that relying on behavior blocking alone is flawed. But, me, I keep a practical view on things as often as I can. In practice, and with that common sense and basic knowledge that both you and I are necessary, relying on a behavior blocker alone, again, in my own opinion, is perfectly reasonable and adequate. I will say however that I would prefer, with the aforementioned common sense and basic knowledge included, that users rely on a well known, well tested AV over a behavior blocker or HIPS. There is simply just too many ways for behavior blockers and HIPS to be used incorrectly, not so much in the case of an antivirus/antimalware application. Simple opinion from a simple man

Edit: In response to your last post, the problem is "properly configured". Too few of the average population can even understand the prompts from these programs, much less tweak the settings for maximum protection. They end up in more trouble having these apps than they would without having them 9 times out of 10.

 

and

true...but you know ssj that not many are willing to traverse this less travelled road to self enlightenment for it is not an easy ask for some as the time it takes is a deterrent or simple solutions with bullet proof security are sought and advertised.....simple things as stated by dw426 are much needed

 

ok enough of the arguing, lets concentrate on helping the guy not out-smarting the "opposition"
this guy has said he doesnt visit too bad sites, every now and then sees hes got a little malware. hes asking if a behaviour blocker is the answer.

as i said in the previous post i think geswall would be something for that, the only thing reaching your computer through geswall is things you download then then label "trusted" which sounds a good solution.
why do i get the feeling the original poster has given up on reading this thread?

 

Maybe I don't read too well but I don't see any "arguing" in this thread. I personally think we've given him both our opinions, it's up to him to decide where his risks are and if he needs to invest time into a behavior blocker or HIPs application. With the places he lists that he's going, he honestly doesn't need heavy duty protection, plus, he states he's a pretty careful person. Personally, if his machine needs to stay lean for the editing work he does, and he is satisfied that Avira and MBAM are doing their jobs, why clog up extra resources for programs he may not need?

To the OP, yes, in my humble opinion, you're doing just fine with what you have. If you're machine is working good and Avira hasn't been throwing fits about infections, I have a feeling MBAM is catching some pretty mild "spyware", if it's catching real spyware at all. These programs treat system utilities and anything that works deep within the operating system as malicious, so keep in mind MBAM may be catching false positives and perfectly harmless programs that you yourself might be running.

That's opinion though, obviously I wasn't there to see what MBAM caught. I do think though that unless you just feel comfortable doing it, you don't NEED anything else.

 

i'm still here - this is a an excellent education for me and thank you all for your thoughts . when i see those statistics from ssj100 i think the only thing i can really trust is me ! ! i guess that's the whole point . i'm looking at what you've all said and what you are all using . i'm going to begin with trialling one prog at a time with AVIRA as an on demand checkup. i'll try geswall then comodo firewall then drivesentry . if anyone has further thoughts on these choices please do chip in . many thanks madpete

 

I've read now, I agree totally.

 

flawed or not. its worked out for me flawlessly and im by no stretch of the imagination a safe surfer but anything my AV didnt pick up my BB has alerted me to so far.

 

well look at it this way :
1.secure your browser and keep it patched- always keep OS/software etc updated
2.don't open unexpected attachments-commonsense this together with avoiding shady/illegal software keeps pc relatively clean
3.scan files before opening-have a good av+as
4.and don't click on "alarming" pop-ups and banner ads-adblock/disable java script use noscript etc
5.use imaging/backup/sandboxing/virtualising software-most often suggested at wilders
so what dw426 stated actually has deep rationale

 

Agree 100%

 

If you start by understanding the risks, then you can counter them. Its important to focus on this as otherwise you can become confused about all the "solutions" available.

Risks
The risks in my view can be split up into.
1) Malware , which you did not install / run.
2 )Malware , which you did install / run.
3) Malware Threat which does not fall into 1) or 2)

My controls
1) this is also called remote code execution or drive by download.Its the cause of a lot of internet scares.I stop it ( 100% IMO) by a default-deny security policy.

2)I use a combination of actions to counter this.
Trusted download sites , scan a file , run file in sandbox.
This cannot be stopped 100% IMO, given human error.
A BB can help here also

3) Again I use a combination of actions to counter this.
I use Windows FW , a encrypted folder , and a seperate full backup ( image ) of your PC to counter this.
This is v. close to 100% Solution IMO for this risk.

Hope this classification helps a bit and gives you some ideas.

 

If i may jump in here..
Would Online Armor (Paid) with the HIPS and Web Shield enabled provide decent security?
I also have a hardware firewall so I don't need the inbound protection and the HIPS "should" protect anything going out.

 

.

1) Malware , which you did not install / run.
Yes would block or alert on a lot ( say 80% ) of drive by downloads.

2 )Malware , which you did install / run.
Yes, would alert if install program acts "suspiciously" or installs a driver say.

3) Malware Threat which does not fall into 1) or 2)
Less so against this , image program is best here.