Is the "AV" still the cornerstone of a security setup?.

And, IMO, they _should_not_have_ to use different programs That's the target security program vendors should set for themselves.

 

What is SU/DF? Seems to have something to do with pharmacology?

 

--Yes.

 

SU- shadowUser
DF- DeepFreeze

 

LOL, with all those abbreviations it seems to get really hard to understand certain posts.

For me my antivirus is essential.
Not because I don't have other protection, but because it protects my surfing, my incoming mail
and keeps my system clean.

Besides I also use the antivirus provided by my ISP, but a few days back KAV caught one which got through.

I wonder what would have happened if I only had their antivirus for protection.

Wouldn't want to be without one, so it's definitely a very very important layer to my security.

 

I think that for the average user the AV will continue to be the cornerstone. He, the average user, has little interest in security software as such, and will not ever hear of the programs used here.
To a degree I am in that category. I read of so many security programs, and the problems associated with some of them that I have no interest in even trialing them.

If the best AV, AT, Firewall, and AS doesn't do it, then I will be in trouble. I do have Win Patrol, Snoopfree, and UnHackMe.

Jerry

 

That's not really a virus/trojan - KAV is simply detecting a phishing email. I see these all the time. Whilst KAV's detection may not be technically correct, there's no denying that it's good they are detected or flagged as that will certainly help prevent some unaware users from falling for them.

Interestingly, email clients such as thunderbird now detect these as "scam" emails in much the same way it filters "junk" emails. Thunderbird appears to detect ANY email as possibly a "scam" if it contains a link to an IP adress rather than a domain name, or if the link text doesn't match the domain it points too. Simple, but effective, until the phishers change their routine.

Ned

 

I don't agree entirely with this and alot depends on what kind of user is behind the keyboard.
So I can only speak for myself.

IMAGE BACKUP/RESTORE
I consider IMAGE BACKUP as a necessity to survive.
Losing my system partition isn't a disaster, because I can re-install it from scratch.
Losing my personal partition however would be a disaster for my e-life.

1. There is always a group of legitimate softwares, that I need to do my job or hobbies. This is my basic system setup and that's the one I need to backup to get back in business in no time, without re-installing everything from scratch.

I will install this basic system setup OFF-LINE, so that no infection is possible from the internet.

I also have to separate my basic system setup from my personal files on a second harddisk and NOT on another partition of my system harddisk, like other people do.

I also have to add my personal settings for Windows and each software, because I don't want to lose these settings.

2. Once I've done all that, I create an image backup of my system harddisk on an external harddisk,
- not on a second internal harddisk, because that harddisk will be on-line and vulnerable.
- not on a second partition of any internal harddisk, because that partition will be on-line and vulnerable.
- not on a DVD/CD's, because that storage medium isn't technical reliable enough for harddisk backups.
The only advantage of DVD/CD's is that they are removable and not on-line or vulnerable.
Cheaper isn't an argument for me, because not able to restore from a DVD/CD will cost me alot more.

The final result is the CLEANEST and SAFEST system image backup, I can get and nobody will be able to compromise this backup, because my external harddisk will never be on-line.

If I ever decide to ADD another legitimate software (which I really need), I will always restore my clean system backup FIRST, then add the new software off-line and create another clean backup. The same procedure for uninstalling these softwares.

I don't consider this as discipline. It's the SAME standard procedure for all legitimate software, I really NEED to do my job or hobbies.
I admit, it's slower, a bit cumbersome and requires patience, but I don't care about that, because my backup is my very last hope to save anything in the worst scenarios caused by technical failures or destructive malwares, except VERY RARE hardware viruses of course.
I won't use that procedure for trying other softwares, I have another solution for this.

So my image backup/restore will be 99% safe, if I do it this way and I keep 1% for :
- Crashes on my external harddisk.
- VERY RARE hardware viruses.
- Unexpected bugs in my image backup software.

3. One of the most important things to test is the RESTORE of an image backup.
I've read posts at Wilders and other forums, where people said "I did a backup, but I never tried the restore."
Don't they trust their own backup software or what ?
I'm not going to backup my harddisks and discover weeks later, that my restore doesn't work.
I won't make that mistake, I will backup and restore over and over again until I'm satisfied.

Paranoid2000, it is now up to you to criticize my approach with all your knowledge and experience and to tell me what is wrong with my reasoning and what did I miss and what I have to do about it.


SNAPSHOT SOFTWARES (FD-ISR, ROLLBACKRX, ...)
1. I don't consider SNAPSHOTS as a necessity. They are just very convenient and faster tools to restore my system partition after a surfing session or fooling around with beta-softwares or trying any kind of software out of curiosity.

2. SNAPSHOTS however work only on internal harddisks and are on-line all the time and that makes them vulnerable for possible malwares in the future. It didn't happen yet AFAIK, but every software is vulnerable.

3. SNAPSHOTS are worthless when your system harddisk crashes.

4. If it is technical possible AND without restoring problems, the snapshot software and the very first snapshot only, will be a part of my IMAGE BACKUP.
Any other snapshot after that will NOT be a part of my system image backup, because of possible infections.

5. If it is not technical possible OR with restoring problems, then the snapshot software or any snapshot will never be a part of my system backup.

 

I don't understand your question. Many members ask questions, before doing anything.
I know already that my way of SYSTEM IMAGE BACKUP is possible.
If you are able to tell me, what is NOT technical possible in my thread, than I will listen to you.

I want my SYSTEM IMAGE BACKUP as perfect as possible, because I don't want an infected SYSTEM IMAGE BACKUP.
I won't execute a SYSTEM IMAGE BACKUP, because my scanners didn't find any threat. Such a backup is not reliable.
That's why I will do it differently and ask Paranoid2000's opinion.

 

ErikAlbert,

Taking image backups is certainly an important step and can be a lifesaver for events like disk failure. There are security benefits also in having a "known clean" setup but they should not be relied upon exclusively (to the point of not using firewalls, anti-malware scanners, etc) since they can fail in the following cases (your post did mention using scanners - if so, these are far less likely, but I am listing them for the benefit of others considering this approach):

• Software with hidden capabilities - what happens if a legitimate program is added that later turns out to contain malware? Examples include a trojan/rootkit, over-zealous copy protection (e.g. StarForce) or phone-home software - it is not easy to identify these without using and monitoring the program over an extended period. Even programs downloaded from a legitimate source (e.g. the vendor's website) could contain malware if that site was compromised. In such a case, this install may be copied onto the off-line system backup before being discovered, requiring a complete rebuild.
• Malware hidden in data - if all documents are in a separate partition, one possible infection route that remains even after clearing/restoring the system partition is with data containing malware (e.g. a Word document with a macro virus or an image containing an exploit like the recent .wmf one). In this case, restoring the system partition would result in re-infection if the document in question was re-opened.

An off-line system partition which is restored regularly does, as you note, make software installation more time-consuming. This would also apply to program/security updates.

Separating programs and personal data is a good move in that it makes regular backups easier (personal data which changes more can then be backed up more often) though identifying program/Windows settings can be a challenging job, even for expert users - some programs use Registry settings, others have .ini files or files in the user Application Data/Local Settings/My Documents folders (you may noticed some program settings being reset after a system partition restore).

Keeping "known clean" copies is important also for "last resort" installs though I would suggest you reconsider CD-R/DVD-R for these cases, simply since they are write-once media (which should protect them from any future infection attempts) which could also include any available security updates for the programs concerned.

I would therefore suggest something along the lines of:

• weekly/daily backups of the personal partition (keeping as many previous copies as your storage allows - at least consider ones from the previous week/month/year);
• weekly/monthly backups of the system partition (in practice, doing a backup before a new software install or major upgrade may be an easier option);
• storing downloaded programs and updates on write-once media;
• using a limited user account for normal work and set NTFS Write permissions to Deny on the system partition (this should prevent any non-admin software from making changes there, removing the need for regular restores from an off-line copy);
• consider an off-site backup of critical data (in the event of fire/theft resulting in the loss of on-site backups) - either with media physically stored elsewhere or via an Internet "storage vault" service.

 

well put Paranoid2000

As a side note and hope not too far off topic. I have found autoruns to show most CD protection drivers. I have not tried it on the last Sony onee yet although I do have a neil diamond CD (paid for) with that protection on it.
It finds Tages safedisk.
Do you know if it finds hidden drivers?

thanks

controler

 

What's that ... a program that's a jack of all trades and master of none?

Sure it'd be nice to run just 1 security program which secured us from everything and anything, but that's more fantasy than practical reality - there is no single program out there which will secure you from everything. A layered defence is generally the strongest (you know what they say about throwing all your eggs in one basket).

Best regards,
Wayne

 

Who are you replying to? Why does it just say "quote" and not the person you are quoting?

 

this person

 

In my opinion....yes the antivirus program will remain the cornerstone of a PCs defense. Cornerstone doesn't mean "the only and only thing"....it means more of "one of your major components, if not the major component"....but if you're talking components....that means several different items.

Antivirus programs, well, most of the better ones, are evolving lately...from being just "anti-virus" like they were a few years ago...to more of an "anti-threat" program (to borrow a phrase from Eset) . They are evolving from just detecting viri and worms, to also detecting adware, spyware, and related trojans, keyloggers, and other types of threats.

Other components of your PCs protection should be things like keeping behind a NAT router, keeping up with your windows updates, not leaving your Administrator password <blank> (so many people do not follow this ), using another anti-ad/spyware program or two..such as Spybot, Defender, etc. A software firewall is helpful for some users, alternative browsers helpful for those who frequent bad websites, etc etc.

Anyways...to me, asking if your AV is still the cornerstone of your PCs defense, I'm assuming this applies to the general computer user, and I'd say "Yes".

 

Prevx1 is more feasible as an AV replacement because it adds similar functionality, however the staff does still generally recommend that you use both, at least a freebie like AVG.

 

Yes!!! I believe for ordinary home users Anti-virus was still the cornerstone of a security setup, and still many could not live without it.

Anti-virus of today I think is much more advanced and more fully featured than before. It can detects not only viruses but also some spywares, worms, trojans and malwares.

 

Paranoid2000,
Thanks for your instructive post, some of the points were new to me. That's why I asked for your opinion. I knew in advance I missed some points.

 

Yes Wayne, you, I and a lot of Wilders regulars know that. But Joe average doesn't know, and doesn't want to learn this.

An integrated security product is the way to go for these users. That's what I meant.

 

On XP SP2 a blank Admin password is safer then an weak one. Blank passwords block deny log-on to the machine through the network.