Is this software enough?

Yes you can just disbale one of the real time scanners and use the other of your choice. I think some others besides myself would be more fit to answers some of your other questions.

Thanks,

Chris

 

Thanks for the fast reply on answering one of my questions.

dja2k

 

I use CounterSpy, it doesn't slow my system down at all, no noticeable system impact.

Cheers

 

Hi,

I have a very similar setup as yours, except I use ZoneAlarm Pro as my firewall. I think your setup is very strong and should suffice. I have some additional software running, which I will comment on:

1) Prevx Home: I mainly depend upon Prevx to secure my system files. It may happen that I allow a "trusted" program to execute via PG, but then I see that it is doing some nasty, via Prevx, so I get a second chance to stop it. I will upgrade to Prevx Pro when my trial is over since I think it is a darn good product.

2) Ewido: I purchased this product as a real-time trojan scanner before I installed KAV and ProcessGuard. I was having too many problems running TDS-3 Exec Protection. Ever since I created my primary setup (similar to yours), it no longer catches anything. So I run it for peace of mind (and because I paid for it ) , but it is probably not necessary with the software that you currently have installed.

3) UnHackMe: Trying out this program. Seems good, but probably not necessary with PG. Still, when it comes to rootkits, I am especially cautious so I may purchase this program. Haven't decided yet. It all depends upon how its rootkit detection compares to PG's. I don't know at this time.

4) Ad-Aware: A must program to keep your cookies clean. Still the best adware cleaner.

5) Giant AS (now Microsoft): Like Ewido, doesn't find anything anymore. I think that MS has removed alot of the logic that was once there to find cookies (those that Ad-Aware might have missed), and with my primary setup, nothing gets through. KAV actually does the job with spyware and trojans - along with PG and RegDefend.

6) HijackThis: Another freebie that is a must have - as long as you understand what you are looking at. Also scans for ADS, but with KAV 5.0 on your system, it may go bonkers with the KAV ADS.

I am also testing NOD32 and ArcaVir for their advanced heuristics for detecting new in-the-wild viruses and trojans. Both seem quite good, but again probably not necessary with a the primary defense that you have in place.

Hope this helps,
Rich

 

dja2k,

I'd say your are very well covered. Others may differ, but I'd personally base my strategy around KAV/ProcessGuard/RegDefend/ZoneAlarm only on realtime duty, let KAV and MS Antispyware scan off hours on a fixed schedule that makes sense to you, maybe throw in AdAware, and position everything else to be used only on an occasional demand basis when the spirit moves you.

That's close to the scheme I follow. Some differences in detail, but they're minor. My approach is a few good realtime applications augmented with demand capabilities when/if needed. It works well for me. Minimal drag, good protection.

Blue

 

Well I read around people saying that counterspy is a giant\microsoft antispyware rip-off or vise versa. It seems they have quite the same setup, yet I think counterspy takes more resources than giant\microsft. Counterspy takes the cake wasting 38 MB in combined resources. Now with what I have seen, the giant\microsoft doesn't take that much, but it is up there in the nearby numbers too. I did notice people saying good things about the quickness of the scanning on counterspy, yet how does it compare to the giant\microsoft\ewido etc and is the extra MB of usage worth it?

dja2k

 

Has your sertup using Arcavir 2005 as a scanner help find more than what KAV finds. It seems that KAV is real picky on what cookies and temp internet files are viruses and what are not. Makes it confusing to know what to make of those it finds cause other AV's I have used never found that. I was thinking of using NOD32 or Bitdefender as a scanner, but that Arcavir 2005 seems to have good features.

dja2k

 

No, not the case at all, Sunbelt was a partner in Giant, and when this was purchased by MS they still have an agreement in place to be provided updates by MS until July 2007. Further information see Sunbelts FAQ's here.

To Quote from www.WindowsSecrets.com/comp/050324

Looking deeper, you find that the similarity of the two programs is superficial:

1) The CounterSpy installation is larger: 64 MB compared to 14 MB for MS.
2) The files examined by CS are about 62,000 compared to 20,000 by MS.
3) The Registry locations examined are about 12,000 for CS and 8,500 for MS.

Some of the numerical differences can be explained by the fact that CounterSpy detects cookies and MS AntiSpyware does not. But CounterSpy also appears to beat the MS AntiSpyware beta because CounterSpy enjoys access to Microsoft's spyware database as well as Sunbelt Software's own reporting network. This means CounterSpy benefits from the resources of Microsoft's detection methods as well as its own spyware signature development.

There is also a lot of information about the differences in that same Sunbelt FAQ Link.

All I can say is try it out, they have a FREE testing time of 15 days.

I thought it was worth a try, and I’m impressed with it.

Hope this helps…

Cheers

 

KAV, up until now, has been catching everything. It has a really great scanning/detection engine. Here is a discussion of ArcaVir:

https://www.wilderssecurity.com/showthread.php?t=70999

What piqued my interest was its heuristics. I have no idea how it compares to NOD32 at this point, and probably will not know unless a retrospective test is applied to both engines. Others have reported that ArcaVir has caught malware that go passed KAV. I have no doubt this is true. The question is whether such malware can also get through PG, RegDefend and Prevx. My first test of ArcaVir was pretty impressive. It detected "suspicious code" in Security Task Manager and UnHackMe (both were false positives), but I am impressed that it found this code. The developers will probably fix the false positives shortly.

I personally am undecided about whether or not I need a backup AV with better heuristics than KAV. I doubt it, because KAV is updated so frequently with the latest signatures, but you may note that NOD32 did better in the retrospective tests than did KAV. So whether or not there is a hole, depends upon how tight I feel is the protection that PG, RegDefend, and Prevx offer over and above KAV. I personally think it is very tight. I think most others on this forum will agree.

Rich

 

Thanks for the replies. Will try out counterspy and also think of what to use as an alternative antivirus scanner if needed. For some reason, I keep getting script errors on certain IE stuff like LaunchCast radio that doesn't let it run in IE or Yahoo Messenger, do any of you know what can be causing it. I mean the script blocker I have is analogx script defender, but even if I disable it, it still does it and I wouldn't know why its being blocked. Not that its a priority to see why its doing it, but I am just curious.

dja2k

 

What is wrong with Mwav escan in the older version which scans and removes? It is free. Mwav is based on the Kaspersky engine and gets its updates from the KAV site.
I am using it with Bit Defender 8.0 with no problems.

I am very pleased with my setup, and think that the Mwav scanner is about as good as you can get. Others here with much more knowledge and experience may have other ideas.

Jerry

 

For the most part I've used Arcavir as a context menu scanner to referee. While some things get sorted on the NOD32 beta, I've decided to run Arcavir realtime for a bit. It works more than adequately in that regard. Like Rich, I'm attracted to options that appear to have a good heuristic backbone.

I like KAV for detection, user interface, you name it, except footprint on my machines. It's that standing battle of security vs. ease of use/speed/etc. My personal guide - if I find myself waiting (and this is a somewhat vague term) for my security features - it's too much and I adjust.

For scanner, my standard is NOD32/BOClean. I view it as just about equivalent to KAV with less footprint, which suits my tastes. Actually I generally have BOClean with any scanner I use, including KAV.

One other point that Rich made, which is worth restating - KAV doesn't have exceptional heuristics, however it mitigates this gap by having an apparently exceptional response time in signature generation. Remember - it's not how the detection was made, but that it was made.

Blue

 

How do you get NOD32 (which has kernel service and gui startup) to run only as a scanner?

Then if I run NOD32 as active, how do you run KAV (which has more than one service running) as a scanner only?

Also does any one know who to fix\remove the problem of having two identical buttons in the content menu right mouse click like "KAV Scan for viruses" appearing once ontop of the menu and then again in the buttom like if its one for current user and one for all users.

dja2k

 

dja2k,

I've not been able to get this to work with the 5.0 level of KAV, although I haven't tried seriously since the implemented much tighter control on the startup scan which you really couldn't disable in the early releases.

To run NOD32 as a scanner only, just disable everything except the NOD32 modules. The kernel service and GUI are still both present - so yes the RAM foot print is still there, but the modules are disabled.

Basically the same strategy for KAV (at least in the 4.5 level version where I practiced this).

When I played around with this, I generally used msconfig to selectively disable loading of the AV's as this helped during the installation phase. For example, what I'd typically do is:

• Start with a clean slate of no AV's.
• Install NOD32 and reboot
• Disable AMON, IMON, EMON, DCOM
• Reboot and verify that all realtime components are disabled.
• Uncheck the NOD32 kernel service (Services tab) and Control Centre (Startup) entries using msconfig.
• Reboot to verify NOD32 processes are not loaded. We now have NOD32 installed, all realtime aspects disabled, and not loaded.
• Install KAV and reboot
• Disable KAV monitor, startup scan, etc.
• Reboot to verify all KAV realtime aspects are disabled.
• Run msconfig, re-enable NOD32 kernel service and GUI, and reboot
• On reboot, both AV's are now loaded, but realtime aspects for both should be disabled. Check for stability, system conflicts
• To me, if you're running both, it only makes sense to run NOD32 realtime and KAV as demand. Start AMON and look for stability problems. If none noted, enable AMON to be loaded on startup and reboot.
• Again, take time to verify there are no stability problems. If none are noted, enable IMON and reboot.

That's what I did when I was playing with this type of configuration. What I found - and this is an early NOD32 version 2 and KAV WS 4.5 - is that neither AV left anything for the other to deal with.

What I currently have is a two boot partition system with different AV's on each boot partition. I went with two boot partitions to minimize system downtime in the event of problems - some unfortunate events with beta software led me in this direction - if I completely hammer one partition, I can always boot to the second partition and either deal with the problem (usually successfully) or simply stay active until I can properly clean the mess created. If you really want to run two AV's and have a hard time getting them to play together nicely, this is a much more stable configuration IMHO. If you have a couple of reasonably sized physical drives, and keep one installation very lean (OS & major security apps only), it's not a bad way to spend a few GB's of HDD space - again, in my opinion. In principle, for really nasty situations, you can boot to the second partition and treat an infection much in the same way as you would by slaving a second drive from another machine. I say in principle since I've never had cause to do this.

Blue

 

Hi,

When testing NOD32 alongside KAV 4.5 (it also worked with 5.0, though I backed out of 5.0 because 5.0's ADS was interfering with too many of my other security programs), I installed NOD32 with all resident modules turned off. You can do this by using the custom install option. NOD32's kernal is still installed at start-up (I couldn't figure out how to suppress this), but the resident monitors did not start-up and worked freely with KAV on my machine.

When I wanted to scan with NOD32, I would turn on the resident monitor, turn off KAV 4.5's resident, and then run NOD32's scan. Pretty straight-forward, if you can afford having NOD32's kernal loaded. During my tests so far, there has not been a case where some malware has seaped through KAV and caught by NOD32. Given my setup (with PG, RegDefend, and Prevx) and my surfing habits, I would expect the chances of this being pretty close to zero. But I will say that even with reasonably conservative surfing habits, there has been occassions where I was Googling and accidently hit a site that tried to give me a nasty - so I am a big fan of strong security even if a user has conservative surfing habits.

Rich

 

Thanks for the replies again. Will see if what I have is enough now that a changed a couple of programs due to your advice. If I find that KAV is not completely working in catching viruses, then I will consider a dual AV setup, but not now. At least I know now how to set it up thanks to you guys.

dja2k

 

Hey Blackspear, I purchased counterspy after all and its running fine. I did notice that two of the scanners are disabled by defualt and didn't know why. I don't know if I should turn them on or not. The two scanners that were disabled are under Application Monitors - Process Execution and Script Blocking. I do know that I have AnalogX Script Defender on, but is that the same thing as the Script Blocking from Counter Strike? I would also asume that the Process Execution is about the same thing as Process Guard. So with that, should I leave them on or off. Also is there any other protection you turned off due to having another external program doing the same thing so there wont be confilict?

dja2k

 

By default mine are the same as well, and my system is set up very tight, so at this point both are staying as is, and I think you can leave them to.

Hope this helps...

Cheers

 

Much help, thanks. Does anyone know what is winpcap? I found a folder with it in my Program Files and don't know what it is and what program uses it. I did find out the webpage at http://winpcap.polito.it/news.htm , but still don't know what the program does or why it got installed.

dja2k

 

Just as a note, the steps on http://www.markusjansson.net/exp.html make it impossible to browse the web freely. It causes a lot of script errors and makes some websites not work.

dja2k

 

Here is what I have. Is it enough?

Windows Home Edition with SP2

Spy Sweeper(Webroot)
Microsoft Antispyware Beta
AdAware
Spyware Blaster
Spyware Guard
Win Patrol
Hijack This
cCleaner
AVG(free)
Firefox
Adobe Reader

I am on dialup and do have the Windows firewall with SP2. I know that it protects only one way, but have tried various firewalls and also the one that came with Norton Internet security 2005 and have had trouble accessing certain sites even when disabled. I uninstalled Norton because of the firewall. There was no way to just uninstall it without uninstalling the whole thing.

I don't feel a need for a firewall since I am not on all the time.

 

It is fairly good in regards to Spyware. It lacks a firewall, I would suggest trying ZoneAlarm (FREE), and you might like to take a look at your Hosts file which will give you a degree of protection if you choose to 4x4 across the internet..

It has nothing to do with how long you are on, 8 seconds was the recorded time to infection in a recent BBC video. I would definitely install a firewall so that you know what has outbound access to the internet.

Hope this helps…

Cheers

 

Yes.

No. This is closer to tea-timer's secondary function of blacklisting known spyware processes. If a process starts that matches one in the database , it will be stopped.

CS's script blocking versus Script defender - I would rely on scriptdefender, espically if you have added a comprehensive set of extensions to monitor.

You might consider turning off monitoring of startup files and startup registry files, if you have something more capable monitoring them [Regdefend, PrevX, SSM's plugin, MJ registry watcher etc].

I personally leave monitoring of Internet explorer settings to it though.

 

Thank you Blackspear. I had Zone Alarm once and it kept blocking MSN Messenger which I have to have as I have MSN 9 , so I uninstalled it. I will try it again.

About the Hosts File. I am kind of a dummie and don't know where to find or absolutely nothing about a hosts file. I do know in Spy Sweeper when I click on hosts file, there is nothing there and Spy Sweeper tells me that it might have been hijacked. I really don't think it has. Where and How do I find my hosts file on my computer ?

Thanks

 

My pleasure

When Messenger asks for access to the internet place a tick in “Remember this setting” and then click “Allow”.

When Messenger asks to be a Server, place a tick in “Remember this setting” and then click “Allow”.

Now ZoneAlarm will not bother you again regarding Messenger, unless you update Messenger to a new version at some point in time..

Just make sure you know each and every program that wants access to the internet, and if you are not sure, ask

More information at Bluetack.

See here.

Cheers