Discussion in 'other anti-virus software' started by nixie21, Apr 7, 2007.
What other security (if any) apps, do you run with the suite?
realtime for me is just kis6.0 all modules enabled,MVPS hosts file,nat router and spyware blaster.
i have a prevx1 license but im saving that for the pc im building for myself soon. i use superantispyware and spysweeper as on demand.
Realtime Kis 6.0, Prevx, SpywareBlaster and nat router.
On demand Superantispyware and AVG antispyware.
just kis is all you need,
however, id always recommend a NAT firewalled router, this is my best buy to-date.
How do you use the application integrity control in KIS? I know you need to answer a lot of pop ups, but it will NOT allow firefox to open, it will not even prompt me! I was able to open IE...
I do have a router firewall, mvps hosts and spyware blaster...
your setup is fine.
just add superantispyware for on demand scans e.g. weekly
I answered the pm.
kis.6.0 spywareblaster with custom blocking list superantispyware.sandboxie.and.powershadow.
but iam going to take superantispyware off i never get spyware running sandboxie....
I look at it this way - what is it that KIS/KAV seriously lacks in its PDM defence?
The answer to that is the all important 'execution' protection in relation to any new executables seeking to start running on your system. At the moment KAV's Application Integrity Control can only guard against execution by known progs, thus a 'drive by download', not recognised by the web or file scanner, can get running before KAV takes action; in some circumstances this could be most unsatisfactory.
So you can forget all about demand scans from this or that scanner, these aren't going to help you much; what you really need to do is install Process Guard which, together with KAV's PDM, will give you a formidable level of protection. (Unless you are using Vista, in which case PG would not be appropriate).
What is PG like? Are there a lot of pop ups? resources? thanks...
IMHO TopperID is quite correct KIS with PG to cover the only hole that I can see in PDM is a good combination. I understand that Kaspersky may be working on a Process Guard componenet for PDM but this is only hearsay...but it would be good if they really are.
Again, IMHO the Application Integrity Control componenet of PDM can be a little over the top in terms of popups and the like. I am still to decide whether to run it permanently as it seems to cause spikes in CPU usage.
The only down side to using PG is that it does not appear to be being developed as its makers seem to have disappeared. SO I am looking for a replacement long term and am currently waiting for the release of Online rmor 2which does have such component, appears to be highly configurable interms of what you can use/not use and seems less technica/more user friendly than SSM or ProSecurity which also both offer Process Termination protection, etc., but also overlap alot with PDM.
In terms of running PG you set it off initially in Learning Mode so that it learns about your habits, etc. and then you switch Learning Mode off and it will notify you based on process-related activity that is either new or that you have not created a rule for. Very nice and easy to use.
I also have SpywareBlaster installed and regularly updated. A must IMHO.
Finally, in terms of on demand scanning/protection I use SuperAntiSpyware (Free) & Spyware Terminator (also free) to carry out antimalware scans, as a back up to KIS/PG.
Hope that helps?
instead of p.g i would use a anti-executable.
Right now I'm using SSM and I have AIC turned off in KIS Proactive Defense. So far I like this setup.
Yes, but the question is which one as there are a number of applications that have such a feature. PG is relatively simple to use IMHO; SSM & ProSecurity are not. BUt I would suggest that you trial them all and see what is good for you as they all do the job.
i also have ssm paid installed or i would be using faronics anti-executable...
Depending on what I do, i may run AVG AS with the Resident Shield on. Besides that, I use SUPERAntiSpyware and Ad-Aware as on-demand scanners. I ditched Spywareblaster some time ago, didn't see much point in using it since I use Firefox with some extensions.
SSM and ProSecurity are overcomplex and unnecessary for anyone running KIS's PDM. PG is much simpler to get to grips with and is unlikely to be beaten in any case - it'll stop drive-by trojan DLs dead in their tracks; indeed some of the nastier malware specifically checks a machine before running and if it detects PG is on the machine it will abort installation immediately, because it knows it cannot beat PG and does not want to get 'captured alive' and analysed.
The only thing you do need to remember is to set all progs that can be used to run other progs as 'Permit Once' in PG's Security section, else they could be exploited to run alien executables. This list would include things like:-
Other candidates include regedit.exe and taskmgr.exe, but it would depend on how often you use these; if you don't care for the pop-ups then Registrar Lite and Process Explorer could be used as alternatives. Actually I've made copies of the former two, together with others like cmd.exe, msconfig.exe etc, and renamed them and pasted them to a new location; I'm able to run the copies from shortcuts while the originals are tied up in security! (The copies should not be exploited because the name and file path are not what malware would be looking for).
You can do the above in KAV's Application Integrity Control also, but you should also set to 'Prompt' a lot of other exploitable progs that you know you don't need regularly, such as tftp.exe, ftp.exe, telnet.exe etc (KAV's AIC has a list of these progs).
If anyone has disabled KAV's AIC 'cos they are fed up with the pop-ups, I would recommend disabling module loading protection (by setting the Content Modification column to 'Allow') and at least obtaining the benefit of 'Child process' and 'execution' protection. You just need to remember that any prog set to 'Allow' is not being monitored, so to get max protection you need to set as many progs as possible/appropriate to 'Prompt for action'. Of course there are plenty of progs that may be missing from the AIC list that need to be added for proper protection (eg ntvdm.exe, javaw.exe etc, etc).
With PG things add themselves to the list during the 'learning' phase, so it is easy peasy to use.
KIS, a nat router, and Boclean, just in case. I think that's more than enough.
Not if you want to stop a zero day exploit it's not.
What happens if you hit something new? BOClean won't help, nor any demand scanner, because it's unknown malware; and the router won't stop it.
In that case you'd be relying on KAV's behaviour blocking capabilities, but you'd be in a much better position if you could stop the malware from executing in the first place; that's where PG comes in.
Why risk having system files corrupted and unprotected areas of the Registry destroyed, when you could prevent this by using proper execution protection?
OK, I accept that statistically you'd have to be very unlucky to be hit by something new - but it does happen, so why take the risk?
Run KIS (with ProactiveDefense's ApplicationActivityAnalyzer + RegistryGuard enabled, no ApplicationIntegrityControl or OfficeGuard)
Sometimes use Sandboxie when going onto dangerous sites
No other real-time security software running.
Use the following free products for On-Demand scans once every few months, but all they've ever detected is tracking cookies because KIS intercepts all the malware... better to be safe than sorry still i say!:
Maybe SuperAntispyware on demand
KIS is all you need
Currently, running KIS 6.0.
With SUPERAntispyware on-demand and Counterspy daily scan when I am asleep.
take a look:http://www.zdnet.com.au/blogs/disasterrecovery/soa/Too-much-security-leads-to-insecurity-/0,139033346,139250070,00.htm
Cadoul from France
nice post cadoul,
i would never ever ever ..ever used all these security programs together, one should be enough, if its not .. you clearly dont trust it, so you should ditch it anyway.
also, the cost... sure there are free ones out there, but the best ones are always paid.
also, the added maintenance of each program and the fact that it exists when not needed on your machine, using ram and cpu usage too.
just seems all pointless to me, i for one... will not be surprised for any comments about problems if they do this.
Separate names with a comma.