My final setup - I hope. Suggestions?

Discussion in 'other anti-malware software' started by kdm31091, Nov 11, 2006.

Thread Status:
Not open for further replies.
  1. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    I used to, and to a degree still have this obsession where I constantly trial, uninstall and install security products. However I hope to have found a good, light, minimal combo that is still very secure:

    Avira Security Suite
    Spyware Terminator
    GeSWall
    (that's it for realtime!)

    and A-Squared free On Demand.

    Anything I should really consider adding for more protection? Any free hips that have good registry protection (besides SSM free)? Or any products I should add in general?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    seems like a good setup to me. will you use ST's builtin HIPS?
     
  3. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    Sure, if they provide good protection.
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    The biggest concern I would have with any suite is the firewall.If that passes Shields Up,you should be good.
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    That´s a common misconception. Your aren´t really stealth on the net
    Your IP isn´t hidden. Shields Up tests only reports if you respond(close), not respond(stealth) or accept(open) to certain packets
    Your door may be closed and locked but it doesn´t mean that it doesn´t exist ;)
    Hope that you understand me
     
  6. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Obviously not otherwise Shields up wouldn't be able to tell you what it could see, your IP address always has to be out there somewhere, otherwise nothing would be delivered. I don't think that is really the point of it. The point is that various ports that trojans and the like are looking for are not visable.
     
  7. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    So GeSWall, Avira Suite, and Spyware Terminator w/ HIPS is fine? Along with A2 on demand?
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    yup u should be well protected.
     
  9. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Exactly.
    I look for "stealth" or no response.
    Of course these ports exist.Whether or not there is a repsonse is the issue that matters to me.
     
  10. herbalist

    herbalist Guest

    Do any of the apps you list have any registry protection? If they don't and you don't want to resort to SSM to get it, take a look at RegistryProt. It doesn't cover all of the registry but does watch the autostart sections in real time. It's almost no load on a system at all. MJRegistry Watcher is more comprehensive in its coverage but works by polling the registry. Depending on the polling rate, it can load a system, especially an older one. Before finding SSM, I used RegistryProt and was quite happy with it, even though it was limited in its coverage.
    Rick
     
  11. betauser2

    betauser2 Guest

    With that kind of "obsession" you will find it difficult to stick to any combo :shifty:

    ST's startup shield covers that, but you knew that ;)
     
  12. herbalist

    herbalist Guest

    Didn't know that. Never tried ST. The initial post led me to believe there wasn't any registry protection in KDMs setup.
    What fun. I'd make a copy of my base system, no security-ware installed, and reload it whenever that obsession got to me. That way you won't end up with a bunch of leftover files and registry entries.
    Rick
     
  13. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    I've used both Regprot and MJ in the past. SSM's registry protection was too weird for me. Should I use MJ?
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    MJ is a poller whereas SSM hooks the kernel -- that method is much faster at detection than polling, & less easily deceived. Ghost's RegDefend is another hooker -- good at its job -- & might be more to your liking than SSM for registry protection.
     
  15. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Well a note here, the SSM free version (also the ones used by SSM supporters on win98 ) poll the registry only right?

    Personally I think ST's HIPS + GESwall is sufficient. As mentioned ST's shield does cover the registry and not as a poller. Not as flexible as the other registry defender's mentioned though, but who cares?
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Well very soon we will find him posting periodic updates at the What is your security setup these days? lol

    That's what distinguishes the real members from the fake ones. If you don't change you security setup once every week, there is something really wrong.....
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    :D :D :D

    hmm that reminds me, im overdue on changing my setup but what to add/remove o_O o_O
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    KDM,

    There has been a security advice for PC home users of my company.
    For the people with stable "installed" programs and not wanting to answer pop-ups (or having enough knowledge ansewring teh question), the setup adviced for high risk surfers was:
    - inbound firewall of Nat router only
    - Antivir free (blacklist + some heuristics)
    - CyberHawk (behavior blocker)
    - Spyware Terminator (IDS + application monitor when HIPS enabled)
    - BufferZone free for IE or FF

    In your setup BufferZone can be replaced by GeSWall (much lighter on resources, only policy restrictions).

    For my wife's PC (because she also buys a lot of music from a music site which only works with IE because it needs Active-X, and uses limewire for for download of older songs), I use the following setup:
    - inbound firewall of Natrouter
    - Antivir free
    - CyberHawk
    - DefenseWall (paid)

    In this setup you can replace DefenseWall by GeSWall (works both on policy restrictions, GeSWall is a bit harder to configure). I think ;) she is a safe surver. I have not found any, any malware with AVG-antispyware, Spybot, Ad-aware on demand scans in the last 6 months (since she has this setup).

    On my own PC I run
    - Natrouter inbound firewall,
    - Antivir free
    - CyberHawk (replaced SSM in favour of CyberHAwk recently)
    - GeSWall free

    I do some security testing for fun, but roll back to a clean state from external harddisk every now and then, so my PC also being 'clean' from scans is arbitrary.

    Regards Kees
     
  19. herbalist

    herbalist Guest

    SSM stopped using polling on all the modules many versions ago for Win98. Even on 98 systems, all of SSMs protection is real time. Not certain about the services module on NT systems with the free version.
    Rick
     
  20. herbalist

    herbalist Guest

    Other than updating (manually) to new releases of software I already use, my base security setup hasn't changed (on my primary system) in almost 2 years, save shutting down the resident AV. For those of you who can't seem to decide what you want to use, I do hope that you're removing all the leftover registry entries and files that are accumulating in your systems.
    Rick
     
  21. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    You sure about that? Have you tested it?

    For sure the free version is polling on XP. A simple check with regmon proves that.

    The full version of SSM doesn't work on win98, so the version you are using should be the same as the free version right?

    It would be strange if SSM is hooking on win98 and polling on win xp. Or perhaps what I said joking is true, SSM works better on win 98! lol.
     
  22. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Well to be fair you are on win98, your choices are more limited, lots of HIPS don't work there. So you got less temptation than the rest of us.

    Why? I got lots of space.
     
  23. herbalist

    herbalist Guest

    Yes, I'm positive. http://syssafety.com/releasenotes.html?pid=80#SSM200build555
    When SSM used to poll, I could see the spikes in CPU usage caused from it. They've been gone for a long time. I've set all of the modules on mine to block changes. When I try to make a change in any of the areas covered by the modules, I get an instant popup. I'm pretty sure that the polling is removed for XP as well, with the possible exception of the services module. I'll be making a trip over to a friends where I've installed SSM free on her XP unit and I'll verify the services module. Yes, 98 can only use the free version, but it's more than sufficient to make it nearly bulletproof.
    Maybe so, but why clog up your registry with unused entries. They can slow down your system and even cause conflicts in some cases. Too many of the uninstallers don't remove everything. It's up to you of course, but when I test new security-ware, I install a basic system that hasn't seen any security software and install on that. Far less problems in the long run. If nothing else, use a snapshot utility like Inctrl5 to monitor what both the installer and uninstaller do and manually remove the leftovers.
    As for the temptation, that may apply to HIPS but there's plenty of other security software that runs on 98. Used to test anti-spyware apps all the time, but concluded that most of them are not worth bothering with.
    Rick
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    From a software developers point of view it makes no sence to use 2 different techniques. This implies that you have twice the maintenance effort. It is hard to imagine a business model using two techniques especially when one of them is freeware. It makes more sence to have a modular software architecture and disable modules in the freeware version. Another apporach could be a release backlog (paid version is always a few releases ahead of the freeware version).

    In other words I think Herbalist is right
     
  25. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    kdm31091. Do you need Spyware Terminator with Avira Security Suite since it already includes Antispyware protection. I use AVG 7.5 Internet Security Suite which also includes Antispyware protection, but no other Realtime Antispyware. I also have had a slight obsession like yourself, and am still considering using either Cyberhawk or Arovax Shield again. I have WinPatrol Free running now. I'm not sure I need as much protection as CH offers, but the new version of AS which will soon be released may be a better alternative than WP free. I love ST, but like I said I already have Antispyware protection in AVG ISS, and don't see a need for it. (although I miss it because of my obsession. LOL). My on demand is also a-squared Free, which is a good choice I think.
     
Loading...
Thread Status:
Not open for further replies.