My Security Setup, Can Anything Bypass It?

Discussion in 'other anti-malware software' started by J_L, May 21, 2010.

Thread Status:
Not open for further replies.
  1. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Network Protection:
    Linksys Router with SP1 Firewall
    OpenDNS Free (Phishing and "Basic Malware/Botnet" protection enabled)

    Real-time Protection:
    Comodo Internet Security (Firewall+HIPS+Sandbox)
    Microsoft Security Essentials
    Immunet Protect
    WinPatrol Free

    Passive Protection:
    Windows 7 UAC (no prompts, thanks to UACTweak. Everything else is enabled: default drop rights, File & Registry Virtualization, etc.)
    Disallowed-by-default Software Restriction Policy
    SpywareBlaster

    On-demand Scanning:
    A-squared Free
    Comodo AV
    Malwarebytes' Anti-malware
    Hitman Pro
    Sophos Anti-Rootkit
    SUPERAntispyware
    Trend Micro Housecall

    Firefox Add-ons:
    Adblock Plus (Malware Domains subscription)
    LinkExtend
    NoScript

    Others:
    EULAlyzer
    HiJackThis (+ http://www.hijackthis.de/)
    VirusTotalUploader

    Updates:
    RSS Feeds: Freeware Guide, Fileforum, FileHippo.com, Freeware Files, kaldata.net, MajorGeeks.
    KC Softwares SUMo

    Virtualization:
    SandBoxie (+ DropRights)
    Vmware Player

    System Backup:
    Paragon Backup & Recovery 10.1

    Every other security features on Windows 7 Pro 64-bit (excluding Windows Defender and Firewall) are on default.
     
  2. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    560
    The list is useless if you don´t explain how you use that software.

    I use Deep Freeze + Sandboxie and I execute over a thousand malwares every week and I don´t get infected. You should think about that.
     
  3. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Listen to this guy and keep it simple!!!! Dont clutter up your hard-drive full of programs / software you dont need.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    CIS (excl. AV), MSE, IP, and WP are all active all the time.
    UAC is as well, without notifications.

    CIS Firewall and Defense+ levels are on default (Safe Mode), except they monitor everything except for NDIS. Also Alert Frequency is on Medium. I use My Own Safe Files for every software I trust.

    MSE and IP are on default, with some exception rules for other security programs. WP is on default.

    SRP only allows Program Files, Windows, Standalone Files (exe without installers), and RamDisk. It uses the default designated file types except for .lnk

    SandBoxie is mainly used for my Web Browser and testing untrustworthy software. VMware is used instead if SandBoxie doesn't work (like for some installations) and compatability reason (XP Mode).

    I use Firefox as my main browser, with AdBlock Plus filtering junk, NoScript blocking all kinds of scripts unless I allow them, and LinkExtend determines the safety of the website I'm on using Web of Trust, McAfee SiteAdvisor, Web Security Guard, Browser Defender, Norton Safe Web, and Compete.

    Any new file I don't trust will be sent to VirusTotal, if they're too big, they'll be scanned by my on-demand scanners. EULAlyzer will also be used.

    I check my RSS feeds daily.

    I do full scans (excl. Personal Media / Backup folders) with all of the on-demand scanners pretty much every week. Also use SUMO to check for software updates I missed.

    I back up my system partition and boot sector every month, and use differential backups every week. The archives from this and previous months are kept.
     
  5. No offense, but that really looks to complex and quite resource intensive.

    Don't you think this is an overkill on Website Advisories?
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
  7. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    560
    If you browse using Sandboxie and test untrustworthy software in VMWare, I don´t know why you have so many security solutions installed.
     
  8. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    And your computer still boots. :eek:
    Keep it light and simple. World war 3 is not going to happen to your computer!
    My god! lol :D
     
    Last edited: May 21, 2010
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Nothing is perfect :p
     
  10. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    @J_L,

    Hi mate. Well believe me, I change my security setup many, many times within a few months. Looking for the BEST! The BULLETPROOF!!! But really, you should first step back and ask yourself "What sites do I browse? Do I use P2P...etc.". At one point I had all this cool security software 'n all that jazz, spent weeks setting it all up, bogged down my PC quite a bit but heck, what did I care?. Then one day I took a step back and looked at all the things I had, and asked myself "do I really need all this?".

    If you are a casual web browser like myself, and only hop on Gmail, YouTube, Wikipedia, CNN, Wilders, Facebook. Then you are really, at minimal risk.

    But lets not say throw everything out the window. With COMODO's Firewall and D+ you'll be covered with a "whitelisting" type layer of security, which as most of us know is VERY effective. Afterwords setup a good antivirus, perhaps a sandbox, and you are now the farmer with the rifle.

    But nevertheless, it all boils down to our little think-box to keep us protected, the best anti-virus out there we can find in our melon. So, to conclude... Comodo + a good antivirus + a sandbox, good host file, and maybe toss in a scan from MalwareBytes once a week, and you'll be fine mate.

    Cheers! :)
     
  11. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    well his setup is just above average.

    he have 4 realtime app running...


    but he's got damn long list of on-demand scanners... paranoia? :doubt:


    MY SUGGESTION?:
    DUMP CIS4 or Immunet Protect + Winpatrol
    Replace it with Prevx SafeOnline Free or Trusteer Rapport free.
     
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    The apps in my siggy have seen me through gigs of malware samples. KISS ;)
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Of course my Computer boot fine, in fact it's much faster than the average Joe's.

    As for resource intensive take a look at this:
    1.45 gb out of 4 gb used. Plus, that's with Firefox and a 512mb RamDisk.
    System Disk Space: 15.8 gb out of 33.5 gb. Most of it is winsxs.
    Dual-core Processor, ~5% used in background.

    P2P, W@rez, etc. That's pretty normal for me. Except I only trust getting media off of them, and maybe a few little things to try on my virtual machine..

    I don't really do banking or stuff like that, still a teen. So SafeOnline and Trusteer Rapport aren't that useful.

    As for all the on-demand scanners.. Well I've gone through a LOT more than that. Kept these because they don't come with useless features, most (excl. 2) can do right-hand scanning, and they pretty much detect different things.

    Maybe I'll get rid of HouseCall, its scanning takes forever.. Plus it doesn't have right-click. Need some more info about its detection.

    I'm not really looking here for suggestions on my setup, but more for if there are any risks for me.
     
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Maybe... I think they're called Zero-Day MALWARES or so... :D
     
  15. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    Yes risk of conflict.
     
  16. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Guys, he doesnt want suggestions...
    He's concerned if there's anything that can bypass his setup :D


    OBVIOUS ANSWER: YES! NOTHING IS 100% PERFECT, Does that enlighten you J_L?
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I doubt Zero-Day Malwares will matter much with Cloud AV, Virtualization, Whitelist, and HIPS.

    WinPatrol is more for pesky Ask-toolbars and the like. Too lazy to use CIS fully monitoring installations..

    As for risk of conflict, please elaborate.

    Yes nothing is 100% perfect, but I want more details than that.
     
  18. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    There's the answer to your bypass.
     
    Last edited: May 21, 2010
  19. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    details? wait. What? you want to talk about actually bypassing your setup?
    you want us to give you what a zero-day malware would actually do to you?

    sorry I'm not an expert in writing malware nor am not a prophet to know what zero-day malware can do in the future.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Fine then, the zero-day malware stuff can wait.

    What I want to know is how effective Trend Micro Housecall is at detecting malware.

    What about rootkits and boot-sector viruses?
     
  21. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    I have used Trend House call in the past to check my fathers computer when he was having issues. It found a rootkit and removed with zero problems. But it did not detect the other 3 trojans that were left behind. :thumbd:
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I see. At least it can remove rootkits.

    About Prevx CSI, I've actually had it before for quite a long time. Thing is, I thought it wasn't that useful anymore because HitmanPro includes it and it can't do a full scan. Also comes with unnecessary "real-time infection monitoring" and SafeOnline Trial, which I had to manually disable. There's the removal limitations as well.
    Should I bring it back? What advantages does it have over my other scanners?

    Accidently missed this: http://www.prevx.com/blog/149/SpyEye-steals-your-data-Even-in-a-limited-account.html
    Very interesting, how well does SandBoxie and CIS protect against SpyEye?
     
  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    You overlap in many areas. That is good I suppose, if you don't mind that much protection.

    You obviously know that the answer is "yes, somthing could". Perhaps you might rephrase the question to "where is my overlapping security lacking" or something similar. I see that as more likely to produce answers, as people who use many different products, including some of the ones you are using, will have a better idea of how they have tested and implemented thier security.

    Sul.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Good point, but with all the KISS posts I'm seeing, I wonder about that.
    Anyways, "where is my overlapping security lacking" is a better way of saying it. That's exactly what I'm looking for.

    Usually I post carefully on a less active forum, so I'm not used to this kind of rapid posting. If any of you feel offended by me not quoting and replying to everything properly, please don't take it personally.
     
  25. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Kind of paranoid for average use yet not enough because the well known motto of hackers says the most secure pc is...
     
Loading...
Thread Status:
Not open for further replies.