My security setup dilemmas

Hi everyone,

First of all I am not sure if I am posting in the right section, so forgive me for that.

I need some help and suggestions regarding my security setup.

Antivirus
I have tried and tested many AV but i never looked back after I tried NOD32. I am happy with it and I like the fact that it is very light weight. But recently I have seen lot of NOD32 users changing their AV on the forum, so I just need some reassurance on NOD32. Is it time to change ?

Firewall
I have tried and tested many firewalls too and used Kerio 2.1.5 for a long time. Recently I switched to LnS with phant0m ruleset and things look fine

I also use Ad-Aware and SpyBot on demand.

I am posting some applications below and need your advice. Tell me which ones are good, which ones are bad. Which ones fit in my security setup & which ones dont. Which ones should I use on demand and which ones should I use as active. I have tried many of these applications.

1) AVG Antipyware (if yes, then should I use this as active?)
2) Comodo BO Clean (do i need this if I use AVG?)
3) SUPER-Antispyware (memory usage was high)
4) Prevx (haven't tried this yet)
5) Windows Defender

(Talking about pro/paid versions wherever applicaple)

Also, I have never used sandbox/application monitoring softwares. I have never had any major virus/trojan infections and I dont have any major problems with my PC (well it starts and shuts a bit slow), so do I really need a sandbox/application monitoring software? If yes, which ones are the best and which ones according to you will fit in my security setup? (money isn't an issue)

Any other suggestions, and any advice on any other applications that I haven't mentioned is always welcomed.

Thanks

 

I would not consider Windows Defender; the rest are fair game though. In particular, I like Prevx for realtime and SuperAntiSpyware for ondemand.

As for sandboxes, ff you havent had any major infections, then I take it your setup is fine and you wont need a sandbox.

And lastly, use an alternative browser like Firefox or Opera instead of IE. and also dump Ad-Aware and SpyBot. There not very effective and can be replaced with SAS and AVG AS.

 

i am for the most part in lock-step with the very esteemed and experienced WSFuser. i use Prevx2 in beta until tommorrow evening....maybe, and SAS. and as do you i also use NOD32. with respect to NOD, as AV's go is top tier. i personally believe that traditional AV's are at the end of their current useful lives. their squirrel cages are at max performance, and most are still 2-3 months behind in with respect to in the wild malware.

where i tend to go a step further is in virtualization/sandboxing concepts. what malware cannot touch, malware cannot cause damage to. now the current argument in the street is that there is something out there presently or on the horizon that can/will defeat virtualization/sandboxes. what security app/concept does that not apply to however? yes also the brain is the first and last layer of security, but i have seen even gurus with hosed systems from time to time.

lots of options and lots of choices only you can make. i tend to take the effectiveness first approach. and Prevx, Online Armor, Sandboxie, Prosecurity, Shadowuser, DSA, Defensewall, Bufferzone, Regdefend, are all products i have used, and have proven to me to be highly effective. and then when i throw in the rest of my personal formula....ease of use, compatibilty....etc. Online Armor, Prevx2, Nod32, Sandboxie, have emerged as best of breed in my world, yours will be different. try-then buy.


Mike

 

Windows Defender is worthless.

For on-demand I use SAS and A-Squared.
For real-time use what runs best on your system.
Check out Prevx and compare it to your experience with SAS,AVG-AS.

I would definitely use an alternative browser like Opera,Firefix,or K-Meleon.

 

I think it depends on just how paranoid you are.
I used to worry about this way too much.
Now it's simple. The following only took a short period of time to install and set up and are easy to use.
Antivir Personal Premium, Prevx 2.0(there's no "B" on what I've got.), Comodo Pro, a router, Spyware Blaster, AVG 7.5 free on demand, SAS on demand and limited user rights for all programs in XP Pro.
Regards.
Doc

 

doesn't matter, what you have is probably build 114, and it IS beta.


Mike

 

Have to agree with the others.
Using Prevx1 and getting to like this app more and more.
Looking forward to Prevx2, which I believe is being released later today.
Also use KIS7, SpywareBlaster, the old standby, and SuperAntiSpyware on demand.
Have BOClean, 4.22, but haven't been running it lately. Might end up on my once ran list.
Have not had any infections, viruses, etc. for the last 6 yrs. at least.
And just in case I do catch a nasty, I also have Acronis True Image and FD-ISR, to restore my system to a time prior to any problems.
Also run on ie6 with never a problem.
What I use, I believe, is sufficent. Anything more is overkill and a drain on system resources.
I still want to have fun with my computer. Can't do that by being paranoid.

 

That track seems familiar to me. After an incident (son hacked a hacker and the guy returned the favour), I started to use stronger and more restrictive defense aps (like SSM Pro and Comodo Software Firewall). Now we use a hardware firewall, paid sandboxes and freeware

PC1 (Athlon 3400): Antivir (write only check) free, EQSecure (configured as behavior blocker with no pop-ups, default block) and DefenseWall

PC2 (Athlon 3900: Antvir (same) free, CyberHawk free (the agile release 1.2.0.39, prompt at process anomolies), WinPooch free (prompt and block at Registry start up entries and critical OS-file modification) and GeSWall Pro

Both run smooth and fast

Reg K

 

Thanks for the suggestions guys. I have some more questions.

If I understand correctly, prevx works on community responses to a particular file. What happens if some user accidently or ignorantly marks a malware as good, or a good file as bad ? Won't the other users be affected? Is pro or expert mode available exactly for this reason ?

Also, how does Online Armor, PG, and Cyberhawk differ from this prevx stye of working ? Do any of these fit my setup ? or should i rather stick to prevx?

Also if I have prevx or any other application monitor/sandbox program, do i need AVG to work realtime ?

 

PG is a classical HIPS; prompting you fon everything.

Online Armor would fit between Prevx and PG; it does have black and white lists though theyre small atm.

and lastly theres Cyberhawk. its a behavior blocker (prevx has behavior blocking too) and its almost as quiet as Prevx.

AVG AS? no not really

 

Which one looks better ? prevx2 + LnS with phant0m ruleset or AVG AS + Online Armor ?

Also need more suggestions, reviews & advice on programs like cyberhawk, SSM, sandboxie, appdefend, regdefend and how they fit in my security setup

Also, regarding prevx, still dont understand what happens if some user accidently or ignorantly marks a malware as good, or a good file as bad ? Won't the other users be affected? Is pro or expert mode available exactly for this reason ? Which mode is recommended if I am not a newbie and know what I am doing ?

 

Hi Hanifv,

I have been using the latest version of Cyberhawk on my computer for about a month and like it reasonably well. It is very unintrusive and the only time it has "popped up" with a message for me was when I intentionally let some malware loose (while my system was protected by Powershadow, just in case) to see how it would respond. There is a slight system slowdown when using Cyberhawk but most of the time it is not that noticable. Really the only time I notice it is when opening my email program or when opening some of my larger programs which were always slow to load anyway. I notice no slowdown at all when surfing the internet.

I am waiting for Prevx2 to be out in the world for a while to see how it does and might switch from Cyberhawk to Prevx2 if it gets good marks here and in reviews. If it slows down a system more then Cyberhawk does then I probably wouldn't swith though even if the protection is better.

I think Sandboxie is a good program, it usually gets good comments here in the forums. I tried it for a while but don't have it on my system at the present. It seemed to function as advertised and was easy to use but unless you are willing to donate then you will get "nag" screens after the trial time is up. It is not mandatory to donate however and you can still continue to use the program. I have switched from using it to using Powershadow. There are some lengthy discussions on Powershadow here in the forums if you want more info on it. Just do a search for Powershadow and you will find many.

As far as your questions about Prevx2 I definitely can't answer them as I have never used it before. However, there is a tutorial on their website that should enlighten you quite a bit. Here is the link.. http://info.prevx.com/tutorialp2.asp

 

Thanks for the review Firebytes, highly appreciated.

I have been reading a lot of posts in here in order to finalize my security setup (this forum rocks ) and apart from the prevx question that I asked earlier, I have some more questions.

1) Will I need a firewall ( I use LnS currently) if I use OA ?
2) Between OA and SSM, which is lighter and which one offers better protection ? Also which one do you think fits better in my current security setup ?

 

Yes but keep an eye out for OA version 2. It will include its own firewall.

I dont remember if SSM is lighter, but it does offer greater protection.

As for fitting in your setup, try each of them and pick the one you like better. But if you want an easy program just go for OA.

 

I tested OA2, prevX2, and SSM 2.3. i didn't have any problems with them, and all three appear to be very good in whatever they do.

I have decided to use AVG AS and SAS as on demand. But still looking to comfirm my active setup.

How good is the firewall that comes with OA2 ? Can it replace my firewall i.e LnS ? I am giving some options for my active setup. Please tell me which one looks the best or if you have any other options for me, plz mention them.

1) NOD32 + LnS + Prevx2
2) NOD32 + LnS + SSM 2.3
3) NOD32 + OA (with firewall)
4) NOD32 + LnS + OA (with firewall)
5) NOD32 + LnS + OA (with firewall turned off)

 

This probably isn't the advice you are looking for, but all of those combinations look solid. I would go with the one that runs best on your system that you are comfortable with.

Which will provide the most airtight security? That is a question for someone more knowledgeable than me

 

I`d take number 3. OA passes all known leak tests to date and is a very stable piece of software. That`s all I use and I`m still here.

 

Well if they all work well on your system, then any of them provide good protection. However, with nod32 and LnS you seem to be gunning for reasonable but light protection as opposed to strict but heavier protection. Personally I think prevx2, ssm2.3 and OA are kind of heavy, but each to their own. My personal recommendation would be nod32 + LnS + Defensewall, mainly because Defensewall is extremely light (1mb download, very low cpu usage, 10mb RAM) and seems a much stronger HIPS than the behaviour blockers you have above, plus it has zero popups. This is because defensewall is a sandbox HIPS.

 

Its true, prevx and OA are a bit heavy. SSM is a bit lighter compared to them. I haven't tried defencewall yet, so I might give it a go.

 

I would go with number 3. I would also add DefenseWall. It is great program and version 2 is in beta, first release candidate is out. Yuo can also see that i am using Prevx2 with OA 2 with FW, NOD32 and Defensewall. It is great combination, but some would say it is heavy set up.... it is running well on my system!

Kristian

 

Yea Ciderman that does look like a heavy setup to me, but that may be because I am just on 256MB RAM

 

Choice 3

Option Nod32 + OA V2with firewall

Or Option 6

Nod32 + LookAndStop + A2 Squared Malware (with HIDS) to use existing lisences as much as possible.

Sereously add to one of these a Sandbox (DW or GW) or OS-partition virtualization (powershadow)