Need advice on several Security Softwares

Discussion in 'other anti-malware software' started by tepe2, Apr 6, 2007.

Thread Status:
Not open for further replies.
  1. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    You can see in my sig at the bottom what I used to have installed.

    I made a clean install of Windows XP, and my main Security Software now is: Nod 32, XP-firewall and BootIt Next Generation. I dont need advice on anti-virus or firewall. I stay with Nod 32, and at a later time I dl Comodo FW.

    Im looking for other good Security Software that does not conflict with Nod 32, XP-FW or Comodo FW. I need to stop Malware, Spyware, Adware, Trojans, Worms, Rootkits, Phising etc.......

    Also looking for Software that can protect/show me/let me stop processes running and anything else needed for great security.

    But I want to be careful, not install too many Software, and thats why I need to know what really works. Theres so many to choose from. I dont want to try all of them to see how it works. And I dont have the knowledge to tell if it works or not. If it doesnt find anything, it doesnt mean your system is clean.

    Im looking for FREE alternatives, but will consider to pay if I find it necessary.

    I have used two paid Software, Spysweeper and Counterspy. Still have a license for Spysweeper (expire in a month or two) but have not installed. Latest version sometimes popped up with an error message. But I will consider these two.

    Windows Defender NEVER found anything on my pc. AdAwareSE - dont think it is among the best.

    Some I have heard about: SpyBot Search and Destroy, Spywareblaster, Process Monitor, Ewido, Trojan Hunter, Autoruns, Process Explorer, Whats Running. But dont know if they are good.

    I have used CCleaner to backup my reg and clean my system, and will install it again unless I find a better choice.

    Would be nice if someone could tell me about a good, complete combination, and also specify if it is free or not.

    Thanks:)
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    One person's setup/recommendations may or may not satisfy your needs or be applicable to your situation..

    If you start by defining for yourself what you want in a security strategy, then you can choose products accordingly, and I would bet that you will end up with fewer than you think! Because it doesn't take a lot to achieve secure protection.

    This is possible only if you understand what are the various ways that the malware you mention gets installed on your computer. Then you select a product to protect against that particular attack vector.

    One recent concern is the "remote code execution" aka "drive-by download" vector, due to the *.ani exploit. See this thread for a discussion:

    https://www.wilderssecurity.com/showthread.php?t=170950

    Once you take care of protecting against this type of exploit, then you can move to other considerations.

    It seems to me that this approach is more sensible than just piling on layers of products.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  3. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    Im just an average user, and does not understand too much about this. I just want a few good softwares to give me a lot more protection.
     
  4. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello. :D

    tepe2, why exactly do you want 'a lot more' protection? It seems to me that you are already well equipped. If your XP is fully patched (via updates), all these applications you mentioned in your first post (and in the sig) are more than sufficient. You don't need to change anything. But if you want to install more armaments, you can't just wear a 'sword' and a 'shield', you have to know how to use them. Don't forget to look through stickies on each board of this forum, you will find some very useful info there. If you're waiting for several personal opinions, I daresay you will get pretty confused very soon... I would suggest a decent backup app like Acronis/Paragon for a start, this is a must in a good layered defense approach. Deal with that, and then you can move on to firewalls, viruses and other stuff.

    Cheers :thumb:
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have ran the NOD32/Comodo combo in the past and they worked fine together. But Comodo seems to forget rules for some reason. To help fix that I ran SSM (paid) and they all three seemed to work in harmony. It would probably be a good idea to run something like the free SuperAntiSpyware on demand.

    BTW- SSM is System Safety Monitor (their free program works very well)

    http://www.syssafety.com/

    SuperAntiSpyware

    http://www.superantispyware.com/
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I think you mean that there are things you aren't familiar with, but you can go forward and gain experience as you read and ask questions.

    I will echo The Seer that you already have good protection. Do you need more? Have you ever been infected with malware? If so, how did it happen?

    The first things to understand about malware is that there are three principal methods by which you can get infected. Each method requires a different type of protection

    1) entrance via a port. Good examples are the worms and trojans that have exploited this in the past.

    For further reading, search the internet for "trojan ports"
    Here is a good article on internet worms: http://en.wikipedia.org/wiki/Computer_worm

    Your XP-firewall will protect against these types of inbound exploits.

    2) remote code execution:

    • malware embedded in a web page: by just visiting an infected site, code in the web page can remotely trigger a download of a trojan executable.

      Here, IMO, is where you can add something. Your Nod32 is one of the best of that type of protection, but vulnerable to the so-called "zero-day" attack, where a piece of malware, on the first day it's released in-the-wild, will not have been detected by AV programs. Here is an example:

      wmf exploit

      This is why I referred you to the other thread, which discusses Execution protection for that type of exploit.

    • malware in an email attachment: we all know not to open unknown attachments, but in case of the inadvertant mistake, Execution protection will prevent the executable from running - added protection in case your Nod32 doesn't flag it.

    3) Downloading/installing infected software: Are you confident that you trust the sources of your software? Then there is nothing more to say.

    If not, especially if you download lots of free stuff all over the internet, then you have to consider if your Nod32 provides sufficient protection. Some people download the software and then scan before installing.

    Acr1965 mentions SSM and superantispyware, which certainly would bolster the protection you already have, and perhaps give you greater peace of mind.

    To return to another comment I made earlier, about constructing a strategy - I like to think from the bottom up:

    ------------------------------------------------------
    ==> The Seer suggests a decent backup. This is your safeguard at the bottom, against a worst case scenario. If your backup is kept current, then all is not lost.

    ==> Above that, you have your AV and Execution protection programs, to catch the inadvertant mishap.

    ==> Above that is your browser and email. Proper configuration will provide security against certain exploits, but your protection below will act as a safeguard in case of a browser vulnerability.

    ==> At the top is your Firewall.
    --------------------------------------------------------

    If you understand the methods of infection, and build a strategy for your security, then you are better equipped to decide what you need in the way of other security software, and what questions to ask.

    Whether or not these will conflict with each other, is difficult to predict,since there are so many variables - not only with the software itself, but how it interacts with your system and other programs. You can ask for comments from current users, but ultimately will have to try them yourself.

    regards,

    -rich
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'll add:
    - A NAT/SPI router.
    - Separate your personal data from the OS (partitioning). This, coupled with backups, will make you almost invincible.
    - Learn how to use VM software (VMware, VirtualBox, Virtual PC). Inside VMs, you can test unknown software, tweaks for the OS (like nLite builds) and other OSes.
     
  8. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    First of all, thanks to all of you.

    I had a system crash. Dont know if it was malware or Windows. I believe it was Windows. I had to reinstall. I lost no personal data, because it was stored in own partition. But I learned something. Now I do have a disc imaging software. BootIt Next Generation. I store images on second internal hd, and on an external hd. I also store personal data on the external hd as a backup. C: for XP and applications, D: for personal data. I keep my XP up to date. This, together wit Nod and XP-FW is good protection. But I dont know if it is good enough. Some of you think so.

    Spysweeper found something a few times. But I dont know if it was a real danger. I believe a good anti-spyware software would be a good idea. It could be Spysweeper, Counterspy, SuperAntiSpyware or other. Maybe I will use one paid, and one or two free for on-demand scanning. I dont think Nod+FW can stop all spyware. And I dont want spyware to slow down my pc.

    I do need a software that allow me to manage processes, this is not only for security. SSM is one option. Looking for more.

    Lucas1985, maybe I follow your advice and learn how to use VM software.

    Rmus, I understand that I have a lot to learn. I'll have to read and gain experience. This will take some time.

    You may think I'm looking for overkill. You may be right. But, necessary or not, I would feel safer if I had more than backup, NOD and FW.
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    tepe2,

    You're quite right - being secure and feeling secure are two very different things and there are lots of aspects of life where you can see this - a trivial case for some, as an example, might be the first time flying in an airplane. Statistically, you're about as secure as you can be while traveling, though many initially do not feel that way.

    If you believe that you will feel more secure by personally managing process execution, then by all means do so. My only recommendation would be to do it at a level that makes sense based on your ability to perform the task. My own recommendation would be to simply allow/block at the parent process level, allow these processes to do as they desire except to allow/block network access as determined by you.

    Blue
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd recommend you a "user-friendly" anti-exec/whitelist HIPS like PG Free, Prevx or Anti-Executable.
    Also, sandbox (Sandboxie, Geswall, Defensewall, Bufferzone) the attack vectors (specially the browser).
    Finally, replace the XP firewall with a rule-based one like Kerio 2.1.5 (tutorial) which is a excellent learning tool. You can test all these software inside VMs.

    Then, you'll have:
    - Antiexec/whitelist HIPS.
    - Rule-based firewall.
    - General antimalware (NOD 32)
    - Sandbox.
    - VMs.
    That's all the real-time active security you'll ever need. Don't forget to drop MS software (IE, OE) and use doc viewers which don't execute code (macros/scripts) by default.
     
Loading...
Thread Status:
Not open for further replies.