New Security Setup - what do you think?

Discussion in 'other security issues & news' started by starfish_001, Dec 11, 2007.

Thread Status:
Not open for further replies.
  1. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    I have had a few issues with NOD v3 after speaking to support .... I decided to change my system around using a new FD ISR snapshot I have

    • First Defense ISR
    • KAV 7 6 month trial
    • Outpost 2008 - I like the active content filter otherwise I would switch to Comodo v3
    • Defensewall

    Changes I may make:

    1. I prefer prosecurity to KAV PAD... although Prevx or Threatfire may also be good ....particulary as Outpost has a HIP of sorts.
    2. I also quite like Returnil..... but may try shadowdefender (multi volume).
    3. I have a lic for SAS but not sure if this is worth adding.

    What would you add and why?
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    FirstDefense-ISR + Returnil/ShadowDefender is a possible combination, but
    1. You have to turn off Returnil to make the "Boot to Snapshot" possible in FDISR
    2. If you don't turn it off you have to wait for the "F1"-key during reboot.
    So this combination has an impact on booting between snapshots.

    A frozen snapshot = Returnil/ShadowDefender.
    A frozen snapshot is more powerful than Returnil, because FDISR has "Freeze Previous", which makes an installation of a new software that requires a reboot possible. Returnil alone can't handle these softwares.
    FDISR is brilliant, Returnil is average and that makes the difference.
     
    Last edited: Dec 13, 2007
  3. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Regarding FD-ISR and Returnil:

    Returnil: Why would you use it? Like you are working, saving files and av updates in background etc. Yet when you restart you loose all your files / updates etc. And if you want to test software with Returnil and it requires a restart you can't. And it caches all your files in RAM o_O? What if your working with some large video files etc.

    FD-ISR: What happened to it? I know there are other threads but they are like 1000s of posts long. Like there's a good discount available now (60% off) but the version available is apparently crippled or something? I don't want to be in the middle of some ProcessGuard fake revival when its actually dead situation.

    Your security setup is excellent.

    You may want to do the following tweaks:
    * In Outpost, web control set to block ads but not anything else (like activex) DefenseWall will prevent any of these other elements from harming you pc
     
  4. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    KAV, Outpost and Defensewall - what do you think?


    I have used FD for a long.... it is as you say brilliant. I'm not bothered about manually selecting the snapshot via F1 on reboot because of Returnil.


    I don't use frozen snapshots .. if I need a reboot install test I create a spare snapshot and use that.


    I like shadow defender but support is not fantastic .... so for the moment returnil is better....


    At the moment I have KAv PD off and Ps installed but I may try Threatfire instead .......PREVX is rather heavy for me ,,,,
     
  5. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    I tend to use returnil like a file based sandbox .... not for seriuos testing just added protection ... as you boot to wipe


    FD ISR is fine if you own a RAxco version ....perfect.... new user cannot buy a version with all of the old features enabled. HDS do offer rollback similar idea.... I have 2 lics but it is not reliable enough for me..... I have not tried it since version 8


    In outpost I like the active content filter for script and activex
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    I would add Firefox / Opera and save quite some money.
    Mrk
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    KAV 7 doesn't remove any malware on your system partition, you only HOPE that it will remove any malware, that's the same as gambling. Only ONE scanner ? That is even more gambling with your security.

    An ISR-software removes any malware, because you roll back to a previous state. That's why KAV 7 or any other scanner doesn't detect any malware on my system partition, because there is nothing to find. If a scanner ever detects a malware on my system partition, it will be a false positive, which is another big problem of scanners.
    Even ShadowProtect restores a clean system image faster than a full scan of KAV 7 on my system partition.
    The question is : do you really want a white system or a grey system ?

    Keeping your system partition malware-free is easy. Keeping your data partition malware-free is a big problem, because any NEW object on your computer is a possible THREAT to your data and system partition.
    The question is : how do I know that a new object is absolutely safe ?
     
    Last edited: Dec 14, 2007
  8. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041


    Yes Opera is my browser of choice - ie is set to prompt before run with Prosecurity. Outpost blocks active content by site.
     
  9. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    Perhaps ....I have multiple snapshots including snapshots with NOD, SAS and PREVX installed so I can scan across snapshots if required. As I say I use Proscurity and Defensewall my intention is to not let bad stuff install in thefirst place.... tricky bit


    Remember FD is not bullet proof (amazing and quite brilliant). It does have the capability to update files across snapshots (new install) could this be exploited may be? ..... I know it can cause problems
    https://www.wilderssecurity.com/showpost.php?p=939060&postcount=26

    I prefer to run clean and dirty snapshots with returnil providing boot to restore. Rather than constant new image restore.

    If I need to I restore archives from my clean snapshot. But I have some images just in case.



    As I can can never be sure about the safetly of an object .... I guess my system start pale gray and hopefully stays that way ....

    Prosecurity provides a white list of sorts ..... I did use prevx in my old setup ... not convinced by it ... it is also very heavy


    PS and defensewall can provide protection for files and directories so if special areas are accessed this can be flagged or just blocked
     
Loading...
Thread Status:
Not open for further replies.