New thought for a/v choice

Discussion in 'other anti-virus software' started by the dummy, Dec 2, 2010.

Thread Status:
Not open for further replies.
  1. the dummy

    the dummy Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    71
    Ive decided to add mse to my layered protection plan, and this is why.
    1 built to work best with win 7 64 , and ie9.
    2 easy to update
    3 i run sandboxie and returnil anyways, so who cares what a/v, firewall or browser is being used, since not much is going to get by.
    So does anybody see any flaws in this logic?
     
  2. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    1 AV
    2 AV's
    10 real-time anti-malware tools
    no AV
    Windows 95

    w/e floats your boat. :cool:
     
  3. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    I agree :) People have different ideas about what they think is safe and stable security setup for their particular situation.
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree that MSE, Returnil, and Sandboxie, plus Windows 7 Firewall is a good strong setup.

    Real-time AV protection can make a useful contribution as an additional security layer. Virtualisation on its own does not provide protection against the damage that malware can do while it is running within the virtual environment. Virtualisation alone cannot guard against identity theft, phishing websites, stealing of confidential data, etc. Any AV with decent detection rates such as MSE will suffice.

    You may need to turn off Returnil's Virus Guard in order to avoid any potential conflicts from running two AV's in real-time but you will need to experiment to see what works.

    Policy restriction is also important. To this end, Sandboxie can be used to control what programs can run or access the Internet within the sandbox, and to lock down access to your private data while browsing the web. Returnil also has a good anti-execute feature.
     
  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    See my sig for details.

    Id personally not even run an AV considering your OS is virtualized and your browser is sandboxed. Id be more concerned with a keylogger. Hence the reason I use Spyshelter Premium. As soon as you empty the Sandbox your clear, what protects you if there is a keylogger running in the sandbox and MSE doesnt detect it? Your still screwed for lack of a better term.
     
    Last edited: Dec 3, 2010
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    +1.

    Infection is inconvenient. Keylogger is disasterous. :argh:
     
  7. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth

    If I'm not mistaken, SBIE can protect against a keylogger if you have the Drop Rights option checked. However, this is not on by default.
    Ice
     
  8. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    http://www.sandboxie.com/index.php?DetectingKeyLoggers

    So you can infact get infected and if you dont empty the contents your done for.
     
  9. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Yes, I forgot to mention I delete the contents when I close the browser. But usually a keylogger would want to install itself inside a sandboxed browser. I thought the Drop rights would prevent this.

    Ice
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree that protection against keylogging is important, which is why it's a good idea to use Sandboxie's policy restriction features to control what gets to run in the sandbox and access the Internet, and to lock down access to personal data, etc.

    Personal firewall (with outbound application filtering enabled), anti-malware, anti-executable software, etc, can all have a complementary role to play in situations where a keylogger or other malware may already be installed and running outside of the sandbox.

    Light virtualisation software such as Returnil may contain the infection (if virtual mode is enabled) but it won't prevent all of the damage the malware may do while it is running. There are also a very few classes of malware that are capable of bypassing Returnil, which is partly why Virus Guard was added but I imagine that a good third-party AV such as MSE would do just as well.

    My own personal preference is for a multi-layered approach but, as always, each person has to decide what suits their situation best, based their own individual assessment of need and risk.
     
Loading...
Thread Status:
Not open for further replies.