No such thing as 100%

Discussion in 'other anti-malware software' started by ssj100, Apr 12, 2009.

Thread Status:
Not open for further replies.
  1. ssj100

    ssj100 Guest

    I've just realised once more (after trialling just about every security product there is out there), that there is no such thing as 100% secure. For the above average user, the biggest security ultimately is plain common sense.

    Take Defensewall for example. I hear people saying 99.99% this and 99.99% that. So what if I download a .exe file that I am very sure is safe. Obviously I would want to make it run and install correctly, thus I would "Run as trusted". What happens if this safe file happens to be carrying a deadly trojan, virus or keylogger and installs on your system without you knowing it?

    Sure I hear some say, that's why you go for a layered approach and you should have a good antivirus installed. But being only limited to detect with its database and heuristics, the antivirus may miss this malware that is already deeply infecting your system.

    The old saying of "the safest computer is one that is not turned on" is true.

    But at the end of the day, a layered security approach is the way to go...and demoneye, fine a back-up image of your disk/system is also useful with for example EAZfix.

    Just some thoughts. Would like to see some feedback on the above from some of the more savvy users on Wilders.

    EDIT: Oh dear, I posted in the wrong forum. This should be under "other anti-malware software" or something like that. Would the appropriate MOD please move this. Apologies and thanks.
     
  2. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes , eaz fix is the last line of defense over here , if i get infected and pc start act odd , i just rollback and all over ...

    anyway if u allow infected file to run , and your av didn't catch it , u screwed, than its better to have a full backup image , clean one , the one u have with only win+driver on it so the recovery time wont take long

    cheers :D
     
  3. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    :argh: hope u will sooonnn ;)
     
  4. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    No such thing as 100% how true indeed.
     
  5. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I'm impressed with this eaz-fix 9 and more impressed with imaging part of it. I've been trialing just about every antivirus product known in an attempt to find one that suites me. Having the option to rollback has come in very handy with this. When I initially installed eaz-fix I noticed it had disk imaging as part of it. My first thought was that it(imaging) will be like the others I've tried like DriveImage XML which one needs to create their own boot media which I did and which did not work. I tried Paragon Backup Express who's boot creator worked but for whatever reason would not recognize my external HD where the backup image was saved to. I then tried Macrium Reflect who's boot media worked but when verifying disk image after backup always had errors. Now, back to eaz-fix's imaging. After install, I used it's boot media to create the boot up disk, shut down/restarted noticed the "hit any key to continue" which I did and it didn't. Well I thought maybe I was a little late striking the key so I went for a do-over and this time it worked. Finally a boot media that worked. I then proceeded to make an image and all went well and hoping I never had to use to find out if it really worked or not. Yesterday came that time,lol. I uninstalled eaz-fix for a thorough disk cleaning, disk check and defrag before re-installing it. Upon restart I got the dreaded lsass.exe error of object name not found which means I'm not gonna get into XP no matter what since I don't have an XP media. It had only been two weeks since I used the imaging part of eaz-fix but in that time I had added some things that I really wanted to keep so I figured on a re-boot that I would make another image before proceeding with a restore and hope that if the restore worked that I could browse the image and recover the things that I wanted. When the backup options screen appeared, low and behold it had the option to do an incremental backup and in my situation that was a nice timesaver in getting restored since I didn't have to image the entire drive. Well all was ready to see if this restore process was going to work and to be honest I was as nervous as a cat in dog kennel but at the time had no other choice. Bottom line, it worked Perfect and did it fairly quick. Yea, I'm impressed with EAZ-FIX.
     
  6. thathagat

    thathagat Guest

    a reading of recent threads on wilders is a pointer that nothing is safe n secure in the cyber world....neither security softwares nor vpn/proxies....except maybe.....a decent backup proggie(for when things go awry in the pc) and drive encryption(for when things go awry in legal terms)...but the best is one mentioned here on wilders by someone...the power switch of one's pc......when its off all is safe ;)
     
  7. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    The closest program that can recover your system to almost 100% is Rollback RX or EAZ Fix or other similar snapshot system restore programs.
    But even that is not a guarantee.

    DefenseWall or COMODO, no matter how secure they are, have their own set of flaws.
    That is why every so often they are constantly updated to fix the bugs or compatibility issues. And the functionality is improved little by little.
     
  8. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    No such thing as 100% but how many Wilder's members have actually had a problem that wasn't caught before being infected? Not many I'm thinking.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    at least i feel 90% secure with malware defender and defensewall ,the other 10% is comon sense:D
     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    The closest i got to 100% is shadowprotect.Rollback rx failed miserably
    ellison
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ha happened to me when I trusted "through the eyes of a keylogger, which came with a Trojan Avira did not catch" (so yes ssj100 lack of common sense is worse than an average security setup, since software can not prevent a user making mistakes)

    Now I have (besided the obvious an external off line harddisk with image software and a router with build in SPI FW), since I felt for social engineering myself (trusting a test program), I have a white list policy (GW) + a 'split' blacklist approach (DS for C:\ and AVG for D:\), since Ram usage is non-issue nowadays.

    Idea behind this setup
    1. GeSWall as simple firewall and containment for internet facing aps and Chrome extra contained with GW virtualisation option to REDIRECT.
    2. Drive Sentry only protects C drive plus registry, this is a precaution for social engineered installs (setting it to trusted with GW)
    3. AVG Free checks downloaded files on D:\Data partition (can not be saved on C:\Programs partition due to GW restrictions), this is a precaution to prevent spreading malware to others by forwarding downloaded stuff. It also filters out known badguys at download.
     
    Last edited: Apr 12, 2009
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Removed an inappropriate post.

    Pete
     
  13. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    So Kees,

    There you go with all your testing and tweaking and then you shoot yourself in your foot. Now you are using two AV's, while everyone tells me not to install 2 AV's. Does this 'split' blacklist cause any problems?

    Groet Newby
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Newby,

    Some people have a gift or are talented in making the right decisions, others (like me) have to learn from mistakes.

    Two AVs are unusual, but DS started as an add-on, it works well with both Avast and AVG, Avira cuased an occasional hick up when using CCleaner.

    DS black and whitelist approach for folder and registry access is a blacklist like approach, with a different nuance. A post of ICE inspired me try this out. Still it seems to work fine with another AV. They look at other partitions, so in my setup this might reduce incompatibility also.

    Yes I make foolish mistakes, hopefully only once for every occasion :oops:

    Groeten Kees
     
  15. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Unless I'm missing something with Defensewall, the way I'd do it is,
    download the update in untrusted (default) mode
    shut off internet (power off router on disable connection)
    disable Defensewall protection(putting in password to do so)
    install the update
    re-enable DW protection
    turn internet back on

    Maybe adds up to as many steps but works better for me risk-wise - just my two cents.
     
  16. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Yes, my point was disabling avoids having to run it explicitly as trusted but I certainly do take your point, there is a thought process involved in the source of updates/software and the least risky way to install them.

    DW was my choice as a complement to NIS09 and Prevx on 6 machines, 4 of which my wife and kids use. These layers after the approriate trials and a few slipups worked out well for me as admin and them as users without access to settings in the security softwares - they have to get me involved if they have a problem.

    Of course, "well" is certainly NOT 100% but hopefully my 3 layers, if they all have as high as a 1/10 failure rate, only have a combined failure rate of 1/1000 - I guess 99.9% is OK sitting behind redundant imaging and FD-ISR PLUS a modicum of common sense.
     
  17. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Thanks, we'll all keep our fingers crossed!*puppy*
     
  18. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I did a similar thing Kees. But in your situation, you were intentionally testing a program. Take away the 'intentional testing of malware type programs', with your setup and using regular everyday programs, you wouldn't have had a problem.

    I recovered a file from sandboxie, normally install and run it again sandboxed (which I did), but that time I failed to sift through and see what else it installed.

    Rollback programs (EAZ FIX) do seem the most logical, as say in both Kees and my situation, I knew the exact time I had a problem.

    For your everyday users, whether a rollback program would be best is debatable, as your everyday user would most likely not know when the problem first occurred, or where to rollback to. But it does create a 'baseline' to rollback to, so yes, it would definitely fix their problem.

    With running two AV programs, if it works, sounds good to me. I think with one AV, a user could download and use as a backup scanner to scan select files, programs such as CureIt, a-squared free (with right-click scan), ClamWin portable (incremental updates), or even BitDefender free. If you're paranoid, on top of your AV, could even go with a-squared, ClamWin, and CureIt.
     
  19. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    Discussion continued here

    http://gladiator-antivirus.com/forum/index.php?showtopic=87312&hl=
     
  20. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    This post reminds me of another.I am a memeber of another forum but not pc security related and a topic came up of people getting infected from sites they are visiting and some comments where made that there AV detects 100 percent and they dont get infected,more specific the shield deluxe catches 100 percent.Then of course the mac guys came about you know how that goes,the end to all solution to get a mac.I had to laugh then politley rain on the parade a little,from what I learned in here at wilders and some of my own stumbles along the way.It was entertaining to See how many are in the dark still in this day and age.



    I think common sense goes a loooong way combined with very good security products like DW,Sandboxie,Hips,AV of choice what every your prefered poison is.If something slips through the cracks just roll out the clean image and start over,what else is there to do.Then continue on the jurney of computing.Just like ridding a bike fall down dust your self off and ride on again.
     
    Last edited: Apr 12, 2009
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    About the best you can do is scan every download with quality scanners before you execute it. Of course always download "trusted" software from "trusted" sources. If you get bit by a bug then re-image. That's all you can do without sitting at your machine in a tin-foil hat.

    I'll take 99% security any day. Computers are for other things besides security software :shifty:. Find yourself something that works and makes you feel safe and get out there on the WWW and have fun.

    Oh, and Returnil or another light virualization app. is great for when you know your doing something unsafe or have doubts about a download.
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If you trust your sources, why scan? Since neither is 100% sure, the only thing that really matters is what makes the user feel comfortable.

    For many whose policy is "trusted source" you can understand why their security consists of just a router/firewall and properly secured browser.

    ----
    rich
     
  23. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Yes I agree and think most of us want the same, to be light,fast and secure.As inner peace touched on to find a happy medium some where then enjoy the www whatever.To be honest I think I tried well over a hundred products before I settled on sandboxie and Defensewall.I was not in the paronoid group just like to try out software. Actually, it was like a addiction and after a while I had to ask my self what am i doing other then installing things and then removing them.Also just because every one else says this is good or thats good, if you dont like a particular security program or your machine doesn't like it,then its not a good security program.
     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That depends. Without specifying what or who you are secured against and for how long, the term means very little. A 10 character password will keep family members out of a diary on your PC indefinitely but won't last long if the NSA decided to open that diary. Being secure against threats from the web and from someone with physical access to the PC are entirely different things. The same applies to assembled malicious code vs a talented individual who's determined to get into your PC. The term "secure" means nothing unless the adversary you're securing against is identified.

    It is not possible to be 100% secure against all possible threats and intrusions. That said, I believe it is possible to make a PC completely secure against threats from the internet. A properly designed default-deny based security setup combined with the right OS and software choices will reach or get extremely close to 100% provided it does not allow the user the ability to make a decision that could be potentially damaging. The software necessary to accomplish this has existed for some time. The ability to configure that software to enforce the necessary security policy is a lot rarer, as is the discipline to require the users (including yourself) to remain within the limits of that policy.

    It's not the software that fails to protect the PC. It's the user. No matter how intelligent or how much common sense a user has, sooner or later they'll make a bad decision. In order for a security package to be at or near 100% effective, the user must not ever have the ability to make a decision that could result in the system being compromised, aka no ability to install, remove, alter, bypass, update, etc. The system and security package has to be configured to say "NO" for them. This requires a complete separation of user and administrative functions with the user defined as one who is limited to using a specifically defined set of pre-configured user apps and has no administrative access to any settings. It can be done but most people don't have the necessary self discipline to set it up that way and stay with it.
     
  25. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    While I agree that there is probably no product that is 100 percent. This doesn't mean to say you can't have a 100% system.

    You can have a 100% system, by using 3 - 5 TOP BEST security products which gives 99.9% protection. So to get infected by malware it would have to some how bypass all your 3 -5 security products, and what are the chances of this happening? probably some thing like 1 chance out of a million.
     
Thread Status:
Not open for further replies.