Non-signature based protection

Discussion in 'other anti-malware software' started by Kernelwars, Aug 17, 2010.

Thread Status:
Not open for further replies.
  1. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Hi Guys,
    It will be great if ya'll can suggest a complete setup that can be achieved without relying on signature based malware products.. please keep in mind about the not so savvy computer users who might get headaches if they were made to think to much by the apps. So please suggest some really good setup for those folks.(please provide some reasons why the setup you think can be useful against the unknown) Thanks,
    Kernel
     
  2. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Returnil Virtual System 2010 = System Virtualization
    Prevx SafeOnline = to keep you safe online even if your virtual system got infected.
     
    Last edited: Aug 17, 2010
  3. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    I would say... (considering a regular environment on an admin acc)

    ShadowDefender / Deep Freeze (you'd have to teach the user how to use it)
    Immunet Protect (rely on the community)
    Outpost Firewall Free (easy-to-setup, easy-to-use)

    IMHO...
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    What you have now and DefenseWall. Link in my signature. The firewall will not conflict with other firewalls and its HIPS (sandbox) is excellent.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Returnil Home free with Anti Virus enabled (also x64)

    DefenseWall Personal FireWall HIPS (paid, x32 only)

    Why: when you are not that tech savvy prevent: "Houston we got a problem" posts
     
  6. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    I would also recommend Mamutu, which is a behavior based malware protection. It does not use a fingerprint to recognize dangerous software but rather on the basis of the behavior of the software. This allows Mamutu to recognize new Malware long before the signature databases have been updated.
     
  7. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Agree with Kees, but if you really don't want software based-on signatures in your security setup - disable AV in Returnil, or use other suggested above ShadowDefender.
     
  8. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    mamutu, threatfire, comodo`s defense+, defensewall, sandboxie etc. all of them can be used without the need of signatures.
     
  9. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    System hardening setup using built in OS features, limited user account for internet browsing + software restiction policies (see my sig)
     
  10. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    My preferances are:

    Use a good antivirus (decide yourself after research and reviews) with behavior block + generic/heuristics protection and keep OS updated/patched.

    For Windows XP: Use Software Restriction Policies (SRP) along with seperate Limited User Account (LUA) with disabled autorun. Also, harden your browser with add-ons (ABP, NoScript). Sandboxing is good idea too if you do not want to download anything during that session.

    For Windows Vista: I cannot comment about it, as I have not used it.

    For Windows 7: Do not disable UAC (default is good for most) as it will help you execute programs with low integrity (just like LUA). Use Software Restriction Policies (SRP) and harden your browser. SRP will not let you even run/merge a .reg file. With UAC + SRP enabled, only programs you allow can run/change/install. If you want to install something, just right click and Run as administrator. Nothing else can execute on your system.
     
  11. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    We have the same security preferences :D
    1) I would just make two modifications: Sandboxing is usefule even when you want to download (the desired download can be reovered from the snadbox)
    2)If you haave windows 7 ultimate, use applocker.
     
  12. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks.
    1. I am suggesting settings for novice users. Advance users can add too much in above setup (adjusting services.msc, gpdit.msc, secpol.msc, removing un-needed default OS programs, strict password policies, and keeping records of events for diagnostic purpose).
    2. I am running Windows 7 Ultimate x64. I have tested Applocker, but I like flexibility of SRP. Also my other security setup is very strong.
     
  13. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Kernelwars, to help me understand, what is the basis of your requirement to avoid the use of signatures in the detection of malware?
     
  14. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    - DefenseWall /Sandboxie

    (+)

    - Boot-to-Restore: Returnil /Deep Freeze /Shadow Defender.

    OR

    - Instant System Recovery: Rollback Rx /EAZ-FIX /AyRecovery.
     
    Last edited: Aug 18, 2010
  15. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    A good firewall to prevent any unwanted connections with application control, a easy to use HIPS with built in whitelist and also a cleaner that gets the work done better than ccleaner maybe?..:thumb:
    Kernel
     
  16. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    IMO DefenseWall would not be a good asset for basic users as it displays a lot of "learning" pop-ups. Again, IMO.
     
  17. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    Outpost Firewall Free

    a classical/pure HIPS would still be hard to understand and configure (therefore causing malfunctions, system instability and unwanted behaviour) for a basic user. I would rather go with a pure BB like ThreatFire (new Beta version coming) or Emsi's Mamutu.

    I personally use IObit's Advanced SystemCare Pro. (I know this may trigger some comment's about IObit's shady past).
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Should change the IMO to IME (in my experience), because with all respect, DefenseWall hardly gives an pop-up
     
  19. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    1. DefenseWall Firewall
    2. SandboxIE
    3. Returnil Multi-Snapshot + Returnil Virtual System 2011 lite "Anti-Execute turned on"

    For system clean-up I would suggest PerfectDisk PC Optimizer.

    :rolleyes:

    My dad knows nothing about computers and uses DefenseWall. He has never had a pop-up since he started using it.
     
    Last edited: Aug 18, 2010
  20. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    DefenseWall installation already places all sensitive areas under protection.
    Applications, like Browser, Media Player, Messengers etc. are considered Untrusted
    and therefore, are protected accordingly.
    The same happens with critical Windows Directories and Registry Hives.

    Therefore,
    DefenseWall
    in the Basic -Not Expert- Mode is ideal to inexperienced users,
    as it requires no advanced configuration.
     
  21. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    I'm sorry, I'll take back my comment. he thing is that i tested it on my PC, since I don't a have a VM I just overlapped it on top of my current setup. That must have been the reason why I noticed so many popups. Also, I was talking about DefenseWall HIPS, not the FW one.

    Anyway, the posters above are light years above in expertise. :thumb:
     
Loading...
Thread Status:
Not open for further replies.