Other Anti-Malware software (Recopilation)

them where i should put anvir and winpatrol?? on intelligent hips or normal hips?

 

Neither of those categories fit well. I would change '"Intelligent" HIPS' to 'Behavioral HIPS', and probably add a 'proactive defense' category for WP and AnVir.

 

The thread is about lightweight apps. Lightweight can be zero/limited system slow-down or lower memory usage.

Defensewall - excellent app (I have a licence), fantastic protection, fast and light. However, I no longer use it as I can't be doing with running an app trusted to get it updated. If Ilya could do something about that then that would be my number 1 protection.

Geswall - I tried the free version a few days ago. The main threat-gate to me is the browser and it isolates programmes downloaded by your browser. Also allows FF to update without me having to run it as trusted. Unfortunately, the kids' PCs could not print FF pages on the printer attached to my PC. I tried the printer mod suggested here and on the Geswall forum to no avail so removed.

Threatfire 4.0 - stopped using earlier versions because of problems with adding FF add-ons. That problem no longer exists. However, I noticed on my son's Dell 8300 that ERUNT wasn't working properly. Recovering daily ERDNT file didn't work properly. No problem on Acer laptops. There was some browsing slowdown but nothing to get excited about.

Drivesentry - earlier versions had problems with FF option changes not being captured and also FF locking with CPU at 100%. Latest version working fine (for 1 day). I don't notice any slowdown but Task Manager shows it using 38MB. I'm still waiting to see independent reports on it.

Spyberus - tried this. Had a problem removing a programme that needed me to use ERUNT so removed it. I have 2 teenage kids so as well as light programmes I like hassle-free.

Winpatrol Plus - lovely little programme. Lots of good info. If I run Avira Suite with WPPlus then my PC goes into standby automatically. However, if I am running something else with Avira and WPPlus then it doesn't. I assume the polling is pushing the CPU over 10% and re-starting the standby count. As a result I now use StartupMonitor.

Boclean - again a poller and the standby problem. Always seems to me to be the programme that a lot of posters like to hate. It would be interesting to see a discussion between Kevin and the Boclean bashers.

My set-up is Avira suite and Drivesentry. DS is my backup. I'm not looking for 100% protection as it doesn't exist. I even have the webguard installed!

When my licence comes up for renewal I will look at Comodo suite (be interesting to see it's detection rates in 6 months), and also Norton as it is now, apparently, very light and you can buy the licences cheap off Ebay. Avira will no doubt still be at the top of the tree but I will be looking at it's price versus the rest.

May I just say that I think it is very rude to tell somebody to close a thread. If you don't want to watch a programme on the TV you turn it off.

If the thread doesn't interest you then don't post.

guest specifically stated 'lightweight' and that's why it is interesting to me. I don't test security software, I come here to get recommendations and then try them on the house PCs to see whether they are stable, light and easy to use without impacting everyday PC usage.

Instead of knocking it the experts should be piling in to help out.

As an average user I don't want to trawl Wilders putting pieces of information together.

Ian

 

You have had your say, as I have had mine. If I was the only one to feel that way then, your right, I should let well enough alone. But I'm not. There have even been admins that have said so. Learn to use the options available you before you reinvent the wheel

That is why I'm still here; to help. I'm starting to think that no one reads the entire thread anymore, just the last post. There are explanations in this thread.

As I said, learn to use all the tools that wilders has made available to its users icluding but not limited to the search function. My goal here is to not let new users sufferm, as I can only imagine you think is my intent, but I do not what information is available here if only one were to look. If you, or any user for that matter, need help with something don't hesitate to contact me. But I see know need to bring up discussions that have been hashed and rehashed before. It's all there...just look!

 

thanks to all
Added:Norton Ghost, Acronis True Image Home, Zemana Antilogger with Proactive Protection and HijackThis
Edited: winpatrol, anvir

I still have the doubt in how to implement "virtualization sandboxing and policy sandboxing" categories.

I have just discover DeepGuard 2.0 ( http://www.f-secure.com/deepguard/ ) but i dont know which will be the category for this software, please help me to catalog this software, thanks

FIRST POST UPDATED!

 

guest

There are 2 tipes of sandboxes:
aplication sandbox (or virtualization sandbox)
Sandboxie is one of these (also bufferzone and safespace AFAIK, but safespace has been discontinued)
This type of apps create "duplicates" of the real system and isolate them, just like sandboxie does, if you have ever used it.

policy sandbox:
This apps define 2 categories of software: trusted and untrusted. trusted can do anything, like having no protection. Untrusted apps have limited rights so they can't access/modify critical areas.

This is a rough and quick explanation. If you need more details, just ask or better yet, search the forums, there is a lot of info out there. Or maybe someone could chime complete this info....


EDIT: see this thread, specially post #1 and post #10

 

Thanks i found the answer here and now i undestand the difference but I haven't use any sandbox because of that i dont know if geswall is a policy sandbox or not... or if an other software is in a wrong category, if you can say me exactly what is wrong and what app go in each category i will apreciate it.
Thanks

 

On password managers: I suggest Keepass

I would make a category for seconfigXP called "hardening" and add wwdc. Maybe SpywareBlaster could fit into that category too.

Other apps:
-several "fixes" for common infections: vundufix, smitfraudfix, etc. A compilation can be found on the "rogue remover kit" in elitekiller.com.
(BTW, the rogue remover kit a great cleanup combo, that should be on the list too).


~~~~~~
While writing this post, I tend to agree with n8chavez that this thread must be closed, but I think that for other reasons: if we don't put an end to this soon, this will just be a lot of posts where everybody just writes their favorite apps, and it will become a confusion for beginners instead of something usefull.... but your intentions were good.

 

GesWall is mainly a policy sandbox, but it also does some virtualization...

 

Added:keepass,SpywareBlaster,Rogue removal kit, SmitFraudFix

I cant found what is wwdc on google, can you help me?
FIRST POST UPDATED!

 

http://www.firewallleaktester.com/wwdc.htm

 

Thanks, i just added wwdc and spyware doctor.
I am thinking that pehaps spywareblaster will fit bettet on proactive defense category, what do you think?
FIRST POST UPDATED!

 

Hmmm.... no DefenseWall

 

Its a normal Hips or Behavioral HIPS??

I still have problems with the category of DeepGuard 2.0 ( http://www.f-secure.com/deepguard/ ) if anyone can help us...

 

A policy based HIPS.
There is a link to the website in my sig.

 

added DefenseWall
FIRST POST UPDATED!

 

You named all hips like policy based.
Those are "classic" HIPS.

Defensewall is policy based

EDIT:
I recommed this reading: http://wiki.castlecops.com/HIPS_FAQ

 

Thanks for the reading, very insteresting.
Them I supose that DeepGuard is a policy based HIPS but with a lot of predefined rules

Added: Deepguard
FIRST POST UPDATED!

 

I just don't get something. With both "Run as trusted" from DefenseWall's Windows Explorer shell menu item and "Run as trusted" from the "Untrusted applications" sheet of the main DW's dialog you can run any application as trusted. What's the problem? And why you didn't mail me or post at the main support forum if you have this problem with my software? I'm not Symantec, I always help.

 

I did http://gladiator-antivirus.com/forum/index.php?showtopic=71683&hl=

Your product is easy to understand and use.

However, I look for programmes that do not make me change my usual use of the PC.

Sorry,
Ian

 

Then whitelisting or blacklisting is your choice. Whitelisting is quite chatty, blacklisting can't give you as much security as any top sandbox can.

 

A policy based on whitelisting and default-deny can be tailored to match the way you use a PC. You allow the processes and applications that are part of your normal usage. This includes the system processes that have to be running. You allow each to launch (parent process) or be launched by (child process) the processes each needs to function. Do this for each process individually. No "allow everything" rules. When this process is completed, the HIPS will fall silent during normal usage, alerting only when something you haven't allowed tries to happen. When you're done, disconnect the UI, put it in user mode, or whatever the particular brand you're using calls it when it's set not to prompt anymore. Tasks like updating, installing, etc are not normal usage and should be considered administrative tasks. Anything you wouldn't want done by someone you don't know falls into this category. These would require you to enable access to the HIPS ruleset via password.

This type of setup is silent during normal usage, even with the UI connected, and is extremely effective. With the UI disconnected, it's silent under all conditions. It takes a while to go through all the apps and everything you do with them but is well worth the effort. In it's simplest terms, this package attempts to reverse what I consider Windows biggest security flaw, that anything not expressly blocked is allowed. With this package configured tightly, only what you specify is allowed. Everything else is blocked. How detailed this control is will be up to you. The tighter the control, the better the protection, assuming the user has the skill and knowledge to make the right choices.
My security package centers around:

• SSM. Enforces default-deny policy on all processes and their activities.
• Kerio personal firewall. Enforces same policy regarding internet access for each application and system process.
• Proxomitron. Enforces policy by filtering out active and undesired content from the allowed internet traffic, passing only the content you want to see.

I've used such a setup for several years, no AV installed. My system stays clean, even though several other people use it. You'd be hard pressed to find a lighter security package. The individual memory usages for my whole security package are circled below. Total memory usage on my 2K box is 12,224K. The package has one downside. The user has to understand their system in detail, the core processes, the apps they use, what each needs, where and how they connect to the net if they need to, etc. The operating system and installed software has to be configured to the same policy. The 3 apps are rule based, meaning that you have to tell them what to allow. They will enforce to the letter what you tell them. When set up well, the package is as close to bulletproof as you're going to get.

 

Added: PRoximitron

FIRST POST UPDATED!

 

Hi Ilya,

I would find it useful if there was a visual indication of whether an aplication is trusted or untrusted (eg coloured box around file name, filename in different colour etc). To keep checking a files DW properties is a bit of a chore sometimes.

Great application though and, against some stiff competition, it's the one I feel most secure with.

 

HostsMan is quite popular here...