Over-protected?

Discussion in 'other anti-malware software' started by rnfolsom, Jan 27, 2006.

Thread Status:
Not open for further replies.
  1. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Re: NOD 32/ Spysweeper

    For the record:

    It is entirely possible that I am over-protected, but I did want to report that I am running the following simultaneously:

    Eset's NOD32 2.5.25
    Webroot's SpySweeper 4.5
    Sunbelt's CounterSpy 1.5.82

    My understanding is that running more than one anti-virus program simultaneously in real time causes conflicts (e.g. one AV program thinks the other AV program contains viruses, because the other virus program's signatures look like viruses), so I've never done that. I switched from NAV (within SystemWorks) to NOD32 (by uninstalling SystemWorks), rather than run them both. (I run SystemWorks Norton Utilities from CD when I need to.)

    On the other hand, my understanding and experience is that at least for some anti-spyware programs, running more than one is not only feasible but also is recommended. (In the past, I have seen that recommendation on either Webroot's SpySweeper site or on Sunbelt's CounterSpy site --- I don't remember which, and have not taken the time to look for it again.)

    In my own case, on a Windows 2000 Sp4 Rollup1(v1) Dell Latitude C800 laptop (max 500mb RAM; Pentium III 1.1ghz), running the three programs listed above (and remembering that NOD32 includes not only AV but also some anti-spyware capability) has not caused any problems.

    I am running CounterSpy because Brian Livingston's Windows Secrets newsletter, as of roughly 4-9 months ago, reported that major computing magazine testing gave CounterSpy the best ratings. More recently, late in 2005, Livingston noted that SpySweeper now gets the best magazine ratings. So I am running them both (along with NOD32) in real time "guard" (my term) mode.

    However, when I do an on-demand scan using either of the three programs, I stop running the other two programs.

    Cordially, Roger Folsom

    P.S. (Admittedly a bit off-topic, so please don't reply to it in this thread, but I've included it in the interests of full disclosure): There is an annoyance (rather than a problem) with running SpySweeper and CounterSpy simultaneously. SpySweeper deals with adware by diverting it into the computer hosts file, where its address is given as 127.0.0.1, which as I understand it is my own computer's address. So adware, instead of sending its "phone home" messages to the sponsor of the adware, dumps it into my computer where it apparently dies.

    But CounterSpy thinks that SpySweeper action is malware invading my hosts file. So I needed to tell Counterspy that additions to my hosts file to address 127.0.0.1 are acceptable. So on each reboot or even logon to a different account (user vs admin), CounterSpy continually (and proudly, in a "green band on top" message) reports that it has accepted at least some those host file modifications. On each reboot, those CounterSpy messages are a bit tedious, and they do take time.

    My hosts file is now about 33kb large, and has not grown significantly in recent weeks. So I am looking for a way to tell CounterSpy to stop those reports. But I haven't been looking very hard, because for me, these reports are not a major issue.
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    3 antimalware applications isn't bad. There are many here to have much more.

    My theory is that how much protection you need depends on lots of things : What you use your comp for (eg ebay/banking/business), where you surf (ie dubious sites), your habits (eg clicking unknown links in emails), your level of paranoia etc.

    Personally, hardening your computer/browser settings, using an alternative browser like firefox/opera, and using an AV and AS/AT is probably enough for most people (and you've got some of the best AV & AS's).

    I believe that you can turn hosts file monitoring off in Counterspy (that's only a guess based on MSAS which has the same parent engine).

    All the hosts file does is - if you are directed to a website with a domain name listed in the hosts file, the Hosts file connects you back to 127.0.0.1 (I think that was right) which is your own computer...therefore no connection is made to the suspect website. Note : Malware can maliciously modify your hosts file eg. 127.0.0.1 symantec.com <now you can't connect to symantec>, or 543.94.1.34 bank.com <now when you type in bank.com you connect to a fake website> 543.94.1.34 is made up btw.
     
  3. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada

    agreed x 100 :cool: great advice dude :thumb:

    anyway, for me, 3 antimalware programs all running at once is fine. a LOT of people out there have several running and don't seem to be bothered at all (i have 3 as well :D). as for your problem, a lot of companies that sell security software often post a list of other software it is compatible with on their website. it's best to check those lists out before even considering the download/purchase, its a step i always do, and for this reason all my programs run perfectly together.
     
  4. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Do yourself , and your computer , a favor and turn the realtime protection off of one of the AS programs . You could disable both and just run an on demand scan every few days . Really no harm there . And , consider Spyware Doctor . Excellent ! Spysweeper is very good too . I think Couterspy has lost some ground .
     
  5. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Vikorr:

    My post originally was part of the NOD 32/ Spysweeper thread, at
    https://www.wilderssecurity.com/showthread.php?t=108744

    In that thread, there were some recurring uncertainties about using multiple anti-malware softwares, so I wrote my post in that context.

    Agreed. I fit the paranoid profile, because I work from my computer, and I have customized Win2k fairly extensively (e.g. moving shell folders around) to make it efficient as a single user (but dual account, admin and restricted user) machine and I don't want to do that over again (or even to restore one of my several backup images of my C: partition).

    One of the nice things about CounterSpy is that its PC Checkup does a lot of hardening of Win2k and MSIE. And as a Netscape (browser and mail) user since version 3.x (now using Mozilla browser and mail), I've been using an alternative browser since when it was the dominant browser!

    Agreed. But I don't want to turn off Counterspy's hosts monitoring, for the reason you explain in your "Note:" at the end of your message. What I want to turn off is Counterspy's messages that it is doing what I told it to do (namely, accept SpySweeper's host file modifications). But I still want Counterspy to tell me if anything else wants to modify the hosts file.

    That's a great explanation. Thank you.

    Roger Folsom
     
  6. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Yes, I could do turn off that, but why? What's the favor, either for me or for the computer? The computer, although not the latest, isn't running noticeably slow, and I'd much rather prevent bad stuff from coming on than take it off after it is there.

    Agreed on the CounterSpy, at least according to Brian Livingston's Windows Secrets newsletter's reports of major computing magazine reviews. And in my judgment, CounterSpy's user interface is clumsy: On a UXGA 15" laptop screen running at a font size of 150% for legibility, some text and icons do not show at all, and the "View" menu includes actions.

    I've actually considered adding Spyware Doctor to my real time "guard" protections <grin>, because I've seen it highly rated. Thanks for confirming that. I'm running CounterSpy because I got the licenses last June, and having paid for it I might as well run it. "Sunk costs don't matter, but inherited assets do."

    I suspect that the leading AntiSpyware programs will oscillate in relative quality over time (as have the feature sets of WordPerfect and MS Word, and of Netscape/Mozilla and MSIE). So for the paranoid (me) or merely the risk averse, it makes sense to use, in real time, at least two antispyware programs.

    Roger Folsom
     
Loading...
Thread Status:
Not open for further replies.