Please advise - I have Vista UAC, Avira. What else do I need?

Discussion in 'other anti-malware software' started by Defcon, Jul 22, 2008.

Thread Status:
Not open for further replies.
  1. Defcon

    Defcon Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    332
    I recently reinstalled Vista on my pc. I wanted to do a fresh install with an SP1 integrated image which I made with vLite, which had a lot of features removed so I have a lean 1gb iso.

    I have taken a base image of the install and am now installing security software. This is also my first real try at running with UAC on (with a few tweaks to disable the elevation prompt for admins) and so far I am happy with it and IE7 protected mode.

    I also installed Avira premium security suite with a free 3 month license offer (google search found it on comodo forums) and am happy with it - Avira IMO has always had great detection and a no-frills gui and runs light. I may buy it when the time is up.

    At this point I do not have any sort of HIPS and I would like some advice about what I really need in addition. There are 2 things I want to try as well -

    - adding an SRP on Vista
    - run Firefox in protected mode (by setting its integrity level to low)

    I don't know how successful these will be for daily use though.

    With protected mode, why do we need SandboxIE for IE?
    SandboxIE seems to have issues with FF3 from their forums.

    There are so many HIPS I read about (Defense Wall, ThreatFire, SSM, DriveSentry, Online Armor etc etc), but since UAC already adds a layer of defense, which one can best complement it without bothering me?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    even if you have UAC,lua what ever you still not fully protected so my advice
    is to think twice cause windows vista has or will have some vulnerabilities
    and still hips and sandboxes are still needed;)
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    also antiviruses are not keeping up to block unrecognize malwares,
    i am not telling you to ditch your antivirus but add something to compliment you antivirus in this case a sandbox or policie base sandbox will do the job(patching the hole)without any need of signiture;)
     
  4. Defcon

    Defcon Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    332
    I agree with you, thats exactly why I started this thread :) I was not trying to say that UAC+AV is sufficient defense but trying to find out what else is needed that would not overlap with what I already have.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i remenber one time i try to go alitle naked just with mcafee and spywareblaster only and i got infected even if i dont look for trouble,trouble came to me unexpected and i have to format my pc,after that i said forget it
    i will get my self heavy dutty stuff and i got my self DefenseWall Hips
    after that never been infected again.dont you fully trust UAC OR REALLY on their protection my 3 cents;)
     
  6. PoetWarrior

    PoetWarrior Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    335

    I've had Vista HP for 1.5 years with UAC on, Windows Defender on, and antivir free. I'm now running with no antivirus, but do install one every week or so to scan, then remove it with FD-ISR. I still have WD on. I've yet to find any malware or virus. I guess what I mean is you can go along way in Vista with the basics and built in protections.

    The question for me was whether to run as protected admin or run from behind an additional standard account. I've mostly run as protected admin. Here's a discussion that we had over the last couple of days about it.

    https://www.wilderssecurity.com/showthread.php?t=215470
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    To be honest,

    Vista with LUA, running IE in protected mode, a decent AV like AVira, WD or Anvir taskmanager to alarm on system changes and common sense is a reasonable protection.

    One could invest in learning how to use the VIsta FW two way, but how many of us are really infected (not counting self inflicted pain when playing with malware)?
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Approximately 27% of Vista ThreatFire users, probably a more security-conscious crowd than typical Vista users, had malware over a 6 month period - see http://www.computerworld.com.au/index.php/id;128348660;fp;16;fpid;1.
     
    Last edited: Jul 22, 2008
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If I read the PC Tools summary correctly, 27% is the number that ThreatFire detected by behavior and then confirmed with 3rd-party antivirus scanners.
     
  11. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    You really need to take a closer look at the article.
     
  12. PoetWarrior

    PoetWarrior Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    335

    I guess that means 73 percent of Vista users were not in that bad a shape. :D
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i read the article but what about those people that only run threatfire alone
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    still 27% still bad well my paranoiyao_O
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    may be my ignorance or lack of knowlodge but the % is kind of scary the way i understand it.so my apology if i misunderstood the article;)
     
  16. Defcon

    Defcon Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    332
    Why didn't they reveal what %age of the 27% infected Vista pc's had UAC on? I am sure the ThreatFire logger was recording that, as well as other relevant details of the pc security setup.

    ThreatFire seems like a nice app to have, I am just overwhelmed by all these HIPS which all claim to do the same, only better than the others! The thing I hate most is installing some program, having things break and then spending hours and days searching, posting in forums to figure out what went wrong.
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Reports or stats like this are really pretty meaningless.... it all depends on what the user is doing. If you ask for it, you get it. The best defense is always your intelligent use of the machine....
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i know but when you have familly or happy clicker friends that they click yes to all.:D
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thats where virtualization apps are very important to have just in case;) everything fails you still get a back up to the original state .
     
  20. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The article states that Threatfire uses behavior based detection. So if the malware is on the computer but not doing anything, it is not yet a threat. When it attempts to do something Threatfire MAY possibly step in then. So those running Threatfire may or may not be fine depending on the outcome of the intervention.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    my point is this threatfire is not 100% bullet proof rigth?is it?and to have it alone is not too secure.there are some dorman malwares too and if threatfire misses the behaviour of the malware then what?couple of times a tested threat fire(dont have any screenshoot sorry for that but threatfire fail)
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I did see a quote somewhere from a PC Tools representative saying that a lot of those in the study who knew how to turn off UAC did so. It would have been interesting to see how the UAC-off folks did vs. the UAC-on folks.
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I would agree that it's wrong to say that your Vista system has a 27% chance of being infected in the next 6 months, because your configuration and user patterns may vary from others. However, I do see value in seeing what is happening "in the large."
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The ThreatFire folks recommend it as a supplement to your AV, not a replacement.
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i know that already:D
    maybe hammer miss understood me
     
Loading...
Thread Status:
Not open for further replies.