Question about my current security setup

Hi everybody on Wilders,

After a search- and testing period of different security setups I decided that OA free + Nod32 v3 are the FW + AV/AS I most like to use. I trust Nod32 very much.
My question: are they (OA + Nod) enough as resident security setup? Do you think Norton Antibot, Keyscrambler and/or Drivesentry add(s) (a) necessary layer(s)?
(PS: also tried noscript for firefox, but didn't like it very much).


Now I'm running:

Resident:
Router with firewall
Nod32 v3
OA free with HIPS enabled
Norton Antibot
Keyscrambler free (testing)
DriveSentry (testing)


On-Demand:
SUPERAntiSpyware Free
Malwarebytes Anti Malware free
MBSA 2.1
RootkitBuster
F-Secure Blacklight
Filehippo Update checker

Also using:
True Image
Spyware Blaster
Firefox with cookiesafe, adblock plus, siteadvisor, WOT, Finjan

Makios

 

Mmm...If I were you I'd remove AntiBot and use DriveSentry.
All the other seems alright. You could also use SAS PRO with real time protection if you agree to spend some money. Otherwise no problem, your setup seems fine.

 

I'd probably drop 1 or 2 out of siteadvisor, WOT, Finjan. Three extensions for rating sites is probably excessive as most of the time they are pretty consistent. NOD also has a http scanner so you should be good in terms of browser protection.

 

Drop Norton Antibot.
With an antivirus and a HIPS, you don't need a behavior blocker

 

What I would do to shorten your list.

Resident:
Router with firewall
Sandboxie
Returnil

Also using:
True Image or similar is a must have.
Firefox with adblock plus and noscript run through Sandboxie

 

@Franklin
That's almost my exact setup. I add a few on demand scanners and scan once a month, but they never find anything.

I'm also trying something new: no Image Backup, only data backup with Karen's Replicator. Only thing I could loose in a disaster scenario is a few giveawayoftheday licenses.

 

Yep, it's a very secure and light setup without the need for blacklist updates.

I'm not suggesting that blacklist scanners shouldn't be used, it's just that I don't use them on my own setups but I certainly use some of them in my cleanup routine on other machines.

SAS, MBAM and Dr Web's Cureit are excellent.

 

Hi,

Uninstalled AntiBot for now and kept DriveSentry.
Why do you prefer DriveSentry over AntiBot. Just asking, because I just started testing drivesentry (didn't know it before) on my system. It seems to run ok next to nod32 3 and OA. But does it really add any protection to my setup?
Is Nod32 3 + OA with hips not enough?

Makios

PS: also dropped Finjan (I ran all 3, because I did'n't know which one to choose so I chose one to uninstall).

 

I think you are ok with OA +Nod32.It's a nice combo.Don't see why you should complicate with another behaviour blocker or HIPS.
I guess on demand scanners don't bother anybody,but personally i don't see why i should waste 3-5 minutes of my life scanning for nothing.Besides you have Acronis.Restorring an image of your C/drive would probably take less than an on demand scan.And if malware would get past OA and Nod (which would be quite hard IMO)than probably an image restore would be more appropiate.
Just annlayse your pc habbits and think what part would be expose.I would reconsider dropping NoScript.All other addons that you are using for firefox are useless IMO,none(except Finjan) offer realtimeprotection.None of them can compare to NoScript.
If you still dislike NoScript i think you can take advantage of OA Runsafer Feature .

 

Ok then, reconsidering that maybe you won't really need Drivesentry(OA should cover them all) you can drop it. I recommended it before because of a powerful HIPS and a good blacklist.

Also, have you tried Opera?

 

I would agree with that. Anything else just adds needless bloat. I would however change

to be any presto or gecko based browser, and any other internet-enable application, run through Sandboxie.

As is always the case, imaging software in your best ally.

 

Yes, I used Opera in the past. I'd probably been using it still if I didn't use Roboform.

 

Thanks for your reactions,

Changed some things in my security-config now:

Resident:
Router with firewall
Nod32 v3
OA free with HIPS enabled
Keyscrambler free (testing)

On-Demand:
SUPERAntiSpyware Free
Malwarebytes Anti Malware free
MBSA 2.1
RootkitBuster
F-Secure Blacklight
Filehippo Update checker

Also using:
True Image
Spyware Blaster
Firefox with
- cookiesafe
- adblock plus
- siteadvisor
- WOT
- NoScript ( giving it a new try, because most people seem to think this is the most important add-on for firefox)
- runsafer option OA enabled
- flashblock

And I forgot to mention Ccleaner and other cleaning tools of course.
I hope this will cover it.

Grtz, Makios

 

I had the same problem, finally i have been using KeePass v.2.05 Alpha and it works like a charm with my Opera.

Also you can read more details about my tests with Passwords Manager in this post: https://www.wilderssecurity.com/showpost.php?p=1311290&postcount=75

 

Sorry, I quote Returnil and SandBoxie adding, I also wish to use an indipendent HIPS instead of OA's features, and as antirootkit scanners I say GMER and RootRepeal.

 

I echo Franklins setup here. I actually consider the security from Returnil to be sort of 'extra'. I like Returnil just for the time savings on defragging and cleanup. I have it set to always on, and I guess Sandboxie is now my outbound firewall.

 

Using Keepass with Opera and it's great
BTW is it possible to request for both a master password and a key file?

 

Makios,

When you run your browsers, chat, mail, P2P, etc (all internet bound programs) as run safer (of OA) you are fine with NOD.

regards kees

 

Yes I've done it.

 

I have seen on this Forum some that recommend GMER, I have Vista and installed that and my system went black and rebooted. Now I cannot remove GMER from my system. What is that good for if it just causes your system to reboot and cannot remove it?

 

Thanks for the advice,

What do you think about Norton Antibot, Keyscrambler and the three linkscanners (Finjan, Siteadvisor, WOT)?

Thanks, Makios

 

I don't think Flashblock is really necessary when you use NoScript? It just seems like you would be clicking twice before you could view a flash video.

 

Thanks, you're right, I removed it.