Question on setup

Discussion in 'other anti-malware software' started by Newby, Nov 24, 2007.

Thread Status:
Not open for further replies.
  1. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Dear members,

    I would like some feedback on my security setting.

    1. Vista64 wih CUA in quiet mode, signed driver restriction is still ON

    2. Windows Defender realtime on (no scan), creating a restore point for roll back after wrong decision.

    3. Sana Security Primary Respons Safe Connect

    4. Avire real time with read check = OFF, but write check is ON, heuristics set to high.
    5. Avast with only MSN, E-mail, Webshield with sensitivity on high (most slowdan of AV's disk read an application control (checking also loaded libraries etc).

    6. HauteSecure IE7 protection + protected mode browsing


    Incoming web traffic is dealt with by my Router's NAT + SPI (headers) FW, I have no outbound defense and really do not mind from a data theft point of view (only games are on their, I use electronic banking from an old PC with EQS + AVAST)

    thanks for any comments
     
  2. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello Newby,

    While I can't comment on Vista as I currently have no experience with it, personally, I would uninstall(preferable) or disable Windows Defender since you are already running both HauteSecure which is a soft sandbox/HIPS/behavioral hybrid and Primary Response SafeConnect which is a behavioral anti-malware application. If I am reading correctly, it appears that you are currently running two resident antivirus programs simultaneously(Avira and Avast). If that is the case, I suggest that you either relegate one of the two to strictly an on-demand capacity(all real-time functions disabled) or completely uninstall one of them. The former suggestion was made to minimize/eliminate potential conflicts and the intention of the latter was to recover system memory resources for a lighter and faster computer. The rest of the setup looks fine. Hope this helps.


    Peace & Gratitude,

    CogitoErgoSum
     
  3. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    CogitoErgoSum,

    Thanks for the suggestion. I should have given some more information.

    Intrusion protection

    I have UAC configured as in this post
    https://www.wilderssecurity.com/showpost.php?p=1075022&postcount=1

    Good and bad side is that it silently elevates rights (TweakUAC quiet mode) for the user also being also admin (so you won't get the irritating unknown program pop-up over and over again). For a few options (like file and registry protection), you still have to give an additional okay when admin rights are required. Also the do not recognise installers option set to OFF, let most 32 BIT installers fail because the program is not auto elevated. So I have to run them as admin (which gives me the opportunity to explicitely choose for it).

    I have Defender (which takes very little CPU time) configured to only warn on
    - registry: auto starts
    - changes of system configuration
    - services and drivers (very nice to know)
    - execution of programs (watches for 'piggybacking' Microsoft does not explain what is monitored, maybe some experienced member could tell me).
    - registration of applications (like dll's)
    - additions to Windows itself (Windows Add ons which might install something)

    So I have excluded the IE7 bits (also to prevent acknoledge wearyness = when your HIPS warns you against everything like Comodo's Defense plus, it becomes pretty useless, because you develop the habit of allowing the messages you do not understand). I also have set the scan option off (it is pretty weak anyway).

    HauteSecure (and protected mode of IE) will fill in this IE protection part. In that sense they do not overlap and are complementary in stead of overlapping.

    Primerary Responde Safe Connect and Defender do overlap. In thiS context I use PRSC as my expert assistant and let this application (at least I hope it does it) correct my errorfull decisions on matters with security impact. Because Defender creates a restore point before every decision I make, I have a roll back option for decisions on issues PRSC considers not harmfull/does not cover. When I make a decision I regret (on minor issues) I can easily correct them. The UAC and Restore point option of Defender, really complement nicely. I do not understand teh Defender bashing. I would have replaced it without trying when I was not in the situation, that there are limited options in Vista64. Now using it in this manner (with the added knowledge of PRSC, which prevents earlier) it has proven very easy to use and light on resources.

    Antivir only checks on writes at the hard disk. With my Raid0 setting and caching allowed, this does not seem to give any delay in program response. The Avast standard shield is stopped, so Avast and Antivir do not overlap.
    What I like about Avast is that it also has AntiSpyware definitions in its engine. So on inbound data recieval (like E-mail, Messenger and Webbrowser) it checks those incoming streams before they are executed or written to my harddisk. This provides me with a (at least as I understood) with an additional defense against for instance (known) drive by malware. Because this feature is not in Avira and Avast has its architecture nicely organised in seperate modules, those two AV's do not overlap in functionality. Yes it will cost some memory, but with my 4Gig memory and a fast PC (dual core @3.2Ghz) I do not feel this.

    My interpretation of what I have read on this forum
    Concluding Yes there is some overlap between PRSC and Defender, but it feels like having an Expert on the fly (PRSC) for really bad things and a roll back option (Defender) for less severe issues.
    Avast and Avira only eat memory, they do not really overlap. I think I have the best of both worlds (high rating of Avira against virusses, trojans, etc) and forward checking capabilities of Avast (against executables in incoming streams). I have used a logging program (have uninstalled it again so can not remember the name, but it was from a post of Bellgamin I think) and could check that startup of programs is faster than for instance Avast alone with standard shield enebaled or Avira alone with both read and write check enabled. Also the harddisk throughput performance on reads was 5% better (in current setup, compared to either Avast or Antivir with normal options enabled).

    Please feel free to correct me on this interpretation

    Thx Newby
     
    Last edited: Nov 25, 2007
  4. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello Newby,

    Based upon your explanation, I feel that you have a sound and secure defense arsenal. What is most important is that you are not experiencing any conflicts or excessive slowdowns with this setup.


    Peace & Gratitude,

    CogitoErgoSum
     
  5. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Hi CognitoErgoSum,

    Nice nickname by the way. Problem is that I composed it based on several readings (e.g. in Wilders by Kees1958 ), but I do not have the knowledge to determine whether my conclusions are correct.

    After all when you compose something out of other information sources, this second hand thoughts might well be way off (e.g. the moon is yellow, round and has holes in it, thus it is like a gigantic Gouda cheese).

    Thx for responding

    Regards Newby
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hello Newby

    Obviously you are less a Newby than your nick name tells us. Since my son has nearly the same setup (except running Avast with standard shield), I will give the Avira (only write harddisk check) - Avast combo (only forward checking = read modules like WebShield and Messenger) a try.

    Regards Kees
     
Loading...
Thread Status:
Not open for further replies.