Quietest 'safe pay' type protection?

Discussion in 'other anti-virus software' started by silverfox99, Aug 7, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    @PrevxHelp
    I tested WSA and SpyShelter test on Vm, i will re-test it real machine.

    is WSA compatible with other AV's? Especially Bitdefender and Kaspersky? Can user run together them?
     
  2. Lucius

    Lucius Registered Member

    Joined:
    Dec 9, 2010
    Posts:
    77
    Maybe a silly question but if you run kaspersky or bitdefender why do you need WSA?
     
  3. guest

    guest Guest

    @Lucias;
    Nope, very good question. Short answer; Actually no need, you are right.
    Some users like to use 2-3 security product on their computer.

    Also, When i look last test results, KIS and Bitdefender have very good score. WSA has lower score than both. Many people will select KIS/BD instead WSA. If it is compatible, More user can use it as complementary software.

    Emsisoft example, We can use Emsisoft with other AV's, right?

    So i ask @PrevxHelp.
     
  4. With a few tweaks WSA is a solid solution, meaning it blocks every zero day I throw at it (getting them from a malware reverse engineer).

    1. Set all internet facing software to monitored
    = same protection as appguard guarded aps
    2. Set community to high, meaning only applications are allowed to execute which have been seen by a large portion of the WSA community (two years after WSA , Avast 2014 will also offer this whitelisting feature) = same protection as AppGuard in user space, only instead of deny all, it uses a whitelist like AVAST 2014
    3. Increase heuristics for drive by/drive in (internet, USB, mail etc). My wife has WSA since PrevX 4 beta, no falsepositive with these increased heuristics for two years
    4. Increase HTTP default to protect browser from changes. No false positives, prevents installation of MITB attacks for normal webtraffic also
    5. Set outbound firewall to alert for untrusted programs

    It really beats me why WSA does not offer a simpler GUI, with normal and paranoid protection (paranoid being the changes I have mentioned).

    I don't pay for software as a rule, because there is so much excellent freeware available and I have suffucient security knowledge, unless this is real excellent software (like DefenseWall, Sandboxie, AppGuard, EAM and WSA). Okay I have not tested all, but I have trailed Bitdefender IS and WSA with my paranoid settings beat Bitdefender against zero day malwares (also EAM with some tweaking stops most of them). I agree with Jeff (Trjam) that WSA should simplify its settings and apply a normal and paranoid policy. They should ask testing agencies to test their application in paranoid mode (which would make them top3 in all charts).

    So to answer the question of Lucius (I don't know for Kapersky), because WSA blocks more zero days than Bitdefender IS using a few tweaks
    On the other side: I do not have twaeked bitdefender IS, but BS IS seems to apply a good default with KIS (keep it simple policy, not the 100+ options of WSA). So on the plus side for BD IS: out of the box Bitdefender IS is a bettter solution as WSA in default settings.

    Regards Kees
     
    Last edited by a moderator: Aug 9, 2013
  5. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Yeah, after thinking it over, I went back to Avast Internet Security Safe Zone Browser. I do lots of banking, financial transactions on Amazon/eBay so just to be a bit safer, bid adieu to F-notsoSecure.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, you can use them alongside each other with no problem. Let me know your results or if you run into any problems with a real machine - send me a PM if easier if I end up not checking this thread often enough as I'd definitely want to get to the bottom of anything not working correctly for you.

    Thanks!
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The 2014 product has a massive UI change coming, along with a considerable simplification of the heuristics options to better align with what you've discovered. Thanks!
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,539
    Location:
    Outer space
    A new simple settings scheme sounds good, but I hope you keep advanced settings for advanced users.
     
  9. Great to hear that that heuristrics will be set to high for threatgates (internet mail USB) in 2014 version.

    What about providing a preset "secure option" besides the "factory default" which raises protection for:
    1. Monitors all internet facing software by default (browser, mail, mediaplayer). With this "monitor untrusted" tweak the build in HIPS/Behavioral Monitor will keep them in limited user environment. This limits damage of any zero day intrusions to ring3, keeping the core of the system clean and easy to remove using the advanced BB monitoring.

    2. Increase firewall default from "after infection" to "new untrusted process". When you combine it with the "factory default untrusted list as suggested at 1", chrome or WMP connecting out for the first time will be recognised as a program from the "factory default untrusted list" and WSA can quietly allow outbound connection. This to reduce pop-ups for the end user.

    3. Set community default to "Seen by a large portion of the WSA community". This whitelisting feature will automatically stop zero days from slipping through.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    OK, the first thing I discovered is the wireless security feature of Safepay doesn't work in the trial version of BD IS 2014. After I activated my license the secure connection feature kicked in automatically when I started Safepay at Starbucks (open wifi). The secure connection only protects the Safepay browser though. That's unfortunate since I prefer that all of my internet facing apps be protected. Still, this is a real plus for anyone who wants to do secure transactions and doesn't have a separate VPN subscription.
     
  11. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Do we know what protection the toggle for 'Monitor Wi-Fi Connections' is doing in BD 2014? (Settings/Firewall/Advanced)

    WiFi_BD.jpg

    I have it 'on' just not sure what protection this is activating? Do I have to do the same for 'SafePay' browser or does this setting cover Wi-Fi whether user browser or safe pay browser is used?

    ok, I see 'hotspot protection' toggle in SafePay browser settings. Is this protecting open WiFi eg in Starbucks? Obviously can't post a screenshot of that but is in Safe Pay/Settings
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    If you click on "?" (help and support) on the Firewall Advanced Settings screen it says "Activates Wireless Connection Monitoring" when you point at the Monitor WiFi Connections toggle. I haven't confirmed this yet, but my guess is when this is ON Safepay will automatically secure the wireless connection when the firewall detects unsecured wifi IF Hotspot Protection is also ON in the browser settings. Based on my test today it appears that the VPN protection only covers the Safepay browser.
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Thanks, Vic.
    Jerry
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I have been hollering for this since it came out. I love WSA but if they simplified it to be more user friendly for the normal user, it would stay at the top of security products.
     
  15. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Yes I think you correct.

    Bitdefender Safepay FAQ
    http://www.bitdefender.co.uk/solutions/safepay.html

    What is hotspot protection?
    "If you connect to a random Wi-fi network (for example, an airport, an Internet Cafe or a pub) while using Bitdefender Safepay™, an extra layer of security is offered by the Hotspot protection feature. Hotspot protection is a premium feature which encrypts the Internet communication over secure and unsecure connections, helping you to maintain your privacy no matter what network you are connected to. The secure connection will be initialized and a message will be displayed in the Bitdefender Safepay™ window when the connection is established. The symbol safepay_secure_symbol.png appears in front of the URL in the address bar to help you easily identify secure connections."

    ....... and on the BD IS front:

    Two-way Firewall
    "The two-way firewall continuously monitors your Internet connections and prevents unauthorized access, even over a Wi-Fi network."
    http://www.bitdefender.co.uk/solutions/internet-security.html

    So BD claims protection for Wi-Fi connections in both BDIS and SafePay but only safe pay creates VPN so suitable for 'open' Wi-Fi connections, and BDIS firewall will detect 'unauthorised' attempts to access from a 'closed' or password protected Wi-Fi eg in the home?

    That sound about right?......
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    It would be nice to know more specifically what kind of protection the firewall is providing "even over a (unsecured) wifi network". All software firewalls can close/stealth ports, etc, and I'm curious if the BD firewall is bringing something new to the table?


    The typical home router protects wifi with WPA/WPA2 encryption. The connection is encrypted between the router and the PC as with a VPN. I believe the BD firewall provides the same protection regardless of whether the data is arriving over a wireless or wired connection.
     
  17. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    re 'safe pay' type browser - Integrated vs separate?

    I presume there are security vs convenience trade-offs here? Some vendors have developed their 'hardened' browser for banking/shopping as a separate browser, some have integrated their module to work in the open browser that the user has been working with.

    I am guessing that the separate 'hardened' browser opened when required for banking should provide better security, than 'integrated' options?
     
  18. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Thanks, but I've never felt entirly comfortable with WSA's protection capabilities. Recently, for example:

    AV-TEST Product Review and Certification Report – May-Jun/2013
    Webroot: SecureAnywhere Complete

    http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5Breport_no%5D=132319

    If i recall correctly from reading test results over the past year, FPs flare up and down from month to month, and 'events requiring a user interaction' (eg Allow/Block decisions) also appear much more often than i would find acceptable.

    I acknowledge that WSA is a product well loved by some, has a loyal fan base and the best support in the business though!
     
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    Smaller attack surface.
     
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    Like all security apps there must be a fair amount of variability depending on the user's system. I've been running WSA on three machines for about a year and I can't remember either an FP or an "event requiring user interaction". It's been dead silent including upgrading without requiring a reboot.
     
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    AV-Test/AV-C don't test any of WSA's generic protection or generic remediation capabilities. We're working with them to improve the compatibility with how we operate, but none of the current tests truly reflect how WSA functions.
     
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    During my preparations for Virus Bulletin 2013 conference presentation I have made a kind of malware simulator (very primitive one, I must say!), just read your statement and made my mind to test it against WSA... Very disappointing (for WSA, surely).
     
  23. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    IIRC WSA said previously that it work well against 'known' threats, not malware simulators. There was a MRG Effitas banking protection test using malware 'simulators' which WSA failed, but WSA say as it was a sim, they don't protect as WSA had never seen the sim before and didn't regard it as malware?

    Having said that, if you look at the new MRG Effitas Online Banking /Browser Security Assessment Project Q2 2013 (published 12 August - specific Zeus MitB samples) WSA blocked 100% (along with several others) - so good result for WSA.

    Replaced link to new dedicated thread on topic: https://www.wilderssecurity.com/showthread.php?t=351873
     
    Last edited by a moderator: Aug 13, 2013
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    1) Agreed. Put monitored applications in very strong sandbox. Depending on how much the application is trusted, the limits for the process could be tighter or looser, i.e. given more or less access to critical areas.

    2) This I already suggested, but got the answer from Joe that Windows 8 was built in this way and there was nothing to be done about it. "After infection" is not enough for me personally... but it's a Windows 8 problem, or so I hear. "New untrusted process" would be more logical for anyone who REALLY wants to control one's network and potential leaks. I for one don't want my the documents of my dissertation leaked just because WSA missed an infection and that infection steals my documents. It could be prevented if "unknown or untrusted processes" could not reach outside my home connection. Currently not possible with WSA and Windows 8, but is possible with WSA and Windows 7.
     
    Last edited: Aug 13, 2013
  25. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yes, and 100% protection ITW samples.

    Still, see my post above. I really want an option for Win 8 users to be prompted about unknown processes trying to connect to Internet. That's what I really miss.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.