Real-time anti-malware software?

I asked something very similar to this awhile ago, but my needs and situation have changed (along with the entire anti-malware landscape, apparently) and I just get confused looking at all of these apps that others around here are running (HIPS category apps and otherwise).

Basically, I'm looking for an anti-malware (adware/spyware etc.) app that has real-time protection that is fairly light on resources and won't conflict with my current setup. Currently I use:

D-Link DI-524 (this would count as a hardware firewall, correct?)
Avira AntiVir
Kerio Personal Firewall (free version 4.2, I've been planning on switching to Comodo for ages)
Ad-Aware
Spybot
SpywareBlaster v. 3.5.1

I also use Proxomitron (sidki config) for browser filtering.


Thanks very much for any assistance.

 

SuperAntiSpyware is a light choice, but why do you think you need it?

You have ample protection, Antivir, Kerio, Proxomitron etc.

And you use an alternate browser like Opera or Firefox, right?

 

Well if you want to keep it free, want another scanner... Want HIPS and realtime spyware/adware protection... I'd have to say Spyware Terminator is a suitable choice.

 

Do you really need one. Your set up looks good.

Free: SpywareTerminator

Paid: Superantispyware Pro, AVG Antispyware 7.5 or A-squared

 

If you're after opinions, and assuming you're limiting yourself to free software:

Swap Kerio for Dynamic Security Agent OR (ProSecurity/SSM)+Winpooch, and turn on Windows Firewall. Get rid of the last three. Realtime ad/spyware is more important than people believe it is, so get Spyware Terminator or Spyware Doctor (there's a free Starter Edition of SD included in the Google Pack). Or you can switch AntiVir for something that catches ad/spyware as well (avast!, Active Virus Shield) and get rid of the need for a separate antispy application.

 

I was under the impression, mainly through reading threads here, that Avira had above average detection of adware/trojans.
Not the case?

Have to agree with SpywareTerminator, been using it (with Avast Home, Comodo firewall, and a couple of immunizers like SpywareBlaster ) for a year or so. No infections.
I use SAS, Asquared, and AVG AS for demand. Frequency of demand scans has gone right down.Nothing is ever found.

If Kerio gives you solid outbound protection, and you like it, I don't see a reason to change.

 

Solid real time Antimalware.... hmm
Add a HIPS and/ or SandBox to ur AV.

 

Not bad choices, I guess. My personal recommendations would be Avira or NOD32 for anti virus, Jetico (more for the Pro's) or Comodo for firewall, Prevx2 or Online Armor or System Safety Monitor (more for the Pro's) and AVG Anti Spyware for anti trojan.

To call the D-Link a hardware firewall is a courageous statement. I'd say "firewall" to something like a ZyWALL 2 or better 5 UTM (with IPS enabled) and up...

Andreas

 

Wow, I didn't know that were actually any rplies to this thread. I had subscribed to it and din't get any e-mails. Odd.

Anyway, to address a few points that some of you have made:

- I use Firefox.

- Why do I think I need it? I don't know, I guess I don't. My main concern is really the security of my connection (hackers etc.). On that note:

- What's the difference between the protection that a hardware firewall and a basic router (like my D-Link) would provide?

- Is GRC still a reliable security test?

- As for HIPS, from my understanding is that this is to prevent Trojans as well as malware? If I'm not mistaken, Comodo has HIPS protection, doesn't it? I know that Kerio does, but not without paying to upgrade.

- What's a good HIPS program?

- Can someone explain basically what Prevx2 and similar programs do? I've read up, but can't seem to make 100% sense of it (I consider msyelf more of an "intermediate" user rather than a "pro").


Thanks again.

 

Prevx 2 and Spyware Terminator have great hips and both are free.

 

Grc is still a reliable test site IMO.

The thinking related to using Firefox or Opera is that they are less of a security risk than IE.

I would replace AdAware and Spybot with A-Squared,AVG-Antispyware,or SUPERantispyware free scanners.

 

Thanks, everyone. I think I'll give Spyware Terminator and SAS a try.

 

I was thinking someone a bit more experienced would answer your 2nd last, but here goes, the HIPS component of ST can be activated only after completing a full scan. (I suggest "test infectable files" rather than testing all files.)Once that's done, check the results (in 3 categories: known software, unknown s/w, and threats. Far from all "safe" software is added to the ST database; that would be unrealistic. You can manually "move" software that you know to be safe to the "safe software" area. Threats should, of course, be investigated/quarantined as appropriate.) The HIPS, when activated, will then pop up a warning every time an EXE or DLL that is unknown tries to run. And, I think, maybe an INI also. In this way, should malware get on to the system, say, something new that isn't detected by a resident shield, you can stop it from executing. Expect quite a lot of these when running new applications or installing new programs. There is an "install" mode, which is good to activate when installing known safe software. Hope that helps.

 

Thanks very much, Tarq. That was extremely helpful.

I was wondering, how does the on-demand scanning capabilties of ST compare with that of SAS, A-squared etc.?


Thanks again.

 

You're welcome.
2nd question, don't really know. Haven't had any malware to test them on, since installing ST.
But I think SAS and A2 have larger databases, ST is increasing all the time, but it's still fairly young. Would definitely not hurt to have another scanner or two available, just in case. I keep those two, plus AVG AS. They're all good, all seem to be pretty highly thought of. Removal abilities probably differ a bit, too, perhaps with one able to remove more of a particular malware's entries than another, and this probably varies application to application, malware to malware, and variant to variant. Provided the core guts of the malware is killed, I guess a few traces left hanging around don't matter so much. But I have seen ST detect reg. traces of old malware long ago removed. The display of same is pretty good, too. Makes a hunt for any traces detected very straightforward.

 

Very wise, make sure to get the NoScript extension.

If you use a router and a software firewall, you will be fine. It's about the best you can do until learning more about them.

Comodo 2.4 has basic Hips protection. Comodo 3 is in Alpha right now. Wait about 2 weeks after it is released for all the bugs to be ironed out. It is suppose to have a nice HIPs system built in.

Don't know about the best, but the easiest I have tried is Winpatrol (it has a free version) and Online Armor 2(not free) OA2 includes a firewall. I'm trying it now. I'm thinking OA2 and the new Comodo 3 when available will be comparable.

Prevx used to have a better website with alot more information. I'm not sure if the helpfile provides any more info. I'm looking into installing this also. It is also free until it finds something nasty. Then the 30 trial starts. The actual price of the program isn't that much either. A basic description is that when something runs on your computer, it checks a database on your computer to see if it's ok to run. If it can't find the information it needs, then it connects out to prevxs' own huge database online. There's more to it than this, but Prevx is hard to describe. Its also newbie friendly and is suppose to be powerful.

Alot of programs have HIPS like features. Even Windows Defender does. The free version of Winpatrol doesn't provide realtime protection, but rather polls or patrols the system every few seconds for specific changes. You can set the amount of seconds. It's a good, easy and gentle way to dabble in HIPS. It uses very little resources also, which is a plus. I would definately consider the Comodo 3 firewall after it's released and the 'masses' have given it a workout. I hopes this helps as I'm slowly learning about HIPS myself.

Cheers, innerpeace

 

Thanks again, Tarq and innerpeace. That all makes sense. I'll certainly wait a bit longer not get Comodo until v3 is released.


What I'll probably do is keep AA and SBS&D and use ST and either A2or SAS along with them. Would there be any conflicts, there?