Real time confusion...

Discussion in 'other anti-malware software' started by feniks, Nov 16, 2007.

Thread Status:
Not open for further replies.
  1. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    I am trying for long time to find answers but with no success. So I decided to start this thread.

    This is question about getting real time protection from spyware malware. I am trying Spyware Terminator and Threatfire. ST is using over 50MB memory Threatfire 10 times less. So in this regard I like Threatfire.

    But I do not know if Threatfire is doing the same job as realtime antispyware which is ST (and I am not talking about ST HIPS just AS shield)?

    Can I use it instead of Spyware Terminator?

    I am using also OA free so maybe it is already doing the job as real time antispyware? I know is similar to Threatfire (both HIPS but intelligent differently) :)

    I have Avira free for antyvirus. (recently switch from NOD32). Also I am using OA free without firewall for outbound/leak protection. For inbound I am using now windows xp firewall and I am behind router with firewall (Linksys).

    If I will using Threathfire can I resign from ST real time?

    Or maybe having OA free I can resign from both Threatfire and ST real time (scanner I will like to keep, why not)?
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    ST detects ad/spyware using signatures. TF detects malware by monitoring the actions they perform when they are executed.

    TF is designed to be designed against all types of malware except scamware, like rogue antispyware apps, because they do not inherently display any malicious behavior. Only signature-based scanning is effective against this class of malware.

    Both products use different technologies to achieve their means. IMO TF is superior to ST, but with two notable weaknesses: it cannot detect malware until the malware executes, and it doesn't handle cleaning if your system is already infected.
     
  3. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Thank you Solcroft that was fast. And thank you that was you. I was reading your other posts and like you attitude and logic.

    But if I use next to Threatfire my 3 on demand scanners I am using now (SUPERAntiSpyware, a-squared Free 3.0, AVG Anti-Spyware Free Edition 7.5) for cleaning and regular scans then resigning from ST will be not so painful and unwise?

    And OA is doing something in this matter? I mean protecting from malwares in real time?

    Also I keep in reserve WDF with DSA because I can not decide which I like better. Will the HIPS part in DSA any better from OA for what I want here?
     
  4. Jeleal

    Jeleal Former Poster

    Joined:
    Nov 2, 2007
    Posts:
    14
    Solcroft. After reading the part of your response to feniks about ThreatFire not detecting malware until after it executes. I have a few questions about Zone Alarm Antispyware that maybe you can help me with that I believe pertains to the title of this thread. Do you know if ZA AS with it's Triple Defense Firewall does detect malware before it executes. If so would any other security besides an AV be needed with it. And if yes, would TF be a good addition to it? Thanks for any help with this.
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You need to understand what your programs are doing for you. Asking a bunch of questions about which you should keep, without understanding why, isn't going to help you at the end of the day.

    With TF installed you have a solid barrier against infection. It's up to you if you want to supplement that barrier, which uses behavior blocking, with another technology, i.e. blacklist scanning. I don't, but I recommend it for other people if it doesn't tax your system specs. And lastly, using your software only for cleaning is never part of a smart strategy, because it means you get infected first, and by then it may or may not be too late to fix things.

    OA doesn't protect you from malware, specifically. It just gives you a dialog box asking for your decision whenever programs attempt to perform certain actions, regardless of whether the program is legitimate or malicious. Ultimately it's up to you. It doesn't protect you from malware; it just gives you the opportunity to protect yourself, provided you have good judgement.

    Like OA, DSA doesn't protect you from malware either. But it does monitor more actions, which means it's more powerful, and accordingly gives you more popups if you don't use Learning Mode.
     
  6. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I'm kind of in the same boat as you feniks. However besides OA Free and WDF, I am also wondering about Zone Alarm Antispyware's capabilities. So solcroft do you know if ZA AS unlike ThreatFire, does detect malware before it executes? And if I'm understanding what it's Triple Defense Firewall is, do think it's HIPS protection is on par with that of OA Free and Webroot Desktop Firewall with DSA enabled? I was actually thinking ZA AS and TF would be a good combination, but I don't want to add unneeded protection if ZA AS is enough on it's own along with an AV. Thanks.
     
  7. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    You are absolutely right, thats why I try to learn here.:) Please be patient. I have to start somehow. :)

    Now I know more, blacklisted, behavior - thank you. And if I understand correct the on demand scanners are good after bad things happend, also are all antyleaking things. I want to cover before strategy therefore I ask about Threatfire and real time ST.


    So if I get it right it protecting me also as barrier against infection (that means before malware do something bad) as well is informing me that something wrong is going on after malware is already in my system correct?


    I agree fully.

    So what you think about my protection in this matter. I am behind router with some firewall (Linksys AG241), windows firewall or OA firewall or WDF will be in this department if I understand correct? And if I understand to some degree also Threatfire and HIPS? And also antivirus - Avira?

    Will be real time AS (definitions, blacklisting if I get it) protection before or after? I understand that both, right?

    Or you had something else on mind?

    Last question: will be Spyware Doctor Starter Edition 5.1 good replacement for Spyware terminator in real time blacklisting technology?

    Also sorry for my english.
     
    Last edited: Nov 17, 2007
  8. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Yes I know I noticed many of your post even on other forums. And you have to admit how hard is get straight answer from all these security gurus. They are so high that beyond reach and understanding for small people like me. :D

    They talk like buddhist in riddles and I think before I reach enlightenment on my own I will never understand them. ;)

    Its like two groups in the forums - noobs who try to help each other and try to understand something and these experts who discuss beetwen themselves and for noobs are beyond reach and after their answer you are afraid to ask again because you will be ignored anyway or just chastised for ignorance.

    You have to waste months until you get to something on own strenght actually digging in all these posts. But better than nothing anyway.

    Sorry if I sound bitterly but I am on these forum 2 weeks already searching mostly, asking sometimes and not really succesful. I mean I find a lot of parts of my puzzle but still I do not see the whole picture.
     
    Last edited: Nov 17, 2007
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I understand your confusion. You need for security now, while you are learning. This a period of learning and usually overloading of security apps. In time a noticeable slow-down occurs and the noob wants to strip away some layers of security for better pc performance. There is also another group that you failed to mention. I belong to the group that has learned enough to stay safe but no where near "guru" status. If you run OA-Free with a good AV and a alternate browser, you will be more than safe while learning WSF 101.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I also agree with what monty said. I'm not a guru and I never will be. I'm here to learn about new software and if it's good, stable and something I need or can use, I will consider it. It's also good idea to try or add one application at a time and get familiar with it. One step at a time :).

    I isolate programs from my system that use the internet with a sandbox program. When I'm done surfing or whatever, I delete the contents of the sandbox. If I go to risky places, I turn on a virtualization program. After a reboot, all changes (good or bad) should be gone. Both programs still don't prevent malware from running within the sandbox or virtualized session. That is still why I use a real-time firewall/HIPS and anti-virus and sometimes anti-malware. I really don't think I need the anti-malware though ;).

    I also find with running a sandbox program that I'm mainly using my on-demand scanners for scanning downloads. I do the occasional full system scan when I'm away from the computer, but nothing is ever found. If I download a file I'm not sure about, I upload it to Virustotal or Jotti where it is scanned by many scanners.

    Without trying to sound like a Buddhist :p , there are many ways to protect yourself and your habits. The key is to find what works best for you and your system. You are eager to learn and that is good. Now, determine your risks and then find a way to limit them.

    innerpeace
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Greets innerpeace.

    A very nice and useful read. I practice your same exact habits regarding internet useage and find it's virtually an Iron Wall of protection, at least against any outside influences by design are meant to intrude with malicious intent at our good machines.

    I do take some exception with your underestimating your own determinations, yours is a very wise and intelligent approach in the prevention of keeping your computer as private and uninvated as possible.

    I, like many others here practice the same routine and as you know, it does work. LoL

    EASTER
     
  12. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Thank you, at list somebody understand me. :)

    I was never infected or something even I use internet maybe from beginning of its era. (frankly so long I do not remember). Most of the time I was behind router with firewall and just having NOD32 and Outpost up to version 4. And Syware doctor. So I was thinking I am safe etc.

    But now NOD32 strat with the version 3.0 and shortly speaking I lost my confidence with it. Also Outpost become problem with my system. So I start looking around. o_O

    Solcroft said about strategy and my for sure is not cleaning only. Maby I can describe my strategy and understanding what programs I need to acomplish that as follow:

    1. Good inbound protection.
    - router with firewall
    - software firewall
    - antivirus program
    - HIPS (behavioural and regular rule based) - maybe fit here?
    - real time AS shield - maybe fit here?

    2. Good outbound protection.
    - HIPS (behavioural and regular rule based)
    - software firewall
    - antivirus program - maybe fit here?
    - real time AS shield - maybe fit here?

    3. Making sure I am healthy.
    - antivirus program
    - ond demand AS scanners (3 of them maybe)
    - HIPS (behavioural and regular rule based)
    - real time AS shield - maybe fit here?

    Also never using IE and Outlook.

    Also I do not in which of the 3 departments belong Threathfire and real time AS scanner Like ST or Spyware Doctor. Therefore my original question, which lead to more questions. :)

    So my question is is this good strategy? If yes then I just focus on finding proper programs.

    I know there are Sandboxie and Virtualization but for me It look like magic and I have to learn first. Also I do not want to much hassle and I am lazy and do not want become security guru etc. Just regular internet user with some p2p. I try to be safe and download from good sources only what I really need and first read about it somewhere.
     
    Last edited: Nov 17, 2007
  13. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
    Hi feniks.
    I'd say you're on the right track now.
    Router, av and software firewall.
    In the years I've been running computers those have always been a staple.
    The one difference I have with you is that I've always run IE.
    I personally have never liked FireFox or Opera but have always run SpyWareBlaster with it.
    I have always used OutLook Express but in combination with MailWasher Pro.
    You're off to a good start.
    We all learn by trial and error.
    One thing you may want to consider is some type of back up or instant restore program. Well worth the money. :D
    Dan
     
  14. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Thank you danny9.

    I think I start new post with that as this is something different from original question and I may not have good feedback.
     
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    No, ZA AS does not detect malware in the sense of using signatures. The AS scanner in ZA is demand only, it is not acting realtime to intercept spyware. Protection realtime comes from the SpySite blocking function and the Operating System FW which can prevent the functions of spyware should it become active on your system. Thus if spyware attempts to change the Registry to autorun at startup ZA should prevent this, amongst many other things. If the malware cannot fully install it will be easier to remove with a demand scan.

    Some AS programs do indeed inspect files realtime. For example AVG-AS will scan any file attempting to start on your system, it then scans it agaun as it unpacks into memory; but it is using signatures so it must recognise the danger to act. ZA AS will be acting even if the malware is unknown.

    For ZA-AS OS FW to be invoked there must be malware activity occuring. The most satisfactory protection will come from preventing any unknown file from running at all. For that you need HIPS execution protection. Counterspy offers a compromise in that it is an AS Scanner that has execution protection (not enabled by default I believe), but if you do allow a bad file to execute CS will block its attempts to change vital parts of the Registry.
     
  16. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    It is similar to how Threatfire works?

    You mean regular HIPS not like Threatfire?

    So in this regard OA free or WDF with DSA will be better than ZA AS?
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    OA-Free or WDF with DSA or ZA AS with ThreatFire. Depends on your needs, whether you need lightest in ram or most secure or easiest to set-up and least bother...
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Count me in this group :)
     
  19. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    So in short all three options will be working in similar way?

    I have this free offer of ZA AS but according to you I will need Threathfire so to heavy in resouces (even without T). And from the three kind of most hard for me to understand and learn its way of functioning.

    OA firewall part not working good with p2p so no good for me.

    WDF works perfectly, setup OK, resources good, but what about security part of it between these 3 options?
     
  20. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I'll add to the confusion. How about using Spyware Terminator with HIPS enabled and ThreatFire together? They should work ok together as ST isn't behavior based, and between the two it should offer as much protection as OA Free or WDF. I am beginning to believe though, that Zone Alarm AntiSpyware offers plenty of Real Time protection because of its Operating System Firewall and a few other features.
     
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I agree feniks, it does look like magic at first. I was very intimidated. I personally learn by doing, so I gave them a shot after hearing many 'gurus' used them. I found out that they were easier to use than I thought. I also admit they are not for everyone, but I thought I would mention them anyways.
     
  22. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Hey, ST also offers the integration of ClamAV into it's real-time monitor that does not conflict with a resident AV. (I checked this out myself-no conflict) You could combine the full (AS,AV&HIPS) ST with ZAAS, TF and Avast (I think that's what you're using) but I'm not trying to suggest you attempt this set-up Wordward. :shifty: :blink: o_O

    P.S.-I meant the AS-scanner in ZAAS is on-demand, not the x3FW.
     
  23. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    19monty64 You could combine the full (AS,AV&HIPS) ST with ZAAS, TF and Avast. All right now you're just getting crazy. LOL. Actually where I'm stuck at is deciding whether or not I even need a software firewall. Although I'm behind a router firewall, I am on a wireless PC with two other PC's on my network, (wife and son) and I read that an infection they may get could also infect my PC. Again though TF or ST with Avast should pick it up. Plus the Windows Firewall would be enabled. One things for sure. By the end of the day I'm going to make a decision so I can move on with my life. LOL.
     
  24. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I had hoped you'd realize that I was being sarcastic. The combo I suggested could cause palpitations or insanity. A sleep disorder in the least. By setting your LAN as untrusted in your router, you could get by with as little as TF and Avast and skip the rest. The performance gains are hard to give up. TF and AntiVir (under 20MB/ram) and my router is all I use. With TF possibly slowing your internet speed, PrevX may be a suitable alternative. Options, options and more options. So little time and so many options...
     
  25. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Hey 19monty64. Of course I knew you were being funny, that's what i like about you and Hairy Coo. I just don't know how to copy what someone posts and then put it in mine like I see others do. I think I did at one time, but with all mu indecision lately with security software I have no more room in my brain. LOL. Anyway now that you mentioned time. It's time for me to decide what to use and stop this insanity. LOL. Someone in the PC Tools ThreatFire Forum said they used ZAAS and TF with no problems. However it is most likely overkill. Oh, and you can be as sarcastic as you like. I have learned not to take myself that seriously, and often laugh at myself for things like all of this security software nonsense. Now if I only I can get my wife to laugh about too. LOL.
     
Thread Status:
Not open for further replies.