Realtime protection of MBAM and SAS Pro

I got attacked yesterday and had to reformat my computer, SAS Pro protection came up and blocked it but when I restarted the virus still took over my computer and had disabled SAS and Avira. Question is what and how do realtime protection in SAS and MBAM differ? Which is more reliable?

 

Hi disinter1,
It would be of interest to know what other security you were using. Sorry I cannot answer the question. I have SAS Pro, and MBAM free, but do not run them except on-demand. My signature gives my security set up.
Thanks,

Regards,
Jerry

 

From reading the forum, the MBAM real-time protection features an IP blocker which will prevent you from visiting sites that MBAM has identified as malicious.

How were you attacked, were you unaware while browsing or was it from an external drive for example?

If either of the above, you could install something like www.threatfire.com which is free and prevents any significant changes/damage to your system. Test after test, this does well. I'd feel more protected with this alone, and running a regular on-demand scan with another program ( www.hitmanpro.com for example).

If browsing, I'd install the free version of www.sandboxie.com. Nothing will bust out of your browser, or whatever else you run as sandboxed. Just make sure you configure it to recover downloaded files from your specified download area (eg. set firefox to download files to desktop, sandboxie to recover from desktop), and to allow you to create bookmarks, and you're set.

 

About reliability, I don't think there is any definite answer. All depends on the sites you're surfing (one person may visit games/european sites, another might spend more time downloading videos from rapidshare) and pure luck (did you think the installation file was safe but wasn't).

Person has product X and says it's the best since sliced bread, another person has product X and gets hammered by malware every week.

 

I too am curious to read comparisions between the two... but the forum rules apparently don't permit A vs b threads.

In any event, I absolutely do not want to read about ThreatFire or (noted, before jmonge inevitably chimes in) Defensewall in this thread.

 

From forum searches, not sure if many people here are using the paid products of both. Seems most use it as an on-demand scan.

I'm interested though in how both perform in real-time, especially MBAM's IP blocking.

 

From my experience, SAS puts merely a few dll's in IE to prevent a few things from happening. It seems realtime of these might be a joke to some. On 200x/XP/Vista/7 Rising PC Doctor (FREE) seems to do the job just as well as per IE. Anyone still use IE?

Dave

 

Decide yourself (two small tests by me):

Malwarebytes
https://www.wilderssecurity.com/showthread.php?t=252095

SAS
https://www.wilderssecurity.com/showthread.php?t=250155

 

very interesting test

 

I came to the realization that programs like SAS and MBAM (I have licenses for both) need to be combined with programs that do not rely on signatures or heuristics like HIPS programs such as Malware Defender or DefenseWall and system hardening. There is just too much malware out there for signature based programs to keep up with. I rely on programs like SAS and MBAM more as scanners than for up front protection.

 

.
I cannot specifically answer your question, but I am interested in the issue of self protection in general. MBAM is regularly targeted by malware which prevents it from installing or running. Many AS and AV programs are rendered useless by malware. Prevx 3.0 is the only program I'm aware of at the moment that has settings for self-protection. It would be really interesting to see how it resists attack depending on the level of self protection enabled.

 

@G1111 i agree 100%

 

Yeah, I was downloading cd's on a site i go to often, and BAM! got attacked and avira alerted me and then shortly after SAS alerted me, then I restarted then SAS and Avira were both disabled. My computer was being controlled by these viruses/spyware and it was scary man! But I think I need a hips and sandbox just to complete my safety online.

 

To answer your original question, I wouldn't describe either as reliable real-time protection, but between the two, I would select MBAM over SAS just from sheer weight of forum member's input. I would definitely suggest to you a product such as GeSWall.