RegDefend in place of a real time anti spyware app.

I don’t run a real time anti-spyware app, I don’t feel the need to, but I due plan to buy RD in the future. I have checked out a few AS apps and noticed that the real time protection on most either feature a simple registry monitor (spybot, ad-aware) or monitors a host of “checkpoints” (MAAS, Counterspy and Spysweeper for example). Now I have looked at the checkpoints that Counterspy monitors and noticed that with the exception of a few, hosts file protection for example, most of the things it monitors are just registry entries. So my question is can RD simply be set up to monitor most of the checkpoints that popular AS apps monitor, effectively eliminating the need to run an AS app in real time? I would much rather have RD protecting my registry than MAAS, since it does not poll.

 

I do this. But it must be noted that MAAS besides monitoring the registry, monitors files as well, and as such complements Regdefend. And then there is the realtime spyware scan engine of course.

The great thing about MAAS is that each protection can be turned off seperately!

 

I have RegDefend in place along with WormGuard, ProcessGuard, Kaspersky AV, TrojanHunter, SpyBot S&D, SpywareBlaster, ZoneAlarm FW, WinPatrol, IE-SPYAD & MVPS Hosts File. RG, PG & WG are light on system resources and very proactive. I always want intrusion prevention over intrusion detection. My anti-spyware is mainly geared towards "lists" of bad sites so it is a final layer in my protection. My AV/AT although providing upfront protection is more of on demand scanners. KAV was only 48% effective in upfront protection according to the May 2005 report on av-comparatives.org. I went with RegDefend as a fast, proactive registry protector (instead of a polling the system like WinPatrol).

 

Hi Matt_Smi,

I also do not run Giant AS any more. RegDefend goes a long way toward preventing malware from instantiating itself on a system - especially with alot of the research and development work that is being performed by active users who are sharing their efforts on the RegDefend forum.

There are other ways, besides the registry, that malware can instantiate themselves - for example as as a system service, or in the start-up folder. For this reason, products like WinPatrol may be helpful, though I do not run even these products all the time since their polling techniques definitely interfere with processing on my system (e.g. responding to mouse clicks).

For now, my setup is very similar to G1111's. KAV/Ewido providing the outer defense, ProcessGuard/WormGuard an inner defense, and RegDefend, a third-layer of defense. A nice file guarding system (one that does not use polling) similar to RegDefend would be nice. A system that is transparent in its protection and extensible. Prevx comes close, but I personally like RegDefend's technology and sales/marketing approach better. Maybe DiamondCS or Ghost Security will come up with such a product.

Rich

 

It's called online armour.

 

I also don't run much in the way of anti-spyware anymore (except for the occasional scan). Ever since I installed PrevX Pro/PG (and later RD) no scan has picked up any spyware. Been about 3 months now.

Of course at the same time I installed a HOSTS file, use SpywareBlaster, and fixed all the security settings on IE (can't be bothered changing browsers), and later added IE-SPYAD2.

 

Amen to that, Rich!

From what I understand, SysInternals is currently incorporating both their RegMon and FileMon into one package to be called "Process Monitor". But SysInternals products, from what I can tell, are more simply "monitoring" as opposed to proactive (thus, not allowing the user to interact with a specific process to abort or allow it). For advanced users who understand exactly what is happening, a "monitoring" tool could be useful...but for others would be almost useless. If this is NOT the case regarding their products, then SysInternals simply needs to do a little better job with their marketing.

But I agree that a program that watches over both the files (system, program, etc.) AND the registry would be absolutely fantastic!

By the way....I want to commend Ghost Security for the wonderful job that they have done with their website. The detailed layout and desription, along with screenshots, is absolutely top notch! There are quite a few software vendors who could (and SHOULD) take a lesson from you guys!

 

Hi JRCATES,

Yes, what I like about both ProcessGuard and RegDefend is their "transparency". It is easy to figure out what the programs are doing (guarding) and it is easy to extend their capabilities. Already, we are witnessing the usefulness of this extensibility on the RegDefend Forum.

System Internals have some great products, but they are fundamentally using polling techniques. It is very useful, but not as effective as pro-active (hooking) techniques used by other products such as PG and RD.

Cya around,
Rich

 

Please do not mislead people, if you don't have a clue about what you are saying. Sysinternals is a pioneers in the API hooking techniques that you are so in awe of.

Regmon and Filemon are not pollers. If anything products like ProcessGuard and Regdefend are new kids on the block compared to sysinternal.

 

Thank you for the correction. I very much like using System Internals products.

Rich

 

Hey Cluessnewbie....do you think or have you heard whether the new "Process Monitor" will be simply a monitoring tool, or more of a pro-active tool to alert the user to deny or approve of any changes? From my understanding, currently both products (Regmon and Filemon) act as monitors rather than alerters or defenders capable of interrupting and alerting the user of a potentially dangerous process from occuring.....is that correct?