Security Suite For A New Laptop

Discussion in 'other firewalls' started by Phil587, Oct 12, 2013.

Thread Status:
Not open for further replies.
  1. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    662
    Location:
    USA--Oregon
    I'm not attempting to derail the thread, but as a brand new WSA user myself, I'm wondering how many WSA users feel the need to add Malwarebytes Pro to WSA?

    I do have the free version of MB and I plan on running it weekly like I have for a long time. But, with WSA and Sandboxie, I see no real need to add the real time protection of MB Pro.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Yes, no need.
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    I use MBAM as on-demand with scheduled scans and updates. WSA with MBAM on-demand scans are enough. But if MBAM Pro is realtime with WSA it can only protect better.;)
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Ah great to see you're happy using your new WSA with MBAM Pro on your new laptop.:) You'll not regret.;) Just sit back and relax. WSA will take care of everything ultra fast and smoothly.:D
     
  5. Phil587

    Phil587 Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    14
    I am guessing that depends on your level of comfort with your chosen apps. Myself, I am not ready to give over control of my PC to unknown apps regardless their history and/or fanboys. In this new case, Malwarebytes immediately found something on my new HDD that WSA had either ignored or didn't see. Either way, I'm glad I was running both at the time. I will continue doing so until WSA proves itself. It has a ways to go.

    Phil
     
  6. Phil587

    Phil587 Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    14
    Thanks much PII. You are one of the posters convincing me to try the apps. I am NOT comfortable with WSA so far but I am trying. I like to have total control over what calls out of my PC and, at this point, I feel I have NO control. It's a matter of trusting the decisions made by the programmers of WSA and I have not arrived there. WSA by default is allowing *108* processes on this new laptop to have unfettered internet access. To me, that's just stupid. I have looked at the list and have no idea what many of them are but they are ALLOWED OUT BY DEFAULT -- not to mention the adware allowed to install and call out. Not good business to me. Maybe I will learn to trust WSA but, at this point, I do not.

    Many thanks for your help!

    Phil
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    So you want everything blocked on your system by default, as if it isn't clean? Normally WSA is catered towards inexperienced users, and only warn of untrusted processes if the computer is infected. You can easily change that in Advanced Settings.

    As for whatever MBAM detected... since you provided no details, I can only assume it's a PUP, tracking cookie, or "malware remnant" due to highest likelihood. Believe it or not, I just started using WSA today and found it quite intuitive.
     
  8. Phil587

    Phil587 Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    14
    It's amazing to me how someone sitting where you are can "see" what's on my machine sitting where I am. Maybe one day I, too, will be omnipotent.

    It was actually a BHO, toolbar, and ad downloader combined. The company name was "Omnicent" or something like that. I don't remember exactly because it is long gone.

    Every firewall I have used in the past has been rules-based. You start with a blank page and modify or write rules as needed but *everything* is blocked on install. I have never heard of any product claiming to be a "firewall" that allowed 108 processes a free pass out the back door. As for "easily change" -- it's subjective but -- nope. Nothing easy about it at all. Those allowed out are allowed out even setting to block all. I will have to modify all 108.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    PUP, there you go. It's a simple matter of experience, those are everywhere and many AV's don't detect them by default.

    Not sure how to configure WSA for that if needed, but best to report to them directly.

    Firewall doesn't mean strict whitelisting by default, although that's how they traditionally function. There's this option you can try: Main Interface > Advanced Settings > Firewall > Warn if any process connects to the Internet unless explicitly allowed.
     
  10. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Hi Phil,

    You mean to say 108 processes are listed in Active Connections windows in WSA? Do you have Windows Firewall turned on? I only have six processes listed by the way.

    The WSA firewall monitors data traffic traveling out of your computer ports. It looks for untrusted processes that try to connect to the Internet and steal your personal information. It works with the Windows firewall, which monitors data traffic coming into your computer. With both the SecureAnywhere and Windows firewall turned on, your data has complete inbound and outbound protection.

    The SecureAnywhere firewall is preconfigured to filter traffic on your computer. It works in the background without disrupting your normal activities. If the firewall detects any unrecognized traffic, it opens an alert where you can block the traffic or allow it to proceed.

    To protect your computer from hackers and other threats, the firewall monitors processes that attempt to access the Internet. It also monitors the ports used for communicating with the Internet.

    1. Open SecureAnywhere (see Using the SecureAnywhere interface).
    2. Click Advanced Settings.
    3. Click Firewall on the left. A descriptive list of Firewall settings displays.
    4. Select 'Warn if any process connects to the internet unless explicitly allowed' and click Save.

    You can block active connections and close ports in the 'Active Connections' window. If you want more advance settings to control your connections you can use Windows Firewall to configure rules.

    WSA is built for users who want zero headaches with settings and controls yet want the lightest, fastest and most efficient solution. This is because Webroot had acquired PrevX, a product and technology revolutionary in cloud protection. Webroot products are now masters of Cloud protection and also offer sufficient offline protection until WSA can connect to the cloud. You would have noticed WSA automatically configured its settings most suitable to your particular system and machine. WSA is that much convenient. Installer is downloaded and installed fast. Hence I recommend it to you so strongly.

    All those things are Potentially Unwanted Applications(PUA)/PUP. MBAM found those only because at some point you had changed the default setting of Action for potentially unwanted programs(PUP) in Scanner Settings.

    Many Anti-Virus, Anti-malware nowadays do not scan and remove PUP/PUA by default and consider them low risk.

    http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/#

    http://en.kioskea.net/faq/15731-avast-enable-detection-of-potentially-unwanted-programs-pups

    http://kb.eset.com/esetkb/index?page=content&id=SOLN2629

    You can configure WSA to look for PUA/PUP.

    Untitled.png
     
    Last edited: Oct 16, 2013
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Sorry, but you are likely taking it in the wrong way. If you have no idea why you have 108 processes active then you are likely no idea what these processes do, no idea which one to block or allow and no idea on the impact on the system after that.

    To apply such a policy (total control) you need to have an in-depth mastering of the OS that, no offense intended, by the reaction you had, you don't really have.

    So, why not do something different. Start learning your system: Separate MS OS system components from third party components. Learn which component belongs to... why they are there... etc. WSA meanwhile is taking care that whatever is running on your system is legit and safe.

    No panic or paranoia, relax, sit-down and enjoy .... ;):thumb:
     
  12. Phil587

    Phil587 Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    14
    Did you notice that "unless explicitly allowed" part? Those 108 processes I spoke of are "explicitly allowed" by the program. Therein lies my issue.

    Phil
     
  13. Phil587

    Phil587 Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    14
     
  14. Phil587

    Phil587 Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    14
    So, you are saying I learned nothing in the 20 years I was associated with the internet security industry. OK -- whatever.

    This is a brand new machine I'm dealing with -- less than 3 days old. No, I do not know every executable on it -- just like you don't know every executable on yours. You can bet I will know everything about these 108 before the week is out, though.

    As I said in another post, it's obvious attitudes have changed about what people will allow on their machines, I must assume through laziness since people are so willing to give over control to a software company. I just can't go there -- call it paranoia if you like, I don't care. All I know for sure is since 1987 I have had exactly *zero* problems due to a virus, trojan, and the like. I think I will continue what I have done in the past.

    I believe WSA to be a good, viable option. I just have to learn how to get it under *my* control and not the control of some faceless programmer out in the ether.

    Thank you for your help!

    Phil
     
  15. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    If you are surprised about 108 processes running on your system... then yes... Sorry. You don't need WSA to tell you about them. And you should not be surprised that WSA is not blocking them if they are legitimate. Again no offense intended...:) :thumb:

    If you are a real expert than you know that, if you do not like something on your system then you should not have it there (or running) in the first place. Your approach may have worked with system like XP and earlier but current WIN7/WIN8 are way too dependent on communication with your localhost and remote services to apply a policy of full control. Real full control can only be obtained on open source systems (i.e. where you can actually inspect trasparently the code).

    On top, full control may not necessarily improve your protection against malware on the contrary it may lead to suboptimal experience with your system. So the focus should be on the unknown not the known. If you instead are concerned about privacy then its another story.

    Sorry for the offtopic... close and out.
     
    Last edited: Oct 16, 2013
  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    If those 108 process are showing up in the Active Connections window in WSA you can block the ones you are not sure about. You can also block them with Windows Firewall. But be careful as blocking important processes from internet connection can cause problems. Or you can open a support ticket and ask you to help you determine which processes are to be blocked. You can also ask them for the reasons behind WSA allowing all 108 processes although I get the idea they could be processes found to be safe in WSA scans and hence allowed to connect to the internet.
     
  17. Saint Satin Stain

    Saint Satin Stain Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    222
    Location:
    Huntsville, AL and Greenwich Village, NYC
    Though I have a couple of Macs, digitized all my music in 'em and packed away albums, 45s, and cds; vista box; Ubuntu one too; my main computer runs XP Pro SP 3, 1 gig of RAM, an older AMD 795 MHz and I have Webroot SecureAnywhere Complete (protects computers of 2 relatives, 3 Android phones and one Android tablet.). WSAC, plus free Malwarebytes anti-malware (on the Androids too) and SpywareBlaster, Sandboxie, and the Windows Firewall. Low resource use, about 1-2 percent. I have a few other apps too, the sign of a raving paranoid, but the combo of the two you have, plus either the free or paid Sandboxie and SpywareBlaster would protect well below raving paranoid but with efficacy.

    I believe you made excellent choice, advice here usually good by many. Probably didn't need the Pro of Malabytes.
     
    Last edited: Oct 28, 2013
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Like you guys I came up from Kerio and Nod32. The FW rules I learned from Kerio are still my basic learnings plus what some of the orginals here taught me via the learning threads at the top of the forum on other FW's.

    Now I really don't think we need these fat security products I won't name.

    So I use Sandboxie where my hardened browser lives, with smart screen filter on.

    and I use OP FW Pro 8.1.1 with web control activated the IP block list filled. In their id block feature I fill in the sin number, bank account number etc etc. Many many exe's ask for www access and don't need it with OP I can click one box and block any www activity.

    and for added security (belt and suspenders) MVPS Host file (DNS service deactivated)

    and then MSE (free for RT scans and on demand.

    IF a bad one slips through I can restore from image.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.