Suite vs layered approach

Discussion in 'other anti-virus software' started by truoc, Feb 1, 2013.

Thread Status:
Not open for further replies.
  1. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    For the last couple of years I've been running a layered approach to security. Before that I was an Avira Suite user and before that I recall using Avast Home, ESET Suite or even AVP / Kaspersky.

    I realized that I was never ever getting malware at all and wanted to control more my security settings and have a leaner system. I tried many programs: antikeyloggers, firewalls, HIPS, SBie...

    My current setup is: Windows 8 Pro x64 + Win FW + WSAC + WinPatrol + Ad Muncher + Norton DNS + some one demand apps such as Hitman Pro and MBAM. Plus I use FFX with NoScript + RequestPolicy + HTTPS Everywhere. Looking up for a new EMET that officially supports Win8 (current build is buggy in Win8 AFAIK).

    My system feels light and secure. :D :D :D
     
  2. truoc

    truoc Registered Member

    Joined:
    Dec 31, 2012
    Posts:
    35
    Location:
    United States
    Yeah my current setup is similar to yours. Windows 8 x64 + Windows Defender + Windows Firewall + WinPatrol + Zemana Antilogger Free + EMET. I haven't been infected while using this combo, but for some unknown reason I don't feel safe using Windows Defender as my AV. For some reason I feel safer with the free suite I get from Comcast (Norton Security Suite aka Norton 360 just repackaged). False sense of security? Maybe and that got me wondering if I really do need that suite. It's weird too that I even have those thoughts considering I've never been infected with the current setup I'm running.
     
  3. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,089
    Location:
    Europe, UE citizen
    I think that theoretically layered protection is better, because it uses softwares of different producers, differently developed, and it makes things harder for intruders. But actually security softwares are increasingly sophisticated, they basically work at a very low level of the system, so frequently they make conflict. Nevertheless I think that the best way is don't trust an only one solution, and test a combination that work fine.

    p.s.: why here and not in " other anti-malware software " ?


     
  4. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    prob same reason "suites" get discussed here!
     
  5. truoc

    truoc Registered Member

    Joined:
    Dec 31, 2012
    Posts:
    35
    Location:
    United States
    Good points. If this post is in the wrong forum feel free to move it and I apologize for putting it in the wrong section. One other question, do you guys feel that if you go the suite route do you feel it necessary to keep other programs such as antikeyloggers, EMET and other HIPS programs or do most suites already have these in them and it would be repetitive to keep them around with a suite? Thanks.
     
    Last edited: Feb 3, 2013
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Its depends on the suite chosen. Some of them have the anti-keylogger feature well developed and implemented (WSA, Kaspersky) others less. Do some reading and review tests. They can give some hints on best features out there. Then try them and decide based on how they behave on your PC.
     
  7. truoc

    truoc Registered Member

    Joined:
    Dec 31, 2012
    Posts:
    35
    Location:
    United States
    Yeah I'd use the free version of Norton 360 that is offered by my ISP. I'm pretty sure it uses HIPS so don't think I would need to keep WinPatrol, not sure if it has antikeylogger so maybe keep Zemana around and keep EMET for hardening. Thanks again for everyone's replies this is a great community.
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,089
    Location:
    Europe, UE citizen

    Another HIPS or similar would be not only repetitive, but also potential compromising the stability of the system and the effectiveness of security programs, just they work at low level.
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    whatever route you choose you still need to use a fair modicum of common sense
     
  10. century

    century Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    92
    trouc dear, once you have joined this forum your fate is sealed. You will never be satisfied with a single suite taking over your machine. Your innate curiosity will drive you towards tinkering & modifying. And hopefully someday you will be a master at this. Long live the forum.
     
  11. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    This is very true, i am one of the victim.:D
     
  12. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    371
    Location:
    DownUnder
    I'm a layered approach man myself (or is that bits and pieces?)

    Very True! - the contagion is unstoppable! - And there is NO vaccination! :D
     
  13. truoc

    truoc Registered Member

    Joined:
    Dec 31, 2012
    Posts:
    35
    Location:
    United States
    LOL I am finding this out rather quickly! I cannot stop testing different combinations and should stick with one that hasn't let me down, but the urge is just too great!
     
  14. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,253
    Location:
    North Texas
    AV rehab is close!!!:D
     
  15. 031

    031 Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    187
    Location:
    Bangladesh
    :thumb: :thumb: :thumb:

    If we rely only on one product, this can happen :D :D .
     
  16. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I made my set-up to be a light mixture of both.

    G-Data IS + Zemana.

    Bitdefender
    Avast!
    And Zemana as a final line BB.

    It also requires no attention after its set-up.
    I think layering is fine as long as you don't have to fiddle with it all the time.
     
  17. manak

    manak Registered Member

    Joined:
    Aug 12, 2012
    Posts:
    78
    Your current setup is good enough.
    Windows Defender(/MSE) is a good AV(signature-based anti-virus part) and Windows 7/8 built in firewall is good enough too (TrendMicro, F-Scure, Webroots their AIO Suite rely on Windows firewall).

    These days single anti-virus products already provide multi-layer approach protection. Anti-virus/anti-spyware, Cloud Based Scanning(usually for whitelisting), behavior blocker(or HIPS) Web protection(URL blocking), Network inspection(/Internet protection), ISP(ex: Norton antivirus)

    What about web browsers? they have their own security features and you can add security add-ons like NoScript. If you use Firefox I recommend to use NoScript(add-on).

    Don't get me wrong I'm not saying AIO suite(paid) is bad idea but even If you use one anti-virus product(Windows defender) there is multi-layer protection.

    I just like to say it's not Suite vs Layered approach. It is your combo suite vs Comcast(Norton) security suite :)

    It's complete up to you use your combo suite or Comcast(Norton) security suite. There is No False sense of security.
     
  18. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Not defending Symantec but they claim that NYT 'turned off' some of the suite protection modules, (possibly due to FPs in the enterprise environment?)

    Symantec Statement Regarding New York Times Cyber Attack
    http://www.symantec.com/connect/blogs/symantec-statement-regarding-new-york-times-cyber-attack

    What is not clear is what Symantec product line and version was in use and what modules were active at the time of infection.

    "Advanced attacks like the ones the New York Times described in the following article, (http://nyti.ms/TZtr5z), underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

    So NYT have/had SAV (version unclear) which Symantec not longer sell as a sole AV, but still support whilst encouraging enterprise customers to migrate to Endpoint Solutions with multiple 'layers' of protection?

    I guess if i installed NIS and then went through setting and disabled everything bar basic AV sigs, i would have to understand that i am reducing protection, possibly by a significant margin. If that's what NYT it tech did then on their heads really.........
     
  19. truoc

    truoc Registered Member

    Joined:
    Dec 31, 2012
    Posts:
    35
    Location:
    United States
    I think you hit the nail on the head right there. I go back and forth on this quite a bit. Should I use the Norton Suite or just Windows Defender/MSE? Do I really need the protection of a full blown suite or will a stand alone AV be sufficient? Does the suite slow my computer down or not? Is Norton the way to go with all the reviews? etc etc. I would go another free route, but I don't care for avast and I would try the new Btidefender offering if it didn't auto delete FPs. Constant game of second guessing which all seems really dumb now that I think about what I am actually typing in this post. Arguing with myself over what AV to use when I can't even remember the last time I've seen an AV that I used actually pop up and tell me something was blocked. Ah the joy. :D
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,707
    Location:
    USA
    Just install Sandboxie, and the second guessing and arguing goes away.
    AVs become supporting cast members.
    If they show up or if they don't, it really doesn't make that much of a difference.
    It's the ultimate in layered approach... SBIE and some other stuff. ;)
     
  21. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @Page42
    Couldn't agree more.:thumb:
     
  22. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    :thumb:
    Very good explanation, imho
     
  23. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Briefs dude, im used to them. :D

    Just get any reputable software on your system and be careful what you do in the web, that should probably avoid 99% of infections. :D
     
  24. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The advantage of a suite is that it will generally be easier to use and maintain. You'll get something closer to set-and-forget protection. It may also cost more if you use paid apps.

    The advantage of a layered setup is that it's more likely to work the way you want, and malware counter-defenses are less likely to bypass your particular setup (depending, of course).

    If you don't really want to mess around with learning and keeping track of the different apps, then the suite is the best way to go; those things are important because if you don't know what you're doing and how those things work then you probably won't be able to use them effectively and you'll be worse off.

    As the others have pointed out, though: the fact that you're here and asking this question means that the damage is already done and you'll never be happy with your security setup ever again :D :D And you shouldn't worry about justifying the decision to switch software around, IMO (as long as you're within your budget); learning and trying things are good things :)
     
  25. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,794
    It's just the beginning....
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.