The Triple Threat

Discussion in 'other anti-malware software' started by WilliamP, Feb 23, 2008.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How about this one? I turn on Returnil. Then open FF Sandboxie'd ,energize DefenseWall . While surfing I have COMODO Defense+ and NOD32 running. Can anything find it's way through that maze? I did have SSM but there was problems between it and D+. They were both trying to outdo each other and would lock things up. Especially downloads.
     
  2. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I think that returnil and defenseWall might be overkill given whatever else you have to protect you... However if it works, and your pc can handle the overhead.. why not?
     
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Very overkill. If you can handle having to deal with all the pops and have the virtual partition working fine then thats good. I went from setup like that to just Antivir, Sandboxie and NoScript.

    D+ and SSM both behavior blockers. That is why they conflict.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    With this set up I have virtually no pop ups. To be honest I don't usually load everything when I go surfing. I have one computer that I kind of experiment with and I do load everything and have no problems. But on my main system I have the ability to fire up as much protection or as little as I want. This is great protection.
     
  5. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Why not? Unnecessary-complexity that's why.

    Security is not about the number of layters you have. The more complicated your setup the more likely of an error (either user or some unexpected interaction between various programs)
     
  6. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Well, said however the layers as I think of them only serve to offset failures within some of the tools used as each have strengths and weaknesses. The weaknesses are my concerns...
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Heh, finally a guy after my own heart. I relish such combinations in spite that many will always sound off your overkill, but truth is if your system purrs along without performance hits or any other issues, you have quite a wall for anything to get thru or around. I don't know how testing you are but have taken that setup for a spin thru a known turbo-charged malware site to see how it fairs, i would put my money on you that you would come thru virtually unscathed as is, and after reboot if anything like some binded loader that couldn't load but still landed inside, it would be history, in fact a SandboxIE delete contents would likely be enough followed by a returnil reboot-to-restore.

    I like it. :D Because i like laughing at stupid ignorant fools who deliberatedly lace their websites with garbage, but in all fairness, those are mostly only p0rn and keygen sites that load in downloaders and exploits and a safe surfer would never jeopardize their good machine going there just because they could easily escape serious attack, but they do make for one proving ground of how tight your security programs are.
     
  8. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    If you want so much security even though its overkill why not use several virtual machines (think: vmware products). On one you may have Comodo, on another SSM, on another Coreforce...

    Triple Threat sounds like it demands Zonealarm's Triple Defense Firewall... Anyone?
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Excuse me for taking some exception, but wouldn't VMWare machines actually place a an even greater demand on a system's resources then just a few security apps?

    Protection can be offset better IMO then employing VMWare type machines, specifically VMWare itself, i often tried VMware but it always created a drain on the system when all i intended was to test malware and/or various programs. Virtual Box might be the lightest, i dunno, because i excused use of those for instead used hard drives where also theres no limitations on certain malwares that are designed to detect when they are residing within a VM.

    Kind Regards

    EASTER
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Actually it depends. If you don't have adequate resources yes, but if you do, probably not. I have a VMware virtual machine, that is configured to have 1gb of ram, and 2 20gb hard drives. Since it is on my 2nd drive, it's impact on my system is minor. I can run it and a whole bunch of other stuff at the same time with almost no impact, but the host is up to the task(4gb ram). On the other hand an AV impacts everything I do on host, and that I do feel.

    Pete
     
  11. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    I use vmware to test software stability but as a security shield it is not only overkill it's point blank impractical... takes too log to load and the machines get infected and have to be rebuilt... even if you use copies of the ISO's they often get corrupted... VMWare certainly has a lot of good even awesome qualities but it's not something joe average can use easily as it has a rather large over head in maintenance... Unless you are retired and have all the time in the world it is not a really sound method of staying safe... You have to threat every virtual machines as a pc, with all the required maintenance, ie defrag and all other required tasks... I currently have 5 different oses in ISO's ready for use but I would never dream of using these in this context... Way to much work.

    As for the resources it requires, it's not much of an issue on the new boxes as most have 1-4 Gig RAM and the drives are large usually over 250 Gig, couple that with a Dual Core or better processor and the performance hit is minimal...

    I think light virtualisation is by far the more appropriate method as it is more manageable. A decent AV, a HIPS and Sandboxie is probably the best combination you can use...

    Here is my setup for those interested:

    Comodo 3.0 + D+ (I mostly use it to monitor changes to any files on my system)
    NOD32 3.0
    Prevx 2.0
    Prevx CSI Registered (Although I got suckered into buying it).
    Sandboxie
    Secunia PSI (Do yourself a great big favor and use this thing)
    AVG anti Spyware (Installed Although I never really use it as nothing gets through the other stuff I use)

    I also use a lot of "Cleanup" tools like Runscanner, Autoruns, PressessXP, PressessMON GMer and System Engineer, ACW2, CCleaner...

    Now I run all these and have no performance hit watsoever, + I never have anything less than 3 - 5 applications running at any given time without any hit/slowdown or anything... However I am running two AMD Opteron 246 processor on a dual socket Workstation Board with Server Memory... (no not dual core) so I do have more horse power than most... See my sig for a CPUID pic of the thing... My Wife has a slightly faster boot up with her new dual core rig but when it comes to multitasking.... My now rather old Opteron's still heat hers for breakfast!

    For the "Immature" among ya's... On my Gaming Hard disk, I have no security besides the built in firewall and returnil (only for when I play online) and boy does this thing fly... I play GRAW 2 @ 1900x1200 with full eye candy's enabled without any loss in frame rates... with the help of my aging GeForce 7900 GTX...
     
    Last edited: Feb 25, 2008
  12. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I certainly understand overkill. But the only problem I have run into was SSM and Comodo. Don't get me wrong I loved SSM. In fact I had recently bought a lifetime SITE license. Soon after that development kind of quit. Also on my older machine when I installed Sandboxie the system would crash on shut down or reboot. I found out it was the driver for the sound card. So I got a new sound card. Now there seems to to be no conflicts. The only things real time are NOD 32 Ver.3 and Comodo Defense+. If I go surfing I have the option to load up,up to three additional layers. And still no conflicts. Don't need them,probably but what tha heck?
     
  13. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    Contrary to some claims around here you are a lot better off on overkill... :cautious:
    Most specially if you can manage the over kill skillfully, and with intelligence!
     
  14. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Yes and adding "layers" may actually create weaknesses....


    I think you have a seriously askewed view of the realities of the world. And I think i know why.
     
  15. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Please do read my answer to the post just above one...

    Anyways just to humor you here is what I wrote: (Special attention to second line)
    Contrary to some claims around here you are a lot better off on overkill... :cautious:
    Most specially if you can manage the over kill skillfully, and with intelligence!


    Now I certainly agree that adding layers is risky, as applications compatibility and over all stability may suffer. But the alternatives are poor and provide even greater risks as most users cant do the needful of themselves and must under most circumstances delegate to these layers to stay safe. Also keep in mind, I deal with HOME and SOHO, they are not willing to live on LUA RSA, or any types of limited accounts whatsoever, also they regard me as their lacky, not the Engineer or the top tech as I would be when working with a corporation. They rule their own domain and doing so they demand the right to get infected (Quite literally). All I can say is as a Sysdamin you can control all resource allocations down to the specific file Rights, but this isnt the hyper controlled, by imaging world of the corporate realms... no servers, no full time system engineers not even a lowly network admin, often it's the secretary that makes all the complex technical decisions... And when trouble hits they dump it all on my lap!

    Perhaps... Because I get to see those client computers who are infected so badly, the malware often numbers over half a dozens. My issue as always been, that these clients get infected while under the "protection" of Antivirus & Antispyware as well as a firewall... I rarely get if ever users who come to me after having issues while using no protection...

    See my business has nothing to do with "Cleaning Viruses" or "Rootkits" or any other "Malware" as we provide administration & consulting services to those in need of such... It is simply that those who call us in the last few years tend to turn us into technical Janitors instead of getting us to provide pre emptive services...

    We tend to get a lot of the disgruntled ones who now hate their old tech and call us as a last resources because the guy fixing it for $20.00 an hours screwed to many computers up. We don't usually get the nice easy ones...

    You may not see much of it but I certainly do o_O

    Also I find that to be successful, with some users, (Mostly those on support contracts) I often need to train them on layered protection, as by doing so (And only this proved successful) I have greatly reduced the number of "Free" support calls from them as they gradually learn to use the protections themselves more effectively and thus gradually have far less need of my services... Which is great for all concerned!
     
    Last edited: Feb 26, 2008
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I freelance occasionally because i enjoy the challenge & experience with different scenarios and i seen clients PC's so chalked full of malware myself and a list also of attached alternate data streams it would make you puke.

    They too have LICENSED antiviruses plus antispyware apps but from what i seen they hit everyplace you simply don't go to unless you like snakes in your PC.

    I even convinced a client once to go Opera and forget IE but a week later he was right back again whining that weird things were happening, and sure enough after a quick lookover he had been hitting the snakepits again.

    Theres no way i can in good conscience suggest similar set ups as mine and impliment them on those folks behalf PC's if they are only going to continue to abuse their machines in that manner.

    Now for the more civil others who are level headed and happen to fall into the occasional traps we're all prone to on occasion, i don't mind sealing up those holes for them and applying a nice layer of shielding for them, and i always get return calls of thanks, everything is still running fine.

    It's a matter of user responsibility, some don't care how far into the wrong caves that they go while others are simply caught in web traps laid for them.
     
  17. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Yes, when you play fireman you can let them burn until you are ready to help them on your own good term... However some pay me to "prevent" them falling in the pit... without me being able to do more than a lot of winning about it as I'm on contract to keep them running...

    Being too selective about which problems get solved may allow some to think of you as an inferior technician and call someone else... (I get a lot of my unsolicited business that way as most other techs do I'm sure...).
     
    Last edited: Feb 27, 2008
  18. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Hmm...I do believe I have the same protection with only limited account, Software Restriction Policies and firefox with Noscript extension (though Noscript is really a bit overkill :) but I use it coz I have yet to see why scripts should run on 95% of the pages I visit anyway).

    But otherwise while admin, browser in sandboxie or safespace safespace would be sufficient. What good will Defensewall and returnil do since nothing (afaik) comes out of sandboxie? D+ and Nod32 would just be as obeserving tools if you´re interrested in what happens in the sandbox.
    But sure, your approach is safe enough too. To me those seems unnessecary but hey, if you´re happy with all the blingbling - go for it. Whatever makes you happy :)
     
  19. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hello sukarof,

    Perhaps if this is all you need to know, NoScript is the wrong tool for you to do this... (I would still use it though) The best tool to figure out what the scripts are actually doing is not Noscript as it only tells you there is a script and not much else. (although it does block them and offer other "Protections"). No the best tool I know of for this purpose is Firebug as you can drill right into the script code itself without needing to run it (if you run no script first to block them that is). Firebug is really nice in that it shows and itemize everything... Here check it out: http://www.getfirebug.com/
     
  20. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Your premise is wrong here already. You seem to assume that people get infected because they don't run enough layers...



    That's the problem right there. When you address people here, you are not dealing with such idiots (lots/most people here are HOME and SOHO btw but they care about security to some extent unlike your guys). Idiots who don't care and just want you to save them from themselves...

    In fact Such idiots can use overkill to the nth degree and still get nailed.

    See above.


    I guarantee you that their failure has a lot less to do with what they use compared to who is using it. You describe a group of idiots who don't care about security except that they want you to fix it when they have problems... Your battle is lost no matter what they run.

    Your observations are filtered indeed by a selection effect.

    And while i agree that infections are a greater threat these days to the uninitated (practically everyone who doesn't go to forums), i seriously doubt any average wilders member is really more seriously threatened by malware now compared to when wilders first opened its door in 2001.

    Sure we read about all these exotic threats....Some people believe in overkill to handle these exotic threats (whether they work is another matter), but your users arent falling for those.....

    So your argument is that people who are decently security aware require overkill to stay safe.... from common threats?


    You deal with the dumbest of the dumb, the most unaware of the unaware, no wonder security software that is in use isn't enough. I would say ANY security software isn't enough. You could possibly force them to do "overkill" and they could still get nailed when they get sick of it and turn it off.

    I think you give too much credit to "layers". If you can find people who are willing to run through and learn how to use with the overkill type of setups you recommend (SSM+comodo 3), you are definitely dealing with a wilder-security type user.... who is willing to learn security.

    No wonder they "prove succuessful"!

    A popular saying here is "if you are good enough to know how to use hips, you probably don't need it".

    Another well known pattern here. A newbie comes in here, scared and angry he got nailed once. He starts to learn all he can about security (which isn't a lot really), he overloads on all kinds of security layers, after some time he realizes that he doesn't really need so much and he has over-reacted, and he starts simplifying...

    And throughout all this he remains safe....

    dsespite your claimed expertise, you are acting like one of these newbies who is overreacting by telling everyone that overkill is needed.
     
  21. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Well, Lusher, you certainly are convinced about the apparent fact that users who are not Geeks and manage to get infected are in fact idiots who get infected because they do something wrong... Well, Unlike you, I do not "Blame" the users for getting infected... I blame those who infect them and those who assist them getting infected...

    I use a technique, where I see malware everyday! on sites that have no porn, no keygens, and no pirated software... Just your typical garden variety web site! and these are where most users get nailed! unaware, unprepared and oblivious!

    Besides, I claim nothing more than what I actually do... meaning I don't know everything, but I do know this:

    - whatever the infection vector is, it must be found and blocked
    - Whatever the skill of the user, they have no business infecting them
    - Whatever the users do with a computer, is no justifications for infecting them with anything.
    - writing or developing malware is wrong, objectionable, and is criminal as its purpose is to cause arm to someone.
    - And finally, my favorite actually: I don't give a poop about layers, I just do what works for myself, and for those who trust in me to help them...
    ...regardless of what you may happen to think! ;)

    Oh, and by the way, some of my clients have been with me for well over 10 years... That speaks volumes! about experience and expertise... I need not make claims...

    I don't tell people that overkill is needed! I tell people what resources are available to them. Besides, for those who have lost $$$ getting hit by malware or by a hacker, they are rather amenable to the idea of "preventions" instead of the "Do my one program so I can prosper at the expense of your time, money and business..." idea!

    What I tell users, is be careful, its risky, and you can get into trouble easily... far more easily than many might think. Ok that being said the idea of using a few applications to protect them is simply that I have no trust in any single applications (I call that the Easy Button Syndrome). There is no such thing...

    One should really consider why so many in these forums insist on pushing the idea to everyone that it is perfectly safe to cross the boulevard with their eyes closed as there is no risk whatsoever... I cant get over it!
     
    Last edited: Feb 27, 2008
  22. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I've been running Sandboxie and Defensewall together for the last week. At the moment they are running fine together. I have had a few instances of DW alerting on an attempt to take a screenshot. Whether it was a FP or not it was good it was intercepting the attempt. I do however have Sandboxie set to allow Firefox as the only application that can access the internet within that sandbox. So even if something tried to screenie me, it would have to get the info down the line and Sandboxie won't allow it. DW has also stopped attempts to change registry settings. Ok they were registry settings within Sandboxie's virtual world but all the same it stopped them by policy restriction. The thing is that while both work harmoniously side-by-side I get two doormen guarding the door instead of one. So if someone punches the lights out on one of my doormen then the other one will be there to punch their lights out! And to be sure Sandboxie and Defensewall are big doormen!!!

    muf
     
  23. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    I am far of triple,at the moment using only paid Sandboxie+inbuild windows firewall and behind a NATrouter,yes double firewalled but no problems.

    I feel very safe but that has more to do with surfing habits.If i going really wild then Returnil+Sandboxie is my trusted combo.

    On demandscanners like SAS and Cureit shows nothing in the last 2 months.
     
  24. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    That's because they indeed did something wrong! A simple poll of the people here and you will see that most people get by with very little.... How do you explain that?

    And the last I checked people on Wilders while being a bit above average fopr being interested in security but are not all geeks!

    Of course not, you are paid $$$ so you do not dare to "blame" them. Customer is always right? lol..

    You prefer to scare them into as many software as you can get them to swallow, in hopes that it will protect them.. (since the alternative option of educating them is not feasible?)

    I can understand why you do so for your customers, but on Wilders, your strategy is hugely misplaced.

    Wow, you see malware everyday.. Is that supposed to impress me? I see malware everyday on sites too, but they don't infect me. Whether it is normal sites or not is not the point.... This is true for almost everyone here and they don't run super security overkill ....

    You run a business with customers for 10 years, you tell me why...

    Yes, but then again we are talking about clueless people..... :)

    Oh yes you might know a thing or two about technical matters, but it does not mean that your recommendations are correct..

    Yes you did.

    No, you prefer the "use a million security programs, and pray they work approach"...

    People who are amenable to the idea of prevention should be taught about how people get infected and work to reduce that possibilty.

    Take your fear mongering about going to "normal sites" and getting infected without doing a thing. Is it possible? Sure. How likely? You say it is very (I disagree, but let's say it is). Why does this happen and How does one protect against this?

    Hint :The answer isn't lots of security programs.....

    You should be teaching them why and how they get infected rather than "use my over-kill dozen programs and pray they stand up" approach. If you actually get commission for such recommendations, one would even be more suspicious but you don't right?

    Again, your experience with your man in the street does not translate here. I don't know when this will sink into your brain. The people here are more than sufficiently aware of how infection can occur. Heck they spend their time worrying about the most remote and exotic means of infection and working to build defenses for that.

    Hence you are wrong about the "many might think" part.

    lol. Yes, you advocate instead of one "easy button syndrome", the "multiple easy button syndrome"... You sell people the idea, that the more buttons you push the safer you are. If one hips is good, two is better, and three is perfect right?

    The fact is without understanding and knowledge, your users are just pushing buttons, whether one or multiple he is still screwed..

    Sigh, you really should wake up. No one is saying there is no risk whatsoever.
    But there is a balance between being sufficiently prudent and being paranoid about things...

    And traditionally this forum has always leaned towards the later. We obsess about the latest poc stuff for example...

    You act like people here aren't aware that websites can be hacked, exploits can be used etc.. lol..

    You are still living in a world where your customers don't care about security. So you come in here and think everyone doesn't know or care about security...

    I suppose the actual concept of someone being too paranoid is impossible for you to grasp because you have always met with the opposite problem...


    Also i notice you did not even address the points i made about education and knowledge. If you really think security software alone (several layers) will protect users without knowledge and understanding, I think despite your claimed experience, you are doing your customers a big disservice.
     
  25. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Lusher,

    Perhaps you fail to realize that many who come here don't actually contribute but only read as they come here because they have no idea and need to learn what the heck is going on...

    Personally I know what I'm doing... and as long as I take care of my clients and that they are actually satisfied with my work, I did my job.

    As what I'm doing here, think of it as technical welfare for the intellectually challenged who challenge things they themselves do no appropriately understand and as such need to be educated... Usually the louder they protest the more they need the help!

    Besides, I don't have much time to argue with marketing efforts disguised as assistance to some. Me on the other hand I'm open and up front about who and what I am and what I do... some of you should stop hiding behind this phony pretense and come up from hiding, and admit you are getting paid behind the scene to promote these "Super Incredibly powerful and omnipotent applications" that only need one to protect everything... Get Grip!

    And just to upset you some more... why don't you go and read this: https://www.wilderssecurity.com/showpost.php?p=1193418&postcount=217 (Hows that for education?)
     
    Last edited: Feb 29, 2008
Loading...
Thread Status:
Not open for further replies.