Time to update my security software?

Hi all,

It has been a while since I've been on the forum. Currently running KAV 6.0, PG 3.2, RegDefend 2.0, BOCLean (latest version), UnHackMe, ZoneAlarm 5.5.1 accidently hit some phishing message the other day, which KAV caught, but it reminded me that I might want to update some of my software.

Does anyone recommend that I upgrade any of my existing software? I am not quite caught up on the stability and added features of recent releases. Should I look at the new AppDefend to replace PG? Any new products that I might want to look at that may be addressing new problems, that I might not be aware of. It has been about a year since I was active and up-to-date.

Thanks for the help.

Regards,
Rich

 

Hi richrf

Welcome back I recall you were a great help to me in my early days here when very new to Process Guard and other apps like Zone Alarm (long gone !)

I'll let others more knowledgable than myself bring you up to speed but good to see you around again.

PS I'm having a go with System Safety Monitor and if you like PG I'm sure you'd like SSM - seems very powerful in the right hands

 

Hi Jon,

Nice to hear from you again. Hope all is going well.

I tried SSM, way back when. It really hosed my system, and I know that they have gone through some changes in their company (I think it was sold to a new group).

Is the product more stable now? Does it have features that may augment what I currently have? I like Jason's products, which is why I am considering AppDef. So I am sure I will have to do some comparison shopping, if I think I have to upgrade from my current ProcessGuard/RegDef lineup. KAV 6.0 is also doing some additional process and registry defense nowadays, which seems to overlap, though I am not sure of the technical details, since I haven't really looked into the matter over the last year or so.

Thanks again for your response.

Cya,
Rich

 

Rich

Oops!

I'm running the free version for the time being and it seems very stable at present. From posts I've read people here seem to fall into two camps as regards HIPS (with obviously some middleground) those in the 'community based camp' using apps like Prevx1 or the 'user intervention' camp. Perhaps with my limited knowledge I should fall into the former but I like being master of my own destiny so to speak.

SSM seems to have provide more overall system control than PG and has Registry protection amongst other modules ( I'm still running PG V3.41 with no apparent conflicts). I've initially configured SSM not using Learning Mode which was a little laborious but I think worth it. My only real concern is now with the parent/child settings for each separate application and I've posted in a seperate thread for a bit of advice. If nothing else it's certainly highly configurable.

The team at SSM also do seem to be on a continual bug fix and update process which is good to see.

Aas regards compatibilty (I don't know if that was behind your system being 'hosed') my start up apps are NOD32, LooknStop, PG , and Spyware Guard.

Anyway enough of SSM as you may certainly have an aversion to it from past experience.

I have to say I've not tested AppDefend or RegDefend so I guess you'll have to read some threads to get the current status on these.

Something else perhaps to consider is some form of 'sandboxing'. Although not adventurous, whenever I'm surfing and NOT going to my trusted sites I use Shadowsurfer. Some find it a pain to have to reboot to go in and out of Shadowmode' but for me it's run absolutely fine. Any changes to my system inc. AV updates are completely reversed when coming out of Shadowmode.

Good luck with with whatever you choose to upgrade to and keep posting with your findings.

 

Keep Kas, add Prevx1 and SAS, and you could drp the rest. Use the firewall in XP with Prevx1 and you will be lighter and more secure.

 

trjam have you gone off antivir or are you just testing kaspersky for now?

 

The absolute cornerstone of my defences is ZA Pro, set it correctly (including privacy section which blots out most exploits) and you have powerful protection. We're now on 6.5.737, the best ever, so there is no reason not to put that on. If you are using KAV 6's web shield with ZAP you need to reconfigure ZAP else the Privacy section won't work. Basically you enable 'Privacy' for KAV in ZAP's Program control section.

I'm still running KAV 5 Pro because I had some niggles with KAV 6 and the pro-active defence is not quite as it should be at the moment - Application Integrity Control is buggy and off by default, whilst the others aren't necessary if you are running RD/PG and ZAP (and in my case KAV 5 Pro has macro defence equivalent to Office Guard); I will give KAV 6 another try when the new service pack is released though.

You will certainly want to update PG to 3.410, and if you are not running the new 'Tony' ruleset for RD you should be! AD is still beta, in your case (and mine!) there is no pressing need to abandon PG in favour of AD - they are very similar but PG is less intrusive and better suited to those who don't wish to fiddle with specific rules. I'm waiting for the final release of AD before giving it a whirl.

Personally I don't see the need for Unhackme, since your defence should prevent a rootkit installing, but that is individual choice.

 

Hi everyone,

Thanks for all of the replies and help so far. It looks like I will do some tweaking. I have some questions. I would appreciate any info that you guys can provide:

1) Is there a technical or functional reason to upgrade PG from 3.2 to 3.4?

2) Is anyone running KAV 6 with Zone 6? If so, any issues that I should be aware of, other than those that TopperID pointed out (thanks TopperID for this info).

3) Any other comments concerning AppDef? If not, I will stay with PG.

4) Anyone else drop PG in favor of Prevx. If so, why?

Any other comments are greatly appreciated. Thanks again for the help.

Regards,
Rich

 

I am running KIS 6 (Build 303) with PG 3.4 and feel totally secure. PG & KIS's Proactive Defense feature complement each other perfectly IMHO (KAV 6 also has the full Proactive Defence feature).

I moved from ZASS 6 because I found it overly complex and 'noisy' re. pop ups. Also KIS is lighter on resource. Only downside with KIS is that the antispam is not initially as good as Mail Frontier that comes with ZASS (but eventualy you can get it trained).

The reason for this post is really to suggest that you consider a suite which will keep you updated/current more easily than separates. Just a thought!

Finally, in terms of the "...drop PG in favor of Prevx" I think that Prevx is over rated IMHO and you cannot really do a fair comparison between them as PG focuses on processes (no Registry protection yet) whilst Prevx covers more. As stated before I believe that with KIS & PG I am as secure as if I were running Prevx (if not more so).

 

As a user of IE, I do feel better protected with the ZAP/KAV combo, rather than using a 'suite' such as KIS. I prefer to mix and match to get the best of both worlds. ZAP's operating system FW is a definite advance in ZA's security in my opinion.

Just to give one example, people at the KAV forum were moaning because it failed to prevent IE being crashed by this exploit:-

http://dennis.henderson.googlepages.com/

However, if you try that test using ZAP (with mobile control fully on, including .js scripts) nothing happens - you are fully protected!

You can read about the problem here:-

http://forum.kaspersky.com/index.php?showtopic=22107&st=0

There are technical reasons why you should switch from PG 3.200 to 3.410, the former was never an official release and on my system it crashed a couple of times. The new release is more stable but also has some improvements under the hood that offer better protection.

 

Strange, I tried that exploit and KIS/PG protected me perfectly.

Personnally, I feel better protected by KIS/PG then ZASS/PG from which I came. I ran supposed 'best of breed' for a long time before switching to a suite, because I at the time felt that I was getting better protection. But experience disproved that, and also due to the hassle of getting some of them to work together, and then keeping them all up to date.

I think that until relatively recently separates were probably better but I think that suites have caught up, offering the same quality and protect without the hassles mentioned above.

Well, each to his (or her) own.

 

Hi guys,

You have given me lots to think about. I am probably going to proceed with some upgrades this week. But I will check things out before I do anything new. I appreciate the different perspectives, and I'll wait to see if there are any other comments before I do anything.

Thanks again for all of the help.

Regards,
Rich

 

Regarding from your first post, your selection of apps is well balanced, however you could try Prevx1 who is a community based HIPS (CIPS)

http://www.prevx.com/

Regards, C.

 

Someone may have to correct me here, but I think we have had a windows patch for this exploit recently, or KAV has updated its sigs; either way the exploit may not work now, so I'm refering to the situation as it stood at the time the posts were made in that thread.

 

Hi Rich,

Yeah, it has been a while (LOL). As OldMonk said, welcome back, and I'll let the more knowledgeable users help you with your situation. But from the sound of things, I think you have a great setup already - don't know if there is a reason to change anything. And likewise, you have always been a big help to me as well.

 

I realise you are using ZoneAlarm. Not sure if you are concerned about this. But tell you anyway in case you are concerned:

Zone Alarm is spying (news/evidence included in the thread):
https://www.wilderssecurity.com/showthread.php?t=146931

You may do your own due diligence, and decide yourself.

By the way, I think Outpost is probably a very good firewall. Not hard to use. It passes many leaktests and are very strong against termination attacks. (Ref: www.firewallleaktester.com)


========================================================================

This post talks about several types of security products you might be interested:
https://www.wilderssecurity.com/showpost.php?p=855828&postcount=13

Instead of running "PG+RegDefend+UnHackMe", you may consider Prevx1 as a replacement (or additions if you wish to keep others). Prevx1 is a full-range community-based HIPS. It is very suitable for newbies since it is acted as a set-it-and-forget-it type of HIPS.

How does it work? Unlike other HIPS which will prompt you for security decisions, it uses its central database to help you to answer these questions. If a executable file is going to start, it will check the database for the proper answer first (ie allow or block), if it has an answer, it will answer it on your behalf. Otherwise it will prompt you for a decision.

Another community-based HIPS is Online Armour. It appears there are only 2 community-based HIPS in the world. Too little competition.

 

What about Core Force? Is that considered to be a community type of HIPS software?

 

Thanks for the additional info and advice guys. Was there ever any final resolution to what ZoneAlarm was doing? This is a major issue for me. Thanks.

Regards,
Rich

 

No, ZoneAlarm never explain what exactly the data are being sent to the 4 different servers. Why are these data encrypted, and so on?

The only explanation they care to explain is "the program needs to call home to check the updates".

If you are worried about privacy, it is hard time for you to consider a switch. Firewalls like Outpost and KIS are not bad.