Too Risky?

Discussion in 'other anti-malware software' started by HJam72, Jul 25, 2006.

Thread Status:
Not open for further replies.
  1. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    Tell me how this sounds:

    Router Firewall -- inbound protection
    Zone Alarm (free) -- mostly for outbound protection
    ProcessGuard -- full version
    good hosts file -- updated and just assume it's a good one
    Spybot S&D -- speaking of the immunization, not the Tea Timer stuff
    1. Firefox (with SpywareBlaster), or 2) Opera

    I have about 9 or 10 Antispyware apps which can be used, one per day, just to do SCANS--this includes some online scans. I would also use AntiVir, or maybe AVG, (both free versions) to do weekly SCANS and do a Trend Micro online scan several times a week.

    The idea here is that I'm not running any Anti-Anything in the background. I wouldn't even try this except that I can't remember the last time I found spyware on my PC and I know it's been years since I've seen a virus--I mean like 4 yrs. My subscription to Webroot Spy Sweeper runs out in about 3 months and I'm thinking of not renewing it, despite it being a solid program that I'm impressed with.

    I should also mention, I suppose, that I tried RegRun standard and Platinum (both trial versions) and found that it slows my PC to a crawl, no matter how I set it up (that I can tell). This is bound to be some kind of temporary issue with their latest release, I assume. It's a shame, because I was really impressed with it, other than my PC running like it was crawling through cement. :rolleyes: I also tried System Safety Monitor and, well, I'm not through looking at it, but I don't see that it does much that ProcessGuard doesn't, except log boatloads of information and give you boatloads of informational-only pop-ups--if you want them. Seems like more of a tool to be used occasionally to me.

    Oh, this is just a standard home computer, by the way. I assumed you could tell. :D
     
  2. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    Looks good to me but I'm not an expert. Maybe an anti trojan app like Ewido would be a good addtion.
     
  3. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    Forgot to mention that I use ewido and A^2 (for scans only) also. The funny thing about that is that ewido is not supposed to give me any real-time protection (the free version, I mean), but I had to turn it off in "Services" to get it to stop running in the background. I think they're giving people protection that the user isn't even aware of, in many cases. I wouldn't have known, if I hadn't been looking at my old Code-Stuff Starter program.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I would say, that you do not need any Anti-Junk, since you are doing well. ;)

    I wonder, have you also set up Windows, like local policies, disable services, etc?
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    good question like xp antispy or similar
     
  6. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    All unnecessary services are turned off. By "local policies", I guess you mean user and admin. accounts? That's something I don't do, because I spend so much of my time doing administrative tasks that I'd just use the admin. account about 3/4 of the time anyway. I just recently did that and wound up turning the user account into an admin. account, because switching back and forth drives me crazy. o_O
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Nuh, using limited account is useless for skilled user and too complicated for a newbie.
    I meant settings like: Start - Run - GPEDIT.MSC (Group) or SECPOL.MSC (Local policies).
    But setting policies is just like layer protection, you already did a really nice job. Well done.
    There are not many people, who are willing to run PC without Anti-Stuff. just do not give up.
     
  8. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    Truth is I've never heard of GPEDIT.MSC (Group) or SECPOL.MSC (Local policies), but I'm about to look. Thanx for that.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    You can also try out Belarc Advisor, it checks important local policies, settings, updates.
    It is designed for company PC, so you can actually get lower score with more secure PC.
    Like I denied access to my PC from network, but this has to be allowed in company network.
     
  10. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    As long as I'm throwing around my opinions about everything, I'm gonna have to retract what I said about SSM. I just needed to spend more time looking at it and understanding the settings.

    It's also free, so I'm usin' it! :thumb:
     
  11. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    One thing to keep in mind is not to go overboard with the HIPS, which can be just as much of a drag on the system as an anti-whatever.
     
  12. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Indeed. And if you mix and match, some of them interact in subtle ways, leading to fairly strange yet unregular effects that might be difficult to pinpoint.

    If you are paranoid, you might think these strange effects were due to malware.... Which leads to more security software until you finally decide to format. :)
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    You´re a funny guy DA, but perhaps you can give us the ideal HIPS setup, so that we don´t have to mix and match anymore! :D
     
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    HJam72,

    What do you consider a replacement for an AV? I do not see anything that I would want to replace a good stand alone AV.

    Since no one has mentioned it, there must be something.

    Best,
    Jerry
     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I guess, that HJam72 likes prevention rather then to rely, that realtime AV will protect him.

    I would never rely on any Anti-application, like AV. Lets say, that AV can catch 99%, there is allways 1%, which can get into PC (1% can be a few thousands). If Windows, browser and other aplications with online access are properly set up, it provides min 99,99% prevention of getting infected, simply said, it is almost impossible (not talking about hacking of course). And by the way, HJam72 has also Router, ProcessGuard, Host file and uses Firefox and Opera.
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    You are a funny guy, but not very bright. There is no 'ideal' setup, it depends on your needs, your objectives, your system specs etc.

    Tell me what you define as 'ideal', give me the exact specs of your system, and I'll give you your answer, after you pay me $$$ for testing after several months.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    LOL, talking about not being very bright, couldn´t you figure out I was being sarcastic? :D

    The funny thing is that this was exactly my point, you do have to mix and match (in VMware so that you don´t screw up your system) in order to find your own ideal setup. But according to you it´s no use, because only IT professionals have the skills to do this right? LOL
     
  18. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    Well, first of all, I don't consider myself an expert on these matters by any means; but, to answer your question, I've basically replaced Antivir (free) and Webroot Spy Sweeper with ProcessGuard (full version) and System Safety Monitor (free). A big part of the reason I feel safe doing that is because I have safe surfing habits and tend to visit the same dozen or so sites over and over. There are people saying that this HIPS protection is better anyway, and they seem to know what they're talking about, but I've also got the go-ahead, in my mind, because I very rarely find spyware with all my scanners (like 9 of them) and I haven't seen a virus in nearly half a decade (there have been a few false-positives, of course).

    The idea that prevention is better than this "definition" searching and scanning everything before it runs seems like an intelligent response to the problem to me. Another thing about these "permissions" and options is that it reminds me very much of working with Linux, which I do quite a bit. I think making Windows security more Linux-like is a very good idea and I'm all for it.

    If your scanners never find malware and there's a less resource using way of preventing it, why not try it? It's not like the first few minutes you're going to suddenly get that virus that you haven't seen in years, unless you're surfing habits change drastically all of a sudden, and the HIPS protection should work.

    SSM and ProcessGuard together has had a few minor growing pains for me, but it's nothing serious and I'm getting through it one blocked app. at a time. No big deal.

    I'm still going to run scans (not "real time" protection) with multiple anti-this-and-that when I'm not at the PC, so, if it's not working out, I'll know. I doubt I'll find a problem.

    Still worried about root-kits, but AVs and ASs would have even less chance of stopping them. It's just a home PC anyway, and I only use my credit card with a live DSL distro, just to be safe, so this is all just me wanting my PC to keep running right.
     
  19. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Nah. My point is you do things step by step, change things one thing at the time, really *test* it out .

    I'm sure you are not doing that, given the way you post almost weekly on your changed setup, your comments on how easy it is to check for conflicts (given that big companies like MS spend huge amounts of manpower and time checking and they still miss things tell you that), add the fact that your system is clearly 'unstandard' with all the tweaks you do , it's easy to predict you are going to run into problems.

    And lo and behold you indeed have problems.

    But I suppose it's cooler to think as you do that maybe, those problems is due to some super hacker who borhtered to hack you just for pratice instead of the more probable alternative.
     
  20. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    The problem with Windows is that you have access to everything. [Yes, yes, limited accounts, but those are just there to be annoying anyways.]

    In Linux, you're only allowed to everything if you're /root.

    Now if there was a way to get Windows permissions like that... now that would be one hell of an app.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    HJam72,

    Thanks for the reply.

    Best,
    Jerry
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    @ DA

    Well, I never said that I´m a professional tester. But I do not think it´s that hard to figure out if apps conflict with each other or not. And with simple tests you can also figure out how powerful the protection of a certain HIPS is. Of course you´re an IT professional so it´s much cooler to disagree with this.

    Keep changing my setup? I have no idea what you´re talking about. At least not when it comes to my real system. Of course a while back I was trying to figure out which was the best setup for me, so yes I installed a lot of tools in VMware to see if I liked them or not (based on a couple of criteria). And if I see a new interesting tool of course I will check it out. :)
     
Thread Status:
Not open for further replies.