Top Security Software

Discussion in 'other software & services' started by kman1, Nov 8, 2006.

Thread Status:
Not open for further replies.
  1. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    My bad.... ;) Get all those hardening things messed up sometimes, you know harden-it, secure-it viagra, ... :D

    Alphalutra1
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    -Secure your network: A NAT+SPI router or better yet a UTM Linux distro in a spare box
    -Diagram a backup and partition strategy
    -Protect your important personal data
    -Make strong passwords
    -Harden and update your OS and apps
    -Use secure apps, specially for dangerous activities like surfing, mailing, etc

    After that choose a "good enough" firewall, a top AV with HTTP scanner and a user-friendly HIPS or sandbox

    Don´t forget common sense and don´t stop learning
     
  3. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    I can't see the point.
    If a malware can easily disable AV before it can detect the malware, what's the point of using it, even having the perfect detection?
    So you are probably not password-protect your security programs/settings since you don't care it will be modified or terminated? If it is modified/termianted, it is usually done silently. your GUI may look fine. your AV may look fine, but it is actually changed. It can no longer detect that malware. What's the point of using this product if it cannot perform its task? That's beyond me.

    Another point you made is since you can use third-party software to rpotect your security programs, so this is not a problem. But I still feel it is good for the product to be responsible to protect itself. Remember not everyone will run third-party software to remedy the problems posed by the security program itself. That is why the program should protect itself from being killed (it is within its scope).

    By the way, here's another interesting question I would like to discuss. One says this software firewall (FirewallX) is intended to block incoming traffic only. Thus it is no problem even if it can't block *ANY* outgoing traffic. The reason is it is the user responsibility to make sure the system is free of malware. If there were no malware in the system, there is no need to control outgoing traffic. Therefore FirewallX is as strong as FirewallY (which intends to protect both incoming and outcoming traffic).

    That's my opinion. No matter how one defines the scope of a software, it doesn't change one fact, the weakness is still here. It will not be removed if you change the scope of that security program, although it may be a good excuse of not enhancing your software (since you don't care about it). If you can choose between 2 firewalls:
    - good incoming + outgoing traffic control, but no self-protection
    - good incoming + outgoing traffic control, with strong self-protection
    Which one will you choose?


    Good points.
    I didn't realise it.


    To simplify the matter, just quote from AV Comparatives:
    It is rated:
    - 4 "standard" rating
    - 3 "grey" rating (worse than standard)
    - NEVER get any advanced or advanced plus rating


    To simplify the matter, just quote from the result of Firewallleaktest.
    It is much lower than Outpost.


    Its methodology is not as good, nor the test is as comprehensive as AV Comparatives. Actually the methodology of virus.gr is crude.
    However the good thing is no test site manages to have the test results of so many products. If you can't find any performance report of your security program, you may get some basic ideas here. As I stated beside the link, it is good for some basic references on their performances, but not a definitive guide.
    Although the test result is not as reliable as AV Comparatives, I personally will not simply discard its result completely because it has some problems. Anyway I give this link, and leave the final decision to the reader to choose whether they would like to read it too or completely discard it.
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    just think would a newbie be running a HIP's that stops processes from being terminated? i think the anwser is a big fat NO!

    so av's and suites and other secuirty software should protect itself termination.
    and why pay more money to protect your av from termination by using a HIPS?
    should the av protect itself because if it doesnt its not really doing its job.
    lodore
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Wai wai, you say "malware can disable av" ...
    How does that happen?
    You run a file on your machine.
    It's no different than taking a hammer and smashing the mobo.
    Don't run malware on your computer and you will not need to worry about the firewall getting terminated.

    Let's say you have the best of the best of the best firewalls. It's still useless if you boot from floppy and delete the partition it resides on, right? This is the local access in the extreme - but still an example where a user actively does damage.

    Malware like thermite, wallbreaker etc - they all require that you:
    1. Download them.
    2. Double-click them.

    That's TWO steps for making ruins of your machine.

    Answer: don't do them.

    If firewall needs to protect itself, why not Office? Or files? How about files that won't get deleted? That's protection from a mistake, isn't it? If you need to protect the programs from the user - there is a huge problem in the entire concept - either the user or the programs.

    Mrk

    P.S. AVG is a great free AV, not for everyone's taste, but definitely a solid choice. Does what needs to be done.
     
  6. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Haha... Funny.
    I haven't heard of it. Is it secure to use secure-it? :cool:
    It seems we can acheive the same by configuring the system ourselves (although this tool provides convenience).

    Alternative hardening tool: SafeXP


    Thanks, but just call me Wai Wai (notice the underscore). ;)
    No one calls me with an underscore. :p
     
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    I think you are missing the point mostly av's are used by newbie that dont know what anything about security and dont know that the sites they visit contains malware that can disable there security software, in this case we need av's that can protect them selfs and stop the malware.
    if you owned a big business and found out the security software you use in you whole business can be shutdown by some malware you wouldn't be happy would you? not having malware on your system is fine if you know what malware is and are safe on the internet.
    lodore
     
  8. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    It is because malware doesn't always need to ask for your permission before it can execute. Another misconception is "a user will not be able to get infected if it keeps its OS up-to-date + practice safe browsing & common senses + don't execute any suspicious files/attachements". Another user has asked similar questions previously, so instead of repeating the same thing again, go and read:
    https://www.wilderssecurity.com/showpost.php?p=870348&postcount=108
    https://www.wilderssecurity.com/showpost.php?p=876442&postcount=117

    The only way to not get infected in any way is to unplug your connection to the Internet. I remember that a moderator called bigc73542 contains such a signature which says:
    *puppy* The Only Safe Computer Is Unplugged *puppy*

    By the way, if it were so easy to kick all bad guys out of our home, ErikAlbert would find himself so stupid to waste so much time to image its drives and keep rolling back changes on every startup. ErikAlbert would even assume its computer is infected once it is connected to the Internet (not a really bad assumption actually ;) ).


    Avast and AntVir are also free, in case if you don't notice.

    As to how solid AVG is, all the above comments are based on the test reviews (no subjectivity involved!), so it is very easy to verify (unlike other people's).
    Instead of relying anyone's comments, everyone should simply visit, for example, AV Comparatives and judge themselves:
    AVG - 4 standard ratings and 3 unclassified (grey) ratings.
    Never get any "advanced" nor "advanced plus" ratings.
     
  9. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Yes, this is one of the valid point - to take care of the newbies.

    However it is useful for (advanced) surfers with basic common senses too. Security is a losing game for defenders. For example, it is possible for a hacker to remotely attack your computer. That's why hackers can amange to hack even the most famous websites' servers, making them losing thousands of dollars. Sometimes you just don't know how serious the problem may be. Here's one case where a flaw in Microsoft Internet Explorer's image rendering capabilities may allow attackers to execute code remotely, according to security experts.
    http://www.builderau.com.au/news/so...s_remote_attacks/0,339028227,339199780,00.htm

    Yes, they are safer than IE. The ranking is Firefox/Opera > IE 7 > IE 6. But don't jump into the conclsuion that Firefox/Opera etc. are definitely safe. No software or portection is definitely safe. They always have bugs/vulnerabilties which could be exploited without user intervention.

    Another valid point is more protection is better than less. Since self-protection is one of the critical aspect (if it is [silently] disabled, it becomes totally useless), it is always good to have it.
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Use what was said if you will as a reference/manual lol.
    I will stick with a simple orientation.
    -Get a firewall. Comodo is free and one of the best:thumb: . No use buying one.
    -Get a sandbox. Sandboxie and GeSWall are on the top and are free:thumb: .
    -Get an AV. If you want the best, maybe NOD32, or Kaspersky, or others that were mentioned. But the free Antivir and Avast! aren't that far from these.
    -Get Opera or Firefox. Better features and more secure. Free lol :thumb:

    The firewall filters what can get through.The sandbox isolates the browser for instance to prevent anything leaking from it, complementing the firewall. The AV checks if anything got through.
    Most of the time this will keep you safe. But Spyware can get through somehow, if you're concerned with it (some people aren't). Then you can get Spybot Search and Destroy, AVG Anti-spyware, A-squared and Superantispyware, all free, and on-demand scanners. Thet all have resident shields, but that's amounting too much shields and except for Spybot, they are paid.
    This would be a great start. And it's possible you won't want/need anything else. All free or some paid if you really want to.
     
  11. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    To simplify the matter, Comodo v. 1.1.005 was tested. Comodo is currently v. 2.3.4

    And I will have to back up mrkvonic again. A firewall was not meant to be a HIPS, it was meant to filter packets which were coming to the computer and determine which were correct and which weren't. I would also choose the firewall without the self protection. Leak testing and kill testing are losing battle for the good guys, a new method by the bad guys is always coming out. No leak test is infallible, and if a driver gets installed, then it can go by undetected. Same goes for the kill tests.

    Each piece of security software is meant to perform its specific task, and it should excel in that task or else unecessary code has been put into the product and it becomes more and more bloated.

    Cheers,

    Alphalutra1
     
  12. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    2,286
    Location:
    Canada
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    True, backup is always the most important security layer and the only one you can trust if done correctly. But I´m not fan of rollback changes at boot, my PC is usually up days and weeks
    Theoretically right, practically a little paranoid. You should detect an abnormal behavior, I don´t know of a totally silent ITW infection.

    Very right indeed. But being third-party apps separated from the inner of the OS and being fully controled(NoScript, cookie management, etc) makes them a lot more secure
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Wai Wai,

    You're talking about newbies doing mistakes. What about a newbie who "accidentally" deletes a few files in system32 or a driver in safe mode? What protects from him?

    BTW, I think that you can stay safe from any malware regardless of how up to date your OS is and what security you run. You do NOT have to get infected if you connect to the Internet. It's all up to the user.

    Your security setup = this + this + this does not change much. There is no reason you should ever see your setup do anything - react to an attack or such.

    As to malware executing itself - again, the solution is very simple. If you can, avoid such sites, but if not, just use an alternative browser, possibly with a javascript filter and you'll be fine. There's no black magic involved.

    Furthermore, I don't trust online comparatives at all. In those tests, Symantec always gets a very high grade, while my experience tells me a different story.

    You say FF and Opera are not definitely safe. I'll say, for the thousandth time. Can you please show me a working example where a FF / Opera users gets hit by drive-by download?

    Mrk
     
  15. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,381
    Location:
    West Yorkshire, UK
    Don't forget your tinhat as well :|

    ;)

    Running as a limited user and setting correct folder permissions (eg removing everyone access and add limited user read only settings to system folders) will stop a lot of viruses and malware.

    I've never run more than an spi firewall (currently on my router AS well as NAT) and a decent anti virus software.

    Note: I dont install different software often, and test out software on a spare machine before trusting on my main machines... by carefully selecting my software I do not worry about bad behavior - eg choosing firefox over ie 6. People who are regular software downloaders/testers and dont have the ability to run a spare machine could well benifit from some kind of sandboxing/HIPS/backup/roll back system.
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    A few more things:
    There is really no reason to assume that a machine is instantly infected once connected to the net or that the only machine safe is the one unplugged. I find such remarks rather baseless and inadequate as they spread fear and panic among the less knowledgeable. Things need to be taken in proportion.
    Mrk
     
  17. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    I'm afraid you haven't read the link, or interpret it wrong.

    What the above tries to say is there is hardly any (nearly) sure-fire way to ensure the safety of a PC when it is connected on the Internet. You can be pretty safe, but not always very safe.

    Nevertheless, once you are connected to the net, it is possible for a hacker to locate your computer and exploit vulnerabilities found on your computer. Depending on the vulnerabilities, it may be able to damage your computer with malicious codes, even without user intervention. Whoever thinks "you can never get infection if you don't execute any program" clearly has no clues on how your computer / operating system operates.

    That is why it is said "the only [definitely] safe machine is the one unplugged." But we are not telling people that your PC will always get infected once you connect to the Internet. The above is just a possibility, not an absolute.

    Here's some reasons or incidents to show that why a properly protected PC can still get infected (even if the user is not doing something silly):
    https://www.wilderssecurity.com/showpost.php?p=876442&postcount=117 (some explanations)
    http://www.castlecops.com/postx165065-0-0.html (a case where a properly protected PC and user with common sense still get infection, and that malware is very sneaky that many scanners can't detect it)

    There is an article which explains why it is unreliable for a security product (eg anti-virus) to run and protect under Windows. Microsoft security researchers are warning about that threat. They are the threat which involve the use of rootkit technology which is almost impossible to detect using current security products. This could pose a serious risk to corporations and individuals since Windows is no longer able to provide valid information about the status of your PC. Any anti-malware has to search from outside the system to detect such kinds of threats. Using something like BartPE can help to achieve this.

    By the way, the situation is probably the reverse. Average people are underestimating the dangers of the Internet, rather than overestimating. Many people are naive in the thinking that they are safe from these dangerous Internet plagues. A recent study released by a leading manufacturer and researcher of Internet viruses states that a malware infects 50% of all home computers, within the first twelve minutes of use (source). Sometimes it may take as fast as 8 seconds.
     
  18. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    So, if I boot up a default install of windows xp with the sp2 firewall enabled(as it is by default), then I can watch exploits occur before my eyes without any user intervention, NO

    User intervention is needed for almost every single attack out there. The only attack it is not needed in are networking attacks, which are easily thrwarted by a firewall. Everything else the user has to do, like not properly configure their browser, open up unknown attachments, download the latest "cool" game, etc.

    Also, I would find it incredibly rare if a hacker would search for a certain pc nowadays and try to exploit vulnerabilities by hand. This is done by botnets nowadays and worms. It would be worthless for someone to waste their time trying to run something on your computer, when it can be automated for maximum revenue.

    That other thing about computers connected to the internet are infected is absolute garbage, and why don't you go put on your tin foil hat since BIG BROTHER is coming for you :ninja: . Nothing can happen to your computer if you are behind a firewall and you don't do anything to get you infected. Visiting windows update won't get you infected with any non-microsoft malware ;) , but it will help get rid of any exploits that can happen to your pc when you surf the internet and someone intends malicious intent to you.

    I know that in order for something to run, it has to be executed. It can be any executable file, like a .exe, .jar, .bat, etc. These always have to be started by something. Almost 100% of the time, remote files not included on the OS are run by the user. Otherwise, they are run by some remote worm, botnet, hacker, etc. who has gained access over a computer and then runs it. However, you can't gain control over a computer if no incoming connections are being accepted and the user hasn't run anything that would open up connections, can you? If you really have seen these automated attacks get through Windows SP2 firewall with no user intervention, please feel free to post the links to the exploit, or even a video where we can see it happen. If you don't feel it appropriate to show exploits on this forum, just PM me the link, because it will be enjoyable to watch :p

    Cheers,

    Alphalutra1
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Well, Alpha stole my post, in a good way.
    Mrk
     
    Last edited: Nov 14, 2006
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Most(if not all) drive-by downloads don¨t work in Firefox with NoScript
     
  21. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Hmm After listening to Wai Wai, I think I better load up more of the latest HIPS, I have being a bit lax these few weeks on keeping up with the latest.

    To those of you who say it's unlikely, let me just say this *Anything* is possible!!!! Look at all the cutting edge stuff reported on rootkits ,let me tell you it's just the tip of the iceberg on the stuff the hackers are keeping back.

    You think your HIPS ,firewalls can keep you safe, think again! If there is a vulnerability in them (and most certainly there will be), the hackers will find it and exploit it.

    I also think it is a good idea to change your security setup once every week, so you present a moving target. You don't want to present a static defense using the same security software all year round while advertising to the world that you run antivirus X, firewall Y, HIPS Z, so hackers can plan according and work around it.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Wai wai, I followed the two links. The second one, which is relevant to the issue of getting infected, has little information as to how the infection happened. And the security setup used is irrelevant, which only proves my points that if you're going to infect yourself, you might as well save money and CPU cycles and run a simple setup, because a heavy one won't save you anyway.
    But if you can provide a proof-of-concept example where a genuine hacking takes place without user intervention, I'll be glad to read it / see it.
    Mrk
     
  23. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Mrkonvic you kidding right?

    Of course it happens. You just need to exploit a vulnerability in a service. Most famous example Slammer worm.
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    I'm not kidding.
    Give me an example where this takes place - with a firewall in place.
    Mrk
     
  25. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,381
    Location:
    West Yorkshire, UK
    There was a great thread on DLSreports http://www.dslreports.com/forum/remark,14671194~days=9999~start=20 where they tried to hack 3 common cheap nat routers... they were able to sneak packets past but noone managed to get or place any files or gain any kinda access. I think they used various tricks like fragmented packet attacks (its a 20 page thread !), they tried xp without a firewall (about page 16/17, took 7 mins to get in with a bot!
    With Sp2 inplace, noone got in.

    Pretty conclusive that the only way in past a firewall (nat/spi etc) is to fool the user somehow (with poor software and/or user-stupidty ).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.