Trojan Protection with NOD32

Discussion in 'NOD32 version 2 Forum' started by Trooper, Apr 15, 2005.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Hi Gang,

    Just a quick question here, which I am sure will have multiple answers. I currently use NOD32 for my AV software, which I know helps against trojans as well.

    My question is, do I need something "other than" NOD32 to help protect myself from attack and infection?

    I've read some good stuff about BOClean, but Im not familiar with the software. I was curious if you think I would need or should look into getting/using BOClean in addition to NOD32. Or do you think NOD32 is enough to cover all the bases?

    Im just trying to make an informed decision prior to making a new software purchase. I am very much into security and have things pretty much up to snuff here on my home network.

    Any thoughts and or advice would be greatly appreciated.

    Thanks as always,

    Jag
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Whether you need it to stay secure or not really depends on your habits. If you are a high risk user (visit adult websites, use p2p, etc.) then you'll want all the protection you can get. If, however, you generally only visit known good sites and are very careful with email, then you could probably do without. Many of us here opt for maximum protection, with our without reason :) If nothing else you could always use one of the free AT scanners for on-demand scans periodically, and/or use some generic behavior blocking.. ProcessGuard, Prevx, and RegRun being my personal favorites, and can potentially save you from all kinds of malware.
     
  3. claire

    claire Guest

  4. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    BOClean works very well indeed with NOD32 and will give you an additional layer of protection and peace of mind. Do you need it? - I think Notok covers most of the angles in his post :D
     
    Last edited: Apr 15, 2005
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks for the advice ladies and gentlemen. :)

    I will give it some more thought before purchasing. I am a safe/secure internet user. No adult sites or P2P programs for me. :)

    Best Regards,

    Jag
     
  6. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jaguar,

    Just to add some more food for thought:

    I recently was just casually browsing the Internet looking for some generic information (no porn or anything like that), and I got hit by a warning of a trojan trying to install on my system. So even casual, browsing can lead to trouble nowadays.

    KAV 4.5 has a very strong extended database, that covers all sorts of trojans and other types of malware. The latest version of NOD32 is not as strong in this department (is is very strong in other areas such as heuristics and resource usage). I often visit the online malware scanning site run by jotti, and very often you will see trojans go undetected by NOD32 - even with heuristics. For this reason, I would strongly recommend that you have some sort of backup for NOD32. With this backup, you could very well have keyloggers, rootkits, or other types of very nasty malware on your system and not know about it for a long period of time (as happened to many of my friends).

    If I were to purchase just one product, I would say that ProcessGuard provides the best overall protection, as long as you are comfortable with the messages that it will be giving you asking permission for execution. RegDefend and Prevx also afford additional protection in their own way.

    If you are looking for a good real-time anti-trojan, then any of those that have been mentioned, are about equivalent in my experiences - i.e BOClean, Ewido, and TrojanHunter. I have all three (and use them for different purposes), but I only run Ewido in real-time because it behaves best and has the least amount of conflict with my setup which includes KAV 4.5, ProcessGuard, Prevx, and RegDefend. So the best way to decide is to just get trial versions of the products and see which one behaves best. Any one of them would be satisfactory.

    Hope this helps,
    Rich
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Jaguar, you shouldn't have an issue then with Nod32. It also depends on what other security you use. To see a few setups, you may want to take a look HERE. As well there are discussions HERE and even more HERE.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  8. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Rich and Blackspear,

    Thanks for the additional information. :D I will let you guys know what I decide.

    Regards,

    Jag
     
  9. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Notok's answer came closest. You have to realize that if you ask if you "need" to use <insert name of fringe security software genre here> on a site full of paranoiacs and security hobbyists, you're going to be told that you'll be screwed for sure if you don't.

    But these are the same people who are constantly saying that they came across this malware, that malware, this virus, that worm, this trojan--while I see none of it, no matter what I scan with.

    So yeah, if your habits are as senseless as some of the people around here, you better take every measure you can.

    Consider this:
     
    Last edited: Apr 15, 2005
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    But nameless,

    You're here along with the rest of us :)

    Seriously Jaguar, it is very easy to either go overboard or not appreciate the full context of vulnerabilities. Regardless of what you do, you shouldn't be picking up malware on a regular basis unless you are either looking for it or frequenting rather seedy sites.

    You have a very decent AV already. Hopefully you have at least a cheap router. There's plenty of free antispyware scanners available to deal with that material. An AT may or may not be needed. I like to run one, and I use BOClean. It's a very solid product.

    The advice given thus far has centered on consideration of where you surf. Also focus on what you do (online bill payment, online purchasing, banking, etc.) the information stored on you PC, and your tolerance to a system compromise. If you don't do any of the activities mentioned - you're good as is. If you do some or all of the things I mention, look closely at the threads indicated by Blackspear, try to get a sense of how things are positioned, why they are there, and assemble a level of control that you feel comfortable with. If you don't quite understand the rationale of something, ask here.

    It is as easy to go overboard as it is to be blissfully unaware and vulnerable. Both extremes are the result of gaps in knowledge and understanding, and therefore can be addressed through some relatively straightforward education and analysis.

    Blue
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Saying "This site has paranoiacs" doesn't mean "Everyone here is a paranoiac".
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Point taken :)

    Blue
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It purely depends on your surfing habits and how many people use your system and where in fact they go and what they click on.

    I could actually get way with a minimalist approach, however my fiancé couldn’t, see attached screenshot, she thought because the email said I know you, that it was intended for her. Nor could her brother that clicks absolutely any ware, wandering across any sight he can find looking for the usual. Nor could my Aunt, whom I spent 8 hours trying to get off a mongrel piece of software that was hidden within windows that had a form of timer (not seen before).

    So with my setup they all have a play to their hearts content, and I know my system is safe.


    That is good for you, in reality, you are very much a minority, which goes against the tide the continually flows into my shop asking for help.


    As I have said before, being safe and secure is not a bad thing, it is sensible.

    Cheers :D
     

    Attached Files:

  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    I remember on another forum (unrelated to security), a person was suggesting that there was "nothing to worry about". Two months later he was hit bad - and for all the time and data that was lost (I am not sure how much of his own financial records were compromised), it would have been well worth it for him to have purchased a good set of security software.

    When one lives in the city long enough, one learns that an ounce of prevention is worth a pound of cure. My local computershop owner tells me his biggest business nowadays is cleaning systems of trojans and viruses - systems belonging no doubt to those who thought it couldn't happen to them. Of course, in any environment, there are those who have been hit (as have I, with Norton AV running no less) and those who haven't. Just because I have never had a theft in my home, doesn't mean I leave my home with the doors ajar, hoping that no one tries to get in. In is not paranoia - it is commonsense. What is not commonesense, is to save $25 and hope that it never happens to you. $25 is the price of one meal out on the town.

    Rich
     
  15. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Blackspear,

    You must have been writing while I was. :)

    Anyway, as you can see, I share your point-of-view. It really doesn't make sense to roll the dice when it is pretty straight forward to protect one's system nowadays at minimal cost. My experiences is that a single, good AV (such as Norton) is simply inadequate for many reasons and in many ways.

    Rich
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I am one of these Computer Shop owners, and it is a big percentage of my business. You should see the stress these people are under when they walk in to the shop with an infected PC...

    Cheers :D
     
  17. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Blackspear,

    At one time I was one of those distressed owners - many times over. ;) Finally, I decided I had to put some time in to understand what were the nature of the vulnerabilities and what was a reasonable set of security software. Like you, I am feeling much better nowadays because I know what is going on and for some nominal amount of money, I have been able to afford my system a decent level of protection.

    Cya,
    Rich
     
  18. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I'm not sure how this relates to me. Did I ever say I was immune? No, I just questioned the need for anti-trojan software.

    I'll go for the pound of prevention--that being educating myself.

    This is because so many people these days are obtaining computers, with zero knowledge of how to use them, let alone how to use them securely.

    Exactly. So spend your $25 on a book about security, not on software that may not work when you count on it to, or may make your system crash.

    Oh come on, you know that it depends on a lot more than that.

    These people need instruction, not more and more software. If I can teach my wife and mother basic security practices, I'm pretty sure 99% of everyone stands a good chance.

    I think I would find it very odd if people brought perfectly-functioning computer systems to you.

    This perfectly exemplifies why my point was missed. I didn't say that it wasn't good to be "safe and secure"; I questioned the means of approaching that end. (Key word "approaching", since you won't ever truly be "safe and secure".)

    I find it hard to imagine how my point could have been missed more widely. You guys speak as if all you have to do is load up on "security" software, and you're good to go. The only trade-off is the expense. And that this is "common sense".

    But that's far from the truth. When you load up on software, you're giving up your money (sometimes a lot of it), your time (sometimes a lot of it), system performance (sometimes a lot of it), and very, very often, system stability (sometimes a lot of it).

    Can you argue that these aren't trade-offs of using more and more software? Please explain to me how it is "common sense" that you need to heap additional software on a system, without considering this.

    And you didn't even consider how the system in question is used, or by who! What platform is it? Is it behind a router? Who uses it, when, and for what? Is it used for all his banking and work records, or just for adult entertainment surfing? How much can he afford to spend?

    I am saying that you shouldn't throw away the basic security principle of understanding what it is we're trying to protect, and just go straight into the shotgun "more is better" approach.
     
  19. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I'm really, really tired tonight, and poorly spoken. I don't mean any offense by anything I've written, and I doubt I explained myself well. I'm not saying that you shouldn't use an AT... Just that... Oh man I've gotta go sleep. :)
     
  20. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi nameless,

    Yep it has been a long day. :) Hope you get a good night sleep (I'm about ready to hit the sack also) and I am sure all of the advice can be sorted out, if there are still any remaining questions. I really like Blackspear's link as a good starting place for advice in answer to some very complicated questions. Security, is always a complicated subjected, no matter what type we are talking about - home computer, home, homeland. No easy solution - just different ideas and points-of-view.

    Cya,
    Rich
     
  21. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    nod is great as a av and getting really good as soon a at. eset seems to be working very hard at adding new defs all the time. of late i have seen almost 3 or 4 updates a day on many occasions. im sure we will be there soon... but i myself do recc an at. or at least a adaware or spybot. if nothing else.. no these are not the best solutions but they can detect certain things that nod may miss. fortunatly my nod has saved my but on 9 occasions in the last three days. no adult sites, but just surfing believe it or not. i occasionaly use p2p but rarely mostly to obtain foriegn films or stuff not available here or out of print outdated stuff you cant get any longer. again rarely though.
    as blackspears stated above i have seen this 9 times. where i have bd, arcavir, mcafee, etrust, trend, clam av and others to throw these against when i find them on other machines. and most except maybe kav and mcafee overlook them. so do you absolutly need a at. not always, is it a recc. extra layer of protection i feel yes. even if you are a "safe surfer" 9 times in three days is nothing to play with
     
  22. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I dont think ArcaVir would let those go very easily - Its heuristics engine is NOT AT ALL bad :)

    And yes, I do remember that you NOD recently caught a few trojans for you, zfactor. Am I right? :):)

    I'm not being sarcastic, I'm seriously asking a question :)
     
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    nameless,

    I thought you articulated your position quite well, and it is involves points that should be borne in mind by all:
    • Security is not achieved my simply layering (or piling) security applications upon one another. Having a large number of security applications does not mean you have good security
    • It's important to educate oneself regarding security needs for your PC and what various security applications can do for you.
    • Layering an increasing number of security applications can induce system instability. If your system is unstable, you either have too much or the wrong mix and it's time to reassess the situation
    • You didn't explicitly say this - but one issue with some of the more sophisticated applications is that average users do not generally have have the knowledge to appropriately deal with flags raised by these programs. Program Q is trying to do {writing value ABC to registry key XYZ}. How is the average user to deal with this information? Although I use a measure of registry protection, I'd say that this type of protection is dicey addition for casual PC users (i.e. the bulk of the population).
    • Just because I have a given configuration doesn't mean it's necessarily appropriate for you. It comes down to designing one's security complement based on an informed analysis of needs and risk assessment
    • Simple additions, like a router, go a long way in providing off-PC security
    By the same token, Rich and Blackspear makes some equally compelling points:
    • The costs of many of these applications are very modest. Excellent security can be achieved for reasonable cost. As far as I can see, viable security can be achieved for free.
    • There are a multiple of options available, with links to many provided by Blackspear. On that count, simply because the option exists, doesn't mean one must take it.
    • Too many users simply dismiss the needs of security. This is a very perilous path to follow in the present day.
    And then we have our original poster Jaguar, it is obvious in starting this thread that he appreciates the need to get up to speed with the situation before pulling the trigger. I've offered my advice, which should be weighed, not accepted without question. It's a very rational approach.

    Personally, I've thought this is has been an excellent exchange, and I don't believe everyone here are on different ends of the debate across the board.

    Anyone serious about security should realize achieving balance in security applications means a number of different things. An application for which one blindly and automatically approves every flag offered may as well not be installed. By the same token, if every flag offered is blindly disapproved, system stability may eventually be compromised. Using tools without understanding their function can be more dangerous than not having the tool at all.

    Increasing the number of realtime monitoring programs will also increase the risk of system instability. Notice the use of the word "will" not "can", it is an inevitable consequence of their function. That is something many users fail to appreciate. Adding additional measures should always be done deliberately, with a specific goal in mind, and with an eye towards avoiding pure duplication of coverage.

    These applications are tools. They are tools applied to a PC. It's not any different from getting tools to perform maintenance on a car or house. Simply because I can purchase a set of wrenches and can pull the brake system on my car apart doesn't make it a good idea. If I know what I'm doing, self maintenance is fine. If I don't, leave it to those that do. In the current context, rely on a shop or an informed friend for guidance. I know - this can be fraught with problems - there are no easy answers. If I want to learn self-maintenance, devote the time to do that. Having that knowledge can be rewarding, even if not used on a daily basis.

    In advising users asking questions here, it's a pragmatic impossibility to develop a use/risk profile realtime for every user question raised. That's something the user posing the question must do offline. We can help guide that way, but in the end the user must assume responsibility for the final decisions.

    Just my perspective today, and it's always subject to revision based on what I learn moving forward since the playing field is definitely not static

    Blue
     
  24. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    yes firecat nod has stopped many trojans in the last few days for me!! nothing that all my other av's picked up either so nod stopped everything.
    as blue said i dont believe in piling on security. but if a user is using a program like nod they do need to understand that its original intention was an av not a anti trojan. while they have come a long way and detection is really pretty awsome right now with it, back in the older days of nod it would never detect trojans for me. great at av but no so on trojans.
    i do believe in as i stated not piling it on but i feel the need for
    a) awsome av with hopefully good trojan and worm detection
    b) a really good firewall EVEN WITH A ROUTER to block in and out
    c) at this point in time a good spware/malware/trojan program such as boclean or ewido or etc..
    i run adaware mostly just to clean up cookies etc.. but not active i run it on demand when i feel the need to. so 3 programs i dont feel is overkill especially if they are light ones at that.
    not picking on anyone not starting flaming......
    i do feel some here are overprotected and as stated above this could cause many conflicts i have seen it before and continue to see it all the time working on cust computers. i see some here running 4-5-6 or more prgrams sometimes 2 anti trojans etc.
    ill admit it i do have a backup scanner on my home pc but mainly just to compare my nod to, to see if anything gets by it on demand not active and very rarely gets used.

    the question oringinally stated here was about trojan protection with nod.
    1) is it a great at... no not yet getting better everyday they are working hard at it.
    2) would i soley use nod for av/at ..... not yet hopefully soon we will be able to be this lucky
    3) do i feel any av is great as an at..... possibly kav or mcafee are best right now ...but not perfect i have seen lots that kav missed on my system that nod picked up so a half dozen of one , you get the idea
    with the frequency eset is getting thier updates out they are doing a fantastic job. i stopped using nod way back when because of the lack of updates. now that i see this it reassures me of eset.

    i dont mean to be long winded here but this seems to be an ongoing argument always of do i need a at. some feel one way others feel different.
    at this point in time right now i dont feel that any av is a perfect at. and even most at's are lacking also. if you use a good av with a good at and firewall you are very safe. yes maybe one day something could possibly sneek through but chances are slim
     
  25. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I would like to mention one nice thing about BOClean that I've found. It will run without killing your system too much, even if it is running all the time. But if you disable the options to run on startup, and to monitor the system continuously, you can run BOClean whenever you want, and it will simply scan and exit. This is how I'm using it right now.

    I actually have a simple command script, called by Task Scheduler every 4 hours, that (1) Runs the BOClean updater; then (2) Runs BOClean (using Task Scheduler is also an easy way around BOClean's built-in 6-hour update check limitation. Shhhh... Don't tell Kevin! :)). Since I have BOClean configured not to monitor continuously, it simply scans and exits. This is what I'm comfortable with at the moment. The script could hardly be simpler:

    Code:
    @echo off
    cls
    if not defined BOClean set BOClean=1 & start "BOClean - Update, Scan, and Exit" /min %SystemRoot%\system32\cmd.exe /c %0 & goto :EOF
    
    echo. & echo Running the BOClean updater...
    
    start "" /wait "C:\Program Files\BOClean\BOC4UPD.EXE"
    
    start "" "C:\Program Files\BOClean\BOC412.EXE"
    
    rem -end of script-
     
Thread Status:
Not open for further replies.