What do these terms mean Please..?

As a newbie, ive been going through the post's on the topic....... What is your security setup these days?
with great interest


I am still not too sure just which programs I can run together on my computer with out causing any possible
problems...?

Would some one please explain / outline the differences with the following terms I keep seeing ............


Realtime:
On demand:
System Monitoring:
Additional Hardening
Resident:
Realtime - PLUGINS ACTIVE
Online services:

At the moment I have running ......
Spyboy Search & Destroy ( free )
ewiod 4 ( paid )
Ad-Aware
a-Squared
SpywareGuard
SpywareBlaster
AVG ( free) soon to be replaced with NOD32 ( paid )
Ccleaner
CleanUp
Zone Alarm ( free)

Many Thanks ................. Mypenry

 

Re: What do thease terms mean Please..?

Realtime: = Running active on your pc so it intercepts the malware before it gets on your pc.
On demand: = Runs only when you start it up.
System Monitoring: = Same as Realtime(see above)
Additional Hardening = using specialised applications to disable certain options which are a potential vulnerability.
Resident: = Same as Realtime(see above)
Realtime - PLUGINS ACTIVE = Same as Realtime but with the addition of plugins, which are basically 'extra' functions that can be added to the standard protection that you get with a default installation.
Online services: = Using things like Online antivirus scanners. A good example would be http://www.security-ops.eu.tt/

This is my understanding of the terms used.

muf

 

Re: What do thease terms mean Please..?

all those apps should work fine together, but u do have quite a bit of antispyware.

 

Re: What do thease terms mean Please..?

Thanks Guy's for the comments I think as this is my first new computer, and being a Newbie I may be just getting a bit Paranoid ,
Some how I seem to take it personal when my '' New Baby '' gets infected!!! But its great knowing all I have to do is ask
For help here ... just another Newbie Thought about antispyware, if no one antispyware application can not guarantee to catch
Every thing out there, then would it not be that the more different antispyware applications you run, give you a better of catching
Some thing that one of the other applications you have installed missed..? Like the more net's you cast in the sea, increase the possibility of catching more fish .?

Thanks.......... mypenry

 

Re: What do thease terms mean Please..?

Absolutely.



snowbound

 

Re: What do thease terms mean Please..?

Just a few thoughts...
Spyware seems to be the major threat.
A lot of users are running more than one antispyware program.

Look at resident and real-time as a monitor(antivirus) or a service(firewall).Usually a monitor or a service will start when your computer starts up.
On-demand is usually a scanner.You have to start it.

Don't forget that Ewido 4.0 is being replaced by AVG Antispyware 7.5.
Same program with different colors and icon.

You may want to try a free browser like Opera or K-Meleon.
They will be safer than Internet Explorer.

 

Re: What do thease terms mean Please..?

Yes, and no.

Yes that you have only 1 running resident.
Yes that you have as many as you like to perform full on-demand system scans.
No that you have more than 1 running resident. You ever seen one of those clips on TV that show 2 baseball players trying to go for the same ball. As they converge from two different direction's they both crash into each other and guess what happens? Yep, they got in each others way and both missed it! This is just a simple analogy. Running two Antispyware application's simultaneously in realtime can mean they get in each others way and both miss the malware.

muf

 

Re: What do thease terms mean Please..?

That works to a point. A lot of people use that approach. The downside to this approach is twofold.
1, To prevent your system from becoming infected, the antispyware needs to be running in real time. Scanners are "after the fact" solutions that detect items after they've infected your system. While running more than one resident or real time time antispyware would theoretically increase your chances of catching more before it can infect you, they can also load down your system, slowing its performance. It's also possible that they can conflict with each other and cause problems almost as bad as the malware would have.
2, Most anti-spyware programs work best against known threats. Depending on who makes it, they use signature files, reference files, definition files, or whatever the particular vendor chooses to call them. Many also use heuristics, roughly defined for this purpose as detection by analyzing behavior, but this has a long way to go before it will be able to really defend a system. When it comes to new malware or new variations of existing malware, the conventional anti-spyware programs don't do as well.
Whether use an alternate browser or not, do tighten up the security settings for Internet Explorer. It's settings are way too permissive and vulnerable when used "as installed". While there's a lot of sites that detail how to do this, This one is easy for new users to follow.
Rick

 

Re: What do thease terms mean Please..?

why do u recommend this? if u dont use IE (or at least rarely) what benefits are there to tightening its settings?

 

Re: What do thease terms mean Please..?

Unlike most software, Internet Explorer is very much a part of the operating system itself. You can't really separate where the operating system ends and Internet Explorer begins. Many of its settings affect how other software works, especially proxy and connection settings. I don't remember which ones specifically, but there have been a couple of patches released where vulnerabilities in Internet Explorer could be exploited even if the user was running another browser. A fair amount of other software requires that Internet Explorer be a certain version or newer on the system it's being installed on. These apps use Internet Explorer components. Mozilla for instance will use DdHelp.exe, Microsofts DirectX helper, even though Mozilla doesn't actually run DirectX. Other applications use the same "temporary internet files" folder that IE6 uses, and the settings that control this. When you get down to it, Windows active desktop is very much tied to Internet Explorer, as is the file system with its "view as a webpage" option and the ability to see a preview of webpages on the left side of the folders.
Then there's those times that you can't make another browser work on a particular site, and are forced to use IE6. Even if those times are rare, it's still worthwhile to have it configured securely for those occasions.
Rick

 

Re: What do thease terms mean Please..?

You remind me of myself about a year and a half back, Herbalist, in most of your posts. Personally, these days I just set IE to "allow once" on my firewall, set the security on the "Intranet Zone" to Medium, and focus on the rest of the system and keeping malware/exploits off in the first place

 

Re: What do thease terms mean Please..?

And you remind me of myself about two years ago.

 

Re: What do thease terms mean Please..?

On my system IE6 is only allowed out if it runs thru Proxomitron, via a non-standard port, and then to a very limited number of sites. Accomodating some people who "have to play" those little ActiveX games that don't run on Mozilla or FF. Windows Explorer has no internet access at all.

I'm not sure what to do with that statement. For now, I'll avoid it.
My emphasis is on locking down my system against changes, which I believe I've accomplished. I browse where I please and my security package keeps everything out, silently. Isn't that the desired results?
Rick

 

Hey Herb it's me your Celtic friend!

Tell me why and how to run IE 6 through a non standard port is you can bear the thought/effort!

What is "Proxomitron" ?

I use ZA pro to manage what programs can access the internet.

 

proxomitron is a proxy that can alter sites and act as a sort of content filter (cookies, ads, flash etc).

proxomitron normally uses port 8080, but herbalist changed it to some other port.

 

hmmmm, I await Herbs reply as well.

Thanks

 

WSFuser pretty well answered it. Regarding Proxomitron, you can find more about it at http://www.proxomitron.info/index.html
Proxomitron is one of the most configurable filters you'll find. In addition to the afore mentioned ads, cookies, and flash, it can be used to filter or modify most any web content, including scripts. You can set up lists for most anything you want to control on a site by site basis, filtering some, letting others bypass. Proxomitron has more potential than can ever be covered in a few posts.
Regarding how to run IE6 thru Proxomitron, go to the tools menu, then internet options, connections tab. The go to the proxy settings for the type of service you use. Type in your localhost address, usually 127.0.0.1, and the port number of your choice. Default is 8080. If you use another port, make sure you change the port setting on Proxomitron as well. As for the firewall, it varies depending on the brand. Some refer to it as loopback. Loopback explained here. Some otherwise good firewalls do a poor job controlling loopback connections. The PCAudit firewall test uses loopback connections in addition to a system hook. So does a lot of malware. It's worth spending time with your firewall to get control over this.
I consider Proxomitron to be part of my core security package, along with Kerio 2.1.5 and SSM. The rest fill secondary roles.
Regardless of what methods or software you use, securing a PC boils down to these:
1, Control over all traffic entering and leaving your PC.
2, Control over processes, what can and can't run, and what they're allowed to do.
3, Control over, or the filtering of the traffic content that is allowed.
4, Control over users.
If you can accomplish these, you've secured your system.
Rick
Have we wandered sufficiently off topic yet?

 

May be a bit off topic, but I received some great comments and advice from my first post, but now ( sorry yet another dumb Newbie Question )
when I scan my computer the sacnner keep showing me that I have
several MRU 's on my found scan list, would some one please tell me what a MRU is and if found on a scan what should I do ...?

still learning .........Thanks Mypenry

 

MRU stands for Most Recently Used. They're usage records of your activity, stored either as registry entries or separate files. In addition to the windows operating system, a lot of other software keeps such records. They can include file searches, documents opened, websites visited, etc. With specific software, it's often a list of what you've recently opened with that program. In some ways, they're a convenience, like the address bar on your browser, or a list of what you've opened recently under "my documents" on the start menu. It's your choice what to do with them. For some, they're a usable convenience. For others, they're unwanted user monitoring. There's very little security risk involved with them, unless you're doing something questionable or illegal, in which case, they're evidence. If nothing else, they use up disk space, although the amounts are usually small.
Rick

 

Dear Herb:

Your answers to questions and examples provided are so clear and helpful you really ought to consider gathering up your posts and publishing them.

You could have a "herbalist" knowledge base or "Security for Newbies" or
"Safe Surfing for Dummies".

You could make a fortune or if money means 0 to you, become even more famous! (of course your own secuity would be worse then wouldn't it?)

your Celtic friend

 

Thanks. That's appreciated. I'd hope my posts are useful to someone. There's already so many websites with good info for every level of user, I'm not sure another one would be that much help. I have a small site on one of the free webhosting sites, but it's so incomplete and outdated, I pulled the links to it. Maybe I'll have time this winter. As for money, back when I needed help, it was freely given. The least I can do is to do the same for someone else.
Rick

 

Well, I for one value your comments and insight. I don't know what the other sites are like but if you build one let me know!

Your motivation to help is first rate.... well done.

 

Nothing was meant by it other than that I remember posting almost exactly the same thing some time ago. I realize some will use that kind of statment to put themselves above someone else, but I assure you that was not my intention. Your points are valid, but I've personally come to approach the same thing a little differently.

If IE is being actively used then I would fully agree that you should lock it down, but if you're using Firefox 99% of the time, leaving that 1% for very trusted sites that you only occassionally visit (I would hope so anyway), then I simply don't see a lot of reason to go through the settings meticulously. Just adjust the slider and set your firewall to prompt you each time IE wants to run, and you're just as secure.

Yes, IE is indeed tied into the OS, but if you've got a setup to prevent malicious code from entering your system, then ultimately it's a moot point. There's a never-ending list of "if's, and's, or but's" for ways that your system could be compromised- you have to pick your battles. I choose to focus on keeping malicious code out completely so it doesn't have a chance at touching that stuff. The same goes for how developers program the applications that I use. Apps that I have chosen to trust can do what they need to do to work, and do so unimpeded, otherwise they don't get the chance. If there's any question then I can always do some analysis, either with the software I have or by uploading it to the Norman Sandbox Analyzer, to see all of the questionable actions the file might take all at once.

 

It would seem that we are both misreading each other. Example:
I realize some will use that kind of statment to put themselves above someone else, but I assure you that was not my intention.
I hope I didn't give you the impression I took it that way. I wasn't sure just what that meant. 2 or 3 years ago, I used a completely different approach as well. 3 AVs, multiple anti-spyware and anti-trojan apps, scanners for everything. Now I don't use anything that depends on definitions, reference files, signature files, whitelist, blacklists, etc, except for a manually run AV scanner. On second thought, Proxomitron uses site lists that could be called whitelists and blacklists, except that I build my own.
We definitely approach things differently. Different software that uses different methods, different philosophies on how it should be done, different operating systems, giving each of us a completely different set of options. My choosing to run an unsupported Win98 instead of an NT based system also requires me to approach security differently.
As for suggesting users tighten up Internet Explorer even if they use another browser, I have no way of knowing what another user may have in the way of security-ware or how well it's configured. I don't know if it's a single user PC or one with multiple users, if all the users are running the alternate browser, or if they are, that IE6 is actually denied internet access. On most of the family PCs I've serviced, even though the owner preferred Mozilla or Firefox, many of the other users didn't use it, especially younger kids and those online games that don't run on anything but IE6. Although it might be more for the user to do, I'd rather err on the side of caution.

In an example like that, I be more inclined to believe that the 1% you're referring to isn't necessarily sites the user trusts. I think it's more likely to be the sites that just won't work on another browser, and if the user wants to use those sites they have to use Internet Explorer to do it. Either way, if a user is going to run Internet Explorer, regardless of how much, they should take the time to tighten its settings. It's not that big of a job, and if it prevents just one problem or infection, it's time well spent.
Rick

 

Hehe, no, I just wanted to make that clear for all. I have had far too many situations go wrong involving people trying to read into eachother's statements, so I try to keep everything at face value. If ever you see me being vague, it's because I don't have enough info to be direct. When I am being direct, I do try to be careful to leave it open for further input or encompass multiple possibilities.

I would actually say it's a bigger job then one really realizes until you start adding it all up. It's one thing to spend idle time tweaking this or that over the course of days or weeks (or months), but if you format and try to do it all at once you find that the whole job is a lot more of a task than it's really worth. Then when you have to use it to go to a site, you find that it doesn't work and you have to undo a lot of things. By simply using the slider and "allow once", you get equal protection with much less effort.

The thing that gets me is that I keep seeing mentions of 'controlling your system', with the implication that it somehow greatly increases your security. What I see, from what I've learned, is that a lot of times these efforts are put into things that would increase your security by about one hundredth of one percent, while the actual security holes are left wide open (all the while feeling like you've done great things). Granted people know enough to not have these things tested, but that makes me wonder why the effort isn't put into learning the greater issues. Then there's talk about controlling how software works and such, which when you actually look at real numbers give you virtually nothing, and don't even cover the real issues. Doing a lot of these things work out when you're in a business and can enforce a "this way or no way" policy, but the problem is that the malware writers are writing their malware right around that. You're blocking hooks, they're reading straight from the target app. You're blocking javascripts, they're using CSS. You're blocking Java, they're using Flash to read all your personal info. You're controlling files, they're injecting into memory and/or using ADS streams. You're using strong passwords, they're using null sessions and a modified GINA. You're protecting the HOSTS file, they're changing your DNS servers to their own. You're encrypting you're files, they've got bot-nets with tens or hundreds of thousands of systems running 100%. You use security software, they exploit that security software. You're blocking by hash, they're using symbolic links. The list goes on and on, and these are things actually being used.

Fact is that if you've got internet software with very few vulnerabilities with some generic defenses to make up for the vulnerabilities that are there, ones that are adaptable within a days notice (no, I'm not talking about work, but think open source and others that update quickly and proactively), along with some informational tools that will tell you what you want to know before something happens, then you're far, far, better off. Honestly, if that exploit has delivered it's payload and that payload is starting to use IE then you've already got a mess to clean up and trying to stop it half way through may make things worse. Block it at the firewall and then you can undo the damage. If an exploit is going to access a part of your system through an alternate browser, then it's unlikely that the IE settings will make much difference. As for using IE for necessary sites, well first off I know a lot of people simply too lazy to open IE and go to the site and so adopt a "work with my browser or forget it" attitude unless it's really necessary, and I would hope that people on this forum would give it due consideration, but secondly if your other defenses aren't capable of dealing with something coming in through IE then you ought to be looking for something better.

The effective technologies are out there. Some have to be sought after, others are tried and true. Some were dismissed long ago but are now being revamped in original form as "next generation solutions". They are out there, however, and not too difficult to find. The good ones will give you information without interfering with legitimate use of your system. When you want to know if something is up, an IDS type tool is far more valuable IMO (and safer), especially when used ahead of time.