what is the best configuration aginst trojan and virus ?

Discussion in 'other security issues & news' started by edition, Jul 2, 2005.

Thread Status:
Not open for further replies.
  1. edition

    edition Guest

    what is the best configuration aginst trojan and virus ?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Are you talking specifically about RegDefend, or software in general?

    Cheers :D
     
  3. edition

    edition Guest

  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi edition,

    Well, I think most people would agree that you should start with a good firewall (router-based or software firewall) plus a good anti-virus package with good virus, trojan, and spyware protection. What are you currently running if anything? What is your current machine configuration and what type of work do you do on your machine - e.g. are you only using it for games, email, general browsing, P2P, etc. Also, what browser are you currently using?

    Rich
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    As you thread is how to secure your system in General, I have moved it here where it should receive better attention.

    You may want to take a look here. As well there are discussions on security software here and even more here.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  6. edition

    edition Guest

    thank you all for fast replay :)

    id like to know what is the best configuration for RegDefend ?
    is the default configuration enough?
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With a specific question relating to a specific piece of software that has its own Forum here at Wilders, can you please start a new thread in the RegDefend Forum with the title: What is the best configuration for RegDefend?

    With all other questions relating to what is the best for Trojans and Viruses, we'll leave this thread open for answers...

    What software do you currently use?

    Cheers :D
     
    Last edited: Jul 2, 2005
  8. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,692
    Location:
    Texas
    Hi Richrf - I think both are in order to cover in & out.

    Hi Edition - I would vote for Trojan Hunter/PC-cillin. Note PC-cillin offers free phone support a rare, in this enviornment! I also looked at Diamonds TDS, but opted for TJ it easier & very good.

    May you be malware free
    rico
     
  9. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    edition,
    The quick answer on the "best" configuration for RegDefend is really quite simple, it will vary from person to person by the practices that they follow on their computer (hence why this was considered a general question)

    If you are a beginner to Windows Security the default rules are adequate and are fairly unlikely to cause issues. If you are a more comfortable with Windows and are willing to occasionally have to consult google and/or the microsoft site you could give the RegRun and TonyKlein's ghst files a try and see if they work well for you.

    When it comes to considering RegDefend configurations (your own or other people's) you need to start with the end goal in mind (much the same as when you select your security software). The registry is just a big bucket containing program and hardware configuration details. It is perceived to be complex because it is not particularly well documented and programs can easily change how they use it (adding new things and not using others).

    Because each program uses its own conventions to store information there will be cases when people writing rulesets might choose to use wildcards to be deliberately ambiguous with what is being matched. The downside of this is that some unimportant things may also be covered and you will get RD alerts for things that may not really matter (from a security point of view).

    This is where you need to know in advance what your goal was for your ruleset, if you are looking to get the "best configuration against trojan and viruses" then you are probably looking for a set of rules that primarily cover key and value Modifications (not Reads). Depending on your risk profile, you could choose to cover known areas of the registry that existing malware uses (the combined RegRun and TonyKlein's groups do a good job of this) or you could try to go even further

    Tayasimggg put together some rules that show (amongst other things) examples of non-specific targeting of entire program keys. For example :
    Code:
    hkey_current_user\software\symantec\* | * | Key + Value | Mod Key, Mod Value | Ask User 
    hkey_local_machine\software\symantec\* | * | Key + Value | Mod Key, Mod Value | Ask User
    These rules do not discriminate between security related settings for symantec products and other minor settings. If you rarely make configuration changes or were testing malware samples in a virtual machine, then broader rules like this could be appropriate for you (its a matter of personal preference). Tay's rules also contain a few Read protection rules that seem to be intended to protect privacy, I would imagine that these would generate a number of alert's when legitimate programs access the information.

    There is a tradeoff between the number of false positive alerts you will receive and what is being monitored. You need to consider the risk of a particular event (either change or read) and then test it to see how many alerts you get in normal operation and decide if that is acceptable to you. You might find that there are times when you would like to see more of what is going on and other times when you would prefer to see much less so no one solution is likely to meet your needs for normal running and also during new program installations and testing

    To err on the safe side you would probably be better off just using user contributed ghost group files in the Tested Ghost groups thread seeing as they will have been out for a while and have the added bonus of having documentation explaining why particular keys were included
     
  10. edition

    edition Guest

    its great replay :)
    I will print it now and I will read it many times

    thank you
    :)
     
Loading...
Thread Status:
Not open for further replies.