What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Well, "better" when talking about performance will always depend on things like system specs, how the software is coded and blah blah blah. When I speak of EMET being better than ES as far as protection is concerned, it's because EMET is not limited to a browser or some 3rd party wanting to make more money by limiting protection to one thing or another. Again, EMET covers pretty much the entire system and it does so using protections already built in to the OS. That can make a lot of difference in performance. I'll assume when people talk about it being "heavy", they might be meaning the service that continually runs as of 3.5. In my own case, I noticed very obvious drag on my system with ES that is all but gone with EMET. Your mileage may vary of course.
     
  2. zitch

    zitch Guest

  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Perhaps at least one of those threads was referring to a specific exploit. As to the other thread, I'm confused.
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,971
    Location:
    Poland - Cracow
    Currently switched to
    Look'n'Stop + MJ RegistryWatcher + ExeWatch
    TTF and the other addons still the same.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    With off-line installer the pepflashplayer.dll is located in C:\Program Files\Google\etc. With the default web installer it is located in the User directory. Even when you use the off-line installer version, you will see a pepflashplayer.dll in your User directories.

    Now windows was vulnable to dll path intrusions in the past, Chrome was vulnable through user files (also old chrome exploit) and webkit had a history vulnability. Enough ingredients, to check whether this fresh malware sample would succeed against lates Chrome off line installer version.

    So I did not deliberately allow anything :eek: , just was checking whether GPO stopped this malware. I have whitelisted my plug-ins and blacklisted extensions, but in theory the malware could change the pepflashplayer.dll located in the user directory (no UAC protection) and maybe trick Windows (path vulnability) and Chrome (auto install plug-in) in using the adopted dll.

    This malware was a new variant using a mix of older exploits,rest assure, even the vulnable chrome version would have survived with the GPO hardening :cool:
     
    Last edited: Feb 7, 2013
  6. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Well when I speak of "heavy", on XP, I speak of .NET Framework itself which is needed before I can even get around to assessing how heavy EMET is. And that happens to increase the size of my OS install by about 30% and makes my box noticeably less responsive. Throw EMET in there on top of it and my footprint is doubled. Since I don't even use Java, or PDF, or .NET FW, have about 9 services running (none renowned as being vulnerable), have never fallen victim to an exploit in my life, and have an attack surface the size of a gnat to begin with... it's not a concession I'm willing to make personally.

    But sure, it all depends on the individual. And I agree I don't like things that greatly limit/diminish protection in the free version. I heard some talk about the possibility of a Pro version, which would be nice. But really, my browser is the only realistic way I'd get compromised anyhow. The only other thing I ever have facing the internet is Pidgin Messenger, which is well hardened via D+, a tight FW ruleset and sandboxed. And not having to install .NET FW, to me makes all the difference on XP. Makes it "better", for me and me only. On a post XP OS I'd probably lean toward EMET as well, since you're stuck with .NET FW regardless.

    So v3.5 of EMET is especially cumbersome then? I'd heard before people had problems with that one in particular, which isn't surprising since from what I gather it's not even a final release? I know some people that swear by sticking with v2.1 even... say it's lighter and does everything 3 could do for them, with no annoying tray icon. Just what I hear... as I don't actually use it myself.
     
    Last edited: Feb 7, 2013
  7. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I developed a full proof method to prevent against exploits long ago... I don't put things on my box that are vulnerable to them, and disable any services that fit the bill & close up any ports otherwise associated with them.

    The only thing left is Adobe Flash Player (simply no alternative/way around it), which I keep patched, disable all caching in the settings, and install into a restricted sandbox.

    As the EMET/ES debate wages on... better yet = knowing you don't need either one of them, and your odds of an exploit are roughly equivalent to a lightning strike.

    I wonder why anyone bothers to even put Java on their box? I've never needed it for anything. And if I did, said "anything" would be out the window. Heck, I barely ever even need Javascript for that matter. Besides the 2 scripts needed to watch Youtube videos, I only need to allow 1'st party scripts once in a blue moon for proper functionality. To change my sig on here, for instance, lol, is about it.

    Same with cookies. I can't remember the last time I even needed to allow them for something to work.

    And referrers... never have I witnessed a site break because I disallow them.

    People make far too many concessions that are simply unnecessary... or their browsing habits are completely alien to me.
     
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @jmonge
    Nice setup J.:thumb:
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @LoneWolf
    Well careful not to rust it too much. :D
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    How did it happen, then? Would whitelisting DLLs have stopped the bogus dll? o_O Unless this malware was taking advantage of the fact that SRP works at user level, unlike AppLocker which works at kernel level. Which makes me wonder why someone who has the privilege of having a Windows version with AppLocker still decides not to use it, and instead use SRP. :p
     
  11. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,579
    Location:
    Romania
    Changed to Avast free,ZoneAlarm FW free.Later i will add WinPatrol Plus.And maybe Zemana Antilogger free.And of course,the program which is already part of my OS,Sandboxie.
     
  12. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @JoeBlack40
    Nice setup.:thumb: Same here with sbie.;)
     
  13. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,579
    Location:
    Romania
    Thanks.Added WinPatrol already.Everything is fast,light and snappy.:thumb:
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Zemana Antilogger Pro:thumb:
     
  16. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,794
    I honestly don't get the comparison or debate between EMET and ExploitShield. The 2 don't do the same thing.

    EMET aims to prevent vulnerabilities from being exploited.
    ExploitShield (Browser Edition) aims to prevent execution of payload.

    Software has vulnerabilities. Exploits make use of vulnerabilities to do something. That 'something' can be anything. In today's context, most drop a payload but it's not really necessary.

    While you may think it's the same, it's not. From a security standpoint, EMET comes in earlier in the picture while ExploitShield deals with the after-effect (and that is if the exploit decides to drop a payload)

    EMET achieves it's aim by using security mitigation technologies such as DEP, SEHOP, ASLR, EAF, HeapSpray, etc. Unfortunately, SEHOP and ASLR are unavailable in XP natively.

    ExploitShield is at best, a companion to EMET. It's not a replacement.

    HunGryMan recommends EMET because it helps to break most exploits. Apparently, with some the new Java exploits, EMET doesn't (as ZeroVulnLabs pointed out). I get what you're saying but there's really no "contradiction" in his opinions.
     
  17. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Same here, trying Zemana Pro. Not seeing any noticeable impact, seems like a good program. I'll have to do some reading about it to see if it plugs any vulnerabilities in my setup.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it has some hips protection too:thumb:
     
  19. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Didn't know that, must be the System Defense Module? Some HIPS is always a good thing.;)
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  21. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @JoeBlack40
    How's Scotty doing?
     
  22. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    I put on Avast Free, and only scan executed.
     
  23. eugene91

    eugene91 Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    192
    Replaced Windows Defender & Zemana Antilogger Pro with Bitdefender Antivirus Plus 2013 :D

    Seems light :D
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    back to Avira :thumb:
     
  25. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    Avira is always a keeper :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.