What is your security setup these days?

Mine is :

[Real-time]
Avira antivir premium
Mamutu

[On-demand]
Superantispyware
Malwarebytes antimalware
Sandboxie

[Other]
Firefox with noscript

Anyone gt suggestion for me to add or replace any programme? Or it is ok with this setup?

 

how is mamutu?i heard good coments about it

 

Personally, i think mamutu is a good programme to complement avira. What i like abt it is the community voting system which can help me in deciding whether to block or allow the programme, which is good for me.

 

thats good

 

It's a very good behaviour IDS: naturally, it's not a real HIPS and it can't ensure the HIPS protection.

 

That also means that it gives less popups, only for suspicious activities, while HIPS alert you of every modification.

 

Ya, but it also means that Mamutu doesn't ensure the total control on your system, his applications, processes, programs.

 

That why i use it to complement avira.

 

Guys, I don´t want to be a wiseacre, but check out the definitions and differences between Intrusion Prevention System and Intrusion Detection System before using those too widely. If it alerts before the change, it prevents. If it alerts after the change, it detects. AFAIK, "behavior blockers" (as e.g. TF, Mamutu) are limited HIPS type of applications, monitoring a few selected key areas which usually are a target for malicious activities, in purpose of avoiding pop-up fatigue for the user.

/C.

 

Than it mean that mamutu alert only after the changes is made?? This is bad.

 

That's not true. It just means that it won't give you popups for every single system modifications but only for dangerous/suspicious behaviours.

 

so it will be a good idea to have them both a beahabiour blocker and a full feature hips running together instead of a antivirus and still get a strong protection without the need of a antivirus probably yes i dont have an antivirus for long time now and no infections so far my taste

 

IMO, using both a "behavior blocker" (limited monitoring) and a "classic" HIPS (wide monitoring) together is redundant of obvious reasons.

/C.

 

so in this case or i will say in my case i will prefer a clasical hips

 

IMO, IDS > HIPS because with HIPS, you spend most of your time dealing with popups that are usually "false positives" whereas an IDS only pops up when there is a real threat to your system, eg. keylogger, DLL/code injection, kernel driver loading, changes to physical memory, etc.

If you have the time, then go ahead and use a HIPS but those of us who do not have the time to deal with popups about everything will use an IDS such as Zemana Antilogger.

 

There´s no difference in the amount of alerts/pop-ups generated between an IDS and an IPS type of application. Ones an object is flagged for alerting, it will do it regardless if the alert comes before or after the change. What you are talking about is the detection span of the monitoring, which is a consequence of either the sensitivity level in its detection, or the type of application (class).

/C.

 

First of all you are incorrect in thinking that an IDS alerts AFTER a change and that an IPS alerts BEFORE (you came to this conclusion just from reading what the letters stand for). Old IDS did alert after a change but modern IDS are actually IPS but their authors prefer to use the "IDS" tag. And secondly, there is a pattern in the product lines of IDS where they have a smaller detection range compared to IPS. This does not necessarily mean less security if it used together with a signature-based detection system. For example, an IPS like Comodo will alert you everytime a program accesses the COM interface. Almost every program out there does this because it is required to establish IPC. HIPS are especially designed for paranoid users, eg. server administrators that only run a certain set of programs on their machine.

 

UPDATED LIST \ 10-27-2008

My Computer - Vista Ultimate SP1

ACITVE
Online Armor AV+ v3 3.0.0.190 (Paid)
Avira Antivir Personal 8.2.0.334 (Free)
SUPERAntispyware 4.21.1004 (Paid)
Sandboxie 3.31.14 (Paid)

Changes are just newer versions of Avira and Sandboxie.

dja2k

 

My recent experience with MAMUTU is been nothing short of completely positive. And also i can confirm that MAMUTU alerts, at least in the tests i put it thru, in advance of an interaction with the system.

On the redundancy mention.

That's a matter of purpose more so than opinion i think.

For the same reason running Script Trap could be considered redundancy when running a Very Strong! HIPS like EQS for example, it can still serve a useful purpose, and does for me anyway, as a backup secondary line of interruption in case something evaded a certain rule in the HIPS.

MAMUTU compliments EQS 4 me in much the same way MBAM would compliment SAS and vice-versa.

On an aside, MAMUTU is much more responsive than the current TF 4, something i wish wasn't so, but it (TF 4) is being reported by others to cause a pronounced "lag" or "delay" as well as taxing resources a bit much.

 

ok i clean my pc(ccleaner) and install only EQSecure 3.41
note:looking a solid ligth firewall,do you know any?thanks

 

You could run something like Online Armor Free with HIPS deactivated if you like.

dja2k

 

i will give it another try.do you know if eqsecure works good with online armor?thanks for replying

 

EQSecure 3.41 with Alcyon's ruleset works with Online Armor 2.1.0.131.

 

great news is it the lates online armor?

 

No, version 2.1.0.131 is not the latest, it was the final/stable version before V3. Version 3.0.0.190 is the latest which you can get via the site. I have not tested EQSecure with version 3.0.0.190, because that version is not automatically downloaded. (I will only start using version 3.0.0.190 when it will be downloaded automatically.)