What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Well to balance up things, I have put it on my wife's laptop (because she shops on-line) and will keep it because of the identity guard feature.

    During PrevX pre-beta, closed beta and beta-period I tested PrevX a lot (yes with four tweaks of which two are implemented as standard now) using a honeypot of a friend who is a malware reverse engineer for a bank.

    I had not seen such spectacular results (catching so much) since Avira added behavioral analysis (also pre-beta testing). I expected the results of this new feature to make WSA the top dog of real world tests. It did not happen. For marketing reasons it is better to score high on those tests, because an AV should provide trust, not require faith.
     
  2. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    :D LOL…. Yep. And thankfully that slimeball carnival barker and his load of BS was pushed overboard from the good ship Wilders. Good times.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Gotta agree again. Dont get me wrong but, it has everything, but detection.

    Let me explain why. If something that may be bad, but hasnt been decided is bad, it is allowed to run, but not really run. "Stop"

    So does this mean that something that you cant detect, but do detect because it is only allowed to somewhat run until a later date? What if is something I need to install to perform a task.Am I allowed to use this and perform the task, or only under limited ability until at a later date, you give me full ability.

    Bottom line is folks, you either detect it or you miss it. Anything else is just a sig added at a later date.
     
    Last edited: Dec 4, 2013
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i wanted to believe that also but i was wrong:D
     
  5. Windows 7 Ultmate 32 bits with WFW 2-way and NAS backup

    Execution restrictions
    - Block USB execute access and IE-zone executable download (GPO)
    - Deny execute for Basic Users outside all UAC protected folders (SRP)
    - Deny elevation/installation of unsigned programs/drivers (UAC & GPO)

    Intrusion mitigation
    - Disabled risk-ware services (GPO) and all HKCU autoruns for Basic Users (ACL)
    - Secured settings of PDF-reader, media player, email and internet browser (GPO)
    - Added EMET memory protection & MSE auto-scan of browser/email downloads

    Browser protection
    - Run web browser and plug-ins in protected mode with EMET HTTPS pinning
    - Filter URLs with Smartscreen and Ads with AdBlockPlus & stop-Google TPL
    - Using AVG Secure search for safety and Startpage search for privacy
     
    Last edited by a moderator: Dec 8, 2013
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Speak the Devils name and you will hear the flapping of his wings.;)
     
  7. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I spaketh not his name! :eek:
     
  8. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Maybe I'll try it one of these days Securon, however I'm thinking that seeing I have a router firewall and am using Windows firewall that they may be enough.

    Go Riders!!
     
  9. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
    You have always been a "HIPS" guy!:D
     
  10. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening! Digmor...nothing at all wrong with the Windows Firewall especially with Windows 7. And even though your bleeding green...it will soon be black and gold...Oskee Wee Wee...Oskee Wah...Wah...Tigers eat em'raw...Lol! Sincerely...Securon
     
  11. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening! Rompin...This is a family show...enough of the double Entendres! Lol! Sincerely...Securon
     
  12. PoetWarrior

    PoetWarrior Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    345
    Added EMET 4.1 to Win 8 64 bit. Behind standard account. So far so good.
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I disagree - if Webroot doesn't block the original file execution but does block every change made by the file, shouldn't that count? This is ignoring journaling/rollback/ID Shield/etc: we have a great deal of our protection based on what a file does and the first time it tries to do something (not just sit idle), Webroot will step in and stop it. This is not covered by on-demand tests or AV tests, and has been the case all along with Prevx/Webroot alike.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I agree completely. Once we have some tests which can show Webroot alongside the other vendors using an approach which accurately reflects not only what we're doing but also what several other vendors have expressed concern about from the various testing organizations, we'll see a considerably different picture. If we fail then, and I strongly doubt we will because I see how well protected our users are, there would be a real issue which we'd need to fix.
     
  15. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    224
    Location:
    USA
    @ PrevxHelp - Truth be told I took myself and my client base away from your products some time ago. There has been too many issues going on for too long. From purely a consumer viewpoint, I become weary of vendors that continually promise they are going to improve their product and it takes years to accomplish anything. I normally only type to vendor help when there is some type of positive action that can be taken to help rectify a given situation. Because I left as a dissatisfied customer it is now a mostly moot situation. I am saying what I am saying so you understand that your company is losing business. In a free market based economy companies either improve or lose money. I valued your product line at one point. I would like to get back to that point.

     
  16. This is not a WSA thread, I think discussion should be relocated.

    As stated, an AV should provide trust not require faith. Because I have done some real malware testing I have faith in WSA (but as said I should not have), I have seen how it dealt with unknown processes, allowing them to run as UNTRUSTED.

    a) Running (new malware) unknown processes as UNTRUSTED means that the executable can't touch system objects. Not being able to change system level objects means that it can't do much (permanent) harm. I known this is tricky because a staged intrusion could circumvent this, but the advanced logging should (when it works as promised) also track binaries spawned/invoked/downloaded by this malware (as explained at c).

    b) Main harm which could be done in the twilight zone when running as UNTRUSTED was key logging/MITB attacks. I have seen (also confirmed by independent tests) WSA Identity protection to be top notch on this field. So WSA deals with the danger. I can also understand that it feels uncomfortable to have potential malware running on your system (but it can't touch your banking/shopping stuff).

    c) UNTRUSTED proces actions are logged (file/registry changes) so that they can be un-done afterwards. To be honest I have not seen this in action, because I was not allowed to share/disclose the malware of my friends honeypot (he needed time to reverse engineer and disclosure was through normal malware fighter channels).

    Marketing wise I can understand people moving away from WSA when it performs average in tests.
     
    Last edited by a moderator: Dec 5, 2013
  17. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
    Move your agenda to WSA forum....not needed here!
     
  18. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Webroot SecureAnywhere: The Greatest or The Worst


    I hereby rename this thread --

    Webroot SecureAnywhere: “The Greatest AV since AVs were invented”, or “The Worst Product since SuckyAntiSpyware.” You decide.


    Thank you.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it is going to be my lifetime software on and off but i will not buy security software ever again :)
     
  20. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    224
    Location:
    USA
    I agree!

     
  21. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Windows 7 Home Premium SP1 x86

    Firewall:
    Router NAT/SPI (Password Protected)
    Look’n’Stop Firewall 2.07 (Phant0m’s Ruleset)(Password Protected)

    Anti-Virus:
    Emsisoft Anti-Malware 8.1.0.19

    HIPS/Blocking/Hardening:
    DefenseWall HIPS/Personal Firewall 3.22
    VoodooShield 1.28 Beta
    EMET 4.1 (Internet facing applications & MS Office)
    SpywareBlaster 5.0 (Ad-Aware custom blocking list)

    Several on demand scanners.
     
  22. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Update your EAM.
     
  23. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    Still with Avira free and Privatefirewall.Sandboxie on demand.And Wondershare Time Freeze.
     
  24. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    517
    Location:
    United States
    I'm now running a rather bare bones security setup. Chrome and EMET are really my only protections (full setup in sig). Trading inconvenience from additional software for an emphasis on quick recovery and surfing smartly.
     
  25. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    It auto updated. Forgot to update the version number for this thread. Thanks for noticing.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.