Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
threatfire alone proably is not nearly going to protect u from a lot of malware.
Windows XP Pro SP3
LUA + SRP + SuRun 22.214.171.124
Avira AntiVir Personal
Sandboxie 3.33.04 beta
Firefox - Shiretoko w/ Noscript
That's exactly the SuRun version i keep using in spite of all the other newer releases. Just seems to work on XP better for me then any others without any trip ups or issues.
SandboxIE always a smart decision, great app.
XP Pro Home PC (behind a router)
1. limited user with SRP (no execute) of temporary, internet and P2P directories
2. Malware Defender
a) registry protection groups are network, startup, my extra startup group
b) general rule permit execcute, ask on (is deny while running silent mode)
- load driver/service
- keboard low level access
- registry low level access
- Set system time
- System shutdown
c) contained applications (IE7, Iron Portable, Outlook Express, LimeWire), meaning default deny all with selected permits (file, rgistry, other rules) plus prevent those applicationsfrom being accessed by others)
3. ThreatFire with default custom rules selected
- host file
- one custom rule (warn when old 16 bit/dos related programs start, like ntvdm, format, cmd, regsrvr, etc)
Have not had it running so light ever before (MD really uses less CPU power, TF V4 only requries 1/3 of CPU cycles of V3). I have tried to combine TF with several classical HIPS (SSM, EQS, D+). Until recently EQS worked together best when looking at number of pop-ups. D+ worked best when looking at protection level. Malware Defender beated both in user firendliness (no pop-ups with my setup) and protection (no intrusion with such a light selection). Off course the contained Application Group really helped to establish this (they run in a tighter than tight movement space, just enough to function with IE7 the fully functional, and Chrome only allowed to download - no from screen execution of applications )
I call this my "classical HIPS guarded and policy restricted intelligent behavior blocker defense with some internet facing processes in solitary confinement rules" .
To me this setup makes sense:
a) simple policy restriction to rule out most problems
b) General MD rule to protect against the worst threats (also issues not always covered well by ThreatFire, so a nice complimentairy precaution costing close to zero CPU capacity, as shown in Task manager image MalwareDefender and MDservice is nearly zero, I/O's mostly in RAM so doe not delay respons of system)
c) Intelligent Behaviour blocker dealing with normal windows mechanism (so I don't have to decide) + outbound protection. When an intrusion occurs the blacklist AntiVirus data base is checked (currently VirusBuster)
d) Internet facing application under high/restricted control of malware defender (solitary confinement rules), because these are my first entry points or application threat gates (your fire wall is your network threatgate guard).
At picture below. Only TF seems to eat CPU. On line for nearly eight hours, preparing a presentation, doing some e-mail and browsing the web, 10 seconds of TF or 0,04% of CPU capacity waisted to security aps.
Hm, i had since 7 years no problem with Malware/Viruses etc. I guess Threatfire is enough. Ok, Windows Defender is on too.
if you have on high and know how to deal with the pop ups you should be ok and this goes for mamutu too
Not on high, but on 4.
well even on high, no product is perfect, so no, it is not enough to just use threatfire, especially with threatfires recent problems
i know it is acting kind of strange for some reason
Sandboxie for suspicious applications or websites
Prevx Edge Paid
Forgot to add that added latest new release of Firefox 3!
I finally am weening away from IE after all these years.
good to know security is taken quite seriously here
- Eset NOD32 with remote admin
- SAS (auto scheduled to run twice week)
- MalwareBytes' with protection monitoring on
- All my browsers run sandboxed
- Webwasher Gateway (secure Web)
- Juniper NS Hardware Firewall
- OSSEC HIDS (network log, a server, 3 dekstops and the 3 laptops);
AND of course i make sure Operating system and Browser application are kept up to date, disable unwanted Services.
Here my setup
-OA trial version (wanted to try before buying)
What do you think about it ?
What can you advice me to make my setup stronger.
Do you think outpost pro is better than OA 3 paid ?
i'm on vista 32.
i see you use nod32, only think with it, i am bit worried now about is its scores on av-test. although i personaly never had any problem with Malware, but it might be due fact that i got Webwasher gateway. i am thinking of upgrading to AVK G-data 2009, its scroes are impressive, better than webwashers itself.
OutpostPro (Only FW)
Avira Security Suite
Windows XP SP3
Malwarebytes Antimalware for on-demand scanning.
I like it alot!
Tweak it, Blackspear's settings for NOD
OA is much stronger.
Well i listened Cybermarchi and uninstall it to try avast pro is it a good choice ?
Why eset have today worse results than on the 2.x release (i'm an old nod32 user) ?
Because we can see a middle result on av-test and av-comparative with not good critices.
Im a bit confuse on all tests and comparatives cause everything change between 2 different test.
Then which AV do you advice me (free as much as possible)?
Ok thanks will buy it then
Hi agian, i am not so sure about avast, although i was saying AVK G-DATA suite. but saying that now days having one suite is not all good either. mabe use avast pro, with hips program like threatfire and then use sandboxie for your browser.
unforurtenlt there is no one right answer.
as free programs, then try threatfire, sandboxie, mabe Avira personal (i think thats free) antivirus, superantispyware, malwarebytes for ondemand.
hopefully there is more out there.
Enough for who? You heard the man, he has not gotten any problems since 7 years. All these applications we use try to protect us from damaging the computer or your private data. IMO you won't be needing allot to keep you safe on the web. I think a Windows user only need 3 things really; a firewall, a system image and backups just in case and an up-to-date system or preferably use something with less vulnerabilities.
Hopefully he has some other on demand scanners to verify this. One program in place for 7 yrs without any checks & balances, is not security, IMO.
Separate names with a comma.