What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,817
    Location:
    U.S.A. (South)
    Had forgotten all about that beauty-NVT SysHardener which if/when engaged properly, that puppy is another iron wall of sorts.

    Thanks for the mention. It's almost as much an exciting time on the same scale as when HIPS first took center stage for 32Bit systems back on XP.

    A little dab a do ya-here and there-and Wallah!! Lockdown City
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,078
    Location:
    Canada
    Finally, someone who gets it :thumb:
     
  3. guest

    guest Guest

    true, Applocker is a basic SRP but not everybody got Windows Pro or Enterprise.

    indeed, but it doesn't mean AG is an full-fledge anti-exploit, AG Solo (SMB version), doesn't protect the memory space of every processes, it only prevent Guarded Processes to read/modify others; which is different than what pure anti-exploit like HMPA or EMET does.

    Once you understand that, then we can move on.
     
    Last edited by a moderator: Jul 31, 2018
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,631
    Location:
    The Netherlands
    Yes, we all know it's different, but that's not the point. The end goal of isolation is to mitigate exploits. Why would you use EXE Radar and Sandboxie? It's to tackle exploits, so you could classify them as anti-exploit even though they are not using pure anti-exploitation technologies. But anyway this whole discussion started because I was criticizing AG's marketing, they say EDR and next gen AV's will fail to block exploits, this is both false.

    Well, it depends on how you look at it. If you're serious about securing corporations you will always need to monitor app behavior, not only on first run/install but continuously. So I'm afraid SRP + isolation isn't enough. Why do you think that Invincea went from purely isolating to developing an AV based on ML and behavior blocking.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,078
    Location:
    Canada
    I'm looking at it as most users of this forum, who are typically running a device for home use. Unfortunately, so many Wilders members are running too many security programs in an effort to protect themselves from exploits that only require half or less of the programs they are running. 3rd-party software tends to be buggy, so when they are combined in a so called "layered" defense approach, the bugs tend to intensify resulting in unstable system behavior. I don't even need to prove this; there are numerous posts throughout these forums of members complaining about delays and freezing, or unexpected behavior in security products they are using. It's ridiculous how many security programs some people are running concurrently.

    It's obvious from my setup I like to use what's available in the O/S first, then augment with minimal 3rd-party programs. In fact, I use nothing more than an ad/script blocking extension in my browser. The rest of my security approach is included in the O/S and in the browser enabling available flags in Chrome. No infections whatsoever. The rest is based on common sense such as keeping everything up to date and downloading from known safe sites, validating the file's checksum. As a safety net, I keep recent images of my setup and backup all critical personal data.
     
  6. guest

    guest Guest

    Which has nothing to do in this forum, we all know every vendors uses marketing "not-so-realistic" arguments to sell their product.
    Wilders and other security forums exist to show what is behind the marketing curtain.
    Also, prove me that EDR and NextGen will never fail? so AG's marketing is right too , depend on how you interpret it.
    If we play on words (what is exactly what marketing does) and properly select the right ones, everybody can be right.

    And you know very well that vendors (marketing) representatives rarely comes into security forums, because their marketing speech doesn't work here, they focuses in general forums where people are less knowledgeable in security and more adept to drink their words.
    The few vendors here are usually doing support or look for beta testers' feedbacks.
    So bringing marketing debate on a security forums is pointless, most people here know the difference between marketing and the real efficiency of products.

    corporate security is all about the admin setting it up, like home users, they have different skills/approaches/opinions/preferred mechanism.
    I knew an expert admin in a quite big company that never used anything else than Windows group policy and Applocker for all the departments' machines, never got infected.
    I asked him why not some more sophisticated solutions on their machines, he answered "for what? workers can't execute programs, can't install, can't plug a Usb"
    And the workers hated him because they can't do anything else than their job on those machines. :D
    However, he uses some hardware firewall appliance to protect against network intrusions.
     
    Last edited by a moderator: Aug 4, 2018
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,817
    Location:
    U.S.A. (South)
    Spelled out nicely in real terms on that. :cool:
     
  8. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    OS: Win10 Home 64bit (version 1803, build 17134.191)
    FW: Binisoft WFC
    AV: Kaspersky Free
    OD: HitmanPro, Zemana AntiMalware
    BP: K9 Web Protection, uBlock Origin
    Misc: NoVirusThanks SysHardener, Windows Privacy Dashboard, O&O ShutUp10
    DNS: Cloudflare
     
  9. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    817
    Location:
    Melbourne, Australia
    Which filters for security?
     
  10. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    MVPS HOSTS
    K9 Web Protection will do the rest
     
  11. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    817
    Location:
    Melbourne, Australia
    Thanks.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,631
    Location:
    The Netherlands
    Exactly, and that's why I'm criticizing them. Marketing should be more realistic. Remember how Cylance tried to fool people with their "Unbelievable Tour" claiming they were better than Sophos, it was discussed at this forum.

    Well, first of all, EDR isn't meant to block per se, it's there to monitor the attack, this shows me they don't even understand EDR.

    You are contradicting yourself, you just said that security forums exist to discuss this. What's done a lot on this forum is to poke holes in what security companies claim, so me saying that their marketing is BS is perfectly normal. What's pointless is keep trying to defend them, because you ain't going to change my opinion.

    The problem is that this expert admin can still install and run apps himself, and apps can get exploited. That's why I say that SRP + isolation isn't enough to secure corporations, just look at how many supply chain attacks there have been in the recent years: MeDoc, Ammy Admin, CCleaner, GOM Player and PDFescape were all trojanized. A tool like AG would not have blocked this attack.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,631
    Location:
    The Netherlands
    I completely agree with this, but this discussion was more about how to secure corporations which is often a bit more complex than having to secure a home user PC. But I know what you mean, I have also tried to find tools that don't cause any problems, use hardly any resources and don't overlap.
     
  14. guest

    guest Guest

    Softs exploited at the source (like was Ccleaner) are usually signed, so most security apps won't detect them either.
    if the admin install malicious apps, blame him, not the security apps. The admin is supposed to know how the security apps works to avoid mistakes.
    Not saying, in corporate environment, no admin should install any software without double-checking it (run it in a VM , check hash, etc...); they normally don't "happy install" crap softs like home users do.
    Indeed, and the cost in case of infection, way higher.
     
  15. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    KFA didn't update signatures for the whole day, the same bug I found some time ago... so, I removed it
    New setup:
    OS: Win10 Home 64bit (version 1803, build 17134.191)
    FW: Binisoft WFC
    AV: Immunet (ETHOS and SPERO cloud engines only)
    BP: K9 Web Protection
    HIPS: Heilig Defense RansomOff
    BB: NoVirusThanks OSArmor
    OD: HitmanPro, Zemana AntiMalware
    Misc: NoVirusThanks SysHardener, Windows Privacy Dashboard, O&O ShutUp10, uBlock Origin
    DNS: Cloudflare
     
    Last edited: Aug 7, 2018
  16. ReverseGear

    ReverseGear Guest

    Switched from KIS to EAM , and from Adguard premium to ublock origin for the time being. There is a slight increase in system and web performance
     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,656
    Samsung Laptop
    Windows 10 / 64bit

    Kaspersky Security Cloud
    AppGuard Solo
    DeepFreeze
    AdGuard
    Raxio Instant Recovery
    IVPN
     
  18. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,327
    Location:
    Here, There and Everywhere
    Been a long time, LoneWolf, hope this finds you doing well!
    Hard to go wrong with that.
    Good list with one thought --- I worry about Kaspersky because of his history of anti-privacy statements.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,631
    Location:
    The Netherlands
    Well, I don't know all the ins and outs from next gen AV's, but I'm sure you can configure them in a way not to automatically trust signed software. And EDR should be able to quickly detect and block malware before it gets the chance to infect the whole network.

    Just look at what happened at TSMC, it was probably some system admin that installed a trusted app that was trojanized, this wouldn't have happened if I was in charge, it would have saved them about 200 million dollars. :D

    https://www.bloomberg.com/news/arti...er-blames-wannacry-variant-for-plant-closures
     
  20. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    2,605
    hi there, how's df doing these days?
     
  21. guest

    guest Guest

    btw, Cylance Smart AV (the newly home user version) was tested at MT against 17 fresh real malware (from yesterday), it failed against one exe and one script. With SRP, HIPS and other anti-exe it wouldn't happen. So Next-Gen (overhyped IMO) isn't the solution.
     
  22. TheErzengel

    TheErzengel Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    38
    Location:
    WWW
    Windows 10 64bits

    Kaspersky internet security
    Adguard
    Purevpn
    StickyPassword

    Ondemand
    Malwarebytes free
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,631
    Location:
    The Netherlands
    Correct, but Cylance doesn't use any behavioral monitoring, so it should always be combined with other tools.
     
  24. guest

    guest Guest

    I agree on that, i always promoted wisely made layered setups, if done right, you shouldnt be compromised unless some very complex threats.
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,283
    Location:
    Under a bushel ...
    I am trying Cylance on one machine (with OSA, Heimdal PRO) ..., just out of curiosity.

    Noobish question: Being AI-based, would running Cylance alongside another anti-malware like EAM be madness, or workable?
     
    Last edited: Aug 12, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.