Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
Main PC (gaming, surfing etc):
McAfee Endpoint Security (heavily customized settings, because defaults are crap)
McAfee Web Boost for Chrome (for disabling those annoying autoplay videos)
KeyScrambler Premium (keystroke encryption)
HiBit Startup monitor (really good for monitoring lots of different autorun entries, task scheduler entries, service entries. McAfee can do these too, but it has no "ask mode")
System Restore disabled
Macrium Reflect (full backups, takes about 2 min to create a backup of my system drive. Restore via Macrium USB stick if needed)
Malware testing laptop with Macrium Reflect full baseline backup to external drive and USB restore, if system gets heavily infected/encrypted, MS Office installed:
Currently testing Trend Micro Max Security 6 months trial.
And when i'm testing malwares (bazaar samples), i test them without any VM, i prefer live environment, because some malwares are VM aware/ can escape.
Testing laptop is not connected to my router, i use old Xcover 2 phone as a hotspot with prepaid sim card.
I've been testing (one week/one AV solutions) against new bazaar samples. So i check new bazaar samples several times a day, download them and run them.
Webroot with defaults:
-System heavily infected, encrypted (full restore needed)
Webroot with max settings:
-A lot better, because of it does online webroot "whitelist check" aka so called anti-exe.
Dr Web Security Space Beta, defaults:
-Average detection in general. It does have really powerful DPD(Process Dumper) and DPH(Process Heuristic)
Dr Web Security Space Beta, max settings:
-It does have really good predefined HIPS settings, but defaults are bad. You can customize those setting, for you own liking(allow, ask mode, auto block)
What i observed, when i tested one ransomware sample against Dr Web SS Beta. One of Dr Web HIPS component alerted that "xxx.exe" wants to use "low level disk access". Allow or Deny?
I did not click "allow" or "deny", but ransomware was still encrypting files in the background. Until i clicked "deny", and then whole system crashed. I did not "stop" abusing process.
Trend Micro Max Security:
4 days of testing, several kind of bazaar samples, Trend Micro nailed all tested so far.
Your going to be as bad as @Peter2150 and myself in brutally testing these security programs
I am EXACTLY the same way. Why be skiddish right? Test those vicious crapwares on a LIVE system and get the up close and personal REAL FEEL to their tricks and Real-Time results, not in VM's like a beekeeper's suit.
I like and admire your extreme ambition on that. Beta Testing Ransomoff and others I put them into a dedicated LIVE machine to run amuck with ready backups in case of the need. TIDBIT: I run them with ShadowDefender unleashing gobs of file infector and the most notorious ransomwares like Petya, Locky, etc and well, i have a whole what i call a Zoo of horrifics. Never once did any prevent SD from dumping them completely after testing. Some even encrypted Shadow Defender's folder of files, seized up the machine forcing a Hard Reset. Upon reboot, it was like nothing ever happened! Only way to see how strong or weak both windows and the security programs really are.
On HiBit- Man I couldn't be any more satisfied with that app. Its Amazing!!!
Have a really good day @moredhelfinland
Yeah, i do like HiBit monitor. It monitors a lot of registry autorun entries. For example, Webroot seems to monitor only the basic "currentversion\run" where HiBit monitors a lot of more autorun entries and task scheduler entries.
And i sure understand, why most of the AV solutions does not monitor these. They can add this "monitor", but how mommy and papa can answer to a popup, when installing a sofware, that adds autorun entry and mebbe even task scheduler entry.
Mighty popup window comes, "do you want to add this to..." Mommy and papa of course click "deny". That is why, for example, F-Secure does not use its own firewall, it relies windows own firewall. Funny thing, is that F-Secure does not even protect Windows Firewall to gettin abused and disabled.
F-Secure processes are easily killable via Task Manager, some other avs easily killed too.
PsExec, cant kill. Of course not, some AV processes are running with SYSTEM privileges.
Nirsoft Advrun is a great sofware, to test, to kill an av processes.
Let me know that you find out with your testing, ect.....
I am really interested in your finding, ect...
Alway's the best,
I still not covered all the available features it sports. Just awesome, and very very safe and I love the Registry Restore feature but haven't needed it not once! The added benefit not only as a power user but also fancy dancy customizer that Context Menu feature thru me for a loop! Saves you tons of time from having to fish thru the registry to reduce fly-out lines that may be a bit much. A very comprehensive context menu editor way better than any I EVER found! Talk about fine tune granularity.
Heck I haven't even explored that it MONITORS like that yet. Incredible well thought out portable and the developer is continuously refining the things that make it sharper.
Yeah, and some one said "windows firewall is enuff".
F-Secure cant prevent, example: malware uses(s) lolbins to download malware.
Outbound and Inbound are allowed So you're a part of a botnet.
Someone said here, stay at "windows firewall".
Trend Micro and its Firewall Booster is great, hardcoded ips oh well
Well, my computer security configuration over at Malwaretips took a hit and went from Secure/Complete to At Risk. It's because of Windows 11. Haven't changed any security--it's still the same as in my signature but I sharpened my senses a little more and am keeping a closer watch on the developements of Windows 11.
The two Windows Security bugs (Virus sample submission off at every restart and "Standard hardware device security not supported" have been fixed on here but that doesn't preclude anything else, now and in the near future.
Sorry for a late response, I was on vacation.
That does seem to be the correct procedure, yes.
Is this really a good idea? Isn't Catsxp Chinese?
It is and it is open source. I see no good reason not to use Chinese software. I'm running two Chinese antiviruses, on my Chinese laptop, as well as using other Chinese software.
Currently, I'm using Slimjet as my browser. Prior to that, I was using Cent and before that, 360 Extreme Explorer. They are also all Chinese. If I have reason to believe a particular piece of software is untrustworthy, I won't use. Aside from that, I have no issue with using software from any region.
I don't trust China more or less than any other nation.
I started the security/privacy setup of my new Lenovo W.10 x64 pc.
W.10 Home 21H1 x64 (PC my Daughter)
Local Account - Standard user
UAC Maximum - always notify
Disabled many unnecessary services
Web Search DDG
MS Defender Firewall - rules hardened with H.C.
MS Defender - All protections enabled - Ransomware protection disabled.
Some softwares hardened with custom Anti-Exploit Settings.
Hard Configurator - Some custom rules enabled
Chrome x64 --cipher-suite-blacklist=0x002F,0x0035,0x000A,0x009C,0xC014,0x009D,0xC013 --disable-webgl
Block scripts loaded via document.write
Omnibox - Use HTTPS as the default protocol for navigations
uBlock Origin - Hard Mode
Canvas Blocker - Fingerprint Protect
In this pc it is not possible to install W.11
I decided to change my setup on my laptop from a dual boot with Linux Mint MATE and Windows 10 (slow as molasses) to Debian 10 GNOME which runs great and very stable! My Desktop is the same.
Click the smiley for more info on Debian.
Hi @Sampei Nihira
do you know anything about LocalCDN extension?
Decentraleyes hasn't been updated for 9 months.
I don't trust using LocalCDN:
Oh okay, there are problems using it on Chrome.
If I get tumed off for any reason by Windows 10 on my new rig this Linux release will be it's replacement. Oh I will still have Windows 8.1 super charged boxes to do the windows thing. And Linux MINT (My personal favorite and very familiar with it) is another strong STABLE choice.
Down below siggy remains strongly in place and will be current for years on the Windows. WVSX really is sealed the deal for the 8.1 boxes and it's super nice on Windows 10-snappy and quietly available to guard network too now.
W.10 Home x64 21H1
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Removed some Windows optional features
Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender
Ransomware protection - disabled
No run in a sandbox (Feature that appeared in 2018,fell into oblivion)
Core Isolation: Memory integrity - disabled *****
Some softwares hardened with maximum AE protection
All Windows Exploit Protection options - enabled
Mozilla Firefox - about:config tweaked
uBlock Origin - Hard Mode
First steps of my Security setup.
***** = With the feature enabled I get an annoying pop-up in the middle of the screen every time I boot that warns me to reboot because the hardware settings have changed.
Have any W. members solved this, for me, annoying problem?
Interest : Cost of Deep Freeze for a PC? And do you need to disable fast start?
And do you need to disable Deep Freeze to Window Updates? If so how?
Why not Shadow Defender with ( MBR) protection?
I don't trust using LocalCDN in Chromium-based browsers:
Home - LocalCDN - Codeberg.org
Understood. I've just installed LocalCDN in Firefox on my machines and am giving it a try.
The same here, installed yesterday in Firefox.
Separate names with a comma.