What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,997
    If you are doing an experiment then I'll be interested in seeing if something happens to your machine... Please let us know. Otherwise a computer without a decent AV nowadays is like driving a car in the middle of gun fire.
    Even one of those freebies AVs might be useful, warning you of an intrusion and giving you enough time for a quick reboot. I read in another post that even in 'shadowmode' a trojan could theoretically reformat your HDD... If it is indeed possible, you might have difficulties starting windows again upon rebooting.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,786
    Hi,
    I love these kinds of posts. It's like those redneck conventions where people bring their guns and then show off with telling ... :)
    So, here are my lists:


    Least burdened machine (but not necessarily least protected):
    SPF Free firewall
    AVG anti-virus
    MSAS anti-spyware


    Most heavily burdened machines:

    1

    Real-time
    SPF Free firewall
    AVG anti-virus
    MSAS ant-spyware
    SpywareGuard
    SpywareBlaster
    SnoopFree anti-keylogger
    Attach Shield Worm Suppression

    On-demand
    Ad-Aware SE
    Spybot S&D
    Ewido anti-trojan
    A2 anti-trojan

    Another 30+ installers present, but not used, including SSV, RKR, UnhackMe, Blacklight, VLNSearch, DLLCompare, WinPatrol, and more more.

    Tweaks
    a variety of services disabled blah blah etc.
    using BugOff, SafeXP, WWDC, HTAStop, and some more patches

    2

    Real-time
    Kerio 4.2.2 free / used to be Jetico
    no anti-virus
    MSAS anti-spyware
    AntiExecutable
    SnoopFree anti-keylogger
    Attach Shield Worm Suppression
    Proxomitron web-filter (with Kye-U filters)
    AnalogX ScriptDefender
    SpywareBlaster
    RegProt
    MJ Registry Watcher
    DefenseWall

    On-demand
    Ad-Aware SE
    Ewido anti-trojan
    A2 anti-trojan

    Tweaks
    a variety of thingies disabled through restriction policies


    All Windows machines running also:
    CCleaner
    DropMyRights
    Firefox browser with limited privileges, plus extensions including noscript, adblock plus with filterset.g, refcontrol, useragentswitcher, and more.
    Opera browser
    Lynx browser

    Most Windows machines also hooked into ICS


    Linux machine:
    Suse 10, integrated firewall + BitDefender AV

    Mrk
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,105
    Location:
    South Texas, USA
    Okay I was getting more familiar with NOD32 since it was a while since I last used it and um don't remember how the web scanenr worked, but why am I able to download zip\rar files with viruses. I remember that Kav didn't allow it to even be downloaded, but am I wrong, didn't NOD32 do that too or does it only catch it on execution?

    dja2k
     
  4. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    XP Pro SP2

    ZoneAlarm Pro 6.1
    NOD32 2.5
    SpySweeper 4.5
    BOClean 4.20.002

    Not sure if I'm going to keep BOClean around much longer. Definitely has impacted my system to the point of being intrusive (Laptop 2.0GHZ Pentium M, 1GB RAM, 5400 RPM HD). One of the benefits of 4.12 is that I never knew it was there. Hopefully Kevin can rethink his approach and release a new version or update that takes care of the sluggishness 4.20 causes.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    One reason people don't use AV is that they don't feel they can depend on it being reliable.

    A few weeks ago, isc.sans.org included this about Sober in its daily diary:

    http://isc.sans.org/diary.php?storyid=880
    IMPORTANT: Antivirus software does not provide any reliable protection against current threats. Viruses like Sober tend to change every few hours well in advance of AV signature updates. The fact that an attachment did not get marked is no indication that it is harmless. We do receive reports of up to date versions of AV software missing some of the recent Sober variants.
    ____________________________________________

    So, what are the methods of those who don't use AV? A look at how these worms (and trojans) propagate is revealing.

    W32.Dasher.C
    http://securityresponse.symantec.com/avcenter/venc/data/w32.dasher.c.html

    When W32.Dasher.C is executed , it performs the following actions:

    Creates the following files:

    %System%\wins\SqlExp.exe
    %System%\wins\SqlScan.exe (A port scan utility)
    %System%\wins\svchost.exe
    _________________________________________


    Worms and Trojans have to execute (install) to deliver their payload, and their execution can be prevented by various methods of intrusion protection that have been discussed in other threads, but may be worth revisiting.

    An interesting term used by several companies is default-deny:

    Host Threat Prevention: a New Weapon in the War against Desktop Threats
    http://www.hurwitz.com/newsletters/...eapon-in-the-war-against-desktop-threats.html

    Traditional approaches to PC security-anti-virus software and personal firewalls-only partially address security threats in the form of malicious executables that are becoming more frequent and more sophisticated.

    Host Threat Prevention is based on the principle of default-deny, in which everything is automatically prevented except that which has been explicitly approved. In short, the default position is always 'no'.
    __________________________________________


    That is another way of describing "white list" technology:

    An Ounce of Prevention
    www.infosec.co.uk/ExhibitorLibrary/ 123/An_Ounce_of_Prevention.pdf

    A major side-benefit of whitelist-based application control is the inherent stability it offers the computing environment...
    This includes creating and enforcing a whitelist of approved applications for corporate endpoints so that unforeseen threats are blocked by default.

    If you think about how many new threats and vulnerabilities become known every day, and how much quicker they will occur in the future, whitelist application control seems to be common sense. There are several whitelisting software solutions on the market;
    _________________________________


    There are other methods, combined with common sense regarding use of email, and other safe computing habits that protect one from viruses and trojans without using AV, if he/she so chooses.


    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Last edited: Dec 19, 2005
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,786
    Hi,
    I have to strengthen rich's statement.
    I use AVs out of habit. Truth to be told, I never checked a file and found a virus with it. And if I download a file and want to execute it, then I will have known that a file is safe. And if a certain file raises a doubt with me, that is I desire to check it with AV or AT, then it will not run on my computer ever.
    AV gives you a sense of security - not necessarily security - but for those who want the sense - AV is a good thing. The same goes for AS, AT etc.
    And those whose' AVs flag viruses, worms and trojan once a week or so due to their internet habit (unless purposeful) should perhaps revisit their habits.
    Sarcasm: hentai.exe is not a cool japanese anime video ...
    Mrk
     
  7. hubbahubba

    hubbahubba Guest

    Didn't realize that as a gun owner who attends these conventions that I was a "redneck". Just thought I was taking advantage of the ability to use my second amendment rights to protect my family from would-be intruders who intend harm during the middle of the night as well as my freedom to assemble however I please....
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,786
    Hi,
    I apologize if you were offended.
    It was meant as sarcasm and not personal attack against anyone.
    I am into guns myself quite a lot and have nothing against people who have little arsenals stored in their cellars.
    Peace,
    Mrk
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's indeed an experiment, but somebody has to put ShadowUser in an extreme dangerous situation.
    My final goal is to prove that SU isn't that safe and tell ShadowStor about it in order to bring them back in humility mode. :D
     
  10. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    I don't like to enter into any deeper discussions here coz m not expert and not a lawyer... and also not a licensed health care practioner. :D

    As of now here's my security set-up:

    Firefox 1.5 -w No Scripts and SpoofStick extensions
    Windows XP SP2 Firewall (set to no exceptions)
    Avast Home Edition Antivirus (everything enabled and set to high,..e.g. Network Shield, WebScanner etc..)
    With BitDefender 8 free, ClamWin, and Dr. WebCure IT free- back-up scanners

    Anti-Spywares active: Microsoft AntiSpyware Beta,WinPatrol & SpywareGuard
    On demand scanner: Ewido free, Spybot, A-Squared, Ad-Aware SE Personal,
    CWShredder, Spyware Doctor (unreg) and X-Cleaner.

    Immunizer: SpywareBlaster, Spybot immunizer, and IE-SpyAd

    Hardening: SafeXP, Harden IT and Windows Worm Doors Cleaners

    Process and Registry Protection: ProcessGuard and GhostSecurity Suite

    As I'm trying to minimized the load on my RAM memory... I think my set-up is already good for ordinary surfers. ;)
     
    Last edited: Dec 19, 2005
  11. ftwynne59

    ftwynne59 Registered Member

    Joined:
    May 24, 2005
    Posts:
    185
    Mrkvonic

    This posted in thread No 31..

    "AV gives you a sense of security - not necessarily security - but for those who want the sense - AV is a good thing. The same goes for AS, AT etc."

    Don't agree.....solid AV's & AT'S give you solid security (if practised with safe browsing habits).....implying that they only give you a sense of security is misleading IMO.....
     
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    On WinXP SP2 Pro...

    Real-Time:
    - CHX
    - NOD32
    - Ad Muncher
    - HostsMan
    - Arovax Shield

    On-demand:
    - ewido anti-malware plus
    - CounterSpy
    - Spybot - Search & Destroy

    Others:
    - Harden-It
    - SpywareBlaster
     
  13. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,997
    @Rmus
    You've taken my statement out of context: It was meant to Erik Albert who is trying out ShadowUser with 'just' a firewall.Personally if I had to choose between ShadowUser and NOD32 as my only protection, I would certainly go for ShadowUser. On the other hand I don't care about being 'minimal' and my second line of defense in terms of feeling safe is certainly NOD32. I also think AVs nowadays are covering more fields than just viruses(trojans,spyware,rootkits) why do you think TDS disappeared?

    People talk about safe computing habits:One shouldn't do this or that. Why?
    I want my computer to go anywhere, visit any site if I want to, feel free to browse and have the feeling It can be done without having my system compromised. With my set-up I can do it, and not because I want to test it, I just call it freedom.

    Finally I think if you run something like ShadowUser, a good AV, and a decent firewall, you should be protected from new and old threats.
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,786
    Hi,
    In your surfing history, how many times your AV / AT alerted you about a threat? Disregard changes to hosts file, homepage and small things like that you do yourself. I mean serious things! Real-time blocking of a trojan or virus executing...
    Mrk
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I just don't understand why so many users are a fan of all these AV/AS/AT/AK scanners.
    These scanners have alot of disadvantages you know :

    1. Scanners collect the bad objects of the bad guys in a definition database.
    which is the most unreliable, unpredictable, uncontrollable source you can think of.
    If I would collect anything, I would collect the good objects of the good guys,
    because that source is reliable, predictable and above all controllable.

    2. Malwares need to be DISCOVERED first by researchers, if they don't find them and the heuristics don't find them, you are infected.

    3. There is a time gap between the discovering of the malware and the updating of the definition database.
    During that period you are vulnerable.

    4. There is a possible time gap between the updating of the definition database and running the scanner.
    During that period, you are vulnerable. Not every user runs his scanner in time and even scheduled scanners run only one time.

    5. Each scanner has it own definition-database and these databases are different in quantity and identity, which means you need more than one AV/AS/AT/AK scanner to catch as many malwares as possible.
    If you believe in the av-comparatives, you need KAV + NOD32 + McAfee to catch as many malwares as possible.
    AS/AT/AK scanners aren't as mature as AV scanners, so you need even more scanners.
    That makes at least 10-15 scanners and those who have less scanners are less protected.
    In theory you need all scanners and certainly not ONE.

    6. Each scanner has an increasing definition-database, which also means that the TOTAL scan-time increases every day.
    Some scanners have already more than 100,000 definitions. What will it be in the next five years : 500,000 ?
    How long will the user be happy, when it takes hours to scan his computer ?
    That's a time bomb. Or the definition databases will explode or the user will explode, losing his patience.

    7. Each scanner has grosso modo the same definitions and only the differences makes the scanner special, which also means that these scanners search for grosso modo the SAME malwares, which results in alot of wasted time.

    8. Heuristics have also false positives and that makes scanners dangerous for less-knowledgeable users, because they will remove them and damage their own computer.

    Maybe I'm too stupid, not being a security expert :)
     
  16. Devilavocate

    Devilavocate Guest

    Sigh, listen to Erikalbert he knows what he is talking about. He may not be a security expert but he is a application analyst.

    Shadowuser is the solution!

    HIPS are too difficult to use.
     
  17. simple_user

    simple_user Guest

    Personally I use an antivirus program plus a HD imaging program. Nothing beats reformatting the HD when the worst happens. For most users, they have a relatively stable collection of installed programs which evolve/upgrade/uninstall slowly through time, so updating a periodical/incremental HD backup or image is not too troublesome. A shocking trend I read about here is that people try loading more and more different security programs on their systems, to the extent of giving the CPU the blunt of just running them. I think human pyschology is the more important factor than the real need for most.
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    OK, I edited my post to remove reference to your statement.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  19. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    Mine is pretty simple.....

    First and foremost, I use Firefox and sometimes Opera.

    I harden Windows XP, place all my applications and OS on the C: partition, I point ALL files to a separate partition. I then use Drive Image 2002 (still the best, imo) and make an image of the C: drive. I can then put that 'just right' image back on the C: drive whenever necessary.

    As far as security tools, I use a Linksys firewall/router, Zonealarm Free (old version, smaller footprint), Deep Freeze and a Faronics app called Anti-Executable. I tried Deep Freeze with Process Guard and several other similar tools but found anti-ex the best of the bunch. Whatever you use, I am a big believer in whitelisting. Also, I see some here use ShadowUser and that's a good program too, a little different approach than Deep Freeze from what's left on the actual disk after reboot (if that's a concern), but I highly recommend SU or DF either one.

    I rarely run an anti-virus but when I do it's an online scan from Trendmicro and/or McAfee.

    Outside of anti-ex and Deep Freeze I run nothing in real-time. Unless you consider AdMuncher a security tool. I run it all the time and couldn't surf without it.

    Oh wait....I also run WinPatrol in the background because I now have 2 gigs of memory and I take no performance hit. I've used it so long is rteally the only reason I use it. It's a GREAT program, but I don't feel I really "need" it.

    All the real-time and on-demand scanning would be a waste of my time with the above setup. I have been running all of the above for two-years and have never had a single problem. Actually, I used to use another product before anti-ex, but same kind of thing. But what's in this post above is all I have, and all I need. Other's mileage, as the saying goes, may vary.
     
    Last edited: Dec 19, 2005
  20. hubbahubba

    hubbahubba Guest

    Haha....no problem, Mrk, I just didn't know if you were poking a little fun at and including yourself, or making some sort of a political staement. It's all good.
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,997
    You didn't have to edit your post, my comment was for argument sake, I hope I didn't hurt your feelings.

    All the best,

    Jack
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    No, not at all. After reading ErikAlbert's post, I had been jotting down some thoughts on AV, and just used your post as a lead in!

    -rich
     
  23. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    I also opted for AE after looking at PG, preferring something a little more restrictive. To use another company's description: Default-Deny. Also, I was a bit concerned about using more than one product that operates at the kernel level, and Faronics has designed AE to work alongside DF.

    But as you say, any White List product is a big plus in your arsenal.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  24. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I would tend to agree that most of these scanners shouldn't be the bedrock of your computer's security. I went about 9 months without doing a single scan on my comp. I finally updated Ad-Aware and did 3 or 4 online AV scans. The results? I had 2 tracking cookies on my system. The most valuable security/privacy apps on my computer right now are CHX, ProcessGuard, Proxomitron (neat little program, this) and CleanCache. When I reformatted a few weeks ago, I went through the whole routine of SafeXP, Harden-It and Secure-It, as well as shutting down services that I don't need but which could be problematic.

    I do scans right now because I'm on a spanking new format and this is the time I tend to be anal about things.
     
  25. medz

    medz Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    13
    Netgear DG834G V2 fw:3.0.125
    KAV Pro 5(extended database)
    WINDOWS PRO SP2 FIREWALL
    Ad-Aware SE Pro v1.06
    SpyBot 1.4
     
Loading...
Similar Threads
  1. LICIL4801
    Replies:
    27
    Views:
    2,138
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.