What is your security setup these days?

I agree with you on this trj. Indeed gr8 point and reality spoken out loud

 

Likewise you were doing last week with the antivirus in question ? Likewise you do every week with different products and then change your mind and do it all again ?

 

You didn't actually listen to what he said or read any of his comments did you?

As he stated in his comments MSE, 2.0 or 1.0 has nothing on zero-day threats.

MSE relies on signatures and heuristics. Several GB of new malware is created every single day. To think any company, even Microsoft, can keep up with this and create a signature for every threat all the time is not only naive, it's ridiculous. Their options say that there is behaviour analysis in the guard, but it does not block anything based on behaviour at all.

Or maybe you haven't seen his more recent review of MSE 2.0 where it let tons of things through:

http://www.youtube.com/watch?v=I4m9VYGXUMo

It's time for these antivirus/anti-malware companies to realize how relying on signatures and heuristics just does not cut it. It's outdated technology.

Have you noticed that the AVs that rely on signatures have been getting worse and worse at not only these Youtube tests, but the tests done by professional organizations? Look at the recent test by AV-Test.org. MSE didn't even get certified.

MSE used to be a program I recommended, when it first came out. Every single person who I recommended it to came back to me within three months because MSE let in infections that left their PC BSODing or completely unusable. There was a Koobface floating around on Facebook that other free vendors were detecting within the first few days whereas MSE took over a month to create a signature for it. Many people I know using MSE were infected with this and had their Facebook accounts closed.

Of course, Avast in its current state is going to let things through as well. They rely on signatures and heuristics to protect a PC as well. But they, on the other hand, have their Network Shield which blocks threats much faster than they can create signatures for the threats.

The only way MSE, Avast, or even Avira free are going to fully protect a system is if you include a HIPS, behaviour guard ( Threatfire/Mamutu) or Sandboxie. Otherwise, as soon as you come across a threat they don't have a signature for, you're infected.

 

Not doubting what you've said,
and not arguing with it either...
just requesting a bit more info so I can process what you're stating.

Can you tell us which avast product your kid was running?
Were all shields active?
Auto or manual updating?
Community participation?
Default settings, or high sensitivity settings?
Action settings?
Packers... default or all?
Scan all files, or selected types only?
Scan whole files?
Scan for PUPS?
Enable rootkit scan on system startup?
Enable avast! self-defense module?

There are lots of ways to configure just my free version, and it's easy to see some configurations are bound to be weaker than others.

 

Comodo firewall with Defense+, NOD32, Winpatrol Plus.

Also use EMET at maximum, Spywareblaster, Hitman Pro, MBAM and SAS.

 

No doubt Avast! 5.0 would let certain nasties in.. This is because the Behavior Shield would only be "fully" functioning in Avast! 5.1 ..


Currently playing around with Comodo Internet Security Premium

 

trying Nod Antivirus

 

Got rid of Sandboxie already?

 

yeah

 

Haha J. I think NOD32 and Prevx could be a good combo along with HMP. Just as long as your laptop doesn't start sizzling and frying bacon

 

yeah it's calling me- I'll probably go with it

 

yes, that's a nice deal for an av as nice as avast pro.

 

I absolutely love ESET NOD32 Antivirus, it is worth any penny. It is my choice, since it is the only program I don't dislike (together with Hitman Pro) for some (maybe a nugatory) reason. After testing a lot of programs I always return to ESET.
Together with the Windows 7 built-in components (firewall, UAC, DEP, SEHOP, SmartScreen-filter) it gives great protection.

By the way, why all the fuzz about zero-day protection? I have never encountered some zero-day malware in my whole life. All the testing and comparing with percents of detection are meaningless, the only thing which matters is how you feel about your product, your own experiences with it in the past. Sure ESET is looks to be degrading in some tests (AV-Test, AV-Comparatives), but it has never let me down. Also it is performing great in the, in my eyes, most relevent tests performed by VirusBulletin (In-the-Wild and RAP).

 

Matthijs,

The same can be said for the opposite: My play PC and wife's laptop only have windows build in:

Windows firewall also outbound application level protection

High rights boundery
- drivers: block unisgned drivers and printer driver install
- UAC: elevate from safe places and deny elevate of unsigned programs

Medium rights world
- RunAsInvoker: all internet facing software running virtualised
- EMET2: all internet facing
- disabled autorun
- wife's laptop internet facing aps run basic user (Vista32 + PGS) and UAC is set to auto elevate (no prompt)
- my play PC (windows 7 32 bits) full UAC without safe desktop prompt

Low rights world
- Chrome (full policy isolation, including all plug-ins) and IE8 (protected mode including adobe reader 10)
- ACL: deny execute on download and mail directory
- 1806: deny download of executables (IE8 ) and allow download but block execution by explorer (Chrome), block can be removed with right click


Hitman Pro, A2 Free on demand for occasional (pre-backup) scan. Never encountered a virus

Going to configure son's play PC with safe-admin alfa this weekend (has new CPU and Mobo on Vista x64). Have not changed setup since three months now.

 

@dja2k;

Sorry got stuck with the office abbreviation for "without" = w/o

It's without the firewall and without Proactive module.

girlfriends pc (I maintain it also..tsk):

Win7 PC:
Realtime: Avira Premium ver10 / Prevx(free) / Malwarebytes(paid) / Online Armor Premium 4.5 / Sandboxie 3.5(paid)
On-demand: HitmanPro Build 117 / VirusTotalUploader / Superantispyare Pro

 

Does that, by itself, really tell that no infection has taken place? Do not take this a bad critic, rather see it as me being analytical.

You run occasional scans with Hitman Pro and A2 Free, right before you make image backups (I'm assuming that's what you mean.). Both apps report no infections. Does that really mean nothing is there? It means one of two things: Both those apps cannot detect anything, because they cannot detect, or at the moment you run the scan there really isn't there anything to be found, which is not the same as saying it is clean or that it was clean.

Even running an antimalware real-time is no way to tell it's clean, even less with on-demand apps, IMO.

I know that you have other measures in place, and that you know better, but why believe on-demand scanning to tell you all is OK, and that you're about to backup a clean image? Wouldn't something more aggressive (and, not necessarily confusing/a lot confusing) fit better?

 

I am currently also using a machine with probably the best setup I have ever used:

- Windows 7 Home Premium 64-bit, everything on out-of-the-box settings;
- latest (beta) version of all programs I use, also on default settings (IE9, Reader 10, and so on);
- and then the only security program is EMET for all internet facing;
- Standard User Account.

It absolutely rocks . But I will probably implement some of the UAC/elevate tricks and switch back to an Administrator account.

 

Defender turned off. Mamutu added.

 

Trying out EMET 2.0

 

Ahh I finally worked out something to do tomorrow. I shall be replacing Windows Defender and SuperAntiSpyware with CounterSpy. If all goes well CS will be moved onto all my machines replacing Defender.

 

Removed MD and replaced it with Online Armor

 

what happened NooB?

 

he ran out of aspirin

 

Good choice

 

Nothing happened, since i'll switch to x64 (64-Bit) soon i was giving OA a try because MD isn't x64 friendly (Testing HIPS that are x64 compatible)

Nope, as soon as i re-stock with my Pop Up relievers i'll get it
Hahahaha

Yeah, it is good but the startup ARE slower than with MD


BTW, any other HIPS that are FULLY x64 compatible?