What is your security setup these days?

My current setup, on WinXP SP2 Pro...

Real-Time:
- CHX
- NOD32
- Ad Muncher
- HostsMan (MVPS Hosts)
- Arovax Shield

On-demand:
- ewido anti-malware plus
- CounterSpy
- Port Explorer
- HijackThis

Others:
- Harden-It
- SpywareBlaster
- PeerGuardian (when use P2P)
- Process Explorer

 

update:

added
removed

Resident:

nod32
looknstop
regrun gold
proxomitron
SnoopFree Privacy Shield
SpywareGuard
HostsMan (with MVPS Hosts, Mike's Hosts, and Block Adverts)

On-Demand:

ewido anti-malware
Ad-aware SE

Other Security / System Hardening:

nLite'd Windows XP (with service tweaking based on TweakHound's guide)
RyanVM's Windows XP Post-SP2 Update Pack
BugOff
Harden-it
Samurai HIPS
SafeXP
Windows Worms Doors Cleaner
process explorer
firefox extensions: javascript options, noscript, permit cookies, and netcraft toolbar

 

My setup on Windows XP Pro SP2 (update):

Removed: AntiVir Classic | Script Defender
Added: Kaspersky AV 6, Neoava Guard, 1st Security Agent (Testing the first two)

Realtime:

Kaspersky AV 6 | Neoava Guard | Process Guard (free) | ZoneAlarm Pro 6 | Arovax Shield

On demand:

AD-Aware SE | Spybot-S&D | RootkitRevealer | F-Secure BlackLight | Sandboxie

System Hardening:

BugOff | SafeXP | XP Antispy | Samurai HIPS | 1st Security Agent | DropMyRights (+ Software Restriction Policy)

System Monitoring:

Process Explorer | Pserv | AutoRuns | Currports | All Seeing Eye (Fortego) | Startup Control Panel (AK software)
DriverView | ActiveX Compatibility Manager | ADS Spy | IceSword | MS Security Baseline Analyzer

Online services:

Jotti´s Malware Scan | VirusTotal | Windows/Office Update | Secunia.com

 

I've noticed some people here have Process Guard, Online Armor and Ghost Security.
Isn't that a bit much?
Aren't those programs similar to one another?

 

RealTime:

SHADOWUSER
NOD32
PROCESSGUARD v 3.150 FULL (the new betas gave me too many problems)
OUTPOST v 3.5 (I also like LNS, and change every other month)
REGDEFEND FULL
AD MUNCHER
OPERA v 8.52
SCRIPT DEFENDER

BACKUP: GHOST 9 + EXTERNAL USB DRIVE

 

Another one with a small setup

 

I have removed free AVG and installed free Antivir 7 instead.

Best Regards

 

You can never have enough protection!

 

Protection or just paranoid?

 

hi there just decided to register with this forum. the setup that I have been working on is both for my own security as well as trying to simplify the setup for other users trying to run I2P/tor/privoxy. What I have done is setup a virtual machine running those apps. I route all my communications through this virtual router. I have my real hardware locked down and run all the basic security software, ie;antivir, process guard, spybot, outpost pro 3.5, windows defender, agnitum anti spyware, and a hardware firewall. I have all ports closed other then those needed to communicate with the VM. The VM runs the same security software except that I swapped antivir with symmantec antivirus client so that I can manage it remotely. When I have the system locked down tightly as I can, I will up load the VM to the forums at I2P.net.
If there are any suggestions to increse both security and anonymity I'd be happy to hear it.
Great forums, I'll be lurking!
Luck,
Topcat139

 

Christ some of you guys are diseased with paranoia..

I have exactly 2 protections installed, and only 1 running resident. I haven't had a virus or spyware on my machine in exactly 4 years.

I guess that good ole' common sense protection works the best, seriously. There is absolutely no need to spend hundreds, even thousands on all kinds of crazy security apps. Insanity I tell you!

 

i think its best to be safe rather than sorry, and just have the firewall, antivirus, etc. also user education isnt always easy in large corporations or at home with the kids.

you are absolutely right, i know that there many free tools to cover most areas of ur computer.

firewall (zonealarm, windows firewall)
antivirus (avast, antivir)
antispyware (adaware, spybot s&d)
antitrojan (ewido, a-squared)
HIPS (geswall, winpatrol)
hardening (safexp, harden-it)
HOSTS file (MVPS, bluetack)

u dont have to spend money to be well protected.

 

Actually it might seem that I and a lot of other people have "big setups" but the most important anti-malware tools are the ones running in realtime. And of course the hardening tools also help a lot but they are set and forget. I´m using all the other apps once in a while just to make sure everything is OK.

Also, I think you should protect as much possible, because some setups that I see don´t stand a chance against more advanced malware attacks. Of course too much HIPS can be a bit over the edge, but if they are working OK and you don´t mind the extra alerts, I see no problem.

 

Realtime

Look'n'Stop
Nod32
TrojanGuard
Processguard
regrun gold
Trend micro antispyware

On-Demand

Kav
Spywaredoctor
webroot spysweeper
spybot s&d
lavasoft adware
a-squared

Other

spywareblaster
hostman
bugoff
wwdc
protowall

 

When I created this thread back in December, I wanted to find out what the rest of you were running to compare and now I am amazed how some of you still come back and update your list. Thanks! The only thing that might cause some people to stop posting their security list here is those others saying that we are paranoid and\or diseased with paranoia. Stop hijacking this thread and leave it up to us to post all the software we run without negative comments from others.

dja2k

 

How can you tell the difference? Acording to some, It's all about comfort level right? So I need a lot of protection for my comfort level, how dare you call me paranoid!

It's not just the big setup per se, but the fact that people are changing their setups practically every week okay every month. One week I have boclean the next I have replaced with Ewido. Yet another week I'm using A2 squared.

A lot about security is keeping things simple, particularly when you guys love to run dual HIPS which interact in strange ways.

So it's critical you stick with the same setup for some long period (at least 3 months if you ask me, but at least 1 month to see how it reacts during windows update), for you to figure out the quirks and realise what kinds of warnings are out of the ordinary. To establish a baseline if you will, so if something unusual happens you can catch it.

If you keep changing major portions of your security setup, how the heck will you get a nice enough baseline to know when a certain behavior from your system is normal or not? If there's some instability how do you know if it's the latest piece of software that is causing trouble and not something else causing trouble, if the second last piece was installed only one week ago?

Of course, everyone here posting setups could be testing all this on some beta machine or vmware, but I don't get that impression for most part. It's their 'alpha' production machine which changes weekly.

Oh sure, I test lots of stuff as much as many on vm or other machines, but I seldom if ever incorporate anything new security wise. The last time I did it, it was to drop stuff. I don't think i added anything new for almost a year i think (not counting normal updates of course).

'Advanced malware attacks' like what? What exactly are you worried about?

I'm looking at your setup, which consists of

Kaspersky AV 6 | Neoava Guard | Process Guard (free) | ZoneAlarm Pro 6 | Arovax Shield

Can we say HIPS hell? All 5 products have HIPS like functions!! Yours is the worse example I've seen so far about coming overboard with HIPS. The guys running Appdefend/Regdefend/Safensec, have nothing on you .

Could you tell me exactly what adding Neoava Guard does that the other four don't already cover and how it helps you resist 'advanced malware' better?

Or is this one of those "It's newer, so it must be better kind of things?"

Over the edge? You practically jumped headlong over it.

Pray tell ,how does your 'testing' helps you find out if adding say Neoava Guard makes you more resistant to 'Advanced malware attacks' assuming you already have ZA pro+KAV 6 + Processguard ? That's what you are testing Neoava for right?

Don't tell me you run leak tests or some silly security test to determine that lol...

BTW I do see the problem, if you are using so many of those HIPS, you need to spend so much time configuring them, the more complex it gets, the more chances for you to foul up and misconfigure something. You might even get so tired of them, that in the end you click yes to everything...

But of course, you are more knowledgable about these things than me, so maybe it doesn't apply to you.

 

Whats the best free real-time spyware scanner? I had Windows Defender but got rid of it.

 

i think Windows Defender is the only (free) realtime antispyware, maybe spybot's teatimer counts as one, but its not that great.

 

I agree that it doesn´t make any sense to change your setup once a week unless you are testing apps. But as you can see I don´t post in this thread that often. About the "HIPS hell" remark, I´m actually testing KAV and Neoava at the moment and I probably will dump one or two apps.

On the other hand, my realtime protection setup doesn´t have to be a problem since you can configure KAV, Neoava and even Arovax Shield to alert you only about certain things. For example, I can use only the registry monitor in KAV and turn off everything else. So all these apps can actually work together (if there aren´t any conflicts) and if you configure them in the right way (make rules) you will not see that much alerts anyway.

And during testing I noticed that some of these apps have a couple of unique features, for example KAV has an advanced reg monitor, ZA Pro does a good job at monitoring "process spawning" and Neoava Guard also has one or 2 features that the others lack.

How do I test the apps? I just try to modify certain settings on my machine and see if I get any alerts or not. And of course I´m also using leak/registry tests plus I sometimes install malware in VMware, I don´t see what´s so funny about that.

(Btw, I´m probably going to dump Arovax Shield, Process Guard Free and ZA Pro. AS is a nice tool but you don´t really need it if you have KAV or Neoava. I´m also not sure if I need PG any longer. And the problem with ZA pro is that you can´t turn off or tune the HIPS so I might have to look for another firewall or use the free version since ZA is my favorite firewall.)

 

About "advanced malware attacks", I´m mainly talking about advanced malware getting installed though zero day bugs (remote code execution). It´s just a fact that nowadays there are quite a lot of high risk bugs in all kind of apps (Windows, IE, MS Office, Winamp to name a few) and hackers/crackers are trying to exploit these holes a lot faster than back in the days. Also, malware is getting a lot nastier with stuff like rootkit techniques, code injection etc.

And perhaps the chance that you will get hit isn´t that big, especially not if you practice safe HEX, but why take the chance? I surf the web quite a lot (with javascript enabled) and in the last 2 years I have been under attack 2 times that I know of (iframe and WMF hole) but both attacks failed due to my anti malware tools. So my setup seems to be working.

 

Not often? Let's see shall we? Your last post on setup was on 13 March 2006, and before that it was on 16 Feb 2006. In less than a month you made 2 Major change and 1 minor change.

1)Antivir for KAV BETA
2) Added Neovaguard BETA
3) dropped Scriptdefender (minor)

Averaged out that is 3 changes a month, not quite once a week change, but close. And to top it off, you are adding BETA products... Sounds like a stable setup to me...

And based on your predictions you will soon make another series of drastic changes dropping PG And Avoarx, doesn't seem to be a very stable setup.

Rasheed do you remember how the scientific method works? You vary one factor at the time and keep everything else constant to see what effects the change has. Does it really make sense to add TWO major changes at the same time and try to figure out if either or both is an improvement?

You use VMware don't you? Why the heck aren't you using it

Thank you Rasheed, I know how to turn off features in software too.... But that's not the point. The point is how you can figure out what is good or not by running two unknown beta software at the same time.

Oh sure, every product does something some other product doesn't, I can think up a dozen things to monitor that sounds important that no current HIPs monitors, so what?

If I used this citeria to select products, and added stuff because it had some new unique feature , my computer couldn't even start because it would die under the weight of a zillion security product.

The question I pose to you is this, how do you decide which features that are unique to each HIPS, helps you resist "advanced malware" better? Are you an expert on 'advanced malware', that allows you to know that because security software x has unique feature Y, it is better against 'advanced malware' compared to some other unique feature offered by software A ?

That presumably is the goal right according to you? resist advanced malware?

Leaving aside stability problems which you probably can't evaluate anyway because you run 2 NEW major beta stuff at the same time that is.

Well and good. Say Neoguard is set to alert after 4 alerts on some suspcious behavior and when you test it by making the specified change, and lo and behold it works as advertised with an alert. How does that help you in your goal in deciding if it can help you resist 'advanced malware' better than another product?

Oh sure you verified the claims, but how do you know what Neoguard is monitoring is important? How do you know advanced malware can't fool it?

Are you doing beta testing for the guy, or are you truly improving your resistance to 'advanced malware'?

Or perhaps I misunderstand, when you say you "modify certain settings to see if you get any alerts". What you mean is you know exactly what advanced malware is out there and how they will work, hence you are doing specific changes to simulate a real attack! If so that is really impressive and I bow to your expertise since such testing does give you a clue on how good neoguard is against 'advanced malware'

Let me address this part first. You called advanced malware stuff installed through "zero day bugs". So you think leak tests and registry changes will really help you to figure out that? Are you kidding me?

Ah Vmware. I find it damn funny, because it won't help one iota.

Besides I didn't get the impression you were running KAV 6+ Neoguard + Avorax shield + ZA pro + Process guard free in Vmware. Sounds to me it is all running on your host OS. Or do you mean you run ONE of them say Neoguard, on a bare windows machine then test it out against malware. The latter actually makes some sense since you can see the bare performance of THAT single app.

That's what I do first btw. I'm still looking at Prevx1r after several months...
On another snapshot I have neoguard.

That said, I still don't know if Prevx1r helps me resist malware better, compared to removing some other software in my current setup. Certainly, I can't tell in less than a month of looking.

To be frank i don't want to get into a indepth critique of your setup, but seriously based on even simple understanding of the products (not to mention lots of testing) going Neovguard + KAV 6 leaves at least one pretty big hole open if you are paranoid. Not to mention the inherent risks of going with TWO betas as your main defense. But frankly i doubt it makes a different anyway unless you are damn unlucky.

And Neovguard looks fun in a geeky way and has an interesting bag of tricks on paper, but i don't think it's technically very sound. I'll wait and see if it matures.

As for KAV 6, the beta was always too damn unstable even on vmware for me to consider using it.

Hmm so what about the nice "process spawning monitor" you raved about in ZA pro?

ZA free? For someone of your claimed level of knowledge isn't that pretty humiliating to admit to using a beginner's firewall. Real man use rule based firewalls!

Yes Yes, the internet is falling , the bad guys are winning and if you don't arm yourself with multiple HIPS you can't beat the rootkits and nonsense like that.

Your testing skills allows you to know with a high level of probability that adding neoguard and KAV 6 while dropping PG , will increase your resistance to all that? Seriously? By how many percent do you think?

Frankly, I find when someone on this forum says how their security software saved their ass, that it's usually a lie or a misunderstanding.

The actual number of cases where someone's security software actually saved their lives for any fairly knowledgable user is extremely low.

Well correction it USED to be working. With all the changes you keep making, you might probably make it weaker for all you know. And the 'stronger' your setup used to be, the more likely chances are you going to weaken them with changes since there is more ways to do worse.

Again it doesn't make a big difference since before you were say at 99.9% and now you are at 99.8%

That's why I seldom borther to make changes even though Prevx1r or neovguard seem to do something special I don't cover now. But seriously, it's not worse the borther unless I think it is a quantum improvement.


Who cares?

 

Not really, earlier in the thread I already said that I was looking for additional apps to make my setup stronger, and it looks like I´ve finally found those apps. It´s not likely that I will change my setup anytime soon. And yes I test these apps in VMware first, that´s a no brainer.

Like I said before I think it´s a good thing to cover as much "entrypoints" as possible, because the more you protect/harden your system the less chance that you will get compromised. That´s just a fact, why do you think security apps are getting more powerful nowadays?

About ZA free, I don´t really see your point, it´s the same firewall as the Pro version but it doesn´t have the HIPS and some other stuff, that´s why it probably can´t stop a lot of leaktests, but other HIPS might be able to "fill in the gap". And perhaps ZA (free and Pro) is a beginners firewall but who cares, it does the job plus I like apps that are easy to use.

Actually I saw that ZA Pro is also good at intercepting "Windows Messages" so I think I will stick with it.

 

A couple more comments:

If you don´t believe that my setup is working I couldn´t care less, I work on this machine everyday, and it´s still stable plus I still have not lost any money or data, know what I mean? Plus I said that I was only attacked twice in two year I would not call that much, we agree on this.

But I don´t really see why you are getting like almost emotional, IMO it´s not really necessary to discuss someones setup, everyone is different, what´s good for you might not be good for me, it´s no use really. I have my own way of how to decide if I like an app or not (GUI, ease of use, resource usage, features).

Btw, if you know any better ways to test security apps please let us know because I don´t think there are that many options, especially not for us who play around with security apps not just to test but also for fun.

 

Too bad it's not a no-brainer to test each new change one at a time.

A fact? How quaint, someone who thinks security is about your computer warning you whenever the slighest thing happens. So the more things your computer prompts you about changes the more powerful it is? Try simulating the computer on paper that way you will know EVERYTHING that happens

People must have being stupid not to think of this idea until nowdays.

"Windows messages" ?? What is that? Why is it important to intercept them? What major "Advanced malware" in your opinion uses that? Do legimate software use them? Why is it important to have that?

Ah, the old "I'm not infected so I'm right" argument. Get it in your head, you are not unique, everyone here is not infected probably. Even if you are not infected it doesn't mean you aren't wrong about everything else.

Besides i didn't say you would be infected, just that your efforts are unlikely to be productive... if the aim is really to resist advanced malware.

In that order?

So it isn't all about stopping 'advanced malware'? I'm so disappointed.

No I'm afraid I don't. It's not about options, it about knowledge.You really need to be knowledgable if the stated goal is to increase 'resistance to advanced malware'. and even then it's just a guess.

All the likes of you and me can do is to pick a couple of stuff that looks good and popular, and stick to them. Maybe doing yearly reviews. It's fun I suppose to maintain the illusion that all these changes is for improving our security lol.

Certainly I doubt anyone here can tell me for sure Replacing Neovgaurd for PG Free is a good move. Though i suppose if you do counting of features I'm sure it looks good. But quantity isn't everything, so what if you block X,y,z are these really serious concerns? Can you judge Rasheed?

But given that you stated up front you were testing security software to improve your resistance to advanced malware, I was hoping you knew a way to test that met the goal.

But it seems you don't..... and when pressed you say it is for fun.

Disappointing.

 

I´m not sure what you mean, but since I´m planning to run all (or some) of these HIPS together, I have to test them all at the same time to see if there aren´t any conflicts between them.

And I assume that you are not really impressed with all these HIPS? That´s cool with me it but like I said before everyone has got their own opinion, and I and a lot of other people do believe that these new technologies will protect against malware even better. If you don´t believe so, well that´s your choice, but personally I think you don´t make any sense.

Because I don´t really get your point, I´m asking you again, why are all these anti-malware tools getting more advanced nowadays? Is it because the developers ain´t got nothing better to do or is it perhaps because malware is also becoming more advanced?

And I agree that the chance of getting compromised isn´t that big (if you´re not a noob), but a lot of things in life are unlikely to happen, still we install alarm systems and still we buy insurance, know what I mean?

Btw, what I meant with my "test just for fun" remark: it´s kind of obvious that most people on this forum like to experiment with new security tools, most of us are no experts, so it´s no surprise that we have to test an app the best way we can. Still I think these testing methods are good enough.

But obviously we have a different view on this subject and I don´t think it´s necessary to keep discussing about it, I think I have made my point and you have made yours.

(And perhaps these off topics posts should be split from this thread).