which real-time scanners and HIPS do you recommend?

Discussion in 'other anti-malware software' started by iceni60, Apr 25, 2007.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, i just installed XP. i haven't used it for nearly 2 years and i'm not sure which software to get. i want to get a scanner, or scanners, for AV, AS and AT and i think i need a HIPS too.

    in the past i used AntiVir, process guard, regdefend, spybot or MS defender, script defender and ewido on demand as an AT, something like that.

    has avast and ewido become one scanner now? i'd like to use antivir, but if there's a free scanner that's an AV and AT all-in-one i suppose i'll use it if it's good.

    there's superantispyware that i've never used, i did read about 6 months ago that there were alot of FPs with it, should i use it? i saw a HIPS called c*hawk, or something like that, is it good?

    i don't really know anything about MS security atm, so can someone recommend a setup, or show me a good thread that talks about it, i haven't read this part of the forum ever really :ouch:
     
  2. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    I am using Prevx and Boclean realtime with weekly scan from AVGAS and SuperantiSpyware (plus NOD, FW etc). They all play nicely together for me
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, Boclean isn't free, is it? i don't want to pay for anything, i just need to find some programs that are free. i forgot about the FW, i'll get that old kerio one if it's still ok to use.
     
  4. mfenech

    mfenech Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    46
    It's free now :)
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Iceni, U r an advanced user so I don,t think u need a lot of scanner. Use any free AV( Avira is best or Avast, AVG, AVS) and if u insist more add BOClean( free now).
    Use a free FW( anyone u like). I assume u have a router.
    Ur main defence will be a HIPS, SSM free or PS free. That,s enough.
    Still more, consider GeSWall or DefnceWall.
     
  6. walking paradox

    walking paradox Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    234
    There are way too many threads that talk about security setups to recommend just one thread. Perhaps you should take some time looking through the Security Software section. I can however recommend some programs of each type. Although layering is important for securing your computer, the traditional method of simply choosing a signature scanner in each category of malware is increasingly less necessary and many would argue increasingly less sufficient. Most AVs already include other types of malware such as trojans and spyware in there signatures and continue to expand their protection in these areas. Furthermore, malware is no longer easily categorized into particular types of malware, much of it incorporates techniques that transcend the traditional malware categories. Given all of this, an AV in tandem with a sandbox and/or HIPS, when used properly, should suffice. There are of course other setups that completely forgo use of signature scanners, but these setups typically require fairly extensive know-how, time, and effort. Only you can determine for yourself what type of setup is right for you.

    Anti-Virus:
    Avira AntiVir
    Kaspersky Anti-Virus
    Eset NOD32

    Anti-Spyware:
    SUPERAntiSpyware
    AVGAS
    SpySweeper (excellent real-time protection and removal of spyware, but it's bloated and conflicts with many programs)

    Anti-Trojan:
    BOClean
    AVGAS

    Sandbox:
    SandboxIE

    Firewall:
    Depends on whether you simply want inbound protection for which the Windows XP firewall should suffice, or whether you want outbound protection as well, for which Comodo and Jetico are both good.

    HIPS:
    All depends on how much time and effort you are able and willing to put into it and on your level of computer security know-how.

    For quiet programs with minimal user intervention required try Cyberhawk, DefenseWall, and perhaps PrevX.

    For more user intensive programs try SSM.
     
  7. duckbill

    duckbill Registered Member

    Joined:
    Apr 25, 2007
    Posts:
    7
    I am in the same boat as i am about to format both my pc's and reinstall xp .

    TypicallyOffbeat i use most of the programs you recommend but not sure on hips. Do i really need a hips if i have snoopfree, winpatrol and zonealarm pro or would it be ok replacing winpatrol and snoopfree with SSM. will also will be trying out fdsir so i,m guessing i wont need a sandboxie when browsing internet. mostly going to use snapshots for other users of my pc.

    would this setup be fine:

    real time: linksys router, Zapro, boclean, avgantispyware, ssm (replacing snoopfree & winpatrol), nod32, spyware blaster, fdsir

    on demand: trendmicro as, trojan hunter, rootkit unhooker, ad-aware, superantispyware, cureit

    anything i,m missing?
     
    Last edited: Apr 25, 2007
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    If u use SSM Pro, u can ditch WP and SnoopFree. If SSM free, u can keep SnoopFree but it,s not updated so I don,t use it.
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks for the help. i've got everything apart from a HIPS and maybe a real-time AS, i got the free superantispyware, do most people use something else as well as sas for AS, or is sas by it self OK?
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Iceni, consider SandboxIE, and AV: Antivir, Avast! or AVG.
    Firewalls, you have for example CHX-I :)o ), Jetico 1, Comodo, Sygate, Kerio.
     
  11. herbalist

    herbalist Guest

    If you're running HIPS, you don't need real time anti-trojan or anti-spyware apps. Keeping some as on-demand scanners is fine, especially if the HIPS you choose lets you integrate a scanner. For most people, I'd suggest keeping a resident AV. HIPS can prevent viruses, worms, etc, from installing or executing as long as it's very tightly configured. HIPS will enforce the decisions you make, but if you're not using any other resident protection, a bad decision can allow you to compromise your system. HIPS will prevent adware, spyware, trojans, etc from installing unless you specifically allow it.

    On my system, SSM, Kerio and Proxomitron are my primary software defenses. AV scanners (not resident AVs) and file/file system integrity checkers fill supporting roles. The package I recommend to most of my clients is a firewall, AV, and SSM free, along with an alternate browser. I try to get most of them to use NoScript as most of them wouldn't be able to use Proxomitron effectively. Some of my clients weren't comfortable without an adware/spyware program and use a few different ones as on-demand scanners. The only things the AS apps are finding are items they allowed when SSM prompted them. In that regard, the combination is a good teacher.

    No matter what combination of apps you end up running, make sure it includes a good system backup utility. Besides being able to restore your system to a clean state in the event it does get infected, it also makes it easier to try out different security apps. Uninstallers often don't remove everything and might not restore the registry or system settings to their previous condition. With good backup software, this is no longer a problem. Acronis True Image has worked well for me.
    Rick
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Antivir PE and Prevx.
     
  13. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks for all the help. i'm going to spend tomorrow finishing this off. i'll read though everything again then and say what i ended up doing. i'd love to use SSM, i did download it when that free offer was on, but you had to run it to get the code. i tried to run it using wine because i didn't have windows then, but it didn't work lol. is there still somewhere around that has the SSM registration code?
     
  14. herbalist

    herbalist Guest

    You might want to try the free version of SSM and see what you think of it before you install the pro version. The free version doesn't have as many features as the pro but it's not weak by any means. I've found it to be quite adequate on 98 thru XP. If you like it and still want more options than it gives you, then try the pro version.

    I don't know of anywhere else you could get that code, or even if it would still be valid.
    Rick
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    The paid version of SSM has a trial period. I believe (though not sure) that if you decide not to pay that SSM will revert to the free version. It also has a competitive upgrade discoount.

    http://www.syssafety.com/

    Also, not sure which browser you are using but many would probably suggest Opera or Firefox as opposed to IE7. But if you choose to use IE7 there are a few useful add-ons to have-

    IEspell for spell checking-

    http://www.iespell.com/

    IE7pro for tweaking and some ad block features-

    http://www.ie7pro.com/

    inline search

    http://www.ieforge.com/InlineSearch/HomePage
     
    Last edited: Apr 26, 2007
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549

    try this this , though it is little more than a bragging thread really.

    I.e "Everyone look at how secure I am with my 4x HIPS, 2x antivirus, 2x harding plus a zillion other tweaks setup! You can tell I'm really serious about security because I change my setup every couple of days"
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Unless you like to play around with betas &/or with GUIs in non-English languages, I suggest the following freebie/minimalist set-up...

    A) HIPS: Cyberhawk + Dynamic Security Agent (DSA) -- they get along just fine together, and (used in concert) they give very strong protection.

    B) Firewall -- With DSA & a router, you really don't need a firewall -- unless you are a control-freak like moi. In which case, gettum Kerio 2.1.5

    C) AntiVirus Avast - Avira Classic is also free & offers *slightly better* protection statistics, but lacks antispyware. Avast gives bloody great protection, across a far broader spectrum of threats, than any other freebie that I know of.
     
  18. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    Mostly paid : NOD32 and Comodo BOClean + OA 2 with Firewall

    Free : Antivir classic and Comodo BOClean + Neoava Guard Beta 2

    Regards,

    MaB
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Ice, all you need is a firewall and Firefox.
    Everything else is for fun.
    Mrk
     
  20. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I think you'll find out that Iceni is an Opera user, ocasional FF, never IE.:)
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ohh, u came in ultimately.:D BTW he is a linux user too.:D
     
  22. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Spyware Terminator and Comodo BOClean are a recommendation from me.
     
  23. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks for all the help. i'd forgotten how long it takes to setup XP :ouch:

    atm, i've just got a basic setup, i ran some hardening programs and secured my browsers and have antivir, boclean and spybot running. i haven't installed a HIPS yet because i thought it's best to run one when i have set eveything up, maybe tomorrow, then i might think about disabling spybot and boclean and just have it running with antivir and a FW.

    i forgot about a FW, i bet half the programs i've installed can't believe their luck lol, linux programs never sneak off behind your back and contact people. i installed konfabulator, but uninstalled it when it wanted to install a hactivex and change my ie home page to yahoo. i'll get kerio now i think.
     
  24. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    My computer is secured by all freeware applications, and has been since I realised that Norton wasn't the bee's knees that I had thought it was.
    Played around a bit with several setups, probably too many applications running at times (more must be better, right?) and the current setup seems to offer a balance between very good protection and resource use, though it's probably still a little overkill.
    Spyware Blaster, Spyware Guard and MVPS hostsfile,Avast antivirus Home, Comodo firewall, SpywareTerminator with HIPS enabled (this one is free and resident, and I think, a beauty.), Boclean, Firefox with noscript.
    The demand scanners never seem to find anything these days but don't use up much space, so I keep 'em. The best seem to be Superantispyware, Asquared, DrWeb Cureit (Standalone virus scanner) and AVG AS. AVG also put out a free rootkit scanner which is very easy to use but if you're advanced you might want something different.
    Also use Ccleaner routinely, and have the bad download blocker in Spybot active (but not the teatimer).
     
  25. quadrophonic

    quadrophonic Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    112
    Don't these two overlap?
     
Loading...
Thread Status:
Not open for further replies.