Which Type Of Program You Trust To Protect Your Systems?

do you prefer to use hips?
do you prefer to use sandboxes?
behabiour blockers?
antivirus and firewall?
any combination?
etc etc
any coments?

 

My browser is where almost all of my attacks are going to be centralized. It's incredibly unlikely for any other internet-facing application to be exploited by comparison. Therefor native browser security methods are by far the most important in my opinion.

I don't like antiviruses/ HIDS. They assume you're infected when you're far better off preventing infection to begin with.

 

thanks for replying and i like your point of view
in my case i prefer Hips or tweak my registry in a way to use a trick to block or close an open door to infect my system withing my browser(1806 trick)

 

Sandboxie + "Common Sense".

 

cool

 

Sandboxes with whitelisting restrictions. Scanners are still necessary though (especially multi-engine).

 

what do you mean by whitelisting restrictions?

 

Sandboxie has Internet and Start/Run Restrictions.

 

got it

 

I'll never trust my common sense.

1) I don't want to have to worry about my browsing habits. If I have to actively think about the site I'm visiting than my defenses have failed =p

2) It's just not good enough. Legit sites get hacked. There's no way to protect yourself from that in terms of common sense.

 

I disagree. AV and HIPS both prevent infection by alerting me to a problem before it becomes a problem.

As for the OP's question, I think the best security work is being done on my systems with Sandboxie.

 

cool thanks page42

 

Your antivirus is reactive. It won't prevent you from downloading a file and it won't prevent someone from attacking a program. What it will do is stop a file from running once it is on your computer.

 

i know some programs are very good at reverting or rolling back the systems to cure infestation but in some rare cases some malware will stick like glue and can back or is not that easy to delete(or cure)prevention is good to have in my opinion,also sandboxes contain malware until empty or delete the sandbox is secure in case of sandboxie but i personally dont like the idea of making or putting malware in a cage i will prefer destroye it or prevented in the first place but that's me
what do you guys think?
also antivirus program has black list of malware and websites blocking capabilities but if malware is unknown or not recognize then it will freelly enter the door and destroy any system

 

That's basically my issue with antiviruses. They rely on knowing malware. Heuristics is their only saving ability.

I'll be honest, for most people you'll be fine with an antivirus and UAC enabled. But security is layered... and the application layer is right at the top. That means it's your applications that need to be secured and your most used/ targeted application is likely your browser.

 

yes agree browsers and programs that can tranfer malware such messengers etc etc

 

2-antivirus programs
1-hips
2-firewalls
2-scanners


ooops, LOL my setup below with 2 on-demand scanners Malwarebytes and Hitmanpro served me well for almost 2 years now.

 

ofcourse with GesWall onboard who is going to get infected man

 

Sandboxie or a program like DefenseWall HIPS + PF..

 

agree cause it is a good idea to have a combination of both antivirus + proactive(hips/sandbox etc etc)

 

i hope they develop a 64 bit version of defensewall soon cause it is my faborite program but as i moved to 64 bit system i am waiting for it

 

Apart from safety practices in regards to browsing and downloading, I favor the concept of hardening my system by running under limited privileges, default-denying unwanted/unknown executable and reducing attack surface area as my first line of defense. That ought to be enough for me personally but alas if I want/need more, this is how my second line of defense would be:

a) Isolation through sand-boxing or/and light virtualization (but it's mainly used to keep my system as static as possible and clean from what I refer to as 'junk')

and/or...

b) HIPS (but it's mainly used to inform me of probable unwanted activities when I'm running an executable or installer..in which case I have placed a degree of trust onto it)

As for software firewall that monitors outbound connections, my opinion of it is that "it's no security panacea or an end-cure to all unwanted connections. I wouldn't depend on it to stop everything...the least of it an infection. If I were to make use of it as a security tool, it would be among the last in line of my defense setup layers..."

As for antivirus (be it real-time, on-demand or on-line tools like VirusTotal), I have stated my opinion here.

That just goes about it. To sum it up, I'm in favor of Sully's take on the whole matter. To quote it here:

 

Yea Defensewall is a very great program.. I love it Let see if Ilya releases a 64 bit version soon

 

The question is what I ask my self everyday

For some reason I haven't yet satisfied with my own decision
So I always use :

Sanboxie+AV+BB+HIPS+FW, plus... Mild system hardening (UAC and EMET)

The main reason for my dissatisfactory is my own habit of downloading stuff
But becoming wilders member makes me thinks 100 times before download and running crack/keygen/activator/etc
Yet some paranoia still exist even when installing legit software coming from trusted source LOL.

As for browsing seasons, I'll put all my trust at my frontliner team (sandboxie+emet+EAM web filter)

Next time around, I might reduce the number. Which mean I trust and put more confident on my set up+brain.exe. But for now all of that makes me feel more comfortable

Ps : I'm not going to trust my own brain too much, since my common sense sometimes are uncommon

 

i like to use what's already in the OS: SUA, SRP, UAC, icalcs.

this stuff doesn't use any resources and it's problem free.
from what i gather reading posts from our resident experts this kind of setup is pretty safe as well.

when this kind of protection is setup properly it is pretty invisible/silent.