There are many different types of antimalware software available now a days and infact sometimes it is difficult to choose between many different types of security software in layered defence. Though many of us use layered defence against malware but each one of us has personal preference and liking about the types of anti-malware software he uses. So I constructed this pool to see what is the liking of memebers here. Pls post ur liking and explain why u like it. Pls choose one option u like most.( Pls I don,t mean to ask that what is the most useful class of these antimalwares, I just mean to ask what class attracts u most and looks more promising). I personally like sanbox type of security software most. Reasons-- - zero day protection( can,t be 100% in any way) - no frequent updates - no frequent pop ups - might be less conflicts - might be less slow down of system - easy to configure and use - good for even beginers I may be wrong in above points but in any way my favourite class is sandbox type of software and currently I am using GesWall. Install and foreget type of application mainly. I have also used Sandboxie, though sandboxie has more protection but free version does not have function of auto-sandboxing of different aplications, and moreover it is my personal feeling that the more aggressive is the sandboxing, the more conflicts arise and also u might loose a bit more pf the functionality of sandboxed applications.
I also like the sandbox approach but prefer HIPS (specifically SSM) because it allows me to decide what happens to my system (including when, how, etc.). I also like virtualization, not only from a security stand point but it allows me to try many different apps while preserving my system.
I voted for Others, which stands for firewall, the layer protection. Firewall provides zero day protection against Windows vulnerabilities. Then, there is no need to have updates since SP2 (except WMF patch). Of course, I have all updates, but I do not need to hurry up to instal them. I allways wait till AutopatcherXP is released and I can still visit any webpage.
Allthough I like HIPS, Sandboxing and instant recovery I voted for "imaging" since one could only vote for one thing. Imaging with a simple no hassle imaging program built for reliability is the last line of defence and gives the ultimate peace of mind.
i voted signature-based because i just want any sneaky malware to caught and removed. as for the others: behavioural blockers - never tried HIPS - too many pop-ups and requires user knowledge. prevx1 is great tho. almost no pop-ups. Virtualization software - never tried Sandbox - ok but i dont rele like them. Instant Recovery - never tried Imaging - i have ATI but i dont use for anti-malware purposes. any infections i do get (rare) can be cleaned/deleted easily.
Of the methods listed, I prefer HIPS, SSM specifically, but not standing alone. IMO, filtering should be on the list. While HIPS can effectively "filter" what is allowed and what isn't, content filtering prevents a lot of problems. Common sense can protect you from most e-mail borne problems. You can avoid the majority of malware by watching what you install. Web pages are an unknown, even ones you know. Web sites themselves are being attacked and exploited more often than ever before. If your favorite trusted site is exploited one day, and you have it in your trusted zone, a lot can happen. Filtering apps like Proxomitron can stop a lot of malicious code from ever getting to your browser. Rick
I personally found that a good HIPS prevented me from ever getting a antivirus popup. I personally have nothing against blacklists other than the fact that they were always one step behind. Imaging software is always a good last resort I am starting to find now. [Never had a external harddrive till now.] Never did get the Sandbox or any other virtualization to work correctly with this old computer, so I tend to shy away from such options. I guess it'll be a good HIPS for me, should I ever use M$ again.
want new type of anti-malware software: a *separate* sandbox for each site I visit I run my browser as an unprivileged user I created (runas /user:unpriv "C:\Program Files\Mozilla Firefox\firefox.exe"), which I think helps. I don't think dropping administrator or other rights is as good because all the malware has to do is infect any of your executable user files (which don't require admin rights to change) with code that waits to be run *with* administrator rights and then does whatever. For a few critical sites (e.g. for financial transactions), I never visit those as the unprivileged user (which I'll assume could be infected with god-knows-what), but rather under my usual Windows user (with Admin). I guess eventually I'll delete that user account and create a new clean one. Of course I have AV and AS which are mainly signature-based but have some behavioral blockers too I would say. I've also started experimenting with free browser add-ons like McAfee SiteAdvisor (impressive!), CallingID, and Netcraft within my browser in order to avoid "bad neighborhoods" on the web. Also firekeeper which I would say is a behavior blocker. **But what I'd REALLY like**, if it were available, would be a browser that runs in a separate sandbox for each site/domain. I also saw this idea mentioned (but dismissed merely because there needs to be some trusted common component) in an older thread here. I've tried sandboxie, but the problem with sandboxes or virtualization is *knowing when to reset/clear them*! If you get some malware in the sandbox, it can for example steal passwords and modify transactions that you enter at other sites browsed in that sandbox from then on. By the time you clear the sandbox it may be too late to prevent that. If you clear the sandbox too often then you may lose downloads/bookmarks/cookies/history/etc. that you wanted to keep using. If you could automatically browse each site its own *separate* sandbox, then the malware wouldn't be able to hurt you as you visit other sites. I know this probably wouldn't be easy. It's a similar concept to the per-site sandbox that a Java applet runs in, except now we would have to sandbox all of the important parts of the browser, much of which may be implemented in native code rather than something more managed like Java.
I like Process Guard because it can block Malware and Trojan Activities at a deep level. The interface is handy and requires minimal user configuration and yet I feel that the program offers great protection. I also added NoScript, McAfee Site Advisor and Netcraft Toolbar to Firefox.
Virtualization + HIPS are likely to protect a computer from any attack theoretically. But how many people at Wilders are prepared to run their system without a good Antivirus?
I have to choose HIPS, the ability to block certain things (possible dangerous behavior) is really cool. And I think sandboxing/virtualization also has a great future, but these tools still need to improve a lot. Problem with signature based solutions is that they are still missing a lot of malware, even heuristics can´t solve this problem. This means that just because a file comes up clean, it does not mean it´s not malware, that´s just the said truth.
I vote for two... Signature based as in my anti-virus like CA eTrust or Avast, and antispyware like Ewido. And also HIPS..like ProcessGuard and WinPatrol Plus.. Maybe, most firewalls has also this HIPS like feature but they slowed down my pc, so back to some "purebred firewalls".
I voted Signature Based due to sometimes that it has great accuracy (though taking longer timing) on detection and sometimes removal. But, HIPS comes close to a second. Optioned and ask for user permissions, etc. etc., making very flexible to use. But, the problem is always the user ... Does the user know exactly what to do ?