Hey guys give your advises of my security proposal!

[LoBeX]

Hi peers!! :rolleyes:

First of all I have to say that I was using a security setup that didn't caused me any problems!! :unsure:

but,I like security software!! :wub: and lately I did some security tests to my setup!!

here's my experience:

I was using EsetNod AV v4 with Outpost Firewall Pro, and Ad-Aware pro(Ad Watch included for registry shield) and I was happy with my security configuration

but after doing some leak tests (from comodo and from matousec) I did not passed all!!! :frusty: :blink:

I was a little surprised :blink: never thought that a software could reach the net without Outpost saying so... :angry:

so I started a malware test... and what was my surprise?? NOD and Ad-Watch didn't got all (they were hard ones but in Virustotal they were catched by some!!!)!!! ( :rant: )

After my experience I'm moving from Eset and I'm planing to test a new antivirus called Hitman Pro(I've read about it,it's amaising!! seriously!! :rolleyes: ), or Avira Premium

and for the Firewall im thinking to try Online Armor(good results at matousec tests) or Comodo :unsure:

I also wanted a shield for my start up registry some kind of program that alerts me when a soft trys to modify it(including the obscure parts of autoruns) :ph34r:

My questions are...

Do you guys know a program that fits me? (for the registry shield) :huh:

And what's your opinion about the software that I should use? :fear:

All the answers are welcome!!But please justify your answer!! :rolleyes:

[DKT27]

I would say to stick to ESET. If you have a fast PC, use Norton. Use comodo with firewall only. It is the best of all. And use Malware Bytes Anti Malware full.

[LoBeX]

Yes I see... but why to get stick with eset?In all the test I've see it's not the top one, and in my tests it didn't catched anything!!!

For the firewall I doubt what is the top one into the Hips thing...(I loved Outpost for his Hips)

[Toshiro]

First.. what kind of test did you do?

Second.. Hitman Pro sux. Ok the new version is better but still it's slow as hell and detects a lot of false positives..

Avira is a good one, but this one also detects false positives..(more than Eset..) BUT..

If you know how to surf the web and download stuff.. you don't need an AV that stops everything.

Eset allone is enough.. You got Windows Firewall.. doing it's job.

A manual scan every week with Malwarebytes and you're done... :)

[Rock Lee]

I would say to stick to ESET. If you have a fast PC, use Norton. Use comodo with firewall only. It is the best of all. And use Malware Bytes Anti Malware full.

Nah he shouldn't stick with ESET...

ESET is primarily for users who have plenty of experience with antivirus programs & who are also very sure of their downloads (not saying that you weren't being that btw).

Comodo is the best free firewall available but it isn't the best. Online Armor Pro is the best firewall available but no one has cracked it so you'll only get a 30 day trial. The free version isn't as good as Comodo so if you don't feel like paying for software (which none of us do anyway :P) stick with Comodo.

MBAM isn't as strong as Trojan Remover on live detection rates. But you should get an HIPS for things like that. I'd go with ThreatFire or DefenseWall. My personal choice is ThreatFire because it's lighter and easier to use imo. DefenseWall is a very good program though. DriveSentry is also a good HIPS.

As far as the anti-virus goes I agree with Han & say Avira. They have the best detection rates available at the moment be it false positive or not ;)

Also, get and use Sandboxie. That'll help your computer stay leak proof :yes:

I would go into more depth but my guide FKv3 will be done soon. That's when I'll cover all of the bases.

I hope I gave you enough info. Any questions just ask.

[DKT27]

Rock do you remember that Comodo has HIPS? :lol:

In other way at last comodo is the best one.

I cannot argue on Trojan Remover and MBAM as "it is a each to his own thing".

On other things you are right. :)

[Rock Lee]

Rock do you remember that Comodo has HIPS? :lol:

In other way at last comodo is the best one.

I cannot argue on Trojan Remover and MBAM as "it is a each to his own thing".

On other things you are right. :)

Yes I do. Firewall & HIPS aren't the same thing. I only use the firewall & when I had an HIPS it was ThreatFire. If he chooses to use Comodo's that fine too I guess.

[HX1]

I know what tests he is talking about. The one from Comodo, with Comodo's product and ESET all on FULL.. only gives 60/330.. I was looking for 330/330 when I ran mine. But the thing you do have to remember is that number one.. You have to allow the program to run...I couldn't even download it with ESS without turning something off ad excluding the file.. Next when I tried to initiate the program.. Popups everywhere warnings, and detection notices, that I had to approve to allow it to even continue....AND you running it on a local system.. Next I ran Comodo by itself.. around 30/330.. same thing..

End point..user interaction can fail your security every time.. and thats where most people get into trouble. With my settings on ESS, I feel protected, and several things within my system are locked from being edited anyway.

My structure.. installed, I also have a DBAN Disc, and a BartPE disc as additional tools. Along with this I keep my programs updated, and use Microsoft FixIt! to patch vulnerabilities caused by some programs.

Administrative Tools\Security\Access

ID USB Lock Key

PGP Desktop

TrueCrypt

Administrative Tools\Security\Analyze

ESET Smart Security

ESET SysInspector

F-Secure Blacklight

RunAlyzer

Sophos Anti-Rootkit

SpybotSD 1.6

Administrative Tools\Security\Data

Eraser

File Shredder

PGP Shredder

PGPtray

Recycle Bin

R-Studio

SuperHashCalc

Administrative Tools\Security\Microsoft

Malicious Software Removal Tool

Microsoft Baseline Security Analyzer 2.1

Microsoft Web Platform Installer

Security Center

Administrative Tools\Security\Surveillance

Eyeline

Timershot

Administrative Tools\Security\Update

Apple Software Update

DivX Updates

ID Security Suite Updater

Microsoft Update

Sun Java Applet Control Panel

WhatsUp.NET

Now even with all of this there are still things that can go wrong.. and what I mean is that there are still other issues with code and servers that can case problems with your browser and PC, that are malicious but not necessarily endangering... They can try all day with mine.. This is another reason to keep your temp files dumped and clean from your system, along with all browsing data, when you close your browser. It also is advisable to remove LSO's or SuperCookies, do not allow DOM storage or storage of any Java based temp files on your system.. same with flash.. Along with this filtering using a program like Peer Guardian, with the right list can help keep polling and data mining third party sites from data mining. Its not listed in Security as I keep it in my Internet Shortcuts in my Start Menu..I also take control of protocols, and various aspects of my Network to simply close and inhibit anything I am not using..I see that as a whole.. if I don't need it...I also have moved my TelNET port.. To really know whats going on you need to learn a little about Networks and networking. ( ..and not the MySpace kind either ). I also use true TLS wth my browser, and I have a signed encryption certificate, they are free from Thawte and can help you to enable this factor.

Additional Programs:

SE ConfigXP

TMAC 5.0.3

cFosSpeed

Hardware changes can also help your security by using hardware firewalls available in your router and using a service like OpenDNS which can be configured for better safety. Encrypting your connection and changing the key regularly..

Last but not least remember end point security.. Whats endpoint? Take a mirror and place it front of your keyboard...Now every thing you see in it...Every person to have access. Password protecting your BIOS settings, DriveLock Protection, and Hardware access in your BIOS can save you a lot of heartache. Using a USB Lock Key which is shown above, fingerprint scanner lock and Windows Password.. is also a nice thing to do.. Killing Lan enabled WAKE and access to control the PC, and making sure that when locked all devices are disabled fro access is advisable ( available for ID USB Lock Key, as a default setting )

Last but not least you can freeze settings, drop your rights, and use program Like SecAgent 1st Security to change aspects of your PC to keep it in its current state and protect various aspects of your system from outside changes.

:thumbsup:

Myth: "Well I'll just drop the Internet and I will be fine..."

[Bizarre™]

@heath28m:

You got a low score since you didn't properly configure COMODO.

As for me, even without any warning from D+, I always get a perfect score.

Edit:

I'm now only waiting for COMODO to release v4, so I can loosen up my settings a bit.

[ssj100]

@heath28m:

You got a low score since you didn't properly configure COMODO.

As for me, even without any warning from D+, I always get a perfect score.

Edit:

I'm now only waiting for COMODO to release v4, so I can loosen up my settings a bit.

Yes, Comodo with Defense+ (proactive configuration) always scores 330/330.

But, in the real world, the important thing is to prevent that .exe file from even running. Sandboxie is all you need, and a pure software firewall. Together with some common sense, you're bullet-proof.

[HX1]

@heath28m:

You got a low score since you didn't properly configure COMODO.

As for me, even without any warning from D+, I always get a perfect score.

Edit:

I'm now only waiting for COMODO to release v4, so I can loosen up my settings a bit.

Odd that you mentioned that because I spent half a day in the forums reading to read the same results from many of its users. Thing is if I turn settings up too high I can't even access the Internet..

I do know what your saying though...but I dedicated the whole day to Comodo and its settings and testing.. to still come up with those results, by allowing the program to even run its test. I honestly feel that a proper test would be something launched from another network.as far as I am concerned I won the minute the connection was cut to get the file to test my system. EAV constantly beat out Comodo detecting malware on mine system..with the Full Active Defense using all of of whatever it has available. I would have to still have it installed to be specific. I dunno.. I just didn't trust it.

[ssj100]

@heath28m:

You got a low score since you didn't properly configure COMODO.

As for me, even without any warning from D+, I always get a perfect score.

Edit:

I'm now only waiting for COMODO to release v4, so I can loosen up my settings a bit.

Odd that you mentioned that because I spent half a day in the forums reading to read the same results from many of its users. Thing is if I turn settings up too high I can't even access the Internet..

I do know what your saying though...but I dedicated the whole day to Comodo and its settings and testing.. to still come up with those results, by allowing the program to even run its test. I honestly feel that a proper test would be something launched from another network.as far as I am concerned I won the minute the connection was cut to get the file to test my system. EAV constantly beat out Comodo detecting malware on mine system..with the Full Active Defense using all of of whatever it has available. I would have to still have it installed to be specific. I dunno.. I just didn't trust it.

Trust me, for 32-bit, Comodo with Defense+ always scores 330/330 as I said before. No configurations needed really.

[Bizarre™]

@heath28m:

Dump COMODO's AV, it's not worth it.

However, v4 might change things.

@ssj100:

No configurations needed, only if you want D+ to bug you with alerts most of the time.

I configured D+ not to bug me, and block all the nasty.

As for my sandbox, I don't need one.

I'm using VirtualBox, so I can install both wanted and unwanted programs.

[LoBeX]

Thank you guys for your answers!!Really apreciated them!!! :clap:

So my reg shield isn't necesary? I've always trusted it because many programs try to run from the start up and this

anoys me... did comodo(with defence +) alerts you when a program try to get onto the autorun or installs a service?(I don't mind if it bugs me)

on thing is clear for me,I will no more use eset Av, It was my best friend for years!! but not anymore and I'm sure that if you have to install something with a litle fix (from :ph34r: sources) ,

it really don't defends you from bad malwares!! :nono: ...

I can assure this!!even after runing it in any sandbox nor Wstation and check if it's clean with eset,there are a few methods to stealh malware, and your last defence is a really good hips!!(not checking it manually with other methods of course)

I always run sandboxie but what advantages do you have with VirtualBox?you virtualize all the installs?and swich to your real os for the important things?

Just a little thing...my comodo test has 340 tests(and the ones from matousec are more extensive in my opinion)

[Rock Lee]

Thank you guys for your answers!!Really apreciated them!!! :clap:

So my reg shield isn't necesary? I've always trusted it because many programs try to run from the start up and this

anoys me... did comodo(with defence +) alerts you when a program try to get onto the autorun or installs a service?(I don't mind if it bugs me)

Nah a reg shield isn't necessary. As some users already stated, Comodo will protect your registry. It does nag you for every little change, that is unless you take the nag off :P

on thing is clear for me,I will no more use eset Av, It was my best friend for years!! but not anymore and I'm sure that if you have to install something with a litle fix (from :ph34r: sources) ,

it really don't defends you from bad malwares!! :nono: ...

I can assure this!!even after runing it in any sandbox nor Wstation and check if it's clean with eset,there are a few methods to stealh malware, and your last defence is a really good hips!!(not checking it manually with other methods of course)

:yes: A HIPS is always the way to go. Your choice of the ones I listed earlier if you wanna use one.

I always run sandboxie but what advantages do you have with VirtualBox?you virtualize all the installs?and swich to your real os for the important things?

Just a little thing...my comodo test has 340 tests(and the ones from matousec are more extensive in my opinion)

Boxie & VirtualBox do the exact same thing so I doubt there would be a huge discrepancy in the protection rates. I haven't found anything on the net so far so I'm not 100% sure about that though.

But yes, virtualize all suspicious software. Even if the slightest thing gives you the feeling of suspicion then run it sandboxed. Trust me you'll avoid a lot of headaches by doing so...

[Bizarre™]

@Rock Lee:

There's a huge difference between, VirtualBox and Sandboxie.

One good example would be installing different types of OS.

[HX1]

So I am confused, .. what programs are the essentials to complete security with the current problems..just one clean posted answer covering all of the bases..This is what I wonder. I mean you go online you search, you find something in top 3 for basic malware, then you have firewall, injection .. encryption.. There are a lot of areas.. So what confidently protects you, your servers, data, repair..? ( Open to anyone )

[Bizarre™]

@heath28m:

What's the best protection? Knowledge and Experience.

Also, keeping yourself updated ;)

[LoBeX]

@heath28m

Thanks for your exaustive post about your security!! :rofl: but I can't use it since I'm searching a configuration that don't takes a long time to see if a file is corrupted... =(

@Rock Lee

Post nº7 and nº 15 so are you using a Hips?I'm confused... and why you don't trust comodo's hips,and prefer Threatfire?

@Bizarre

In what way did vitualbox protects you better than sandbox apart of the os thing?and what's the way you are using to say that you can install both wanted and unwanted programs?? :shy:

I don't know if I will use the Comodo Hips or a standalone...

:think:

But thank you guys for telling me what you think about!! :hug:

[box]

The different between a VirtualBox and Sandboxie is that Sandboxie does not stop malware from reading data on your real computer.

Security is data protection and it is a layered protection. When you think of computer security. You need to think (BEFORE, DURING, AND AFTER). Ask yourself the 5 W's and How to protect your data before it is compromised; once it is compromised, and after it is compromised. Have the necessary tools ready to remedy the problem. (The more I know about security the more paranoid I get.) The bottom line is that there is no perfect solution in the real world. Use what works for you and learn and stay updated. Things change. Technology changes.

First line defense - user

plus: thinking & learning

minus: lack of experience

solution - behavior modification (stop doing things that get you infected)

Virtual PC: WMware, VirtualBox

plus: experimentation

minus: resource intensive

Hard Drive Imaging Programs: AyRecover, Rollback, Acronis, Norton

plus: up time

minus: additional hard drive space

solution: get it

Back Up data: I use SyncBAck (You just need to find a program that copy file per file from one physical hard drive to another without lumping them into one file. This way you are not dependent on that backup software to restore your data files.) You also need an off-sight backup. In case of fire or theft.

plus: sleep well at night

minus: additional hard drive

Encryption: Truecrypt, Bitlocker, etc.

plus: in case of a physical theft of your computer

minus: you really need to know what you are doing

HIPS - Comodo or Online Armor

plus: early notifications that a program is about to do something on your computer

minus: dependent on user

solution: know what the program is doing and why

Firewall - Comodo or Online Armor

plus: control programs and data from leaving your computer

minus: dependent on user

solution: know what the program is doing and why

A Router w/ firewall: D-link, Linksys,

plus: stop outsiders from hacking into your computer; you should reset your IP address regularly.

minus: dependent on user to set proper settings

solution: get knowledge

Anti-malware - Nod32, NAV, Avira

plus: second line of defense

minus: dependent on updates

solution: do it any way.

[Bizarre™]

@LoBeX:

VirtualBox is much secure than Sandboxie because: Link

@box:

Well said :)

[ssj100]

The different between a VirtualBox and Sandboxie is that Sandboxie does not stop malware from reading data on your real computer.

Security is data protection and it is a layered protection. When you think of computer security. You need to think (BEFORE, DURING, AND AFTER). Ask yourself the 5 W's and How to protect your data before it is compromised; once it is compromised, and after it is compromised. Have the necessary tools ready to remedy the problem. (The more I know about security the more paranoid I get.) The bottom line is that there is no perfect solution in the real world. Use what works for you and learn and stay updated. Things change. Technology changes.

First line defense - user

plus: thinking & learning

minus: lack of experience

solution - behavior modification (stop doing things that get you infected)

Virtual PC: WMware, VirtualBox

plus: experimentation

minus: resource intensive

Hard Drive Imaging Programs: AyRecover, Rollback, Acronis, Norton

plus: up time

minus: additional hard drive space

solution: get it

Back Up data: I use SyncBAck (You just need to find a program that copy file per file from one physical hard drive to another without lumping them into one file. This way you are not dependent on that backup software to restore your data files.) You also need an off-sight backup. In case of fire or theft.

plus: sleep well at night

minus: additional hard drive

Encryption: Truecrypt, Bitlocker, etc.

plus: in case of a physical theft of your computer

minus: you really need to know what you are doing

HIPS - Comodo or Online Armor

plus: early notifications that a program is about to do something on your computer

minus: dependent on user

solution: know what the program is doing and why

Firewall - Comodo or Online Armor

plus: control programs and data from leaving your computer

minus: dependent on user

solution: know what the program is doing and why

A Router w/ firewall: D-link, Linksys,

plus: stop outsiders from hacking into your computer; you should reset your IP regularly.

minus: dependent on user to set proper settings

solution: get knowledge

Anti-malware - Nod32, NAV, Avira

plus: second line of defense

minus: not completely reliable (relatively speaking)

Once again, the lack of understanding of Sandboxie is apparent.

Sandboxie does prevent data from being read on your system - it's just that it only does it in the environment it's protecting. You can easily set "Block Access" to sensitive areas of your computer. I use "Block Access" in all my environments to "My Documents".

@LoBeX:

VirtualBox is much secure than Sandboxie because: Link

@box:

Well said :)

That's why I used a sandboxed VM. A sandboxed VM is much more secure than a VM. A sandboxed VM that uses Sandboxie within it is probably the most secure of all, but is probably quite inconvenient to use on a regular basis.

[Bizarre™]

@ssj100:

In Sandboxie, you still have to configure it to do that.

In VirtualBox, everything is pretty much covered.

Also, IMO, Sandboxie in VirtualBox is pretty much overkill.

[ssj100]

@ssj100:

In Sandboxie, you still have to configure it to do that.

In VirtualBox, everything is pretty much covered.

Also, IMO, Sandboxie in VirtualBox is pretty much overkill.

Of course you need to configure it. That's why it's not for people who don't know what their doing, or can't be bothered taking time to learn about it properly. Most people don't fully understand the scope of how Sandboxie can protect you.

I force sandbox virtualbox.exe to run, and so I am super-secure when I test malware in my sandboxed VM.

Not Sandboxie in VirtualBox mate, but VirtualBox in Sandboxie.

[Bizarre™]

It's pretty much the same thing, whether VirtualBox or Sandboxie is on top, it's overkill.

Link 1

Link 2

But hey, each to his own :)