Anti-Virus Software

I

Iamforever

Banned
JohnnyWorstcase said:
Agree; but you need a firewall if u'r using Windows.
Click to expand...
oh, i got a firewall. damn hackers. :1orglaugh
JohnnyWorstcase said:
Also, if anyone's going to install norton, better install a virus instead.
Click to expand...
i disagree. been on norton for almost two years now. ever since ive had a computer. and since i installed the latest version, my computer has been faster. your statement is so full of shit, your username is brown.:thumbsup:
 
JohnnyWorstcase

JohnnyWorstcase

iamforever said:
i disagree. been on norton for almost two years now. ever since ive had a computer. and since i installed the latest version, my computer has been faster. your statement is so full of shit, your username is brown.:thumbsup:
Click to expand...

I said that cause norton is not a freeware,
also I had a bad experience once with a modified norton version that I downloaded from Kazaa, it threw up on my filesystem. :pimpdaddy
 
slowhand

slowhand

Closed Account
I use McAfee its seems to be pretty good. :)
 
Member2019

Member2019

Defense-in-Depth with Community Software (1/2)

As you may or may not know (or want to believe), I moved from being a defense/space engineer in the first half of my career to a financial systems consultant in the second half. Most people outside the industries think that doesn't make sense, but those in the industries realize it's perfect sense -- the latter adopted the same "community developed" software (e.g., open source -- not merely just "free") proven by the former. As such, systems, network, transmission and other security has been a major focus for myself for a long time. Especially the concept of "Defense-in-Depth," of which you've probably heard me talk about with PAC-3, THAAD, Block II and Standard Missile III type TMD complementing NMD over in various defense threads. Exact same, necessary concept in computer and network security!

I've purposely tried to keep the focus of this post to what is doable by a "common user" and not gone into the detail that most network security professionals would (with much added time and effort, which most consumers would not do, and really can't be expected to). In a few cases, I've pointed out concepts and a few possibilities for those interested.

Defense-in-Depth with Community Software ...
1. Application-level Security
2. Host-level Security
3. Network-level Security

1. Application-level Security

Short of the tiresome effort to do complete application-level filtering at a network level, users themselves should take a pro-active role in how they use the Internet. This includes ...

A. Run as a non-privileged user
B. Use a browser with 0 tie-ins to the OS internals and gives you info/tools
C. Disable automation in the browser itself

First and foremost, you should never browse the Internet as a privileged user -- i.e., administrator. With the release of consumer NT 5.1 -- aka Windows XP -- there is now the "switch user" multi-user function (something we UNIX people have had since the inception of UNIX in the late '60s -- although Microsoft sold Citrix's "MultiWin" as part of NT 5.0+/2000+ in other flavors). So even though the piss-poor application programming practices of Microsoft itself (among ISVs, independent software vendors -- both who utterly ignore the security APIs of Windows) often require you to run as "administrator," you should "switch user" to do your Internet browsing. Never install software as that user either -- in fact, the permissions should make it impossible.

Of course, MS IE still runs at the core of the OS, and even a non-privileged user can install all sorts of malware because of this. Hence the next recommendation ...

Mozilla Firefox has no internal ties to the OS, a major issue with the base security of Internet Explorer that Microsoft cannot address (long story, to do so would break a lot of legacy compatibility and take 5+ years to re-write). Firefox also, by default, does not hide and gives you a lot of information about links, sites and other details -- especially under "View" and "Tools." Internet Explorer is easily coerced into providing incorrect or hiding various information, and I have done numerous examples of this, even with security software loaded as well as the alleged "anti-spoof" features in MS IE 7.

But Firefox does have one, serious issue -- Javascript ...

While Javascript is much less of an issue than on MS IE, let alone ActiveX (which numerous Microsoft employees/contractors themselves are calling for an end to for security reasons), and it can't directly infect the core OS if you're not running as "administrator" with Firefox (unlike MS IE), malware can still infect your Firefox profile and capture all sorts of information you use on the web. That's why you need a tool that allows you to enable/disable Javascript (among other things). And that's where things like ...

PrefBar come in! PrefBar gives you a toolbar that lets you toggle and set different Mozilla Firefox settings. That includes things like Java and Javascript, Flash (and kill the Flash on the current page), Cookies, Send Referrer (solves the common, "why can't I see the image?" which normally requires a "cut'n paste" to get around), etc... The latest version can even turn Javascript on/off individual tabs/pages -- e.g., I use Javascript on FreeOnes, but I want it off by default for any links I middle-click from FreeOnes to outside of FreeOnes. PrefBar is a necessary, interactive security mechanism that lets you "browse smart" by disabling things by default, and only turning them on when you really need them.

That's in addition to all the other plug-ins available for Firefox. I like to use the PornZilla suite of tools -- such as the Download Them All plug-in. It's literally the reason why I have so much ERC (Erica Rose Campbell) on my system -- from all her stuff (only bested by Chloe Vevrier, who I had a membership to in the past).

2. Host-level Security

Real, capable host-level security is very over-looked. In fact, the most simple concepts are typically the culprit. Here's the basics ...

A. Be able to recover your system (to prior state)
B. Use host-based resident mail, web and process scanning
C. Use host-based connection and intrusion detection (more difficult)

First and foremost, have a way to recover your system! Note I did not say "backup" -- because most people just "do a backup" not stopping to think (much less test) how they can actually use it to recover. Microsoft has fully gone on record that many types of spyware cannot be removed without completely reloading Windows. I have personally run into this myself. Having the ability to recover your system to a prior state is key. Unfortunately, there is no "simple solution" to this problem.

The biggest issue, which inhibits 99% of users, is the fact that you must boot "clean, outside of Windows" to start. That's not very automated, and most people don't want to do it. Worse yet, Microsoft itself does not offer such an option, and only its more recent option (Pre-exec Environment, PE), is very "geeky" as well (although Symantec, and others, based their newer tools on it instead of Linux or DOS). So most of these things are not feasible for home users, but I had to point this one step out -- because I don't consider it optional. If you want to "get geeky" with community software, check out SystemRescueCd, Trinity Rescue Kit and similar projects.

People who think they are not infected are often infected. The worst thing is being infected and not knowing it, which is the overwhelming majority of cases. That's why you always need to be ready to recover! Hell, just cloning a system after it's been setup is often a good idea and easy to do (and keep the media off-line).

Now with that out of the way, we can talk resident host scanning.

There are a variety of tools out there now. Personally, I've had it with the "rootkits" (by-pass system security and "hide") aspects of most systems now. If you're trying to by-pass the basic system security for a security product, you're already at a point you should just wipe the system anyway, because you've already compromised it yourself. That's where Symantec's Norton products now fall into, and it's rather sad. Furthermore, more and more entertainment software is now doing it as well. Again, the problem with these solutions is that you cannot remove them and, therefore, they have already compromised your system.

The best, free set of resident (and non-resident) scanners I've found are the Grisoft AVG series series of products. Their resident anti-virus is well regarded (and even offers a resident Linux version). Their spyware and anti-rootkit solutions are mentionable, although anti-rootkit solutions really only work when you "boot clean" with another OS (which I've already covered in "recovery").

You may want to supplement the resident Grisoft products as follows ...
- Non-resident Anti-virus: Windows version of ClamAV (main ClamAV site)
- Non-resident Anti-spyware: AdAware FREE

On the anti-virus end of things, I highly recommend the community developed and maintained ClavAV product -- even though its non-resident. It consistently wins aware after award for catching 100% of the viruses thrown at it, and it's why it's the most used solution for e-mail scanning by corporations. But because it's not resident, it is not an ideal solution for home users on its own -- except to scan media or other files. E.g., the GUI version for Windows adds a "right click" to Windows Explorer. You will want to use a resident solution, such as AVG Free, as you main defense.

Lastly, I'm only going to mention that host-based connection and intrusion detection is also an option. This is common "nag-ware" and Microsoft has put it into NT 6.0 Vista as well. It nags you on any new connections, etc... Sometimes it's sold as a "firewall" but it's much more than that, as it goes beyond just the raw UDP/IP or TCP/IP connection details. In this space I don't recommend much at all, because most users will just turn it off.
 
  • Like
Reactions: AFA
Member2019

Member2019

Defense-in-Depth with Community Software (2/2)

3. Network-level Security

You don't have to be a network expert to have solid, network-level security. In fact, instead of having most users deal with host-based IDS (intrusion detection systems), I'd have then put up a network IDS in a pre-packaged network security solution. If you have an old PC, you can do this. And once you do, and merely just take 5 minutes/day to check your audit logs, you can handle the most important aspect of security -- actually identifying when you've been compromised!

Every single, major compromise I've experienced has been utterly ignored by Symantec/Norton! That's because most compromises look like normal, user access to the Internet! So unless you're going to deny all outgoing traffic to the Internet by default -- which most users won't do -- you at least need an audit trail to look for such activity. And that's where things like Snort come in. Unfortunately, Snort is kinda raw.

Which is why I recommend using an old PC as a general security appliance, such as IPCop instead of those SOHO (small office, home office) firewall/router boxes you get at the computer superstores. It comes pre-packaged with a Linux-based OS firewall, auditing, proxying (to speed up multiple Internet connections/history with caching), and the Snort IDS. Once you set it up, which is largely menu driven, it's all web-based administration -- including checking logs, looking at connections and setting up various things. The great thing about it being web-based is that security alerts then have a link to the Snort and other security databases on the Internet -- which are much better than what you often get in "cryptic" error messages even with very costly commercial products.

If you've setup a SOHO "firewall/router" before, you can setup an IPCop box -- although it doesn't hurt to have a friend who is more familiar with networking if you don't feel confident. I don't expect everyone to do this, but if you really have some time, it's well worth doing -- especially if you are going to start dropping money on only host-based tools. Host based security only goes so far, and you'd be better off putting some time and effort into a basic, network security appliance -- which IPCop does quite well "out of the box" without having to be a security expert. Defense-in-depth.
 
Bigoldowls

Bigoldowls

I'm currently using Norton 2007. I was thinking about upgrading to their new version (360 Total Net Protection) - but they want GBP50!!!

Instead I'll install Steganos 2007 for GBP20 :thumbsup:
 
georges

georges

Moderator
Staff member
Installed ad aware se pro 2007, it works well, updates itself automatically and works as well as spy sweeper.
 
JohnnyWorstcase

JohnnyWorstcase

georges said:
Installed ad aware se pro 2007, it works well, updates itself automatically and works as well as spy sweeper.
Click to expand...

adaware? have you tried spybot.
when I had some problems, I tried them both, and spybot found spyware that adaware couldn't.

Oh, and it's free (not in contrast to adaware, I don't remember if adaware is free).
 
Last edited:
georges

georges

Moderator
Staff member
JohnnyWorstcase said:
adaware? have you tried spybot.
when I had some problems, I tried them both, and spybot found spyware that adaware couldn't.

Oh, and it's free (not in contrast to adaware, I don't remember if adaware is free).
Click to expand...

The new version of adaware the 2007 is much powerful than the previous ones. I had adware and spybot when I was on windows 98 then 2000 professional technology service pack 4. From 2005 till 2006 I was using Spy Sweeper as well as ad aware se pro that I installed 2005 and to which I upgraded to version pro 2007 recently. I am satisfied of adaware se pro version 2007 and besides that I have windows defender. The biggest reformat I had to do was due to spyaxe a year or two ago and at that was due to the lack of removal kits and anti spyware definitions which were non existent at that time. I am also using spywareblaster another software that prevents and blocks undesirable scripts and rootkits to be installed. I try to mix the most efficients antispyware to have no crap on my pc. Something I succeeded very well.
 
Hot Mega

Hot Mega

Been "using" Avira Antivir Personal for about a year now. I say "using" because it hasn't actually done anything for me except d/l updates 50 times a day and constantly nag me with about it's definitions being out of date. It has failed to detect malware other programs have caught and seems to be chewing through CPU from time to time.

All that said, I'm uninstalling it. Any suggestions beyond the usual suspects (AVG, Malwarebytes, etc.) to replace this with?
 
Member2019

Member2019

Iamforever said:
guys, adware is nothing. its harmless.
Click to expand...
If you mean the strict definitely of it, yes.

But most adware is tied into marketing non-sense, and some of that stuff gets sold. The real problem occurs when that data contained confidential information.

Cookies can often contain confidential information. If it's not secured well, then it can contain some rather exploiting information of a user.
 
You must log in or register to reply here.

Similar threads

Will E Worm
  • Poll
AVG vs Avira
Replies
4
Views
3K
DDuckworth
DDuckworth
xfire
The Obscenity Police Are Coming
2
Replies
30
Views
4K
Rey C.
Rey C.
Gordon Bennet
I really need help with a virus problem
Replies
15
Views
2K
Gordon Bennet
Gordon Bennet
Wainkerr99
Christmas is canceled.
2 3
Replies
44
Views
5K
max0rz
max0rz
historylover
Npr news in brief
2 3 4
Replies
64
Views
11K
historylover
historylover
Top