LUSHER

You just made my point. This isn't even remotely new. I say the reporter is clueless because of the way he is writing as if this is new. Also I can't tell from the report where he is talking about server-side polymorphism (e.g. your storm worm)or just classic well known polymorphic malware. It's just gives you the impression "omg, we got intelligent malware that can think and automatically change to avoid security software" lol...

LOL, typical piece of crap written by a reporter who is clueless.

I agree, Comodo is overkill for most people

You actually have quite weak defenses imho. Spywareblaster doesn't really do much in this day and age really. Activex isn't as big a problem as it was in the past (default settings in IE more than handles this anyway), and while the restricted zone list that spywareblaster imports into IE is fine, it is often too slow. Spybot is another one that is over-rated and people are using it out of inertia. MBAM (assuming the free one) is a rising star and is getting good at *removal* but it provides only on demand and no-real time protection. Essentially your real time protection comes down to Avira and Arovax shield. I have nothing really bad to say about Avira personal except that there is no spyware protection. Arovax shield is probably the weakest hips you can find... And no firewall?

When some people say behavior blocker they mean something more specific than just hips. Something liike CPF and online armor prompt on pretty much everything, they have no/little "intelligence"... Basically behavior blockers are smart enough not just to notice that a registry autostartup entry is being changed by a suspect process X, but also take into account other factors such as the other actions taken by the process, the characteristics of the process etc. Under this more restrictive definition, the only other free behavior blocker than might qualify is prevx. The others are payware (mamtu, nortion anti/bot/PRSC).

What's your definition of a behavior blocker? Is it the same as a HIPS?

Interesting, I never had such a problem. Do you just send blank referrers? "Smarter" strategies seem to be to always send back the same refererer (or the root site url), or to be even more safe to forge referrers only when moving from one domain to another (google.com to piriforum.com etc). Personally i think it is pointless to forge or block referrers when moving withing the same domain/site...

Quite right. To add on, the latest TF free adds the following though "On-demand antivirus scanner now available in ThreatFire free edition An on-demand antivirus scanner is now available in both ThreatFire Free as well as ThreatFire Pro."

So am I.

Panic! The sky is falling...

A couple more tools here http://wiki.castlecops.com/Lists_of_freewa...al_AV_companies Bitdefender, Mcafee, Sophos , AVAST, Spybot all also provide standalone antirootkits ...

Not a good idea.

It's not free... Please read http://forum.kaspersky.com/index.php?showtopic=58034 In essence, kaspersky SOS is for business user, the website is misleading , it actually expires after 30 days! There is however a free version coming for home users and it's called Kaspersky Virus Removal Tool. I've blogged about it before. But it is not like cureit, in that it requires installation and will even install a service. It even self-protects itself so it can't be shut down! You actually have to disable selfprotection before the uninstaller will work, something that threw a lot of users when they tried to uninstall but couldn't!

Security tools for usb I've put together a list of freeware/liteware security tools from a larger list, including the best ones that can be put into your flashdrive and used for cleaning, diagnosis on infected systems. Almost all do not require installation, and are free. I have selected antivirus, antispyware, antitrojan and antirootkits tools that are top notch, system tools, and as a bonus there is a list of links to the best online scanner sites, both multi-engine (virustotal etc) and full disk (Bitdefender online etc) as well as sandboxing type (Threatexpert etc). You can find them at Security tools for usb Any comments are welcome, particularly omissions.

I would add that in today's world you should be using not just antivirus and firewalls but the following as well 1) Smart behavior blocker e.g threatfire, norton antibot 2) dumb behavior blocker e.g System safety monitor, ProSecurity, eqsecure 3) Sandbox + optional application virtualization e.g sandboxie, safespace, geswall, defensewall 4) System virtualization and/or hardware virtualization. Returnril, Shadowdefender, shadowuser pro, vmware, virtualpc 5) specialized anti-x tools to counter specific threats (keyloggers, buffer-overflow etc) - comodo anti-bufferoverflow, keysrambler, FireLion] Anti Keyloggers This doesn't mean you need 5 or more extra apps, since many standard antivirus and firewalls have began adding extra features that go beyond basic traditional antivirus features. For example, KAV, FSecure, Panda (none-suite versions), have (1) already. Many firewalls like Comodo firewall pro, Online Armor have (2) already etc. Also (5) can be covered by both (2) and (3) in many cases, since many in (2) have genetic methods of blocking ALL keylogging and screen capture methods.. But personally i would have a seperate anti-buffer overflow just in case... Personally I'm not in favour of having anti-spyware, anti-trojans etc (at least in real time, on demand is fine), since when it comes down to it they are using the same techniques as a broad-spectrum anti-virus (or rather anti-malware, since antiviruses today have finally recognized it is their duty to capture malware, anyhow antivirus in it's classic definition is seldom seen today anyway, it's all worms and trojans today!)