LUSHER
-
Posts
89 -
Joined
-
Last visited
Posts posted by LUSHER
-
-
-
I don't like firewalls that much. I've already tried three (Online Armor Free, Comodo 3, and Outpost) Online Armor and Comodo kept nagging me for every little thing that I tried to run, even the program that enables me to connect to the internet.
I agree, Comodo is overkill for most people
-
I use Avira Personal for my anti-virus. I have Spybot S&D, Spyware Blaster and MalwareBytes Anti-Malware. I also have Arovax Shield (behavior blocker) and Arovax Smart Hide (online anonymity) and yeah...
You actually have quite weak defenses imho.
Spywareblaster doesn't really do much in this day and age really. Activex isn't as big a problem as it was in the past (default settings in IE more than handles this anyway), and while the restricted zone list that spywareblaster imports into IE is fine, it is often too slow.
Spybot is another one that is over-rated and people are using it out of inertia. MBAM (assuming the free one) is a rising star and is getting good at *removal* but it provides only on demand and no-real time protection.
Essentially your real time protection comes down to Avira and Arovax shield.
I have nothing really bad to say about Avira personal except that there is no spyware protection. Arovax shield is probably the weakest hips you can find...
And no firewall?
-
Didn't like/find something lacking with Threatfire?
Comodo Firewall Pro has a HIPS module incorporated, called D+.
Online Armour has a similar feature.
When some people say behavior blocker they mean something more specific than just hips. Something liike CPF and online armor prompt on pretty much everything, they have no/little "intelligence"... Basically behavior blockers are smart enough not just to notice that a registry autostartup entry is being changed by a suspect process X, but also take into account other factors such as the other actions taken by the process, the characteristics of the process etc.
Under this more restrictive definition, the only other free behavior blocker than might qualify is prevx. The others are payware (mamtu, nortion anti/bot/PRSC).
-
I use Arovax right now, just because I don't have anything.
What's your definition of a behavior blocker? Is it the same as a HIPS?
-
On some websites blocking the referrer will make them non-functional, i.e.; when clicking on the download link for their software, etc., which is why I no longer block it.
Interesting, I never had such a problem. Do you just send blank referrers? "Smarter" strategies seem to be to always send back the same refererer (or the root site url), or to be even more safe to forge referrers only when moving from one domain to another (google.com to piriforum.com etc).
Personally i think it is pointless to forge or block referrers when moving withing the same domain/site...
-
It's not an antivirus, it's a behavior blocker. It's designed to supplement your anti-virus and whatever antispyware programs you have.
Quite right.
To add on, the latest TF free adds the following though
"On-demand antivirus scanner now available in ThreatFire free edition
An on-demand antivirus scanner is now available in both ThreatFire Free as well as ThreatFire Pro."
-
I think rridgely is quite fond of Mcafee.
So am I.
-
if all work as one be fix over night, some downloads not so good see McAfee Site Advisor test.
http://www.siteadvisor.com/studies/search_...ty_may2006.html
Dangerous sites soared to as much as 72% of results for certain risky keywords.
Particularly dangerous keywords include "free screensavers", "bearshare", "kazaa", "download music", and "free games."
http://www.computerworld.com/printthis/200...,108416,00.html six of the top 10 Google ads that pop up on a search for the term "screensavers" are for products that involve "spyware, spam or similar unwanted materials."
Analysis: Paid search results often not worth the click
http://www.cadna.org/en/index.html CADNA Supports Anti-Phishing Consumer Protection Act
http://www.time.com/time/business/article/...afeesiteadvisor
Panic! The sky is falling...
-
A couple more tools here http://wiki.castlecops.com/Lists_of_freewa...al_AV_companies
Bitdefender, Mcafee, Sophos , AVAST, Spybot all also provide standalone antirootkits ...
-
All...
Thanks for the input. I welcome opinions.
I could be wrong, but I thought Online Armor Free came with HIPS. I'm not too keen on that. Please let me know if I'm mistaken. Also, thanks for Sunbelt/Kerio suggestion.
Here's an idea: Piriform...you folks did a stellar job with CCleaner. You made it with four essential features: Safe, Efffective, Simple, and Free. So, ready for a new project? Create a firewall that is Safe, Effective, Simple, and Free. What a great complement to your other products! A simple to use firewall...no bells or whistles...that controls/gives notices about inbound and outbound transmissions; that's pretty much it. Small footprint. Works on XP and Vista. Again, keep it simple to use because trust me...there's a whole population of computer users out there that don't know a whole lot about pc's and don't have the time or inclination to learn a whole lot either. They just want reasonable protection that is Safe, Effective, Simple, and Free. You'd make a fortune in donations.
Not a good idea.
-
It's not free...
Please read
http://forum.kaspersky.com/index.php?showtopic=58034
In essence, kaspersky SOS is for business user, the website is misleading , it actually expires after 30 days!
There is however a free version coming for home users and it's called Kaspersky Virus Removal Tool.
I've blogged about it before. But it is not like cureit, in that it requires installation and will even install a service. It even self-protects itself so it can't be shut down! You actually have to disable selfprotection before the uninstaller will work, something that threw a lot of users when they tried to uninstall but couldn't!
-
I've put together a list of freeware/liteware security tools from a larger list, including the best ones that can be put into your flashdrive and used for cleaning, diagnosis on infected systems. Almost all do not require installation, and are free.
I have selected antivirus, antispyware, antitrojan and antirootkits tools that are top notch, system tools, and as a bonus there is a list of links to the best online scanner sites, both multi-engine (virustotal etc) and full disk (Bitdefender online etc) as well as sandboxing type (Threatexpert etc).
You can find them at Security tools for usb
Any comments are welcome, particularly omissions.
-
I would add that in today's world you should be using not just antivirus and firewalls but the following as well
1) Smart behavior blocker e.g threatfire, norton antibot
2) dumb behavior blocker e.g System safety monitor, ProSecurity, eqsecure
3) Sandbox + optional application virtualization e.g sandboxie, safespace, geswall, defensewall
4) System virtualization and/or hardware virtualization. Returnril, Shadowdefender, shadowuser pro, vmware, virtualpc
5) specialized anti-x tools to counter specific threats (keyloggers, buffer-overflow etc) - comodo anti-bufferoverflow, keysrambler, FireLion] Anti Keyloggers
This doesn't mean you need 5 or more extra apps, since many standard antivirus and firewalls have began adding extra features that go beyond basic traditional antivirus features. For example, KAV, FSecure, Panda (none-suite versions), have (1) already. Many firewalls like Comodo firewall pro, Online Armor have (2) already etc.
Also (5) can be covered by both (2) and (3) in many cases, since many in (2) have genetic methods of blocking ALL keylogging and screen capture methods.. But personally i would have a seperate anti-buffer overflow just in case...
Personally I'm not in favour of having anti-spyware, anti-trojans etc (at least in real time, on demand is fine), since when it comes down to it they are using the same techniques as a broad-spectrum anti-virus (or rather anti-malware, since antiviruses today have finally recognized it is their duty to capture malware, anyhow antivirus in it's classic definition is seldom seen today anyway, it's all worms and trojans today!)
-
Hmm maybe i follow this kind of news too closely, but the first thing i thought when i read this was "You might as well report that water is wet..." ... but i guess not everyone is as paranoid as i am..
-
Relatively minor update 1.6.1
Changelog:
Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
Bug fixed: malware analysis after import not working in expert mode
Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
Sub run folders are now only scanned on windows 2000
-
I don't believe in using HOSTs file that way.
-
I don't like it
It prevents running Disk Cleanup that I think is necessary to clean out the Compacted files before a Defrag after a major download and install of a Service pack to keep the hard drive running at peak efficiency.
Hmm how often do you install a service pack?
-
Does that program run in the background?
What kind of question is that? Even spyware blaster's protection doesn't come free.
-
Spyware Blaster doesn't run in the background, it just adds restricted sites so uses no resource. Spybots immunise function is very similar so even if you don't want to install Spyware Blaster you could turn on Spybots immunise function (as with Spyware Blaster it doesn't run in the background or use resources either). I actually use both with no problem and would suggest you use one or the other, you can't really argue with zero resource protection
Well spywareblaster might use zero resources, but the (limited) protection it offers is not exactly zero resource. It is carried by the browser due to the increased size of the restricted zone , the system - due to thousands of extra entries in the registry that is held in memory etc..
-
"We are proud to announce the release of our brand new security product
System Protect.
Information about the product can be found at here
Have you ever been infected by viruses or malware and had to go through
an arduous process of restoring critical system files?
Have you ever used an antispyware program which has falsely identified
and deleted Internet Explorer favorites or important programs?
Have you ever used hard drive cleaning applications only to find that
important documents, pictures or other desired files have been deleted?
Do you share a computer with children and worry that they will delete
important documents or system files? Do you worry that you might do the
same?
If you have ever asked any of these questions, then System Protect is
for you. Right out of the box, System Protect will actively protect the
integrity of critical system files. With a few extra settings, you can
also use it to protect important documents, pictures, music, favorites,
and any other file you never want to lose! It provides the protection
which no other security program can provide, for FREE!
Currently System Protect is in beta stages and we'd appreciate it if you
could test it and give us your feedback. We hope to release a finalized
version of System Protect in Q1 2008.
We would like to ask you to install the application, check its functions
and send us any bugs, comments or suggestions by posting in the new
forum created for System Protect here:
http://forum.spywareterminator.com/Default...topics&f=60
The application can be downloaded at http://www.system-protect.com/
From http://forum.spywareterminator.com/Default...osts&t=3601
Basically a file/folder guard from the guys at spyware terminator? Description seems similar to drivesentry?
I have not tried this yet nor am i recommending it. It is also BETA.
Lusher
-
I disagree on Defense+. If you put it in training mode for a couple of days, then you shouldn't have a problem.
Depends. if your pc has only standard stuff, maybe you can get away with training mode, and even then you will have to answer quite a few prompts.
If you run a lot of stuff, you will need the clean PC mode... Hopefully your PC is really clean....
Of course if you constantly try new things and install new programs particularly the not so well known ones, you might have a big problems with prompts... Also it depends on how willing you are to answer prompts, most people on forums don't really state objectively what "a few", "a lot" of prompts mean, I suspect different people have different ideas of what counts as "a few", "a lot".....
Some guys I know think answering 3-5 prompts everytime they start something new isn't a lot of prompts, others shudder to try to answer even one...
-
I take it all back. Lusher was right Defense+ became unbearable pretty fast.
Of course I am. despite the fact that some people are trying to brand me a troll, i'm usually right.
Sometimes it even takes a while before "conventional wisdom" comes to see the wisdom of what i'm saying...
-
New launch/hijack items 1.6
Restrictions for internet explorer:
080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)
Startup/Shutdown/logon/logoff scripts
090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
Various
110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
Shell hijacking (removed from general policies)
162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
Terminal server related
190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp
Debugger hijacking
176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger (thanks to Tony Klein)
Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
Hijacking of standard windows tools
210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard
Shape-shifting malware hits the web
in Windows Security
Posted
You just made my point. This isn't even remotely new. I say the reporter is clueless because of the way he is writing as if this is new. Also I can't tell from the report where he is talking about server-side polymorphism (e.g. your storm worm)or just classic well known polymorphic malware.
It's just gives you the impression "omg, we got intelligent malware that can think and automatically change to avoid security software" lol...