Gizmo rates the Anti-Vs in this months newsletter!

[slowday444]

here

[rridgely]

He makes it sound like you absolutely have to buy a commercial program or run everything in a sandbox to have a clean pc.

This of course isn't true.

[Humpty]

My Hijackthis log and I reckon I'm safer than anyone running realtime blacklist scanners.

 

Running FF with Noscript through Sandboxie and in PowerShadow mode.

 

Of course those ghost images and a couple of extra cloned drives give a bit of confidence as well.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:38:56 PM, on 4/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\windows\Explorer.EXE

C:\Program Files\PC Tools Firewall Plus\PCTFW.exe

C:\WINDOWS\system32\shadow\ShadowTip.exe

C:\Program Files\Sandboxie\Control.exe

C:\Documents and Settings\Ven\My Documents\Hijackthis\HiJackThis_v2.exe

 

O4 - HKLM\..\Run: [PCTools FW] C:\Program Files\PC Tools Firewall Plus\PCTFW.exe /s

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: Shadow System Service (ShadowSystemService) - Unknown owner - C:\WINDOWS\system32\shadow\ShadowService.exe

[New_Age]

Wow, I'm safe and I use Avast!

[rridgely]

My Hijackthis log and I reckon I'm safer than anyone running realtime blacklist scanners.

 

Running FF with Noscript through Sandboxie and in PowerShadow mode.

 

Of course those ghost images and a couple of extra cloned drives give a bit of confidence as well.

 

I'm glad that works for you, but thats not the point.

The person who wrote that article implied that if you use Norton(of all things ) you were perfectly safe, yet if you use avg or antivir you need to run sandbox software(you dont).

 

Why are you using sandboxie and powershadow at the same time? Isn't that redundant since when you reboot everything will be rigth back the way it was?

 

I run 0 real time security programs and the only ones I have installed are avg av and avg as. How many viruses do I get? 0.

How often do I scan? Once a month if even. Aggrivation level? 0. I'll stick with what I've got.

[Humpty]

Coupla reasons I still use Sandboxie with PS.

Am beta testing the new releases for the author who is a decent sort of fella and I have a few posts over at SB's forum.

 

Sandboxie stops any and all inet borne malware so in effect saving me to reboot if infected and only using PS.

 

There are no slowdowns or conflicts.

 

If any zero day attack does manage to bypass SB then a simple reboot should fix the prob.

 

So I'm using a SB as my first line of defense,Powershadow as second and ghost images and clones third.

 

And finally I've been using SB for so long that I sorta feel naked without it.

 

I can't believe Gizmo is recommending Nortons unless it has improved quite a lot.

 

I did send him an email a while back about PowerShadow and he replied that he will have a look at it.

 

Quote Gizmo:

But most users lack the discipline to consistently use a sandbox. They may aspire to do so, but pressure and circumstance may not allow it.

 

If that's you then I suggest you consider one of the commercial products, as I don't think the other free products are fully up to the task. AVG and Avast! have poor detection of polymorphic and 0-day malware in addition to having limited self protection while the free BitDefender lacks a real time monitor as well as email scanning.

 

Of the commercial products I favor NOD32 as it provides first class detection, yet is light on resources. The $19.95 paid version of Avira is also a fine choice, providing the same or slightly better protection as NOD32 at the cost of slightly heavier resource usage. Kaspersky and Norton AV are also sound options provided you have a fast PC.

[rridgely]

I think his write up on this is ok, but I would come to different conclusions than he did.

I do however like his linux review that he put in that news letter.

 

I'll play with powershadow on saturday or sunday. I don't really want to cricize something I havent tried, but just the concept seems like a hassle.

 

I think Gizmo got it right when he said most users lack the discipline(I would have chosen a different word though. ) to use those applications. I'm going to leave it at that untill I give the program a try at least.