Jump to content

what's your security setup?


byte_king

Recommended Posts

  • Replies 153
  • Created
  • Last Reply

Top Posters In This Topic

Behavioral blockers bother me. Like Prevx - I have found quite a few false positives in their online database.

ThreatFire is ok...but SourceFire Snort seems the best.

I prefer more HIPS based technology than anything.

Me too, so I avoid behavioral blockers like Threatfire like the plague.

Link to post
Share on other sites

I run Win7 with MBAM, AVG, and have a full Untangle box running behind my router. Lately I've been less than pleased with AVG's performance. Even on my dual-core system (with 6gb ddr2 1066) it tends to bog things down. Looking through this thread I see some alternatives worth trying. :P

Link to post
Share on other sites

shan.m.kel,

I am a recent former AVG user, I too noticed a big difference when switching from AVG to something else (Kaspersky).

If you need some assistance picking out an AV and would like some recommendations and download links, I'd be more than happy to help you with that!

Link to post
Share on other sites

May I ask why you say it's not a good detection method?

The technology still depends on signatures, just from other vendors. In a combined architecture, many databases scan each new file that is created in the system, and if bad, the file gets deleted.

Let's say a system file gets infected, and it passes through the scanners, and the scanners say DELETE... the system file gets deleted and the person's computer fails to boot.

In essence it is new, researched by scientists at the University of Michigan, it's just not the best way.

Link to post
Share on other sites

Does anyone here use Rising AV or the new ClamAV(Immunet) ?

Rising's smart active defense, when properly configured, will alert you when something wants to touch system32 folder, system time, startup folder, registry Run, RunOnce, BootExecute and many other important places. It also have a behavior blocker.

ClamAV is also good to complement the security setup. Both of them are free.

btw I use Online Armor, disabled it's firewall, using Win7 firewall instead. I use OA for the HIPS, it's very good!

Link to post
Share on other sites

The technology still depends on signatures, just from other vendors. In a combined architecture, many databases scan each new file that is created in the system, and if bad, the file gets deleted.

Let's say a system file gets infected, and it passes through the scanners, and the scanners say DELETE... the system file gets deleted and the person's computer fails to boot.

In essence it is new, researched by scientists at the University of Michigan, it's just not the best way.

Actually Panda Cloud only uses the signatures from Panda Labs. Also the non-cloud part of the client contains signatures for disinfection, PDF Exploits, and viruses like vito and virut. All of these non-cloud signatures are updated daily. That way if a exploit, virus or rootkit is detected while you are offline you are still protected.

Link to post
Share on other sites

I run Win7 with MBAM, AVG, and have a full Untangle box running behind my router. Lately I've been less than pleased with AVG's performance. Even on my dual-core system (with 6gb ddr2 1066) it tends to bog things down. Looking through this thread I see some alternatives worth trying. :P

Personally ability to repel malware aside, I agree that Avg 9.0 has a lot more system drag than any Avg I ever used in the past.

Link to post
Share on other sites

What exactly is this HIPS thing you guys keep mentioning? I see it all the time and I've read stuff online about it, but most of it is very technical? Can someone break it down for me?

HIPS or Host Intrusion Prevention System is a security technique that monitors all critical system files. One such program is WinPatrol. When a system file is change for example the boot.ini file, it alerts you and asks if you want to approve or deny it. Basically they prevent malware from changing important windows components, which could cause undesired effects or leaving your pc useless.

Link to post
Share on other sites

Host intrusion protection software, or HIPS, provides rule and behavior-based system monitoring to guard against unwanted changes. HIPS can be used alongside traditional antivirus software to add an extra layer of security. Some host intrusion protection software provides a learning mode and pre-configured rules.

Software that implement HIPS, or Host Intrustion Prevention System, allow you to monitor all applications, drivers, shared libraries (DLLs), and other activities that occur on your system. For example, in Windows, HIPS software often check when programmes are loaded (whether in the foreground or invisibly, behind your back, in the background), when drivers are being installed or loaded by programs, when global hooks or keyboard hooks are inserted into your system, when code is injected into another process (that is, running program) by another program, etc. Some of them allow you to prevent such programs from running and also allow you to kill (terminate) any programs that may already be running. They may be useful, for example, in helping you detect when a rootkit, keylogger, spyware or trojan is being installed into your system.

Personally, I don't use Windows much, but kids like to play on Windows platform games. Hence I ought to protect it.

I do not use any grand AV suites but it has been agreed among all computing labs that HIPS and isolation is that best method of malware prevention.

Therefore, I protect my platform with:

1. Outpost Firewall Pro with Host Protection System (HIPS)

2. GesWall

On GesWall: GesWall is practically even better than any antivirus (once configured properly). It creates protective bubble, much like a condom with which it accesses the outside world. It's entirely possible to reach my box and even touch it, buuuut only through my 'condom'.

Basically GesWall tells the outside world: 'We can speak, but, please, remember that I'm unreal. Hence, whatever words you say I shall forget as we finish our conversation".

Link to post
Share on other sites

Sorry SlackerLX, but that is plagiarism.

1

Host intrusion protection software, or HIPS, provides rule and behavior-based system monitoring to guard against unwanted changes. HIPS can be used alongside traditional antivirus software to add an extra layer of security. Some host intrusion protection software provides a learning mode and pre-configured rules.

Actual source: http://antivirus.about.com/od/securitytips/g/hips.htm

====================

2

Software that implement HIPS, or Host Intrustion Prevention System, allow you to monitor all applications, drivers, shared libraries (DLLs), and other activities that occur on your system. For example, in Windows, HIPS software often check when programmes are loaded (whether in the foreground or invisibly, behind your back, in the background), when drivers are being installed or loaded by programs, when global hooks or keyboard hooks are inserted into your system, when code is injected into another process (that is, running program) by another program, etc. Some of them allow you to prevent such programs from running and also allow you to kill (terminate) any programs that may already be running. They may be useful, for example, in helping you detect when a rootkit, keylogger, spyware or trojan is being installed into your system.

Actual source: http://www.thefreecountry.com/security/hips.shtml

=======================

The actual name for this security functionality is host-based intrusion prevention system.

I would recommend to state your sources next time you want to place that data or any other data somewhere.

Link to post
Share on other sites

shan.m.kel,

I am a recent former AVG user, I too noticed a big difference when switching from AVG to something else (Kaspersky).

If you need some assistance picking out an AV and would like some recommendations and download links, I'd be more than happy to help you with that!

I'd be happy for any advice you have in the AV neighborhood. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.