Jump to content

What other resident protection is necessary?

maiki
 Share

Recommended Posts

maiki

maiki

Posted
Posted

I currently have Symantec Corporate Anti-Virus running in background (free from work), and Windows Defender. I also use Spyware Blaster, and the immunization feature of Spybot. I use Windows Firewall.

I recently had a bad infection, which neither of the two background scanners recognized at all (vundo, etc.). I downloaded the free MBAM, and it cleared it up. Thank you.

Yet, I am getting frequent false positives these days from SAV.

I am thinking of purchasing MBAM resident protection. I am wondering, what could it replace. If I had MBAM background protection running, no need for Windows Defender or any other background anti-spyware app, correct? (Although I know it's good to use different on-demand scanners.)

I have read people's questions here about whether they need to have a background AV program running besides MBAM, and your answer is always yes. But I'm wondering, is that really necessary, or do you say that, to be on the safe side?

Isn't there some overlap between what background MBAM does and a background AV app. Both look for trojans and other malware, no? Doesn't MBAM look for viruses as well, or does ignore them, leaving them to the AV apps?

Just trying to avoid too many unnecessary background apps running, hogging resources, etc. Also, SAV did not help me at all with the recent infection (which MBAM fixed), yet it keeps feeding me false positives.

Are any readers here using MBAM as your only resident protection, without a resident AV app? If so, how is that working for you?

Link to post
Share on other sites
joe53

joe53

Posted
Posted

Hi maiki:

Although you will occasionally hear mavericks claim they don't use an AV and never get infected, it's like driving without a seat belt. Every respected expert I know at other reputable security forums recommends both a resident AV and a resident anti-spyware also, it's not just here. I would never trust an anti-spyware vendor that claimed otherwise.

Your AV and and AS are second-line defenses; your safe computing practises are the front line. Every AV gives false positives, and even the best combo of defensive programs won't trump careless user practises.

If your aim is to minimise your CPU and memory usage, there are certainly AVs that have a smaller footprint than SAV.

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted
I currently have Symantec Corporate Anti-Virus running in background (free from work), and Windows Defender. I also use Spyware Blaster, and the immunization feature of Spybot. I use Windows Firewall.

I recently had a bad infection, which neither of the two background scanners recognized at all (vundo, etc.). I downloaded the free MBAM, and it cleared it up. Thank you.

Yet, I am getting frequent false positives these days from SAV.

I am thinking of purchasing MBAM resident protection. I am wondering, what could it replace. If I had MBAM background protection running, no need for Windows Defender or any other background anti-spyware app, correct? (Although I know it's good to use different on-demand scanners.)

I have read people's questions here about whether they need to have a background AV program running besides MBAM, and your answer is always yes. But I'm wondering, is that really necessary, or do you say that, to be on the safe side?

Isn't there some overlap between what background MBAM does and a background AV app. Both look for trojans and other malware, no? Doesn't MBAM look for viruses as well, or does ignore them, leaving them to the AV apps?

Just trying to avoid too many unnecessary background apps running, hogging resources, etc. Also, SAV did not help me at all with the recent infection (which MBAM fixed), yet it keeps feeding me false positives.

Are any readers here using MBAM as your only resident protection, without a resident AV app? If so, how is that working for you?

Hi maiki and welcome to Malwarebytes. Joe53 is correct. But I will elaborate a bit. First Spyware Blaster and immunization in SBS&D are not back ground scanners. They block sites and active X installs. Keep them always updated and all protections enabled. Second, get a free AV that won't suck the life out of your system and is actually working. We recommend Avira from Antivir to run along sided of MBAM. You do need an anti virus, MBAM is not an antivirus program. The Windows firewall is crap. Online Armor makes a great free firewall I run it Avira and MBAM all together and have very low system resource use. If your going to buy MBAM, please use the link in my signature. Feel free to keep asking questions, we aim to please and give the best support we can for our product.

Link to post
Share on other sites
EliteKiller

EliteKiller

Posted
Posted
Hi maiki:

Although you will occasionally hear mavericks claim they don't use an AV and never get infected, it's like driving without a seat belt. Every respected expert I know at other reputable security forums recommends both a resident AV and a resident anti-spyware also, it's not just here. I would never trust an anti-spyware vendor that claimed otherwise.

A real-time AV and AS aren't necessary if you're using a quality HIPS, a virtualization app such as Returnil, or a limited account w/ disallowed by default SRP. The AV and AS them become an optional on-demand tool.

Link to post
Share on other sites
maiki

maiki

Posted
  • Author
Posted
Hi maiki:

Although you will occasionally hear mavericks claim they don't use an AV and never get infected, it's like driving without a seat belt. Every respected expert I know at other reputable security forums recommends both a resident AV and a resident anti-spyware also, it's not just here. I would never trust an anti-spyware vendor that claimed otherwise.

Your AV and and AS are second-line defenses; your safe computing practises are the front line. Every AV gives false positives, and even the best combo of defensive programs won't trump careless user practises.

If your aim is to minimise your CPU and memory usage, there are certainly AVs that have a smaller footprint than SAV.

OK.

Isn't there a lot of overlap between the two kinds of scanners though? For instance, both an AV program and an AS program look for trojans, no?

Which kind of malware do AV apps look for, that AS apps do not, and vice versa? And Malwarebytes isn't specifically called an anti-spyware app, but rather an anti-malware app. Doesn't the classification "malware" include all types of malevolent software code, whether it is classified as virus, trojan, rootkit, spyware, etc., etc.? Or--which kinds of malware does MBAM not look for?

I know the standard practice is to have two apps, for AV and AS. Wouldn't it be simpler, though, for one app to search for all kinds of malware, and eliminate the overlap in categories? I don't mean one of those suites that bundles together an AV and an AS app, as two separate apps purchased together. I mean, for instance, if MBAM expanded its range to include all types of malware, eliminating the need to have two separate background scanners?

Link to post
Share on other sites
exile360

exile360

Posted
Posted
OK.

Isn't there a lot of overlap between the two kinds of scanners though? For instance, both an AV program and an AS program look for trojans, no?

Which kind of malware do AV apps look for, that AS apps do not, and vice versa? And Malwarebytes isn't specifically called an anti-spyware app, but rather an anti-malware app. Doesn't the classification "malware" include all types of malevolent software code, whether it is classified as virus, trojan, rootkit, spyware, etc., etc.? Or--which kinds of malware does MBAM not look for?

I know the standard practice is to have two apps, for AV and AS. Wouldn't it be simpler, though, for one app to search for all kinds of malware, and eliminate the overlap in categories? I don't mean one of those suites that bundles together an AV and an AS app, as two separate apps purchased together. I mean, for instance, if MBAM expanded its range to include all types of malware, eliminating the need to have two separate background scanners?

MBAM doesn't detect file infector viruses or worms like an AV would. It is a program used to guard against very specific types of infections, primarily those of rootkits, rogue software and the trojans that are associated with spreading them. It's also pretty good at catching a lot of the spyware that's out there and for these reasons it is typically classified by uses as more of an anti-spyware app. There certainly will be a certain level of overlap in detections, but generally speaking, there are a multitude of infections your AV will detect that MBAM never will because it wasn't made to target them, at the same time there are several infections (like zlob and vundo/virtumonde etc) that are so common these days that both will detect, but MBAM is more likely to find/remove the newest variants, whereas even if your AV does detect it, it most likely won't be able to remove it completely. That's kind of what MBAM is for, getting rid of and preventing the nastiest and hardest to remove infections out there, not so much regular viruses and trojans.

Link to post
Share on other sites
melboy

melboy

Posted
Posted
A real-time AV and AS aren't necessary if you're using a quality HIPS, a virtualization app such as Returnil, or a limited account w/ disallowed by default SRP. The AV and AS them become an optional on-demand tool.

Not everyone is technically minded enough to understand HIPS warning messages. To my knowledge you can't use a Software Restriction Policy if you have Windows XP Home, Windows Vista Home Basic, or Windows Vista Home Premium.

Link to post
Share on other sites
EliteKiller

EliteKiller

Posted
Posted
Not everyone is technically minded enough to understand HIPS warning messages. To my knowledge you can't use a Software Restriction Policy if you have Windows XP Home, Windows Vista Home Basic, or Windows Vista Home Premium.

The discussion is about necessary resident protection and not "I don't know what to do" or "my OS doesn't support this feature". :D

To further comment on maiki's OP, MBAM will co-exist with SAV just fine. Nothing is 100% on any given day, and having a layered defense is a wise solution. There are a multitude of items that SAV Corp will detect that MBAM will miss. You could have <insert another AV mfg. here> and still get infected with a zero day exploit.

Link to post
Share on other sites
maiki

maiki

Posted
  • Author
Posted
MBAM doesn't detect file infector viruses or worms like an AV would. It is a program used to guard against very specific types of infections, primarily those of rootkits, rogue software and the trojans that are associated with spreading them. It's also pretty good at catching a lot of the spyware that's out there and for these reasons it is typically classified by uses as more of an anti-spyware app. There certainly will be a certain level of overlap in detections, but generally speaking, there are a multitude of infections your AV will detect that MBAM never will because it wasn't made to target them, at the same time there are several infections (like zlob and vundo/virtumonde etc) that are so common these days that both will detect, but MBAM is more likely to find/remove the newest variants, whereas even if your AV does detect it, it most likely won't be able to remove it completely. That's kind of what MBAM is for, getting rid of and preventing the nastiest and hardest to remove infections out there, not so much regular viruses and trojans.

So, are you saying that MBAM isn't really an antispyware program either, but catchesa malware other than virii or spyware?

If so, should one actually have a resident anti-spyware app running all the time as well? That would mean 3 background security apps running all the time--AV, AS, and MBAM--a lot of background scanners?

Or enough to do on-demand spyware scannng with spybot or other app, as well as MBAM and AV scans?

Link to post
Share on other sites
EliteKiller

EliteKiller

Posted
Posted
So, are you saying that MBAM isn't really an antispyware program either, but catchesa malware other than virii or spyware?

If so, should one actually have a resident anti-spyware app running all the time as well? That would mean 3 background security apps running all the time--AV, AS, and MBAM--a lot of background scanners?

Or enough to do on-demand spyware scannng with spybot or other app, as well as MBAM and AV scans?

IMO you're making things more complex than they really are. MBAM is an anti-spyware/adware/trojan. The term malware covers the aforementioned plus worms, poly's, rootkits, keyloggers, etc.

Having MBAM paid w/ real-time active, a real-time AV such as Avira, AVG, NOD32, etc., a hardware firewall (router), and possibly a light HIPS or behavior blocker such as Threatfire is a robust layered defense. Even with such a fine arsenal of tools it's still not 100% effective.

Link to post
Share on other sites
Guest ghot

Guest ghot

Posted
Posted

Threatfire is free and has resident process.....BUT Norton Corp will catch anything, as long as u update it daily and run the file system auto protect......you can Google EICAR and download test viruses...they ARE a virus but with no payload.....after DLing them to desktop...try to open the zip or double click the file inside....Norton will nuke it in 1/2 second.....

FYI after test do START > RUN > search for eicar on your primary harddrive to get rid of any remains...

EICAR is a very well known test in the industry :)

Link to post
Share on other sites
EliteKiller

EliteKiller

Posted
Posted
BUT Norton Corp will catch anything, as long as u update it daily and run the file system auto protect.

Don't kid yourself. The fact of the matter is that no AV is 100%. I've got SAV 10.1 Corp deployed at the office, as well as other client locations, and it fails to detect a lot of nasty malware. One of the guys at my office managed to infect a pc with Antivirus XP 2008 a few weeks ago.

Link to post
Share on other sites
Guest ghot

Guest ghot

Posted
Posted
Don't kid yourself. The fact of the matter is that no AV is 100%. I've got SAV 10.1 Corp deployed at the office, as well as other client locations, and it fails to detect a lot of nasty malware. One of the guys at my office managed to infect a pc with Antivirus XP 2008 a few weeks ago.

You're 100% right on that...thats why I run Malwarebytes too :)

Hers what I run:

7-Zip, Fm, Fm

Ahead, Cover Designer, Cover Designer

Ahead, Nero - Burning Rom, Nero - Burning Rom

Ahead, Nero BackItUp, Nero BackItUp

Ahead, Nero Fast CD-Burning Plug-in, Nero Fast CD-Burning Plug-in

Ahead, Nero SoundTrax, Nero SoundTrax

Ahead, Nero StartSmart, Nero StartSmart

Ahead, Nero Toolkit, Nero Toolkit

Ahead, Nero Wave Editor, Nero Wave Editor

Ahead, NeroCBUI, NeroCBUI

Ahead, Shared, Shared

Analog Devices, Dts, Dts

Analog Devices, IFShare, IFShare

Analog Devices, Smax4, Smax4

Analog Devices, Smax4pnp, Smax4pnp

Analog Devices, Smwdmif, Smwdmif

Analog Devices, SoundMAX, SoundMAX

Andrea Electronics, Driver, Driver

Asus, Aasp, Aasp

Asus, Acpidrv, Acpidrv

Asus, Autorun, Autorun

Asus, Iodrv, Iodrv

Battle.net, Configuration, Configuration

Battle.net, Patch, Patch

BitTorrent, UTorrent, UTorrent

Blizzard Entertainment, Diablo II, Diablo II

Eset, EsetOnlineScanner, EsetOnlineScanner

EuMus Design, Virtual Audio Cable, Virtual Audio Cable

Foxit Software, Foxit Reader, Foxit Reader

Futuremark, 3DMark06, 3DMark06

Futuremark, CommonInfo, CommonInfo

GlarySoft, Glary Utilities, Glary Utilities

Grisoft, AVGAntiRootKit, AVGAntiRootKit

InstalledOptions, AnalogDevices, AnalogDevices

InstallShield, Driver, Driver

InstallShield, UpdateService, UpdateService

Intel, DLLUsage, DLLUsage

Intel, Indeo, Indeo

Intel, LANDesk, LANDesk

Jasc, Animation Shop 3, Animation Shop 3

Jasc, Ereg, Ereg

Jasc, Global, Global

Jasc, Installed, Installed

Jasc, Jasc Update, Jasc Update

Jasc, Paint Shop Pro 7, Paint Shop Pro 7

Jasc, Paint Shop Pro 9, Paint Shop Pro 9

Jasc, UpdateService, UpdateService

JavaSoft, Java Plug-in, Java Plug-in

JavaSoft, Java Runtime Environment, Java Runtime Environment

JavaSoft, Java Update, Java Update

JavaSoft, Java Web Start, Java Web Start

JavaSoft, Java2D, Java2D

Lavalys, Everest, Everest

Macromedia, FlashPlayer, FlashPlayer

Macromedia, Shockwave 10, Shockwave 10

MagicISO, Reopen, Reopen

Mdc, RefCounters, RefCounters

Mozilla.org, Mozilla, Mozilla

MozillaPlugins, @adobe.com/FlashPlayer, @adobe.com/FlashPlayer

MozillaPlugins, @pandasecurity.com/activescan, @pandasecurity.com/activescan

Mozilla, Mozilla Firefox, Mozilla Firefox

Mozilla, Mozilla Firefox 3.0.3, Mozilla Firefox 3.0.3

Nero, Uninstall, Uninstall

Netscape, Netscape Navigator, Netscape Navigator

Nico Mak Computing, WinZip, WinZip

Ninotech Software, Path Copy, Path Copy

NVIDIA Corporation, Global, Global

NVIDIA Corporation, Installer, Installer

NVIDIA Corporation, NForce, NForce

NVIDIA Corporation, NVControlPanel, NVControlPanel

NVIDIA Corporation, NVIDIA Control Panel, NVIDIA Control Panel

Panda Software, ActiveScan 2.0, ActiveScan 2.0

Panda Software, Setup, Setup

Panda Software, SetupEx, SetupEx

PowerISO, SCDEmu, SCDEmu

PowerQuest, PartitionMagic, PartitionMagic

Resplendence Sp, RootKit Hook Analyzer, RootKit Hook Analyzer

Safer Networking Limited, SpybotSnD, SpybotSnD

Smart Projects, IsoBuster, IsoBuster

SnoopFree, Privacy Shield, Privacy Shield

Staccato, SCa, SCa

Symantec, Common Client, Common Client

Symantec, InstalledApps, InstalledApps

Symantec, LiveUpdate, LiveUpdate

Symantec, Norton Ghost, Norton Ghost

Symantec, Oem, Oem

Symantec, Shared Technology, Shared Technology

Symantec, SharedDefs, SharedDefs

Symantec, SharedUsage, SharedUsage

Symantec, Spbbc, Spbbc

Symantec, Symantec AntiVirus, Symantec AntiVirus

Symantec, Symevent, Symevent

Sysinternals, TCPView, TCPView

Terminal Reality, 4x4 Evo2, 4x4 Evo2

Terminal Reality, 4x4 Evolution, 4x4 Evolution

TrendMicro, HijackThis, HijackThis

Unwinder, RivaTuner, RivaTuner

Unwinder, RivaTuner V2.10, RivaTuner V2.10

VB And VBA Program Settings, CCleaner, CCleaner

Verizon Online, FiosRestore, FiosRestore

WinRAR, ArcHistory, ArcHistory

WinRAR, DialogEditHistory, DialogEditHistory

WinRAR, FileList, FileList

WinRAR, Formats, Formats

WinRAR, General, General

WinRAR, Interface, Interface

WinRAR, Profiles, Profiles

WinRAR, Setup, Setup

WinRAR, Viewer, Viewer

Xteq Systems, X-Setup Pro, X-Setup Pro

Zone Labs, IMsecure, IMsecure

Zone Labs, MiniLog, MiniLog

Zone Labs, Monitor, Monitor

Zone Labs, TrueVector, TrueVector

Zone Labs, ZoneAlarm, ZoneAlarm

[unknown], 7-Zip, 7-Zip

[unknown], CCleaner, CCleaner

[unknown], Driver Cleaner Pro, Driver Cleaner Pro

[unknown], InfraRecorder, InfraRecorder

[unknown], Licenses, Licenses

[unknown], Malwarebytes' Anti-Malware, Malwarebytes' Anti-Malware

[unknown], PowerISO, PowerISO

[unknown], RegisteredApplications, RegisteredApplications

[unknown], RtlWake, RtlWake

[unknown], RtWLanP, RtWLanP

[unknown], Set8187, Set8187

[unknown], WinRAR SFX, WinRAR SFX

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.