Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Addressing Vulnerabilities Logically


  • Please log in to reply
2 replies to this topic

#1 P220ST

P220ST

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 08 September 2006 - 01:09 PM

Bear in mind that I'm a normal, non-IT computer user. My surfing habits are safe and conservative. As best I can tell, Anti-Malware applications seem to fall into three categories:
1) definition, or signature based
2) HIPS behavioral blocker, and
3) heuristic analyzer

Heres what I'm currently running:
1) Windows Defender, real time protection enabled.
2) Webroot SpySweeper, shields up!
3) Eset NOD32, advanced settings enabled.
4) Microsoft Cloudmark Desktop (spam-filter for OE).

Two questions:
1) Are the three categories listed above accurate and comprehensive?
2) If so, is there wasteful overlap or worse, gaping vulnerabilities in the global, synthetic funtion of the four utilities I'm currently running? To address this potentiality:
a. Which should I remove?
b. What should I add?

Anti-Rootkit non-sequitur:
1) given my rather average knowledge of computers, can you recommend a fundamentally sound, user friendly Anti-Rootkit utility that either
a. tells me what to do with what it finds, or
b. refers me to a database wherein I can differentiate between True Positives that need to go and False Positives that I can leave be.
c. Sophos Anti-Rootkit seems to fit the bill. Opinions?
i) does it shield as well as find&remove?

Thank You,
P220ST
HARDWARE
CoolerMaster WaveMaster TAC-T01 Mid-Tower, Intel D975XBX2KR Bad Axe 2 Mobo, Intel® Core™2 Quad 2.4GHz Q6600 CPU, Corsair 4GB [2(2 x 1GB kit)] 5300 DDR2 SDRAM, eVGA e-GeForce 8800GT AKIMBO 512MB SC, Hauppauge HVR-1600, PreSonus Firebox Firewire audio interface/sound card, 4 Seagate 320GB 7200.10 16MB cache HDDs. Seagate FreeAgent XTreme 1TB External Backup.

BC AdBot (Login to Remove)

 


#2 dullblade

dullblade

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:Dulles airport
  • Local time:01:39 AM

Posted 11 September 2006 - 09:18 AM

sounds like you have a pretty good handle on your system and that your knowledge and experience are greater than my own. I have been focusing
on the firewall part of the equation and have found Outpost to be pretty good,although I do not feel I am thoroughly familar with it yet. Shutting down
all avenues of access, especially inbound, except for what you specifically
permit, seems to be the best first step. I am also pretty happy with Webroot.
I do not know enough to really comment further, but does your anti-virus have some sort of logging capability? Checking logs occasionally seems to be a recommended procedure. Thanks to bleeping computer for providing this forum.

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:39 AM

Posted 11 September 2006 - 09:57 AM

Practicing safe internet surfing, E-mail, and downloading habits is certainly a major step in preventing malware, since at least 80 percent of malware involves some form of user action.
A firewall, a resident (and updated) Anti-virus, and currency in updating MS's flood of criticial patches is simply best practice.
Adware and Spyware require, at least for the moment, using multiple applications for their removal; each company has slightly different criteria for what constitutes this kind of malware, so each company's application will search for and find, a slightly different set of files. The most popular of these anti-spyware applications continues to be Spybot Search and Destroy, and of course, Ad-AwareSE. Both update their definitions on a frequent basis, and seem to work well together in catching the vast majority of this kind of malware. Many members have these, as well as others, installed on their computers.
Regards,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users