Prudent Use of AV's

[Signpoet]

All anti-virus products sometimes fail to keep up with the fast pace of new
viruses. What I do is keep three AV's current: AVG, Avast, and Prot-f (DOS).
Running each at intervals keeps me pretty secure.
I know this is a little like wearing both suspenders and a belt.
Connie

 

[kline]

All anti-virus products sometimes fail to keep up with the fast pace of
new
viruses. What I do is keep three AV's current: AVG, Avast, and Prot-f
(DOS).
Running each at intervals keeps me pretty secure.
I know this is a little like wearing both suspenders and a belt.
Connie

Quite possibly, but still better than the "going commando" style still
seemingly preferred by many computer users.

Kline

 

[Conor]

All anti-virus products sometimes fail to keep up with the fast pace of new
viruses. What I do is keep three AV's current: AVG, Avast, and Prot-f (DOS).
Running each at intervals keeps me pretty secure.
I know this is a little like wearing both suspenders and a belt.
Connie

You might want to take a look at PrevX

http://www.theregister.co.uk/2004/09/03/prevx_home/

 

[Signpoet]

You might want to take a look at PrevX

According to the website, works only for 2000/XP. I'll try it when I finally
enter the twenty-first century.
Connie

 

[Bob Adkins]

All anti-virus products sometimes fail to keep up with the fast pace of new
viruses. What I do is keep three AV's current: AVG, Avast, and Prot-f (DOS).
Running each at intervals keeps me pretty secure.
I know this is a little like wearing both suspenders and a belt.

I use one AV program, but avoid files and situations where viruses usually
come from.

 

[H.M.A. (Dick) Hazeleger]

I use one AV program, but avoid files and situations where viruses
usually come from.

Hi Bob,

Does this include: not buying software / hardware (I have heard of
infected driver disks in the past, or infected shareware (I know... OT
here, but just for completeness sake)), not installing software
presents from companies (I very well recall the infected software
present the Amsterdam Stock Exchange sent... and the turmoil
afterwards) and I could go on...

Bob, what I try to say is: You can not avoid situations where viruses
usually come from... they come from many sources... way too many to
avoid them all, unless you turn off your system and never use it again
(which I sincerely hope you won't )

Regards
Dick

 

[Aaron]

Bob Adkins wrote:


Hi Bob,

Does this include: not buying software / hardware (I have heard of
infected driver disks in the past, or infected shareware (I know... OT
here, but just for completeness sake)), not installing software
presents from companies (I very well recall the infected software
present the Amsterdam Stock Exchange sent... and the turmoil
afterwards) and I could go on...

You missed out the most obvious source espically for people here.
Downloading and installing freeware!

 

[H.M.A. (Dick) Hazeleger]

You missed out the most obvious source espically for people here.
Downloading and installing freeware!

Hi Aaron,

Maybe I'm just lucky; but I haven't had even an attempted virus
infection from Freeware (this could be another reason to use well known
freeware :-D ), and I don't talk about programs that were deliberately
build to infect a system (droppers), but I mean programs coming from
infected developer's systems. You know of any examples?

Anyhow, this system now is so now tightly locked that the proverbial
oyster looks like an "open house"... and it still a system on which I
(or other who I would allow to) can work on.

So I didn't forget Freeware, but I simply didn't have examples at hand
to illustrate it!

regards
Dick

 

[Aaron]

Hi Aaron,

Maybe I'm just lucky; but I haven't had even an attempted virus
infection from Freeware (this could be another reason to use well known
freeware :-D ), and I don't talk about programs that were deliberately
build to infect a system (droppers), but I mean programs coming from
infected developer's systems. You know of any examples?

Offhand I can recall only one case recently 2 weeks ago. But then again,
I'm a newbie to this group compared to the dinos here.

http://tinyurl.com/5eafo

I didn't really follow the case, so I don't know if it falls under
delibrate malware or just infection from developer's system. The former
probably.

I suspect the later is pretty rare, partly because developers tend to be
too experienced to fall for simple worms (all the rage these days), and
partly because the infection vector nowdays is mostly email based and
even when those are executed they tend to spread further by email or by
opening backdoors. Few if any try to infect exe and com files.

As you know, in the 1980s and earlier, file viruses which infect exe and
coms were the big danger, and most people got infected via diskettes or
downloading software from bulletin boards while trading software.
Thankful these days are over?*, so the greater threat I think, is
deliberate action by developers to bundle malware, trojan droppers etc.

I have no idea how the currently favourites here handle these sort of
threats, but I'm guessing not so good.

Anyhow, this system now is so now tightly locked that the proverbial
oyster looks like an "open house"... and it still a system on which I
(or other who I would allow to) can work on.

As you are someone who writes lessons on how to do packet sniffing,and
owns a pretty recognised site on spyware, I expect no less.

* Well then again there is malware spreading by P2P ......

 

[Bob Adkins]

Bob, what I try to say is: You can not avoid situations where viruses
usually come from... they come from many sources... way too many to

No danger of that! I really stir the pot. I probably audition an average of
3 programs per day. What I meant was, I don't go far off the beaten path. I
get all my stuff from mainstream download sites (MajorGeeks, FileForum) and
from reputable hardware vendors. In other words, if there's malware in
something, others will probably get hit first, and I'll find out.

 

[H.M.A. (Dick) Hazeleger]

of >> > infected driver disks in the past, or infected shareware (I
know... >> > OT here, but just for completeness sake)), not
installing software >> > presents from companies (I very well recall
the infected software >> > present the Amsterdam Stock Exchange
sent... and the turmoil >> > afterwards) and I could go on...

Offhand I can recall only one case recently 2 weeks ago. But then
again, I'm a newbie to this group compared to the dinos here.

http://tinyurl.com/5eafo

I didn't really follow the case, so I don't know if it falls under
delibrate malware or just infection from developer's system. The
former probably.

I suspect the later is pretty rare, partly because developers tend to
be too experienced to fall for simple worms (all the rage these
days), and partly because the infection vector nowdays is mostly
email based and even when those are executed they tend to spread
further by email or by opening backdoors. Few if any try to infect
exe and com files.

As you know, in the 1980s and earlier, file viruses which infect exe
and coms were the big danger, and most people got infected via
diskettes or downloading software from bulletin boards while trading
software. Thankful these days are over?*, so the greater threat I
think, is deliberate action by developers to bundle malware, trojan
droppers etc.

I have no idea how the currently favourites here handle these sort of
threats, but I'm guessing not so good.



As you are someone who writes lessons on how to do packet
sniffing,and owns a pretty recognised site on spyware, I expect no
less.


* Well then again there is malware spreading by P2P ......

Hi Aaron,

Hmm, well the question I learned to ask is whether is really is a
Trojan or just something that "could be a trojan"; we recently had
something similar with a foreign dll in a program... after the
developer recompiled the source (prolly using a different compiler) the
file all over sudden wasn't a trojan any longer. IMO a false positive,
but it caused quite some stirr up.

Err, the site is no longer dedicated to security and privacy, the
"Crash Course" you are referring to is still there (and it will) but I
no longer provide help in fighting spyware... It became a "one man job"
at some point, and that turned out to be a bit more than I could
handle! But.. I keep my knowledge up-to-date and use it in a very
limited circle! FoxMail, FoxTool and FrontGate MX are now the topics at
least the forums are dedicated to now. Some of the old pages are still
available... but they will disappear before the end of the year!

P2P, frankly I avoid it, too many open ends... and I don't like this
system to act as an 'uncontrolled server', but you are right... many of
these newer worms are spread that way...

BTW: I knew an Aaron over at the old VoP... is that you?

Regards
Dick

 

[H.M.A. (Dick) Hazeleger]

No danger of that! I really stir the pot. I probably audition an
average of 3 programs per day. What I meant was, I don't go far off
the beaten path. I get all my stuff from mainstream download sites
(MajorGeeks, FileForum) and from reputable hardware vendors. In other
words, if there's malware in something, others will probably get hit
first, and I'll find out.

Hi Bob,

Which of course is not a wrong thing to do, and not only with programs,
but with updates as well (as the new SP2 XP teaches us). My sole point
is, that your computer can be infected in so many ways (and Aaron added
a few I didn't mention) that, at least, there should be _some_
defensive software on your system. Your system's (and in a more wider
sense: Your own as well) is something you have to be engaged in, in an
active manner, no Bill Gates, Steve Jobs, Aaron or Dick Hazeleger can
do that for you. Computer security doesn't have to be expensive to be
quite good... the freeware examples of suh software prove that... but
it will take some of your time. But in the end you (this is not pointed
to you as a person, but more in general) will end up not belonging to
those nitwitts who sit for hours and hours on the Internet with their
unprotected systems... sending out thousands of virus/worm copies to
other systems, or spamming the h*ll out of the Internet community.

Heck... I'm dreaming again, since there always will be those, I
guess... OK, time to wake up :-D

Stays safe!
Dick

 

[Bob Adkins]

a few I didn't mention) that, at least, there should be _some_
defensive software on your system. Your system's (and in a more wider

Yes, yes, I wholeheartedly agree Dick.

I recommend a good anti-virus, and anti-spy bot, and an anti-trojan program,
and a firewall for the average user.

For the more adventurous or reckless among us, an extra AV and anti-spy bot
program can help.

If you like to travel light, it's best to stay out of the bad neighborhoods.

 

[Harvey Van Sickle]

No danger of that! I really stir the pot. I probably audition an
average of 3 programs per day. What I meant was, I don't go far
off the beaten path. I get all my stuff from mainstream download
sites (MajorGeeks, FileForum) and from reputable hardware
vendors. In other words, if there's malware in something, others
will probably get hit first, and I'll find out.

Hi Bob,

Which of course is not a wrong thing to do, and not only with
programs, but with updates as well (as the new SP2 XP teaches us).
My sole point is, that your computer can be infected in so many
ways (and Aaron added a few I didn't mention) that, at least,
there should be _some_ defensive software on your system.[/QUOTE]

Bob *did* say that he uses an AV program -- rather than three of them,
like the OP. I think he's also mentioned from time to time that he has
anti-spyware programs -- which he wouldn't have mentioned in this
thread, as the discussion was about how many AV programs to run.

I'm similar: I've got an AV program; AdAware; Spybot S&D; software
firewall and the firewall in my wireless router; and I use non-MS
browser (Firefox), e-mail (Poco) and newsreading (Xnews) clients -- all
separate; no suites. I keep the software up to date, but I don't run
the programs (not even the AV) with real-time monitoring -- I have a
regular system of maintenance during which they get run, and I right-
click and check incoming attachments on a case-by-case basis.

FWIW, I haven't found a stick of spyware, malware, viruses or anything
else dodgy -- not once -- on any of the regular and irregular checks
I've made for well over 3 years.

I don't intend to let my guard down, but the scare scenarios are
sometimes overdone -- so much of it depends on one's individual surfing
and computer maintenance habits.

 

[Bob Adkins]

I don't intend to let my guard down, but the scare scenarios are
sometimes overdone -- so much of it depends on one's individual surfing
and computer maintenance habits.

Very true. Too much security is nearly as bad as some of the spyware. A
balance must be struck, or you'll be paralyzed... afraid to try any new
program or visit any unfamiliar web page.

Exposure to malware can be greatly reduced by simply sticking to reputable
download sites. The real biggie is scanning E-mail. I get 99% of my AV hits
from E-mail.

The way I avoid spyware is learning which programs do and do not harbor it,
and which type of sites and site activity can infest you. I still get
surprises, because it's impossible to avoid 100% of spyware. I use a silly
little program called "WinPatrol" that barks when something tries to add
itself to Windows startup or change my HOSTS file. It's not as heavy as
Ad-Aware and Spybot S&D's resident sniffers.

BARK!!! Good dog!

 

[H.M.A. (Dick) Hazeleger]

Very true. Too much security is nearly as bad as some of the spyware.
A balance must be struck, or you'll be paralyzed... afraid to try any
new program or visit any unfamiliar web page.

Exposure to malware can be greatly reduced by simply sticking to
reputable download sites. The real biggie is scanning E-mail. I get
99% of my AV hits from E-mail.

The way I avoid spyware is learning which programs do and do not
harbor it, and which type of sites and site activity can infest you.
I still get surprises, because it's impossible to avoid 100% of
spyware. I use a silly little program called "WinPatrol" that barks
when something tries to add itself to Windows startup or change my
HOSTS file. It's not as heavy as Ad-Aware and Spybot S&D's resident
sniffers.

BARK!!! Good dog!

Hi Bob!

(Greetings to "Scotty" )

I agree that too much is just that: Too much; however having a
"layered defense" is something that is advised by everyone in the
scene... In fact you do the same yourself. BTW: Scotty does more, but
it is sometimes 'slow on the job' (depending on the intervals in which
you let it check the registry... PrevX, SpywareGuard and Regport are
much faster.

I also agree that most viruses come in by eMail nowadays, although...
for those who use P2P (which I avoid like the plague) the danger of
getting something through that is quite imminent, Aaron was right when
he mentioned that! But viruses don't even make it into my inbox, they
are scanned (AVG PMP), detected and trashed, and that is the way I want
it.

Spyware, I only see it on systems I have to attend to because they
don't function like they should: Timesink, Conducent, Comet Cursor... I
still meet them once in a while, together with CoolWeb and other real
nasties.

Despite of all the background process running on this system, I still
can manage to use quite some programs in my four virutal desktops
(VirutaWin) like my browser (with at least four tabs opened, refreshing
every 5 minutes), my FoxMail, Wordprocessor (OT here) and other
software that I may need, only needing to reboot once in a while
(W2KPro running)... I am pleased with the system I have, and the
software that is running here now, and that is what matters to every
single owner of a computer, although they may have different ideas
about security than I have.

Going back to PrevX... for me, this program (if the home version stays
freeware) may replace a few of the programs I have running at the
moment in due time, first I have to see into what it will develop.

Regards to all,
Dick

 

[Bob Adkins]

Going back to PrevX... for me, this program (if the home version stays
freeware) may replace a few of the programs I have running at the
moment in due time, first I have to see into what it will develop.

Hi Dick,

You seem to be impressed with PrevX. Can it help even if you run a firewall,
AV, and anti-spy bot immunization? What are some advantages and
disadvantages? Does it interfere with any of your other programs so far? Do
you foresee it as being the next "must have" app (like Ad-Aware or SS&D)?

Thanks!

 

[H.M.A. (Dick) Hazeleger]

Hi Dick,

You seem to be impressed with PrevX. Can it help even if you run a
firewall, AV, and anti-spy bot immunization? What are some advantages
and disadvantages? Does it interfere with any of your other programs
so far? Do you foresee it as being the next "must have" app (like
Ad-Aware or SS&D)?

Thanks!

Hi Bob,

Well... the registry protection is very thorough (Like I wrote to Pat:
On my W2KPro I had to give permission to even access the hardware
manager in my admin account), it also registered registry changes
instanteneously, while WinPatrol (prolly because of the settings)
waited for about a minute before even reporting it; that is one added
value, while at the same time this is a disadvantage: You have to go
through a "security check" every time you want to do something that
even would access the registry (even only for reading). Funny thing
though: Regedit is allowed without any questions... now talking about
something really dangerous ;D

The trojan protection hasn't been active yet (but you never know). The
anti-hacker prevention, same story... you never know when it might be
handy, especially for those not behind a NAT-router, or those who use a
"not-so-strong" firewall.

Another advantage is that it is highly configurable, and that this
configuration can be protected by a password to prevent tampering with
the settings.

Will it become a "must have"...? Oh my, I am very bad in the "crystal
ball" trade; but I think that in some months time, it could replace a
few programs that are now being referred to as "must have" and will
take their place as such in the list... we will see! When time permits
I will tst it with a known trojan, not on this system though... on
another system... as it is unwise to use a 'production system' in tests
like these.

Regards
Dick

 

[Bob Adkins]

Another advantage is that it is highly configurable, and that this
configuration can be protected by a password to prevent tampering with
the settings.

Well, I got off my lazy duff and downloaded it.

It seems easy enough to configure and use. Seems pretty straightforward. It
has a small, tidy footprint. The brown interface is a bit hard to read, but
that's not a deal killer by any means.

Thanks for the tip. I could really become dependent on PrevX.

 

[null]

Thanks for the tip. I could really become dependent on PrevX.

I've been reading this series of posts, and I do wonder why people
choose to go the route of loading their systems up with various kinds
of security underfootware. What in the world are you doing that makes
you think you need all that stuff?

I decided long ago to run a long term experiment with "safe hex" and
no realtime av or firewall (Win 98 and now ME). The last couple of
years I've been on line all day with DSL. No problems whatsoever. No
spyware, no malware of any kind.

One of the silliest things, IMO, is this business of scanning email.
Using Moz emal or Pegasus, there ain't no way you can get infected. I
simply follow the safe hex rule of deleting all unsolicited
attackments. That's all there is to it.

Using Mozilla as my default and primary browser, I leave javascript on
all the time ... even when I'm investigating alleged malicious web
sites or downloading malware from dark places for my test collection.
When I use IE it's always on max security except, of course, when I
downloaded MS security patches. I couldn't live with a realtime av
monitor since I handle malware quite often. Anti-virus has been a long
time hobby of mine. It's all just a matter of not running malware and
using apps that won't auto-run malware. Very simple and easy to do. Of
course, a day may come when the latest release of Moz does have some
serious unkown vulnerability that the bad guys have managed to quickly
exploit, but the chances of a av realtime monitor catching the new and
"unknown" exploit are very slim anyway. In any event, I maintain a
cloned h.d. on a removeable tray, and I can restore Windows and
everything else in a relatively short time if necessary.

I use DOS av scanners and I keep AdAware and Spybot up to date. I'll
be damned if they ever find anything in the freeware I've downloaded.
If KAVDOS32 can't scan some install file, I just delete the install
file unless it's from a highly reputable source.

You (knowledgeable) guys that are so paranoid and loaded with
underfootware must be taking great risks with crapware downloads or
something. To me, it just doesn't make any sense otherwise. And I
wonder if risky crapware is really worth all the trouble and
annoyances.


Art
http://www.epix.net/~artnpeg