Welcome Guest.   Make a donation to an author on the site September 30, 2014, 08:58:34 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Does reliable PC security have to cost money?  (Read 10361 times)
icekin
Supporting Member
**
Posts: 263

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: November 04, 2007, 11:12:11 PM »

A friend of mine brought over his virii (yup, there were plenty on board) infected external USB drive and plugged it into my laptop. Avast Home edition (free) was running, up to date with the latest definitions (updated daily). Before I knew it, I couldn't open msconfig or regedit from Win + R or any other way. A bunch of files called hfhludy.exe and meex.exe copied themselves to every freaking drive on my computer and the network. Needless to say, those on my network were not pleased.

I find this virus interesting because its also like a Trojan. If I went to Google and searched for how to remove it, it would close my browser (Firefox and Opera). If I tried to go to TrendMicro's Online Scanner, it would close the browser window again. It added two processes to the startup. Since regedit didn't work, I used Spybot S&D to disable them, but they appeared again on startup. Deleting or replacing the autorun.inf file in each drive did nothing either.

The bottom line is : Avast Failed against the TR/downld.B Virus. But, both AVG and Antivir were able to detect it when I plugged in the Hard drive into another computer through an external case. This isn't the first time. I've had the flashplay.dll worms on my computer from USB thumb drives and Avast kept scanning them, but said they were okay. It was only a week later that the worm was added to the virus definitions.

An anti-virus is only as good as it frequently updated by its manufacturer. I liked Avast and recommended it to all my friends whose machines I've fixed, but I will be emailing them with an advice to switch to AntiVir or AVG at the soonest.

Perhaps, it is indeed fallacy to think that free anti-virus solutions will stand up to their commercial counterparts. Multiple layers of defense by installing several anti-virus programs would be nice, but I've encountered conflicts while attempting that in the past. Not to mention the added resource overhead, which an old machine like mine does not need.

Does reliable computer security (on Windows) have to cost money?
« Last Edit: November 04, 2007, 11:20:28 PM by icekin » Logged
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: November 05, 2007, 07:03:26 AM »

I don't think it is a free vs pay thing - after all avg, antivir and bitdefender (possibly more) all also have a free product, and avast has a commercial product.

It could be that Avast missed it, that avast was slow with updating their definitions for that one. Or it could be that you previously told it to ignore a kind of alert that was similar to that, or told it not to scan your USB drives quite as aggressively (if you rarely plug other people's drives) or some other config choice you made (level of protection, frequency of upgrades)... It is quite possible that your year-old config was no longer as good as the out-of-the-box config of these other products (or possibly even that the out-of-the-box config a new avast install would have)...

Every year, one or two of the av makers will have an off period where they start missing some viruses, i.e. be up to a week late compared to others with reacting to particular threats. They tend to then catch up and it happens to another one. A few products are more consistently good, but even them have phases where they fall behind on one kind of threat or another.

Avast is not top for detection, but it is solid. It is a good tool for people who go on the web etc. and arent very comfortable around computer lingo. It feels friendlier in its messages and approach for casual consumers. Some products have higher absolute security but could be less secure in "casual" hands as it is to hard to understand what the messages are saying etc.
Logged
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: November 05, 2007, 07:09:24 AM »

Although free/cheap security has to start with the user - if you are careful and on the paranoid side systematically, then you can do very well with just one free or commercial security tool..

if you want to do silly things like plugging unknown USB data sources into your system without previously telling your AV to be ready to do an in depth dont-trust-it scan  tongue , or downloading things from shady filesharing places, open weird email attachments or saying yes to every popup... then you need to buy several layers of security software.

Any single product will always miss something.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: November 05, 2007, 08:19:59 AM »

One good piece of advice: disable autorun. completely.

If you do that and are a bit careful (and, sorry but it's true, stop using IE or anything IE-based) you really shouldn't be infected. Oh yeah, if you're on a LAN you'll want a firewall, but XP's native firewall is good enough for that.
Logged

- carpe noctem
icekin
Supporting Member
**
Posts: 263

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: November 05, 2007, 08:32:50 AM »

Actually, Avast was always set to high security level on my PC. This meant some false positives, but I was always okay with that.

This is the first time in the last 6.5 years that I have been hit by a virus so bad that I had to spend an entire day trying to get rid of it. I've always been careful with plugging in drives, but even when some were plugged in with a virus, Avast would clean it up. About 3 years ago, I was still on AVG, but I switched to Avast then for the same reason - AVG failed to detect some small worms and I started losing confidence.

I agree that all anti-virus makers undergo a period of missing definitions, but that's where the in-built heuristic detection comes in. The best programs can even detect virii that are not in their definitions purely based on the file's behavior. Kaspersky and NOD32 are two programs well advertised for their high detection rates.

On the freeware scene, my only remaining options are AntiVir (which I have now installed), Winpooch (clam-av based) and bitdefender free. Maybe I am asking too much out of a freeware program. What methods of multiple layering is recommended? I've tried installing two anti-virus programs at once, but they don't work with each other.

My ideal solution would be to have some program that prevented files on USB drives from being automatically copied over without explicit permission from the user. This would automatically stop all the trojans that spread automatically.
Logged
icekin
Supporting Member
**
Posts: 263

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: November 05, 2007, 08:42:27 AM »

One good piece of advice: disable autorun. completely.

If you do that and are a bit careful (and, sorry but it's true, stop using IE or anything IE-based) you really shouldn't be infected. Oh yeah, if you're on a LAN you'll want a firewall, but XP's native firewall is good enough for that.


Autorun is one of the first things I switch off after a default XP install, using TweakUIXP. K-Meleon and Firefox are the main browsers on my computer, IE is only used when some amateur site does not display or work properly.

I use XP's firewall and in fact, I have disabled file sharing over LAN completely, which means I can access other's files, but they can't access mine. I used to have Tiny and later Kerio Firewall. Both were great programs, but an annoyance since I had to create a rule for every program that wanted to connect to the internet. I haven't used a dedicated firewall program since 2003, but my D-Link router is supposed to come with an inbuilt firewall as well. However, I think all it really does is block unused ports. A trojan can always still communicate over the open ports though.

Right now, I am thinking of going back to installing a dedicated firewall for better security, but I know its no protection against viruses entering through physical media such as thumb drives. In fact, I would guess that's where all my viruses have ever come from.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: November 05, 2007, 08:51:20 AM »

If you use XP's firewall, have disabled autorun, and generally don't use IE... then how the hell did you get hit? You must've manually run something off his USB drive Cry

When connected to the internet, using a router with NATing is imho a must. And if you do that, with no default "send all traffic to a DMZ host" but only manually specified port forwarding (and uPNP, it's not as bad as people say), you really shouldn't be hit.
Logged

- carpe noctem
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: November 05, 2007, 11:44:15 AM »

F0dder: Yes but if he manually ran something then the virus scanner's on-access protection should have kicked in and caught it! I think it seems avast has indeed missed that one or it fell outside the scope of the free product.

Icekin: Glad you were ok clearing it all though.

To go back to the indirect question in the thread, as we are all software junkies anyway:

You might not get the same level of smooth packaged protection from free products, but you can build a very secure PC with free products - you just need 5+ layers of them:

A free virus scanner, I tend to recommend avira for people who can put up with its slightly "techie" feel and not be intimidated. But avg, avast and a few others all give a good protection against viruses, normally! The difference between free virus scanners and commercial ones is typically not the virus protection but all the other things you get around it: additional layers of protections (spyware, trojans etc.), easier interface etc.
On some of my pcs I use bitdefender, the commercial version but this is newly available in a light free version. Not sure how it compares but I suspect the definitions are in sync with the commercial product. On my mom and some friend's pcs I use avast or avira.

A free firewall - I am not up to date on these at all

Another layer of protection is to have something like winpatrol (or any similar "changes" watcher) to watch for suspicious changes in IE configuration, or the registry etc. I use winpatrol (free) and regrun (not free) on different PCs and might buy WP pro just to support it.

Another layer are the trojan and spyware tools - I use boclean, SpywareGuard, SpywareBlaster. They are simple and quite unobtrusive.

And a good backup/image tool, as sometimes it is easier to roll back than try to clean.

Theres a lot more sophisticated stuff available for free, my head buzzes everytime i go to wilder's security forums, i cant keep up with that field anymore! You have application walls and registry guards, spyware scanning tools and resident sniffers and virtual sandboxes...

I stick with less intensive methose as I have a rather conservative behaviour and dont think I need that many layers.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: November 05, 2007, 05:16:44 PM »

A free firewall - I am not up to date on these at all
The windows XP firewall will do just fine, if you get to the point where you need outgoing protection you're either (A) paranoid or (B) already screwed by malware.

I'd love to get into the habit of using sandboxing stuff; not as malware protection, but when testing out shareware apps and the like. This system is pretty junky by now embarassed
Logged

- carpe noctem
mouser
First Author
Administrator
*****
Posts: 33,409



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: November 05, 2007, 05:43:32 PM »

Getting back to the original question:

I think your point was key -- an antivirus tool can't be good unless it is CONSTANTLY updated.  That basically rules out all amateur hobby solutions.

So basically if you want a good antivirus you are going to have to go with a product coming from a company that is making consistent income that they can afford to constantly be keeping it up to date at a fast pace.

However, that doesn't necessarily mean that you can't find such an antivirus tool that is free for home use, as some good commercial products make their money from commercial sales (for example AntiVir).

On the other hand, this might be one of those categories of programs where the proper question to ask yourself is something like:  Is it worth a few bucks a year for me to have the best program if it is a commercial product?

For me the answer is yes.  The cost of the best commercial antivirus and firewall tools are cheap enough and the importance is high enough, that i wouldn't take cost into consideration for this kind of product.
Logged
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: November 06, 2007, 03:49:49 AM »

I guess it depends on what you call "cheap enough"

Apart from bitdefender and avira we are talking £60/year/machine on many of the top ones. Not quite feasible if like me you keep many machines for testing, faffing around with.
Also feels a bit pricey for my mum etc.
« Last Edit: November 06, 2007, 03:57:38 AM by iphigenie » Logged
icekin
Supporting Member
**
Posts: 263

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: November 06, 2007, 07:11:05 AM »

Well, after iphigenie's tips on layered security, I downloaded and tried almost all those programs (and some others). I've gone with a solution of AVG Anti-Virus + AVG Anti-Spyware + AVG Anti-Rootkit Scanner. I also have Spybot S&D for a weekly scan with IESpyAds to block bad sites.

I tried SpywareGuard, SpywareBlaster and Winpatrol, but didn't feel they added anything extra to the AVG suite + Spybot S&D. I am also hoping that using all products from one company (Grisoft) will eliminate any conflicts between the programs. What I could have really used would have been a second Anti-Virus solution, but that causes conflicts except with ClamAV (without the Winpooch). So, now I've got ClamAV Portable installed and set to do weekly scans, but I think this will be mostly useless since ClamAV is always behind (even Avast is faster) when it comes to updating definitions. Its really only good as an anti-virus for a UNIX machine where viruses aren't really a concern.
Logged
Darwin
Charter Member
***
Posts: 6,979



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: November 06, 2007, 07:47:45 AM »

Thanks for the tip about ClamAV, icekin. Not sure if I'm going to risk it (YEARS of repeating the mantra about not running two AV solutions together have programmed a severe startle response in me at the mere thought of it) but it's nice to know that it's possible. If I want a second opinion, I just use an on-line scanner - BitDefender or TrendMicro. I still have a valid licence for AVG Pro and wish I keep it installed to backup Webroot's AntiVirus with Spysweeper (yup, they changed the name). Sophos provides the engine and definitions for Webroot and it's not let me down yet (fingers crossed, knock on wood).
Logged

"Some people have a way with words, other people,... oh... have not way" - Steve Martin
Darwin
Charter Member
***
Posts: 6,979



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: November 06, 2007, 07:50:29 AM »

PS - went the Webroot route about three months ago for similar reasons to icekin's decision to go with Grisoft: I wanted a suite that worked seamlessly together and sought to reduce resource overhead. Price was right too - $10 for two years as an upgrade to my existing SpySweeeper licence!
Logged

"Some people have a way with words, other people,... oh... have not way" - Steve Martin
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: November 06, 2007, 11:56:36 AM »

A lot of people have 2 AV solutions. The trick is you can only have ONE active as a resident, on-access scanning and use the other one only for full scans every night.

People who want the absolute best spend a lot of time on places like the wilders security forums and have multiple solutions for everything, own licenses to several av and switch around which one they use as the resident solution as the flavor of the month changes... They try to use the one they think is best as up-front detection for the resident one, and the one which is best at disinfection as the full-scan solution...

I think it is overkill, as I am rather careful by nature, but on a shared pc where some teens or children might bring their friend's USB drive then it might just be a good move.

For most of us, we can stick with one.

Logged
Lashiec
Member
**
Posts: 2,374


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #15 on: November 06, 2007, 12:15:52 PM »

I'm one of those guys, having security programs by the bucketful, only that... I can't afford a license for any of those! So I run the free versions.

AVG is an excellent choice, but be prepared to possible false positives on the antivirus part. Yes, and that's including files detected as harmful by the antivirus but not by the antispyware. It seems that Ewido and AVG are still not a single entity in that regard (obviously, the support team for the antispyware is still identified as Ewido cheesy). In case of doubt, upload the file to Jotti or VirusTotal, or use the online scanners of Eset and Kaspersky to be sure (but not absolutely sure, that's unattainable)

Also, it's a good idea to have "forensic" tools to detect strange movements in your computer. Things like HijackThis, Sysinternals tools and NirSoft collection of utilities are very helpful, at least to understand what's going on.
Logged
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: November 06, 2007, 06:16:23 PM »

Yes, I have a lot of those on a write protected USB key - hijack this, rootkit unhooker, process watchers and a few other no-install utilities. Plus installers for a few basics. Cause it doesnt matter which friend or family I might be visiting, the matter of the neighbour whose pc is weird will come up. Wouldjamindtohavealookfiveminutes.... Sometimes I evade, but often i just comply...

I think security is one of the areas where there are a huge number of free versions which do a great job.
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,222



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: November 06, 2007, 08:34:03 PM »

BitDefender Free is not a good choice as a main antivirus. Their free version doesn't do background scanning. It is only good for on demand scanning (right click a file in explorer and select scan). You will still need something for background scanning for full protection.

My main antivirus is Common Sense (upgrades available daily).  Wink

But just in case that fails, I have AVG Free and I use BitDefender Free for on demand scanning.

I did write an article about it on my Snailware blog, explaining how to configure BitDefender for this job so that it won't clash with AVG.
Logged

PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #18 on: November 06, 2007, 08:50:21 PM »

My main antivirus is Common Sense (upgrades available daily).  Wink

Sounds like a good AV! Do you do remote scanning as well?

BTW, Avast does On Demand Scanning.
« Last Edit: November 06, 2007, 08:52:09 PM by PhilB66 » Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,222



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: November 06, 2007, 09:36:20 PM »

If by remote you mean yelling at my daughter who is sitting in the other room, telling her to get the hell off myspace b4 she ruins her laptop, then yes.  cheesy

I also seemed to have installed a '6th sense firewall' plugin that causes me to wake up and yell at my husband whenever he just thinks about getting too close to my PC while I am asleep.  Grin
Logged

PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #20 on: November 06, 2007, 11:00:51 PM »

I also seemed to have installed a '6th sense firewall' plugin that causes me to wake up and yell at my husband whenever he just thinks about getting too close to my PC while I am asleep.  Grin

Is this '6th sense firewall' open source and does it also work without a husband? You could make a killing with this tool.
Logged
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: November 07, 2007, 02:49:40 AM »

Husbands are no good with software  Wink Whenever I let mine use my machine for anything, something breaks  Angry
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,222



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #22 on: November 07, 2007, 08:18:24 AM »

Husbands are no good with software  Wink Whenever I let mine use my machine for anything, something breaks  Angry

I won't even let him get that far. I am afraid he'll break my desk before he even gets a chance to try to use the PC.
Logged

iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: November 07, 2007, 09:55:47 AM »

lol!

I feel lucky, I tend to be able to trust him to put hardware in a case
Logged
BinderDundat
Supporting Member
**
Posts: 31

View Profile Give some DonationCredits to this forum member
« Reply #24 on: November 07, 2007, 10:46:30 PM »

Hi y'all - There is a new tool that looks really powerful as well as being free.  Comodo Firewall is in the process of beta testing a new version.  It has one of the best Firewalls available already (the XP firewall has really dismal test results) and they are adding a Host Intrusion Protection System (HIPS) to it.  It can configure itself for programs that Comodo has on record as signed applications (10,000+ according to them) and you can define programs as safe yourself for stuff you run that isn't signed.  You can control an application's rights for internet access, disk writes, keyboard control, monitor, control, process modification and more.  The charming part about it is that it prevents unknown applications from even starting a process in memory without your approval.  This means that you have to know enough to recognize when a rogue process is trying to do something odd, so that you don't just automatically approve it.  It also means that there is a time when you have to put up with queries about your software as you run programs that CFP has not encountered before, but I have been beta testing the newest version for about a week and the pop-ups are rare except when I install new software.  There is an "installation mode" that allows you to do an install without a dozen pop-ups and a messed up install, but you have to tell it that the installer is actually an installer and permitted to make a bunch of changes.  It also has a series of configurations that promise to make it usable for novices, but that takes all the fun out of it!!  It is still a beta, but getting nearly ready for release candidate status.   I think that this warrants keeping an eye on.  The firewall forum is at: http://forums.comodo.com/comodo_firewall-b50.0/ and the front door is: http://www.comodo.com/  There are a few other goodies there, but the only ones I can suggest are V-engine (web site verification) and BOclean.  They also offer free personal email security certificates.
Logged
Pages: [1] 2 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.319s | Server load: 0.63 ]