Jump to content

Anti-Malware Suggestions


Recommended Posts

Interesting.  Thanks for the info.  I do run some of Nir's software, but not those three.  ShellExView doesn't seem to trigger any false positives.

 

That you CAN exclude that which you have personally deemed okay is a very important feature. 

 

Anecdotally, Avast, before I walked away from their product, was starting to make it difficult to exclude things.  They apparently feel it's impossible for a mere user to make proper decisions about what to allow on their very own computers.  Perhaps that makes sense for a certain crowd who are irresponsible yet smart enough to operate the exclusion logic in an AV package.  But it doesn't make sense for folks who know what they're doing.

 

-Noel

Link to comment
Share on other sites


Oh but I need Java to play Minecraft! :w00t:

 

My security setup seems to work well enough, but I don't get so crazy about it. I have UAC enabled, Windows firewall, MSSE and then the firewall in the router. It is maybe my browsing habits that are a little different.

 

My primary browser is a Mozilla type (Firefox or Palemoon) with NoScript. That addon does well enough to block any sort of thing from entering from a webpage. However, I will not compromise my computer's security to ensure that a website works correctly... For example, if there is some site that I want to use (or currently use) that generates an XSS warning, and thus is not operable without using an exception... I won't use it until the warning no longer exists. This happened a few years ago on Facebook, where I decided to stop using certain apps because they were using XSS. The response from the support group was to add an exception to allow apps on Facebook to use XSS!

 

I use other browsers for specific thing. IE is used for Microsoft related websites only... Chrome is used primarily for Google related sites like Youtube.

 

I have MBAM installed but I only use it if I suspect something is up.

 

When I do repairs or virus cleaning for friends or family, I typically recommend they use Chrome as their browser. It seems to do a good enough job stopping attacks from coming in through the web. And that is really the #1 source of infections these days. Very few people are still using actual email clients, and now are using web-based versions instead. Outlook and Outlook Express used to be virus havens!

 

I'm curious: how is using webmail safer than using an e-mail client such as Outlook? If you click on an infected attachment, you're still in danger, no?

 

--JorgeA

Link to comment
Share on other sites

You're probably exposed to different threats, but you're right - it's entirely possible eMails have been crafted to try to compromise a web browser via webmail.  With those the threat could even be worse when using a browser.

 

And there are some messages that, with cooperation from the user, could be dangerous in both realms - imagining for example those that contain attachments (.zip, .jpg, .exe, etc.) that the user would be tempted to open.

 

A successful security strategy will always involve thinking first, understanding what you're about to do to the best of your ability at all times, and backing it up with a multi-faceted set of technical safety nets.

 

-Noel

Link to comment
Share on other sites

Interesting.  Thanks for the info.  I do run some of Nir's software, but not those three.  ShellExView doesn't seem to trigger any false positives.

 

That you CAN exclude that which you have personally deemed okay is a very important feature. 

 

Anecdotally, Avast, before I walked away from their product, was starting to make it difficult to exclude things.  They apparently feel it's impossible for a mere user to make proper decisions about what to allow on their very own computers.  Perhaps that makes sense for a certain crowd who are irresponsible yet smart enough to operate the exclusion logic in an AV package.  But it doesn't make sense for folks who know what they're doing.

 

-Noel

 

I've used Avast! Free on most of my non-production machines since version 4 for Windows 98. It seemed to be the most effective and comprehensive security suite of all the free ones out there.

 

But then they Metrofied the UI starting with version 8, and -- worse -- I no longer saw some of the security functions that were visible in versions up to 7. Even if they did claim that the functions were still there, just merged together, I still didn't like or trust that I could no longer see them myself.

 

On top of that, they added bloatware and a bunch of unserious cartoonish characters to the interface. I felt like I was back in kindergarten. I've gone back to version 7 and will keep using that one for as long as it works.

 

Why did you walk away from Avast?

 

--JorgeA

Link to comment
Share on other sites

You're probably exposed to different threats, but you're right - it's entirely possible eMails have been crafted to try to compromise a web browser via webmail.  With those the threat could even be worse when using a browser.

 

And there are some messages that, with cooperation from the user, could be dangerous in both realms - imagining for example those that contain attachments (.zip, .jpg, .exe, etc.) that the user would be tempted to open.

 

A successful security strategy will always involve thinking first, understanding what you're about to do to the best of your ability at all times, and backing it up with a multi-faceted set of technical safety nets.

 

-Noel

 

Amen to that!

 

Sometimes it's really tempting to open those attachments. Never mind the ones asking for your help getting $100 million out of a bank in some African country, the really dangerous ones are those that look plausible: they tell you that you have a FedEx package to pick up or that you didn't fulfill a customer's order. You really do need to stay on your toes at all times, and think before you click.

 

--JorgeA

Link to comment
Share on other sites

 

Why did you walk away from Avast?

 

 

Mainly because they took on the attitude that the whole reason for running a computer was to support Avast.

 

When they introduced all the bloat, I figured out how to turn it off.  While I was still running Avast, the ONLY remaining feature from the center column of "tools" I retained was the Software Updater - that was nice to have.

 

Because of options I chose, I never had it pop up and tell me anything, though that's been a staple of their system for a long time (announcing "Avast!  Virus database has been updated" verbally, for example).  Thus I didn't see the ads they made necessary for free users.

 

When I had false positives I figured out how to add them to the right databases (there are multiple different ones) and reported them to Avast.  Generally within a week or two the legitimate applications stopped generating false positives.

 

I even paid them for quite a few years for their "premium" version, before dropping back to the free version, which still did everything I needed.

 

When they decided a virtualization package - which I could not use because of other demands I make of my system - would be packaged with the product, I had no problem disabling that, BUT...  The operation of the basic shields in Avast got horrendously slower.  System builds of my software products took almost twice as long as they had been taking.  I complained on their forum and was basically told off.  Apparently a person with the computing demands I have is no longer their mainstream customer focus.

 

Any attempt to request more sophisticated control was simply met with "you and every other clueless user don't need that".  That got on my nerves.

 

In all the time I had Avast on task, the only two things it EVER warned me of were:

 

1.  A few malicious web sites.  Thing is, I'm protected from web site malice by my browser configuration, which does not allow ActiveX to download or run, and locks down a number of other things as well.

 

2.  False positives.  Over time, a fair number of the tools I run that are not in common use were flagged.  While not a devastating problem, it did take time away from doing productive things.

 

Given the above, I made the determination that Avast wasn't protecting me from anything, and if an unused safety net becomes so intrusive as to destroy the productivity of the user, it's time to move on.

 

It's clear why Avast gets a lot of false positives - they automatically generate and refine their virus signatures by auto-scanning a monstrous database of known malware and another set of known goodware.  This scanning process aggressively tries to trim the signature database that must be searched every time a program is run.  Trouble is, if the database of goodware isn't complete it's entirely possible a piece of malware AND a piece of goodware will share the same sequence of bytes.

 

Anyway, in summary, their goals and mine simply began to diverge.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

Thanks for sharing the reasons for dropping Avast, NoelC. Makes sense to me. What are you using now instead?

 

 

When they decided a virtualization package - which I could not use because of other demands I make of my system - would be packaged with the product, I had no problem disabling that, BUT...  The operation of the basic shields in Avast got horrendously slower.  System builds of my software products took almost twice as long as they had been taking.  I complained on their forum and was basically told off.  Apparently a person with the computing demands I have is no longer their mainstream customer focus.

 

Any attempt to request more sophisticated control was simply met with "you and every other clueless user don't need that".  That got on my nerves.

 

Umm, where have I previously heard this kind of attitude from a software vendor? :whistle:

 

It's clear why Avast gets a lot of false positives - they automatically generate and refine their virus signatures by auto-scanning a monstrous database of known malware and another set of known goodware.  This scanning process aggressively tries to trim the signature database that must be searched every time a program is run.  Trouble is, if the database of goodware isn't complete it's entirely possible a piece of malware AND a piece of goodware will share the same sequence of bytes.

 

Huh, that's an interesting analysis. Over the years I have noticed that downloading, say, Windows updates gets thumb-twiddingly slow on a system running any of the last several versions of Avast compared to other AV suites. That little sphere with the "a" in it starts turning and I know I can go grab a sandwich, it slows things down so much. By comparison, Norton (for example) has no noticeable effect on the speed of the downloading process.

 

--JorgeA

 

Link to comment
Share on other sites

I'm curious: how is using webmail safer than using an e-mail client such as Outlook? If you click on an infected attachment, you're still in danger, no?

You are never free from danger, but for years webmail was always more secure... for a few reasons...

Most top flight webmails (gmail, yahoo, hotmail/outlook.com) are designed so that they block certain things. Images, scripts, etc. They also usually have antivirus built-in to scan attachments. They also are driven on user feedback as to what is and what isn't spam. Most will automatically filter into a junk folder where the restrictions on messages are even more severe. It will block everything except for text unless you say otherwise.

Outlook (from Office) and Outlook Express had a bad reputation when it came to security FOR YEARS. Their default behaviour was to run anything in the email itself (javascript, active-x controls, etc) once it was opened for viewing. Its another reason why Thunderbird and other such email clients got so popular... they didn't do this. The individual clients had no user-contributed checklist to filter out bad messages, phishing, virus emails, all that stuff.

Email certainly has been getting better over the years.

Link to comment
Share on other sites

Outlook (from Office) and Outlook Express had a bad reputation when it came to security FOR YEARS. Their default behaviour was to run anything in the email itself (javascript, active-x controls, etc) once it was opened for viewing.

 

Even worse, possibly :w00t:, if I recall correctly In some cases this happens/happened the sheer moment you highlighted/selected the mail in the inbox list as it opens/opened a pre-view and executed the whatever the mail contained.

 

jaclaz

Link to comment
Share on other sites

A nag from...?

 

Can you do a screen grab?  It's possible something's gotten into your system.  I'm not seeing anything like that.

 

-Noel

Well its been about 3-4 weeks since the last one but will do a screen shot the next time and post it. As far as something in my system ie malware I normally don't keep a OS for that long as I am always testing and reinstalling.

~DP

Link to comment
Share on other sites

  • 2 weeks later...

putting hosts file cut down much the ads and also malware

but the best is the first u said and formatting :)

 

well its not hard to move the os folders to old dir and deploy windows from backup.

that with using portable apps make it easy to installing refreshed os

Edited by aviv00
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...