My new security setup

[Guest]

[andyman35]

Not necessarily. While in shadow/virtualization mode, you are almost sure of a 100% recovery to a clean state, it does not give you assurance that malware running during the shadow/virtualization mode can't hurt you.

For instance, imagine some exploit (that would have being blocked by sandboxie), installing a keylogger. Sure, once you reset out of virtual mode, the keylogger is gone, but while the keylogger is running it can log your passwords and send it off....

Retunril and company are good, but you still cannot neglect the threat that malware brings between the clean states...

That's a valid point.Given that sometimes computers are left running for long periods between reboots that could be a long time for malware to steal your data,etc.While it's great to boot up to a malware-free state each time,the threat of infection during a session shouldn't be underestimated.

[axl]

I am always curious about how many IT professionals would actually use products like Returnil for personal use.
The significance of Uptime is something they never forget, often times learned the hard way; they talk about Five-Nines, Six-Nines....
Frequent and constant rebooting is something of an anathema for them.

I just can't see them doing it unless it was an absolute task requirement...
 

[andyman35]

I am always curious about how many IT professionals would actually use products like Returnil for personal use.
The significance of Uptime is something they never forget, often times learned the hard way; they talk about Five-Nines, Six-Nines....
Frequent and constant rebooting is something of an anathema for them.

I just can't see them doing it unless it was an absolute task requirement...
 

That's correct.Even many home users leave their machine running for extended periods,for downloading etc,only rebooting when necessary for updates.

[Luketan]

I am always curious about how many IT professionals would actually use products like Returnil for personal use.
The significance of Uptime is something they never forget, often times learned the hard way; they talk about Five-Nines, Six-Nines....

6 sigma, 3.4 defects in a million....

[Luketan]

I would say the setup of the OP is now about 90% secure.

[MrBrian]

Any conflicts with TF?

keylogging issue - http://www.pctools.com/forum/showthread.php?p=182047

[andyman35]

keylogging issue - http://www.pctools.com/forum/showthread.php?p=182047

That appears to be a genuine issue,sometimes 2 similar security apps running together can end up battling each other rather than the intended malware.

[Luketan]

That appears to be a genuine issue,sometimes 2 similar security apps running together can end up battling each other rather than the intended malware.

Sometimes? I find it to be extremely common. It just isn't noticed because it doesn't cause a fatal error.

[andyman35]

Sometimes? I find it to be extremely common. It just isn't noticed because it doesn't cause a fatal error.

I agree that most conflicts tend to go unnoticed when the symptoms are momentary freezes or intermittent lag,it tends to take a BSOD for people to take notice.

It must have an adverse effect on malware detection and prevention if there are resource conflicts,so excessive security apps can have the opposite effect to what was intended.The problem is that you often have to delve deep to see exactly what is covered by each application in order to prevent overlapping.

[Luketan]

I agree that most conflicts tend to go unnoticed when the symptoms are momentary freezes or intermittent lag,it tends to take a BSOD for people to take notice.

Actually delays and lacks can and do indeed are noticed. Negative interactions that lead to gaps in security will not be noticed.... for obvious reasons...

It must have an adverse effect on malware detection and prevention if there are resource conflicts,so excessive security apps can have the opposite effect to what was intended.The problem is that you often have to delve deep to see exactly what is covered by each application in order to prevent overlapping.

There seems to be a misconception here. Most people seem to talk as if avoiding "overlapping"
is what is required to avoid problems like the one between TF and comodo leading to reduced possibility of detectinbg keylogging...


Besides I notice that most people conceptions of what constitutes "overlapping" or not is based on  reading superficial marketing speak crafted by product PR trying to differentiate themselves from the competition...
One is "intelligent", one is "community based", one uses "whitelists" , one is "Sandbox"....


Sadly while such concepts are not utterly 100% falsehoods it says nothing at all about whether such products will or will not overlap...and cause conflicts...

Take antivirus and firewalls (the classic ones), surely you can't get less "overlapping" then that. And yet conflicts do and can occur (and i don't mean just BSOD types).

In fact, the "pseudo-expert" wannable types who frequent such boards are more prone to this, because unlike ordinary people they are much more capable of distinguishing between security product functions, hence they are much better at convincing themselves that products don't overlap and/or feel the need to combine products "cos each has functions the other doesn't have"....

While the average user might possibly be happy to have a HIPS, a "expert (or what passes as one here)"
can distinguish between a behavior blocker, a sandbox, a hips (or whatever conceptual scheme he favours).
And i can go further and distinguish between types of sandboxes etc...

The next logcal step would be then to convince oneself that one needs all of them because they are actually quite different and hence aren't overlapping...











 

[Tags:]