Protection from zero-day attacks

[Guest]

[asd264]

I have CMF, CFP 3 (with D+), BOClean, and Avast. Am I protected against zero-day attacks? Also, I don't think my computer can handle all the programs listed above. If I was to remove one, which one should I remove without compromising my security too much. (probably either BOClean and CMF)

[Ragwing]

Greetings!

CMF will protect against most zero day exploits using buffer overflows, while CFP 3 will provide protection against zero day viruses, so yes, you're protected.

If I were to choose one of them that I had to remove, it would depend upon my knowledge of Defense+.
If you're an advanced PC-user, and (almost) fully understands the pop-ups from Defense+, I would remove BOClean, and disable the real-time protection from Avast!, but scan downloaded files and run a monthly scan of my drive(s).
If you're a 'newbie' or normal skilled PC-user, I would keep Avast!, CMF and CFP, and take away BOClean.

Also, with "I don't think my computer can handle all the programs", have you noticed any impact on performance?
If not, your computer can handle them all just fine.
CMF takes roughly 1 MB, so it wouldn't make any difference at all. CPF is very light too, with around 5 MB of the RAM being used. CPU-usage for both of them should be at 0% all the time.
I don't know about the resource usage of Avast! or BOClean, but  I think Avast! uses the most RAM of the four of them.

Cheers,
Ragwing

[Osage]

I very much wonder if the OP has asked an impossibly vague question. Two big jokers in the deck here, what is your OS and how much system ram do you have?

If you run XP and have even 256MB of ram, I have run a far larger set of security programs with no strain on ram. Up your ram to 512MB or more and its almost a non issue. In terms of CPU usage, I am running XP and a far larger set of
security programs. A quick comodo check shows most CPU usage being consumed by firefox3 , none of my security programs even show up as a percentage of CPU use as many run in the background.

Vista may well be another story, its far more efficient than XP is using available ram, and if you are marginal in ram with Vista, every little extra bit can hurt another application elsewhere.

[asd264]

RAM isn't too much off an issue for me (540 mb free with cmf, cfp, boclean, avast, and firefox running). I'm running XP. The main issue is long startup times. FYI Avast uses the most RAM with BOClean at second. I'll try your suggestions and see weather an improvement in boot time is worth disabling one of the them.   

[DarkButterfly]

I would keep BoClean as a backup for when the antivirus cannot detect something, or when IF CFP + Defense+ fail to prevent. Nothing prevents 100%, so better safe than sorry.

[andyman35]

For protection against Zero day threats I'm partial to a combo of D+ with either Prevx or Threatfire as a second line.While D+ will inform the user of a lot of stuff attempting to execute,PrevX or TF offer a behavioural check.CMF is a very useful additional protection too.As far as I'm aware BOclean is purely signature based so won't block  'new malware' zero day attacks.Of course the majority of zero day malware are just variants of existing threats and a top grade AV such as Avira or NOD32 etc. will detect many of these.

[DarkButterfly]

For protection against Zero day threats I'm partial to a combo of D+ with either Prevx or Threatfire as a second line.While D+ will inform the user of a lot of stuff attempting to execute,PrevX or TF offer a behavioural check.CMF is a very useful additional protection too.As far as I'm aware BOclean is purely signature based so won't block  'new malware' zero day attacks.Of course the majority of zero day malware are just variants of existing threats and a top grade AV such as Avira or NOD32 etc. will detect many of these.

Yes, indeed. I mentioned as a backup to detect some known malware, that, for a slightly chance, any antivirus may miss (nothing is impossible, it has happened before  ).

For zero-day threats protection, right now I am testing Emsisoft Mamutu. It is light on resources (almost no impact on the system) and it only bases its actions on behaviors. When a suspected behavior is found a small windows appears with info and we can just block the behavior or the application/process causing the behavior. We also can add applications that we know of trust source, so that it won't monitor them. If we're connected to the internet and if a suspect behavior is intercepted, this time when the window with the suspect behavior info appears, it also appears the rates from other users (community of users). Also, some behaviors are automatically allowed, if known to be good, based on other users (if connected to the internet).

I have it set to Paranoid Mode and unselected the Intelligent alert reduction (if checked people won't see that many alerts, but protection won't be as good). But so far, I got very few alerts, also because I added some apps as trusted (excluded from monitoring).

The only cons I have found is that it is a paid product and there is no free version for home users. People can fully test it for 30 days, though. 

[3xist]

There is no such thing as protection from zero day attacks 100%.

Josh

[DarkButterfly]

There is no such thing as protection from zero day attacks 100%.

Josh

I agree 100%.
Nothing secures our system 100%, and that also because no system is 100% secure by itself.

[Ragwing]

You can't protect yourself from anything 100%, but you can reduce the risk by disabling some services, use a limited user, an antivirus, firewall and other malware countermeasures. But there's still a chance that a vulnerability in Windows will give a malware administrator/system privileges.
As most rootkits use a driver or kernel module, a limited user will offer good protection against rootkits, as you can't install drivers. And most malware will hide inside system32, but if you're running as a limited user, they'll need to change the permissions to access the system32-folder.
Adding something like Returnil, DeepFreeze or Comodo DiskShield will also offer a high degree of protection, but there are ways to bypass this kind of protection.

Only perfect way would be build an OS from scratch, and run it from a CD/DVD (can't be infected, since it's read-only).

Cheers,
Ragwing

[3xist]

Maybe I should think about saving up for a Mac. 

[andyman35]

There is no such thing as protection from zero day attacks 100%.

Josh

Since most security software is retrospective in nature,they only tend to react to known threats,or at least threats that are similar in nature to previous malware.However the chances of being one of the first to be hit by an entirely new method are quite small,unless you spend a lot of time on dodgy warez and porn sites.

Personally if I go near anything like that (warez not porn honest  ) I only use a Linux based VM,running on a Returnil virtualised system to do so.This probably offers 99.999% protection,given the complexity and specific tailoring needed for infection.For the additional 0.001% there's always the good old disk image as a safety net.

But you're quite right that 100% protection per say is nigh on impossible unless you do what Mr Ragwing suggests and write your own OS wayyyyy beyond my abilities 

[Vettetech]

Well andyman. I visit porn,warez and what have you. Been doing it for years and never 1 infection. Never 1 warning. All I have ever needed was a good av and firewall. Common sense is also a must.

[andyman35]

Well andyman. I visit porn,warez and what have you. Been doing it for years and never 1 infection. Never 1 warning. All I have ever needed was a good av and firewall. Common sense is also a must.

I agree that common sense is the most effective weapon,I too haven't had a single infection for a long time,probably paranoid security settings are a minor part of this,not clicking on links to download videos of Jessica Alba naked would be far greater.

[3xist]

I visit porn,warez and what have you. Been doing it for years

God help you Wife doesn't find out  LOL

What a funny one.

[Tags:]