Defense+ and ThreatFire; and a possible security kit for beginners...

Very good,
it seems that I am doing a full immersion in security practices! I promoted myself from newbie to beginner! (Ehm… doesn’t change too much really :THNK)
Well, many of you have helped me in understanding better the security theme, especially of course regarding to C3 and D+…
I like very much your company, but, sincerely, I need to find out a good package of softwares which can let me loose as less time as possible going from board to board. I spent a week, full time, to solve certain issues, and I can’t do it again. No way.
I do not wish to renounce to D+, not completely, but I must admit that for a while I will not have the time to learn how to use it well, and this mean that I would end by allow all, or something like that. For this reason the idea of a similar product which can be maybe less powerful but less demanding, and which can complement D+ with no conflicts, was very tempting to me…
Lately I had a brief change of words with MrBrian about ThreatFire, a tool by PcTools which uses a particular HIPS to recognize threats by their behavior instead that by a signature file as common AVs do. If I understood well by reading a PCMAG review and a topic in PCTools forum, it seems that ThreatFire not only complements well a signature-stile AV, but it also can be used together with C3 and D+, with no apparent conflicts or useless redundancies.
It seems that where one falls, the other succeeds.
I do not doubt that expert users can easily do of C3 and D+ their only HIPS resource, but I am not expert. I still have no idea about most of the things that you all take for granted.
So, I decided to open this topic, to discuss about if a beginner/medium user can take advantage of the two softwares using them at the same time, and if this can have a sense, and if it can be less demanding than learning to use D+ how it must be used to be the only HIPS.
I consider this as a “temporary solution”, something which can protect me without killing me, while I learn how to use D+ to make of it the only HIPS, if this is possible.
I consider that this topic could be useful to someone else, so I do not want to personalize it too much, I mean, the suggestions could be presented in a form that can be useful to other users than me.
But, about me, consider that I am offline 6.5 days a week (talking about the notebook).
So I would appreciate suggestions about which combination of softwares could be smart to leave in real time all the time, and which ones can be added just during the small connectivity period.

Ok, personally I am understanding that:

  1. I need a good firewall. Hardware would be better, but nope for the moment, so my choice is, guess what, Comodo! O0 Suggestions about alternatives are not welcome… (:LGH)
  2. I need a good realtime-protection signature-stile AV. At the moment my personal choice is Avira (free). Suggestions about alternatives are welcome. But I am said that it is the best, right now. Eventually I am considering to use another AV only for manual scannings, no real time.
  3. I need a good realtime-protection HIPS-stile anti-badthings software. Till now I knew only D+. Now I know this ThreatFire… All what can be said about the advantages of one respect to the other and vice versa is welcome, as about the possibility to use them both at same time.
  4. I need some non real time software for manual scannings in search of any kind or threats, like trojans, malware, keyloggers, rootkits, spyware, adware… At the moment I have: Windows Defender (I own Vista Premium 32bit), Malwarebytes, A-Squared free, Spybot Search and Destroy, AVG antirootkit. Suggestions about alternatives are welcome. Mainly, I would like to find the right software, and to use as less softwares as I can. The fact that I would use them only manually does not mean that I can install thousand of them. Of course, security first. As far as I understood, Defender is not very good with trojans and malwares. I do not know if Avira is enough for trojans. But I am supposed to be using A-squared for trojans and Malwarebytes for malware, Spybot for spyware (I do NOT like Ad-Aware, it is heavy, slow, invasive, and updates are a nightmare), and Defender, well, I do not really know what is it for, but it was already there.
    Suggestions are welcome.
  5. I wonder if I also need a realtime-protection signature-stile anty-badthings software, at least in the day when I connect to the internet, or if D+ and ThreatFire should be enough… Until now I used to leave Defender running in real time. But I do not know what is it for, so I do not know if I would need something else more, i.e. Spybot, or if they can (still not checked), Malwarebytes and A-Squared, or whatever…

So, the main target of the topic is to find out if and how a medium/beginner user can take advantage of D+ and ThreatFire running together.
THe secondary target is to set up a reasonable security kit to close the circle.

Giving is receiving…
(:HUG)

I like to use the least amount of Resources yet still have a strong secure system. All I use is…

Avast! 4.8 Home Edition (free)

Comodo BOClean 4.26 (free of course)

Comodo Firewall ver. 3 (obviously free)

Avast! 4.8 has a built in Anti Spyware which I believe is good. BOClean offers great detection of viruses,trojans,rootkits and I believe spyware and rootkits. And CFP3 has it’s HIPS which offers 6-% protection from unknown malware. So I believe i’m pretty secure. :slight_smile:

I will second the recommendation of Avast 4.8 Home. I also use Avira free version, but be aware that the free version purposely excludes spyware. I recently got rid of all dedicated anti-spyware programs, because anti-virus products cover this territory nowadays, while Defense+ with all protections on covers many areas that anti-spyware programs such as Windows Defender also monitor.

ThreatFire is a fine program with a low amount of user interaction needed.

If you’re using XP, you might wish to give serious consideration to using a limited user account + Software Restriction Policies + SuRun, as outlined at SuRun: Easily running Windows XP as a limited user | Wilders Security Forums. A limited user account restricts what software running under the limited account can do. Software Restriction Policies, properly setup, stops execution of software in all of the locations that limited user accounts can write to. SuRun makes using a limited user account in XP more painless. If you do use limited user accounts + Software Restriction Policies, you may decide you don’t need to use any HIPS products. Some who use limited user accounts + Software Restriction Policies ditch real-time AV products also.

You dont need Threatfire if you using D+.

Hey Siir Joe, Nice thread :slight_smile: I’m yet to try threat fire… I may do that tomorrow. I’m Happy with Comodo though.

You say that your offline most of the time- Tell me, Do you have reasonably safe browsing habits?

If you do, In my opinion, Would be perfectly fine with AVIRA and Comodo firewall. (The set up you have now) I mean seriously…When is the last time you bumped into malware.

The Defense+ alerts are very informative if you just take a second to read them. But there’s help on the way!

Yes, there will be the implemantation of Comodo’s ThreatCast into CPF in the near future, hopefully not long after Comodo Internet Security is released.

ThreatCast is a new, community based alert/popup management system to give statistics about the events based on community feebback. (see attached). Making decisions on what to do with a popup even easier!

(ThreatCast statement and image source: https://forums.comodo.com/cfp_beta_corner/comodo_firewall_pro_3022327_beta_with_threatcast_releasedlocked-t21079.0.html)

Comodo BoClean is a great addition to any security arsenal and is planned to be integrated into the Comodo Internet Security Product at some point after it’s initial release.

I’m personally also using Avast eagerly awaiting CAVS 3 / CIS to come out later this month (Beta is due out near the end of July and public release should be early August).

Eric

[attachment deleted by admin]

You need a layered Security Approach:

Prevention (COMODO Firewall Pro 3)
Detection (Your AV)
Cure (Your AV & Anti-Spyware)

For most users, CFP 3 & AV, With On-Demand Anti-Spyware Scanners is good enough, Some people like myself don’t use an AV because we “monitor” our own actions and there are only limited ways to get infected. By the way… D+ is much more powerful then ThreatFire you CERTAINLY don’t need TF.

But we don’t recommend it to everyone- Layered Security Approach is the way to go.

Josh

Rising Free Antivirus includes behaviorial detection much like ThreatFire and runs lighter. Comodo and Rising AV would be plenty of protection and use less resources than running a separate AV and TF. At least check out the features Rising AV offers. I’m a fan of Avast and believe it is one of the finest AV’s out there, but take it from a chronic changer of security software when I say that Rising has been running so well that I think it is a keeper. ( I mean it too Vettetech. LOL.)

Not to stray off topic but do consider VirusBulletin and Av-comparatives test results when choosing an AV. Rising has only been tested twice by vbtn and failed twice in wildlist detection. Not sure of the limitations of the free version yet as I haven’t tried it out.

Anyway, I totally agree with Josh on the Layered Security approach!

Eric

Agreed Eric. I do not trust Rising. Better off with top name brands and well known tested products.

Proof that limited user account makes you safer - http://silverstr.ufies.org/blog/archives/000913.html

Wow, I’ve been away just a few hours. What happened here? :o

How many answers! Cool… (:AGL)

Anyway, am I missing something in your answers, or is it possible that we are forgetting the “beginner-medium” users approach? (and I added “medium” just to not shy too much, but…)
I understood that once one becomes expert he does not need nothing but him/herself (and C3/D+), like “karate”, which means naked hands.
Are you saying me that even a beginner can do that? Because I feel that I still need “guns” until I’ll not be able to master D+. But please correct me if I am wrong.

I’ve read carefully all your answers, and IMHO the Layered Method of Josh seems to me the best approach, I do not know if for any beginner, but surely for me. I am still open to different suggestions, but for now I take it as the best starting point.

I do not want to bother you people, but I do not have all clear yet. And I feel that it could be interesting to go step by step, with in mind the “beginners” approach…

So, step by step.

Prevention:
Forget your skills. You are beginners now: would you be safe enough with D+? Or would you need to add, temporarily (till you are able to master D+), an extra layer of “prevention”, for example with that ThreatFire? Or other soft…

Detection:
Question one: for “detection” do you mean in real time, right? Or not?
Question two: I think to understand that an AV would be enough and no extra Anti Spyware-Malware is needed in the “detection” layer. Did I understood well?
Question three: would you consider clever to use one AV in real time while adding another one only for manual scanning? If yes, between Avast and Avira, which one should be better in real time? And why?

Cure:
It would be fine to have a better idea about the right softwares to use. It is stupid to install ten softwares to do what 2 or 3 can do perfectly, but it is not safe to install 1 or 2 if 3 or 4 are needed… Right?

Answers:
MrBrian, I use Vista Premium 32bit. There is one account only, so it is administrator by default, isn’t it? The UAC is on. Is this enough? Should I better create another account and use the one without administrative rights?
Those links are for XP users only, right?

Kyle, usually I do not visit dangerous sites. I would say that my habits ar very safe, even if I still have not started to use Sandbox (I knew it lately).

Thanks to all of you! (:CLP)

Defense+ is great if you can handle it. It’s a good idea to make sure you have a full system backup in case you mess up badly in your Defense+ configuration. If you can’t handle Defense+ with everything on, turn some monitoring areas off, take advantage of modes such as Training Mode, etc. If you find you still can’t handle Defense+, you may wish to wait until CFP with ThreatCast is out, or consider not using Defense+ at all.

It can mean either. It depends on the context.

You won’t get everyone to agree on an answer to this. See http://www.pcworld.com/article/id,140211-page,1-c,antivirus/article.html. I recently got rid of my dedicated anti-spyware programs. I continue to use multiple anti-rootkit detection programs, such as Panda Anti-Rootkit.

They’re both fine, but only use one as a resident program. I use more than one on-demand. I believe that Avast free includes spyware detection, while Avira free does not. See http://www.av-test.org/ and http://www.av-comparatives.org/ for AV test results.

Actually you are running as a limited user already then, so disregard those links for XP. You only run with administrative privileges in Vista when you “elevate” with UAC.

For a simple security program, consider using Returnil or Comodo Diskshield (when it is released). These programs, when active, will clear any malware acquired during a session, upon reboot!

In addition to the Comodo forums, Wilders also has forums dedicated to security issues.

So, no more ThreatFire… ?

For a simple security program, consider using Returnil or Comodo Diskshield (when it is released). These programs, when active, will clear any malware acquired during a session, upon reboot!
I am documenting. At a first sight, it seems like that Returnil is very demanding for pc resources. But I have to read better.
In addition to the Comodo forums, Wilders also has forums dedicated to security issues.
I will have a look at that. Thanks!

About Avira and Avast, I have read those links. AV.test is confued to me, or, more clearer, I can’t find any comparison. In the other site I see that Avira is the best one in real time protection, while about on-demand there are 4 places more or less equivalent, Avira, Avast, G-data (never heard before) and AVG. So, Avira in real time, and on-demand, well, as far as I remember, Avast was always there in the tray. I was able to shut donw all processes, but it was there. Possibly this make of G-Data a good choice for second on-demand AV…
IMHO…
On the other side, Avira, IF I understood well, do not analize email attach, before to download them, but only when opening or saving them. So, MAYBE, I could install Avast and turn off all the real time processes less the email one. THing that I do not know if it is possible with G-data…
Mumble mumble…

You could use both together. I used to do that, but I stopped when I found the keylogging detection issue in previous versions of these programs. I figure there could be other similar interaction issues, either now or in future versions of these two programs, so I decided to dump ThreatFire on my own machine.

Not demanding :). I don’t notice any difference with protection on vs. off. And these are very simple programs to use.

If you’re not using a real-time product that has spyware and adware definitions, you may wish to use Avast free as your realtime scanner. If you are using a (good) realtime anti-spyware program, I’d recommend Avira free as your realtime scanner. Please look at http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3b_US.htm though and compare them and decide for yourself.

Ok, I did a quite deep search in Comodo and in your links, plus other links…
And of course I’ve read your answer!

Here is what I have found out:

Prevention:
D+, Brain+, Time+ (the first is free, the second is not a problem, the third is missing)
P.s.: read question 5 below.

Detection:
Real Time AV: Avira
Real Time Anti Spyware-Malware-Etc: not yet decided (see questions 4 below)
On Demand AV: Avira and Avast
On Demand Anti Spyware: SAS
On Demand Anti Malware: Malwarebytes
On Demand Anti Trojans: A-Squared Free (question: do I really need it? It is not enough with all what above?)
On Demand Anti-Rootkit: Panda Anti-Rootkit (questions: and AVG Antirootkit? Is it still useful even if so old? And, once again, does not have Avira enough anti-rootkit power?)

Cure:
same as for On Demand, in each category.

Now, questions:

  1. I do not EVER open a mail whose sender I do not know. Also I usually read mails in the preview window, without really opening them. I use Thunderbird (yes, I use pop3 mails). Do you think I will suffer the lack of an email scanner in Avira? How can I solve this? For example, would it be conflictive if I would run Avira with the Guard on, and Avast with only the email protection? Could be a good idea? I could do this when I connect to the internet (once a week, with that notebook), and I could completely disable the Avast services the rest of the week, so that I would not even have the tray icon there… Yes?
  2. what about the Microsoft Malware removing tool? Is it safe or do they spy in my Pc with that?
  3. what about this Comodo BOclean? I do not yet understand what is it for. Should I add it as real time, or as on-demand? Adding it to the softs listed above, or using it instead of some of them?
  4. Having Avira running the guard, what kind of real time protection do I miss? Spyware, yes, I know, but Trojans and malwares and rootkits? I had understood that Avira was enough for these last three things, but I am no more sure. Which program or programs could I use the day I connect to the internet, to have better real time protection? SAS? Spybot? What about Windows Defender?
  5. I was at the point of sending the post and going to sleep, when I found this post:
    Answer how to use Threat Fire with Comodo | Wilders Security Forums
    What do you all think?

Ok, I feel we are close to the conclusion.
Comments and suggestion about what above are more then welcome!

You may already know this:
http://www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm
http://www.techsupportalert.com/best-free-trojan-scanner-trojan-remover.htm
http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm
http://www.techsupportalert.com/best-free-anti-virus-software.htm

And this will probably make you angry:
http://www.techsupportalert.com/best-free-hips.htm
I had no time to read all comments, so, maybe there is something better in them, about D+…

Need to sleep.
Bye.
And thanks…
I like this place…
(:WAV)

Joe you have way more than the average user needs! Honestly… Cpf3 and AVIRA… You’ll be fine doing what your doing…

If you want to use Theatfire then go ahead. If you want to use D+ then go ahead. No reason to post things that Threatire is the best HIPS. Blah,blah,blah.

The question of ‘how much security is too much?’ depends on what the user does on their computer.For the guy that does a bit of e-mailing and casual surfing then a good AV,Firewall and AS will most likely be fine.However for the user that is a download,P2P,Warez ■■■■■■ they will need a LOT of security to remain bug free.

In the case of the second user Threatfire and CFP’s D+ wouldn’t be overkill since they offer different methods of protection.Having used both together on one system I found no issues or noticeable performance drop. :■■■■