security paradigms etc.

Even though my technical knowledge of malware is non existent, I think Data’s link is relevant. Take another example, Dr.Web CureIt!. Its quick scan looks in very precise places and takes seconds; the full scan looks in every frigging file and takes forever and chances are that it will hit false positives. The quick scan is the default one, and I think Dr.Web know what they’re doing and are confident that it’s enough to detect infections, while not showing false positives because of harmless inactive files that happen to match some signature. The full scan scores good in AV comparatives, but the quick one is the most useful altogether.

However I don’t use Spybot or AdAware. My idea is to prevent infections in the first place, and according to my results I’m being successful. I did have AdAware installed, but since I started to take measures it detected tracking cookies only, and once I started to restrict cookies it detected nothing at all. Now I have AVG Anti-Spyware and the same applies to it, AVG is discontinuing the free version so I’ll uninstall it and won’t replace it.

I hear that Spybot TeaTimer protects the registry, and that may be a nice feature, only there are better ways to achieve that protection. I know nobody listens to me LOL, but everyone should use a limited account unless for specific tasks that need admin rights and will always involve trusted files to begin with. If you have a program that protects the registry, and find some malware that takes an aggressive approach and tries to disable your protection, and both are running in an admin account, then it’s a one-on-one fight. Your AV/AS may succeed in killing the malware, or the other way around. If the malware is running with limited rights then it’s got no chances, period. And a program running in a limited account simply won’t be able to infect your registry either, so you don’t need that protection. (Of course CFP’s Defense+ also protects the registry, so even if you recklessly run as admin, if you use D+ you don’t need–and shouldn’t enable for conflicts’ sake–any other registry protection.)

I realise I may sound anti-Comodo here, but I’m not.

A cool reply japo. (:KWL) I do however have some issues…

What about elevation of privaledges exploits, and define “trusted”.

(Of course CFP's Defense+ also protects the registry, so even if you recklessly run as admin, if you use D+ you don't need--and shouldn't enable for conflicts' sake--any other registry protection.)
CFP didn't warn me of several changes, as well as a BHO installation when I ran the Getright installer. It wasn't until Getright actually ran, that CFP woke up. By that time it's too late. I found D+ worked with everything I use.

I hadn’t detected anything in that direction. :slight_smile: You may be assuming that I’m using CFP, I’m not. :o

What about elevation of privaledges exploits

Well, the foremost thing I can do (as every Windows user) is relying on Microsoft to patch them fast, and in turn keeping my system patched up to date. However as an additional measure I surf with Javascript etc. disabled except for necessary trusted sites (although this sounds kind of paranoid and I wouldn’t recommend it to an average user if he doesn’t feel like it). And to further prevent any possible unauthorized execution of code through buffer overflow, I use CMF which is a very nice, light, set-and-forget program. (All my current security programs are set-and-forget, that’s the reason why I’m experimenting without a third-party outbound firewall.)

Anyway it’s very unlikely to come across an attempt to exploit the latest unpatched and unpublicized vulnerability. Nowadays professional malware makers are as “lazy” (read “efficient”) as professional software makers, they use the simplest high-level code which works for 90+ per cent of the people who surf as admin. And in my case they would still need a means of running code in my machine, and with no code execution feature enabled in my browser by default, and CMF, it’s as hard as I can make it, without monitoring everything with a HIPS like Defense+. Even though the event of anything getting through is highly unlikely (and hasn’t happened since I undertook this practice), I still have AntiVir and BOClean standing guard just in case–and I think I may give PCTools’ ThreatFire a try. Like you I do full scans very seldom, and come up empty-handed, but I also have Kaspersky Online installed.

and define "trusted"

LOL the short answer is: if it screws me, I’m the only one to blame and I had it coming. :stuck_out_tongue:

CFP didn't warn me of several changes

This could happen because of several reasons. The only way that CFP will ask you about everything is if Defense+ is in Paranoid mode and there aren’t existing rules. Make sure you understand the implications of the “train with safe” and “clean pc” modes, the help file is quite well written. Also I think the set of registry keys and files and folders protected by CFP is limited to the sensitive ones, but you can add (or remove) as many as you want. Anyway if there’s still something that doesn’t add up for you, please start a topic in the CFP/Help for v3 board.

If you use a limited account in XP, I recommend trying SuRun. See SuRun: Easily running Windows XP as a limited user | Wilders Security Forums for more info.

I don’t like to hack Windows in ways unsupported by Microsoft, I don’t think it’s a good idea. I have no problem using “run as…” etcetera when necessary. That a program is installed by a user and used by others is normal operation in Windows NT and higher, I haven’t experienced any problems out of it.

Something I find very convenient though is running a file manager as different users, and you can’t start a second session of Windows Explorer (explorer.exe). So I use xplorer2 lite when I need access to files through a different account. And not only files, I can go to the control panel too, so there’s nearly nothing that I need to log in for.

With a hook in use I think it isn’t for me.