PC Security


Hyram

Link Posted 15/12/2008 - 14:05
Can anyone recommend 'security' software for a PC that actually works

My home PC was attacked by some 'malware' which McAfee happily allowed in to change various registry settings, without coming up with any alerts.

A McAfee scan indicates the machine to be 'clean' whereas other spyware type programmes that I ran from a disk, indicate a major infection.

I cannot now access the internet, so this is being typed at work.
Hyram

Bodies: K20D (2), K10D, Super A, ME Super, Auto 110 SLR, X70, Optio P70
Pentax Glass: DA* 300, DA* 60-250, DA* 50-135, DA* 16-50, DA 70 Ltd, FA 31 Ltd, DA 35 Ltd, DA 18-55 (2), DA 12-24, DA 10-17, M 200, A 35-70, M 40, M 28, Converter-A 2X-S, 1.4X-S, AF 1.7, Pentax-110 50, Pentax-110 24
Other Glass: Sigma 105 macro, Sigma-A APO 75-300
Flash: Metz 58 AF-1 P, Pentax AF160FC ringflash, Pentax AF280T

Daniel Bridge

Link Posted 15/12/2008 - 14:12
Plenty of discussion about merits of various anti-virus stuff on this thread.

I use Free AVG (Anti-virus), Zone Alarm (firewall) and as far as I know, haven't had any problems.

Be careful what 'Anti-Spyware' programmes you use, as some of them are little more than spyware themselves, and will tell you to download all manner of things to 'clean up' your system. 'Ad-Aware' and 'Search and Destroy' are two well respected ones. I run them now and again to make sure nothing's slipped through.

Dan
K-3, a macro lens and a DA*300mm...

DOIK

Link Posted 15/12/2008 - 14:22
I run the same Anti-virus and use the same Firewall along with Spybot search & destroy as Daniel.
Touch wood no problems to date....John

ttk

Link Posted 15/12/2008 - 14:26
I use Norton 2009 on my laptop and ESET Antivirus on the desktop, both are good and had no problems with them.
Tel,

Mannesty

Link Posted 15/12/2008 - 14:37
1: Use a decent external firewalled router for internet access. Zone Alarm and the like consume CPU processing power. Have a look at www.netgear.co.uk for what suits you. I use a DGFV338.
2: Use AVG Free for anti-virus and keep it updated.
3:If you don't recognise the sender of an email, delete it, don't read it.
4: Enable a pop-up blocker in your choice of web browser.
5: Run Windows Update regularly to keep your PC up to date with security patches (no moans from Mac users please).
6: Use Driver Detective or similar to ensure your device drivers are up to date.
7: Use Microsoft's Windows Defender for anti-spy/malware.
8: Run Spybot Search & Destroy periodically.

Check your "c:/Windows/system32/drivers/etc/hosts" file (change forward slash to backslash) for odd entries. The default file (which rarely needs changing) looks like:-

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
Peter E Smith

My flickr Photostream
Last Edited by Mannesty on 15/12/2008 - 15:01

Daniel Bridge

Link Posted 15/12/2008 - 14:51
Mannesty wrote:
Check your c:Windowssystem32driversetchosts file for odd entries. The default file (which rarely needs changing) looks like:-

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Just had a look at mine and got a fright! Didn't realise that Search and Destroy uses this to make sure that you don't inadvertantly follow a link to a dodgy page.

One of the more tame entries was:

127.0.0.1        adwarealert.com

If you enter 'www.adwarealert.com' into a browser, nothing happens. So if dodgy site's URLs are added to the host file (with a DNS of 127.0.0.1) you're never going to end up on them by mistake.

As I say though, gave me a fright!

Dan
K-3, a macro lens and a DA*300mm...

Steve O

Link Posted 15/12/2008 - 15:26
I use ESET Smart Security and they also recommended me to use SUPERAntiSpyware as they told me no single spyware/malware program detects everything at the moment. These work very well together and don't seem to slow my computer at all.
Steve
-----
Keep your words soft and nice in case you have to eat them.

Anvh

Link Posted 15/12/2008 - 15:37
Here's a good site Hyram to check how well certain antivirus programs work.
www.av-comparatives.org

Most companies offer an internet securety suit so you don't have multiple programs running, although I ain't so sure how good they are and if it is enough?

Eset has ESET Smart Security with firewall and all the other bells, my father and many forum memebers use this one I believe so they can give you feedback on it.

My grandpa and I use Kaspersky Internet Security and that is running very well and fast on both pc's without any incidents so far.

Good luck with your virus hunt
Stefan


K10D, K5
DA* 16-50, DA* 50-135, D-FA 100 Macro, DA 40 Ltd, DA 18-55
AF-540FGZ

Cliff-P

Link Posted 15/12/2008 - 16:58
I use AVG free with no problems, But I'm told AVG Internet Security package is really good (costs about 30 quid).

Hope this helps

Cliff.
Cliff.




My Flickr link
Nikon D750, D7000 , Nikkor 80-400, 70-300 and 18-200 lenses

iceblinker

Link Posted 15/12/2008 - 18:04
Use the Windows firewall (or whatever firewall you like) and antivirus software such as AVG, but do not rely on this or anything to prevent your computer from getting infected or to cure it once it is infected.

Instead, make regular backups of your operating system with something like Acronis True Image, then restore the most recent backup if you suspect infection.

Keep your application data on separate partitions or drives if possible, and regularly back these up too.
~Pete
Last Edited by iceblinker on 15/12/2008 - 18:05

Gwyn

Link Posted 15/12/2008 - 18:31
I use AVG and Zone alarm, after Norton360 screwed up my last computer.

amoringello

Link Posted 15/12/2008 - 18:37
I used to work for a security company that did a study on the state-of-the-art of virus/firewall software. (sort of a gray area company... writing both protection and attack software - for law enforcement use)

When tested against ancient (five year old) kit software (i.e. software used by script kiddies to build viruses), most of the current stuff out there detected less than half of these. Quite hilarious, although scary at the same time since many advancements in virus technology have come out in the years since!! Yet most current protection software could not handle basic five year old technology! Yikes!!
Most current software was almost totally ineffective in detecting installation or execution of more current up-to-date malware.

In the end, McAffe and Norton were both about average (detecting about 50% of the old stuff) but with severe hits on system performance and stability.
AVG was about on par but much more stable and less of a drain on system resources.
Windows firewall is an absolute waste. It handles only the most basic and trivial of attacks!!

ZoneAlarm pro did adequately and detected more root-kit invasions than any other software.

I use ZoneAlarm myself, but over the past year or so they started getting much more system resource intensive.

I would probably go with AVG or ZoneAlarm at the moment. Unless things changed ENORMOUSLY in the past year, nothing else puts a candle to them.

*** But the best protection available is simple common sense and caution:

Do not access questionable websites and do not open attachments on emails. Don't use Microsoft mail programs as they will happily execute code quite easily. (yes, software can be written such that it can be installed and not detected by ANY of the current virus/firewall protection softwares if you're not careful)


Also, for whatever software you have, do not run multiples of the same types... do not run more than one firewall. Do not run more than one malware/virus detection program. In general these can conflict with other software and cause attacks to not be detected. (Some may not, but follow suggestions in the manual if given)
This may or may not be part of the problem with McAffee.... although I must say I've always hated McAffee -- it is horrendously unstable and resource heavy. From my own experience, it is probably the worst of the lot.


edit:
Actually I remember one other piece of software being potentially better than the rest... Once I get back home, Ill have to dig up the website that does intensive comparisons against these types of programs. I did not get a chance to use the one they rated the best, but their findings were pretty consistent with our particular testing so I would have confidence in what they list.

(I think Zone Alarm was number two or three and AVG only slightly lower at the time, but all close enough to be considered in the same league. Other popular software, Norton, mcAffee, etc... rated much lower even than how we ranked them)
Last Edited by amoringello on 15/12/2008 - 18:45

George Lazarette

Link Posted 15/12/2008 - 19:12
Symantec is another one to avoid. Terrible resource hog.

G
Keywords: Charming, polite, and generally agreeable.

iceblinker

Link Posted 15/12/2008 - 19:25
You can and should run more than one malware/virus detection program - but not at the same time. Have just one constantly monitoring the system, but run others occasionally to check the current state of the system.
~Pete

amoringello

Link Posted 15/12/2008 - 19:46
Just be careful with running more than one at a time. Depending on how they hook the system, they may cause conflicts. This is especially true of firewalls that intercept or re-write low level NDIS APIs.
In order to be a good virus/malware scanner they have to be pretty low level when accessing system resources. So this would also likely be true for anything that hooks disk reads and writes, registry access, system clock, break point handlers, etc...).

Having multiple programs performing similar low level changes to your system may not be a good idea. If you don't know for sure how a particular program affects your system, it is probably best not to run it at the same time as similar software.



FYI,
Unfortunately I cannot find the site I used to reference that did some pretty intensive tests. The one I found via Google is in a different format. Also two years old, so near useless by now.
Anyway, it may still be informative for entertainment purposes :
http://www.firewallleaktester.com/tests_overview.php
Add a Comment
You must be registered or logged-in to comment.