.

ANTIVIRUS-Yes or No?

<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Wed Feb 04, 2009 9:53 am

ANTIVIRUS-Yes or No?

One of the most common question that I see in Security/Hacking forums is-Do I need an antivirus software?
The only answer I have to this question is-YES you do.
Regardless of whether you are a novice or a pro in the security field everyone needs an antivirus. Antivirus is obviously not your first line of defense (Firewalls are) but they are an integral part of your computer's security.
As a student for some time in malware removal courses I have seen and helped people who have been infected to the extent that they wouldn't even able to connect to the internet or faced regular computer crashes.90% of them are users who click every random pop-up that comes their way or download cracked software uploaded on random websites but the remaining 10% are users think they don't need any antivirus as they -according to them - know a lot about security and never click on pop-ups and test every software firstly on their virtual machines befor transferring it to their main desktop. But what these people forget is that antiviruses help in early detection of known malwares and a regular scan (I prefer one scan every fortnight) helps to check any subtle infection.

Of course, antiviruses don't help with every infection and with malwares like Antivirus 2007,8,9 series or cool web search you need specialized tools but antiviruses act as an external support to these tools and help in removal of remnants of these infections.

The other question that users ask after you convince them to use an antivirus is - Which is the best antivirus?
Well, there's a very thin line between an average and a good antivirus. And this thin line is often the scanning speed than malware detection. Most of the antiviruses don't have much difference in malware detection rate and like I earlier said antivirus softwares help in removal of small infections only, for some malwraes you need specialized tools. So, having any antivirus is better than having none.
There are some good free ones like  Avast , AVG and Avira antivir (Avast is my preference) and excellent commercial ones like Esset NOD32 and Kaspersky (I'm hearing some good reviews for the latest Norton antivirus too). The choice of using a free or a commercial antivirus depends on the user. I personally don't feel like spending my money over a commercial one if a free antivirus like Avast does almost the same job.

Now that I've written so much about antiviruses I think I should advertise the importance of firewalls, anti-spywares and hosts files too (Though I'll be writing a document on how to keep your computer safe in the coming days)

Firewalls -like I earlier said- are your first line of defense. They keep most of the pop-ups and hackers away. Windows firewall is a very basic firewall (No hard feelings microsoft). For better security you need a good firewall. An excellent free one is Comodo Firewall. Zone alarm is also a very good firewall though I would rather go for it's commercial one.

I won't dwell much in to anti-spyeares except giving links to some good ones. A combination of Spybot and a-squared is believed to be a good choice to go for. I personally use Spyware Terminator and never had any problems with it. There are also good commercial ones like Spyware doctor but I would rather choose a free one like the case in antivirus.

Lastly I would advice you to have a good hsts file. I'm using MVPS hosts file  which is the best hosts file available today. It block all pop-ups and random advertisements.And again it's free ;D If you don't want to follow my advice on antivirus, firewalls and anti-spyware atleast go with the hosts file.

Using a good anivirus, firewall, anti-spyware and hosts file(MVPS) -preferably all free- along with a little common sense is enough to keep you computer safe.

And if you still get infected there's an excellent group of forums from  ASAP which help users with their malware issues and also train users in malware removal- all for free! :D

Now I just want you people to share you opinions with the rest of the community or just tell me was this useful. Any reply is greatly appreciated=P
Last edited by Xen on Thu Feb 05, 2009 9:20 am, edited 1 time in total.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Wed Feb 04, 2009 11:35 am

Re: ANTIVIRUS-Yes or No?

Thanks for the post, Xen. I'm a big fan of the free things in life and would much rather use a free solution the cough up the $50 bucks a year a subscription service seems to run any more.

Is there a reason you did not mention a hardware firewall like that included in most home routers? I have found this to be a great help when I have scaned form the outside and there was only one outbound port open and I could not "see" the inside network. What are your thoughts on that?
Mike Conway
CISSP
CompTia Security +
C|EH
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Feb 04, 2009 12:22 pm

Re: ANTIVIRUS-Yes or No?

The post is useful Xen, I'm going to look into that MVPS tool for my Windows boxes when I get the chance (you may want to fix that link when you get the chance too).  I'll also second sgt_mjc in saying, being behind a router/NAT Device puts you at a more secure level, I personally feel safer when I'm behind a router that has been secured properly then being directly connected to the internet.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Wed Feb 04, 2009 4:02 pm

Re: ANTIVIRUS-Yes or No?

Unix/Linux also has a hosts file and can usually be found in /etc/hosts.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Feb 04, 2009 4:16 pm

Re: ANTIVIRUS-Yes or No?

sgt_mjc thanks for the info. Going to have to look into that when I get the chance!
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

_jon

Newbie
Newbie

Posts: 6

Joined: Tue Feb 03, 2009 3:03 am

Post Wed Feb 04, 2009 10:38 pm

Re: ANTIVIRUS-Yes or No?

Great post Xen. I personally use ESET NOD32 Smart Security. The built-in firewall isn't exactly novice-friendly, but you can configure it to your liking. Personally, I don't use commercial antivirus programs, but I gave this one a shot, and have found it to be excellent. (free plug for ESET, lol)

I'll give the MVPS hosts file a look soon, and I've chosen the built in firewall with ESET versus the hardware firewall that comes with most routers. There's definitely some useful information to be found in here, whether you're a novice like myself or an expert like some others, everyone can find a use for it.
128-10-93-85-10-128-98-112-6-6-25-126-39-1-68-76
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Thu Feb 05, 2009 9:26 am

Re: ANTIVIRUS-Yes or No?

sgt_mjc wrote:Is there a reason you did not mention a hardware firewall like that included in most home routers? I have found this to be a great help when I have scaned form the outside and there was only one outbound port open and I could not "see" the inside network. What are your thoughts on that?

Frankly speaking I don't have much basic knowledge about hardware firewalls than I have about the software. But now that you have raised the question I'll learn more about them and edit my article in some days.

KrisTeason wrote:The post is useful Xen, I'm going to look into that MVPS tool for my Windows boxes when I get the chance (you may want to fix that link when you get the chance too). 

Thanks Kris I have now edited the links and they are working now.

Again, thanks all of you for taking the time to read it and for your comments
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Thu Feb 05, 2009 11:43 am

Re: ANTIVIRUS-Yes or No?

Anyone hear of a good free app whitelisting program (not the Win7 one)? At SANS Sec West i saw a very convincing demo of how whitelisting will be the way of the future ;)
<<

Stifler

Newbie
Newbie

Posts: 7

Joined: Sun Jan 25, 2009 2:22 pm

Post Sun Feb 08, 2009 9:39 am

Re: ANTIVIRUS-Yes or No?

Great post Xen! I couldn't agree with you more, and thanks for the hosts file info; I learned something new!

So anyways, I thought I'd share a bit more knowledge of my own that may be helpful to some people. I've never had any schooling on computers but I've been using them since EGA monitors, 286 processors, 4MB HD's, 2400baud modems, DOS, and Quickmenu were the best on the market. For those of you who have no idea what I just said, that was before Microsoft Windows was put on the market. Quickmenu was the windows for that era. So if anything I say here is wrong or inaccurate, please, by all means, tell me so I can learn more.

Just like Xen talked about, I can't stress enough how important it is to have a firewall, antivirus, and antimalware suite setup on your computer, especially in this day and age. I personally go beyond just those three because I'm such a security nut who values the life of my machine.

Now... While it's good to have at least one of the three defenses I mentioned above, you should know that no program is going to find and block absolutely everything. Not even the high priced commercial stuff; however, you can come pretty close if you build the right suite with the right programs. I shall demonstrate shortly. But 1st you should know a couple important things.

1st. It is not always good to run more than 1 firewall or antivirus at the same time unless you find the right ones or unless you know how to set your options to make them work together, but you will still have bugs in most cases. Running more than 1 at the same time causes them to conflict and leads to an unstable system and eventually a nice crash to freak you out.

2nd. You can never have too much security.

3rd. You can never have too many antimalware programs. Just don't run them all at once or you will be asking for a crash. Only have a maximum of 2 running and make sure they work well together too! The rest should be ran manually and be sure to shut down the ones you leave running all the time before you do, just to be on the safe side, but this isn't always required.

Moving on... So here is a list of what I use and some info about them.

***ZoneAlarm Internet Security Suite*** (Paid)
This is an all-in-one suite that contains an easy to use set of security apps all in the same app. It has a firewall with built in intrusion detection that will tell you detailed info about any and all intruders trying to access your system. It has an enhanced but still traditional antivirus. By traditional I mean that it relies on a definition file that scans for distinctive signatures of known threats and therefore has a harder time picking up on anything that has not yet been analyzed and given a signature. ZoneAlarm has it's own antimalware scanner and a nifty application control feature that will tell you of all programs on your computer that try to access the internet, and gives you the option to block or allow. It also has identity theft protection with encryption that allows you to protect sensitive data such as passwords and any personal info you choose. It has gaming mode that lets you halt all popup messages during full screen gaming. And my favorite of all, the halt all internet traffic feature that you can manually turn on or set it to turn on when the screensaver comes on. So you don't have to worry about intruders when you're away from the computer when the option is on, nothing comes in or goes out. And like any good security app, it has all sorts of privacy settings to play with and make you say wow.

***BlackICE PC Protection, Intrusion Countermeasures*** (Paid)
This is a very simple but powerful firewall that focuses primarily on intrusion detection and program control. You do have the option to disable the program control portion of it because trust me, it gets annoying when the program is so powerful that it even recognizes and tries to block itself from  launching some of its own features. And even more annoying when you have to keep clicking "allow" on startup items to let your computer load up when you turn it on. Since I have program control on ZoneAlarm, I have it turned off in BlackICE to avoid annoyances and conflicts. Zones is more intelligent and knows the difference between safe and dangerous programs that try to launch, and therefore gives you minimal annoyances. BlackICE just blocks everything until you tell it otherwise, which can be good in some situations. I use it for the intrusion detection though because like I said, no single program will detect everything, 2 is always better than 1 when they don't conflict.

***PC Tools Threatfire*** (Free)
This is an antivirus and antimalware program that may be ran alongside another antivirus program, it's even recommended though not neccessary. This antivirus is unique from others in that it does not rely on definitions or signatures to detect viruses or malware. Instead, it scans using behavior based algorithms. Meaning that it will be 10 times more likely to find a new and unknown virus than a traditional signature based antivirus will, all based on how viruses behave. Cool huh? It also uses the same technique for malware scanning and it has a cool system monitor feature as well. I highly recommend this app to everyone.

***Malwarebytes' Antimalware*** (Paid)
The name says it all. This is a very powerful antimalware app that will pretty much find it all, including some legitimate things if you're not careful with it. I use to use Spybot and Adaware but when I got this app, the other two quit finding stuff so I got rid of them.

***Trend Micro HijackThis*** (Free)
This is the antimalware of all antimalware apps. It is definitely not for the novice user. I don't really use this one very much because even I am not skilled enough to recognize what it tells me. But I keep it on hand because there are numerous forums where you can go for malware support and most of them ask you to install this app, run it, and show them the log file that it generates after it scans so that they can tell you how to fix your problem. It's that good...

***Advanced Systemcare*** (Free)
This app is more for cleaning and maintaining your system. It has it's own disk defrag, junk remover, history and tracks cleaner, and even an antispyware/adware feature. This is the app that competes with System Mechanic, and I must say it's a worthy competitor, especially for being free. Though it does have a paid version which unlocks some features that the free version doesn't let you use. I use it for the cleanup and the antimalware so I care not about the pro features.

***Hide IP Platinum*** (Paid)
I'll go ahead and mention this one even though I'll be replacing it because my subscription is expiring soon. This is another one where the name says it all. It hides your IP address when you're online and changes it to a new IP through anonymous proxies. Basically it makes you invisible to other people or machines on the net so that you are extremely hard to find or trace, making it safer for you to surf the net and avoid hackers.

***Keyscrambler*** (Free)
This is a keystroke encryptor. It encrypts every button you type over the net and it only loads up when you open your web browser. It delivers peace of mind when typing personal info over the net because only you (the sender) and the receiver can see what you are typing. Anyone who tries to intercept what you type only sees a lot of encryption. And it's not worth them trying to decrypt it when there are millions of easier targets to move onto. Anyways, this is definitely a must have for all security nuts.

***McAfee Site Advisor*** (Free)
This app is another must have for security nuts. It adds a little box to your toolbar in your web browser that changes between 4 colors when you visit sites or do searches. These colors represent the safety level of the website. Think of it as a traffic light with an extra color. Red for stop (dangerous site), yellow for caution (site has both good and bad contents), green for go (safe site), and gray for unknown or not tested yet. When doing searches on the major search engines, it puts a little icon beside every result and can you guess what they are? Yep, they are one of the 4 colors so you know which results are safe to click on. You can mouse over the icons to get a tiny window with some more info about the result too, very useful for the caution icons.

_______________________________________

So there you have it, that is my "build your own security suite" for this year.  I hope it will give some of you who are here for advice on security apps some good ideas on what to try. Now there's one more sort of important thing for beginners and novices to know here. Security apps (specifically all-in-one suites and antivirus apps) eat up system resources and slow your machine down significantly. There is no getting around it, especially on machines with low RAM (like below 1gb RAM). But there are steps you can take to help compensate for some of that speed loss. Thus, I proudly introduce to you...

***Regcure*** (Paid)
This app allows you to scan, detect, and fix registry errors safely and securely even if you have no idea what the registry is. It also scans for junk files, broken links, invalid paths, and startup errors. Out of all the registry cleaning apps I've tried over the last few years, this one does it's job very well and in a timely fashion unlike most others. After running this app, you will gain back some of the speed you lost from installing security apps. If you have less than a gig of RAM you will notice a difference, more than a gig you probably won't notice anything but rest assured that it still did it's job.

***XP Smoker Pro*** (Paid)
This app allows you to tweak various windows settings that will optimize your windows xp to run at it's fastest. It will optimize everything from your CD drives to the internet, to your system core itself so that everything runs as fast as your hardware allows. Use extreme caution with this app though and make sure you set a restore point before using the program everytime so that you avoid possible headaches if you mess something up by mistake. Very powerful app and well worth it to gain more speed and performance.

With the size of my security suite, it slowed me way down, these two apps alone put my systems speed back to it's normal speed it had before installing all my security. The only apps I leave running at all times are the ZoneAlarm, BlackICE, Threatfire, and Hide IP. The rest I run manually on a regular basis, although most of the time when I'm not surfing the web, I usually unplug the internet and shut down all my security except BlackICE, so I can enjoy even faster than average performance speeds. It's great for watching movies or playing games, or just messing around with whatever when I'm offline and unplugged.

Ok this book needs to end sooner or later or I'll set here and talk about security all day. This post is intended for the beginners and novices out there who want to learn a few basic tips. But I'd like an expert opinion on my suite selection if possible.

Later all, hope this helps!
The Stiffmeister
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Mon Feb 09, 2009 5:24 am

Re: ANTIVIRUS-Yes or No?

A good read Stifler :)
Nice you explained all of these tools and also gave warnings regarding some (Hijackthis). Hijackthis is definitely not a tool for beginners. You should have a proper training to use this tool and I gave the link of ASAP websites which provide free training.
I see that you are using Threatfire. It's an excellent tool and I have also used it for about an year but it takes a lot of system resources and makea the computer slow. Perhaps that's the problem with you too.
Keyscrambler is good and I have tried it. The free version of malwarebytes is also good and I have it on my system.(Didn't feel like buying it ;))
However I would just like to advice you not to use two firewalls( I see you are running both Zonealarm and Blackice). Just having any one of them is enough for your system.
Besides that I also got to know about some tools I didn't know before. ;D

Thanks
<<

pibe86

Newbie
Newbie

Posts: 7

Joined: Sun Feb 08, 2009 10:10 pm

Location: Medellín Colombia

Post Mon Feb 09, 2009 1:41 pm

Re: ANTIVIRUS-Yes or No?

do you recommend use any antivirus  if you use linux at home?

i use ubuntu 8.10 64bits and  i just have "firestarter" as firewall and not antiviruses and  i thing using linux without antivirus i am a little safer than using windows with antivirus

this post is for all O.S and just for windows?
Last edited by pibe86 on Mon Feb 09, 2009 1:44 pm, edited 1 time in total.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Mon Feb 09, 2009 3:37 pm

Re: ANTIVIRUS-Yes or No?

I would definitely have an AV even with Linux. there are a few out there that say that because there are so many distros running diffrferent cores that you don't need it, but it is still another layer of protection. I have Clam AV on my Ubuntu box and have been happy with it.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

Ne0

Jr. Member
Jr. Member

Posts: 62

Joined: Thu Sep 04, 2008 5:28 pm

Post Tue Feb 10, 2009 11:05 pm

Re: ANTIVIRUS-Yes or No?

thanx for the posts Xen, i am keen on learning how this works and how do they contact there hosts for updates, and i have been keeping myself updated on those, most of the guys just instal the antivirus and start scanning, but * most of don't configure it which makes antivirus a lazy goose it just scan's the ongoing packets , like NAV needs a bit tweaks in his box or it wil make ur system a hell box, i have been using AVG which is free and had been no issues with it for more than a year,

but presently i am bit worried abt the worm Confickr aka downadup which has already spread more than 10 million PC's many users are not even aware of it that the worm has already been there there doors, and getting contantly updated from its hosts, most of the antivirus or spywares are not  catching this conficker as its signature gets changed each time, the best way to stop it is opendns, more info --> http://www.opendns.com/
Last edited by Ne0 on Tue Feb 10, 2009 11:07 pm, edited 1 time in total.
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Thu Feb 12, 2009 8:38 am

Re: ANTIVIRUS-Yes or No?

pibe86 wrote:do you recommend use any antivirus  if you use linux at home?

this post is for all O.S and just for windows?

I would definitely go for an antivirus even with Linux too. Linux though has small no. of viruses dedicated to it but it's still useful to have some antivirus scanners and run it just for once every week or fortnight.
Avast has a Linux version too but just as sgt_mjc said I would go with Clam AV with ubuntu.
<<

Stifler

Newbie
Newbie

Posts: 7

Joined: Sun Jan 25, 2009 2:22 pm

Post Sat Feb 14, 2009 2:35 am

Re: ANTIVIRUS-Yes or No?

Xen wrote:I see that you are using Threatfire. It's an excellent tool and I have also used it for about an year but it takes a lot of system resources and makea the computer slow. Perhaps that's the problem with you too.

However I would just like to advice you not to use two firewalls( I see you are running both Zonealarm and Blackice). Just having any one of them is enough for your system.


Yeah I did realize that threatfire was eating up the most resources, but regcure and xp smoker compensate for it pretty well with exception of a slower shutdown time when shutting the computer down or waiting for it to restart, but that's a price I'm willing to pay for added security. :)

The 2 firewalls aren't really a problem since I shut off the program control in blackice. So now it's more like half a firewall, so to speak. The intrusion detection in both programs work very well together without conflicts and both detect different things. Whatever Zone doesn't detect, Blackice does and vice versa. I'll admit that I had problems at 1st and it took me a while to figure them out before I finally got them both running stable together. But I see your concern and I thank you for it, most people will just let someone find out the hard way and keep their mouth shut.

Since you guys are on the topic of Linux, I have a couple questions. I've never used Linux before but I hear good things about it, so my questions are... Is it free like I've heard? Can it be installed on a computer designed for windows? And if so, where can I get it?
The Stiffmeister
Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software