Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 11-02-2017, 02:44
ArC ArC is offline
VIP
 
Join Date: Jan 2003
Location: NTOSKRNL.EXE
Posts: 172
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 17 Times in 12 Posts
ArC Reputation: 1
Quote:
Originally Posted by Kerlingen
Since the Windows Firewall has a default "allow all outgoing traffic" rule which you cannot change I would say it's mandatory to use an "internet security" product, not only to block (non-malware) "call home" software, but also to block malware which is not yet detected from connecting to its control server.
Maybe I'm misunderstanding you but you can configure profiles to block outbound traffic by default. The problem is that it's oftentimes not that useful in practice as you need to manually define rules upfront for all apps that should be allowed to access the internet. This easily gets cumbersome if an application uses multiple processes/services of which some need network access (like in case of VMWare Workstation). What's not uncommon either is legitimate installers which launch sub-processes (which need network access) from previously extracted images with randomized filenames. If you've configured the Windows Firewall to block outgoing traffic by default, it will do so without giving the user any hints whatsoever which can make it difficult to figure out what rules to add to get a particular app to work properly.

There're third-party add-on tools to workaround that problem, though. They listen for certain ETW events if I remember correctly and display a message if an app tries to access the network, alongside with options to create (temporary) outbound rules.

Another thing to keep in mind is that rules can be added programmatically which is something some installers do. While this is generally convenient, it can be annoying in cases where one doesn't want (legitimate) software to phone home for example.

Quote:
Originally Posted by TechLord
Finally. most of the security professionals do not have any AV on their system at all
No wonder really as AV software has in the past turned out to be an attack vector (MsMpEng Type Confusion anyone?).

Quote:
Originally Posted by SKiLLa
use a restricted account
https://xkcd.com/1200/
Reply With Quote
  #17  
Old 11-06-2017, 09:12
zeffy zeffy is offline
Friend
 
Join Date: Jul 2017
Posts: 44
Rept. Given: 3
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 194
Thanks Rcvd at 163 Times in 47 Posts
zeffy Reputation: 7
By the time you're depending on active antimalware/antivirus to do its job, it's usually too late anyway, especially if the malware is undetected. It can help, but it shouldn't be your only defense.

A secure browser with ad blocking, a properly configured firewall, sandboxing/virtualization software, locked down file system permissions, along with some common sense and safe practices is the way to go.

I personally use Chrome (with uBlock Origin and uMatrix), Comodo Personal Firewall, Sandboxie, VMWare, Microsoft EMET, and finally Microsoft Security Essentials, along with some other niche security software.
Reply With Quote
  #18  
Old 11-07-2017, 23:11
Fragrance Fragrance is offline
Friend
 
Join Date: Oct 2017
Posts: 10
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 15
Thanks Rcvd at 4 Times in 3 Posts
Fragrance Reputation: 1
kaspersky is the best it will also scan USB pin drive automatically when inserted also well work for malware and rootkit and have great firewall built in if you go for internet security,kaspersky also provide room for window defender to run by side usually other antivirus disable the window defender upon install nod32 is also good choise

Last edited by Fragrance; 11-07-2017 at 23:18.
Reply With Quote
  #19  
Old 11-08-2017, 20:41
cp74 cp74 is offline
Friend
 
Join Date: May 2016
Posts: 16
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 12 Times in 6 Posts
cp74 Reputation: 0
Hi,

Avast acquired Piriform, maker of CCleaner, but recently CCleaner was infected by malware and distributed to 2.3 million users. It was a two-stage backdoor that allows a remote attacker to execute code on an affected system.

hxxps://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

hxxps://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident

So i believe any antivirus is better for the known threats, not unknown ones.

Regards,
cp74
Reply With Quote
  #20  
Old 11-09-2017, 01:17
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 308 Times in 95 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Quote:
Originally Posted by Fragrance View Post
kaspersky is the best [...] and have great firewall built in
No. No. No. Just no.

I already explained here why it's the worst firewall implementation one can think of.
Reply With Quote
  #21  
Old 11-09-2017, 02:57
luki luki is offline
Friend
 
Join Date: Aug 2017
Posts: 25
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 5 Times in 5 Posts
luki Reputation: 1
I'm using BitDefender as antivirus (some features turned off is a must) - it scores 100% at av-comparatives.
https://chart.av-comparatives.org/chart1.php

For malware - Malwarebytes.

I'm not using firewall, because I'm behind NAT. If I need to filter something I just use hosts file.

Also on Windows - UAC turned off, and built in Administrator account enabled (using it). Win+R, cmd.exe;
Code:
net user Administrator /active:yes
Reply With Quote
  #22  
Old 11-09-2017, 06:03
tusk tusk is offline
Friend
 
Join Date: Jun 2016
Posts: 36
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 18 Times in 12 Posts
tusk Reputation: 0
Agnitum had a nice personal firewall project you certainly remember : Outpost.
I felt it was just giving all the information you needed is a simple yet very useful interface. Open connections, open ports, open applications but really just the way it's supposed to be. Config was easy and you really could see and understand everything that was happening live.
Somehow, other firewalls do a lot in the back, and you don't always know what's going on or find about it way later.

Unfortunately & on many versions I had too many issues with it and always had to switch back (to zonealarm at that time ). I wish they would continue the project and make it better.
Reply With Quote
  #23  
Old 11-28-2017, 15:20
WildGoblin WildGoblin is offline
Friend
 
Join Date: Jan 2006
Posts: 47
Rept. Given: 105
Rept. Rcvd 31 Times in 14 Posts
Thanks Given: 29
Thanks Rcvd at 18 Times in 13 Posts
WildGoblin Reputation: 32
MS Defender

Quote:
Originally Posted by tusk View Post
Agnitum had a nice personal firewall project you certainly remember : Outpost.
Yes, Outpost very nice - for many years.
Reply With Quote
  #24  
Old 11-28-2017, 17:14
VodoleY VodoleY is offline
Friend
 
Join Date: Dec 2014
Posts: 19
Rept. Given: 6
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 18
Thanks Rcvd at 4 Times in 3 Posts
VodoleY Reputation: 1
MS Defender or work in wmvare or sandbox
Reply With Quote
  #25  
Old 11-28-2017, 17:31
WildGoblin WildGoblin is offline
Friend
 
Join Date: Jan 2006
Posts: 47
Rept. Given: 105
Rept. Rcvd 31 Times in 14 Posts
Thanks Given: 29
Thanks Rcvd at 18 Times in 13 Posts
WildGoblin Reputation: 32
Quote:
Originally Posted by VodoleY View Post
MS Defender or work in wmvare or sandbox
In vmware I have a third-party antivirus installed
Reply With Quote
  #26  
Old 11-28-2017, 20:23
yoza's Avatar
yoza yoza is offline
Moderator
 
Join Date: Aug 2015
Location: Himalaya
Posts: 255
Rept. Given: 97
Rept. Rcvd 255 Times in 90 Posts
Thanks Given: 373
Thanks Rcvd at 1,623 Times in 218 Posts
yoza Reputation: 200-299 yoza Reputation: 200-299 yoza Reputation: 200-299
Each AV user may have different views according to their needs or experience using them.
I have not used Antivirus or Antimalware for a long time ...until Now.
(Kaspersky, AVAst, McAfee, NoDIce, Malwarebytes..etc.) .. As well as Windows Defender - I always disable/turn off it.
reasons : - spend the pc memory
- slow down my pc activities.
- always annoying my activities.
- my PC is very old (1 GB RAM only!!)
I use it if I feel I need it....
Reply With Quote
The Following 3 Users Say Thank You to yoza For This Useful Post:
alekine322 (11-29-2017), kienmanowar (11-29-2017), wilson bibe (11-29-2017)
  #27  
Old 12-01-2017, 09:30
0xd0000 0xd0000 is offline
Family
 
Join Date: Nov 2013
Posts: 51
Rept. Given: 3
Rept. Rcvd 37 Times in 14 Posts
Thanks Given: 9
Thanks Rcvd at 21 Times in 12 Posts
0xd0000 Reputation: 37
Commercially… CylanceProtect with FireEye HX, and ESET (or something that is leveraging AMSI) Gartner also recently published an article on Microsoft ATP changing the landscape.

Home use, MalwareBytes, CylanceProtect, ESET/SEP (mainly because of customization allowed)

And the obligatory FireFox w/NoScript, and make sure your using Sysmon.
Reply With Quote
  #28  
Old 12-01-2017, 13:46
Sailor_EDA Sailor_EDA is offline
Friend
 
Join Date: Nov 2004
Posts: 67
Rept. Given: 8
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 42
Thanks Rcvd at 4 Times in 2 Posts
Sailor_EDA Reputation: 2
I think Avira is the best. I've used it for many years now and it's been very reliable and fast. I have McAfee on my work computer and I can always tell its hogging my system.

Quote:
Originally Posted by 0xd0000 View Post
Commercially… CylanceProtect with FireEye HX, and ESET (or something that is leveraging AMSI) Gartner also recently published an article on Microsoft ATP changing the landscape.

Home use, MalwareBytes, CylanceProtect, ESET/SEP (mainly because of customization allowed)

And the obligatory FireFox w/NoScript, and make sure your using Sysmon.
Reply With Quote
  #29  
Old 12-01-2017, 14:48
BiMode BiMode is offline
VIP
 
Join Date: Apr 2003
Location: where...
Posts: 133
Rept. Given: 36
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 20
Thanks Rcvd at 14 Times in 10 Posts
BiMode Reputation: 2
Avira = Avast = MsMpEng
They are good at caching keygen-warez-ware. Avoiding these av vendors if you want to catch real viriis (IMO).
Reply With Quote
  #30  
Old 12-01-2017, 20:16
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
I think all has been said in meanwhile...
Earlier I was using Bitdefender and since couple of years Avast.
Both helped me to stop some invaders, but this is not against other programs.
Think you should decide it by your own
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best Antivirus Engine mantovano General Discussion 102 02-16-2011 18:13
Antivirus API just4urim General Discussion 4 02-06-2005 02:49
Anti Antivirus = ? Virus ?? Trojan ?? drasd_20002 General Discussion 3 06-05-2003 00:03


All times are GMT +8. The time now is 18:24.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )