bigjim18's Security Config

[bigjim18]

On 7/21/12 my machine had the outward appearance of being infected with a virus. By the next day all programs would not run. "Jack" on your staff guided me through the process of removing the TDL-4 (TDSS / Alureon) rootkit virus. By 7/29/12 the virus was removed and the BSOD were eliminated.
Jack indicated that McAfee was not a very strong product and I'm a little shaken that it cound'nt even dectect the virus when the infection started. I get the product free as a benefit of being an AT&T Uverse customer.
What would be a good configuration of anti-virus software for my machine so I could avoid future infections from my web browsing?

 

[madyrocksin]

RE: What is a good configuration of anti-virus software?

Most People dont recommend mcafee.
As for your question,what kind of a user you are, like what kind of stuffs you do on your computer system, for example mostly gaming, mostly surfing, trying unknown software or a mixture of them etc. ??

 

[McLovin]

RE: What is a good configuration of anti-virus software?

You could try Avast free with either the Windows Firewall and or Comodo Firewall.

 

[3link9]

RE: What is a good configuration of anti-virus software?

Alright here are my recommendations:

Operating System: I would recommend that a update to windows 7 as Windows XP will lose its support in about a year and a half.

Realtime Protection: McAfee is starting to improve in terms of protection but its still not good enough.
If you wish, I recommend that you use a different Anti-Virus/Security Suite, Here are my recommendations for a beginner:
Free:
Avast Free 7
Avira Free

Paid:
Bitdefender Internet Security
Norton internet security
Kaspersky Internet Security

On Demand scanners:
I would add Malwarebytes and Hitman Pro

Browsers:
Google Chrome
Firefox
Comodo Dragon

 

[Ramblin]

RE: What is a good configuration of anti-virus software?

Jack indicated that McAfee was not a very strong product and I'm a little shaken that it cound'nt even dectect the virus when the infection started. I get the product free as a benefit of being an AT&T Uverse customer.
What would be a good configuration of anti-virus software for my machine so I could avoid future infections from my web browsing?

The truth is that if you really want to avoid infections in the future, you have to understand that all antiviruses miss something sometimes. What I am saying is that if you depend solely on using an AV to help you stay clean then its only a matter of time before you get infected again.

There are newer and more efficient technologies that will do better for you if you learn how to use them properly. Look at me, 4 years ago I was like you, I had been using the internet for 13 years and every year I would get infected once or twice no matter what. One day, I decided to stop getting infected, made it like a game and today even if I try, I wont get infected.

For me, learning basic security stuff and discovering/using Sandboxie has made the difference. If you have never heard about Sandboxie, here you can read about it. I suggest you either try Sandboxie or something else but don't start mixing a bunch of programs all together at the same time. In a way, doing that is worst than getting infected.

http://www.sandboxie.com/

Bo

 

[Jack]

RE: What is a good configuration of anti-virus software?

Hello,
Real-time protection
McAfee is not a great product,mainly because it doesn't have any strong zero day malware prevention layers so if your antivirus doesn't have signatures for a virus then you'll most likely get infected again.


You should try Avast 7 Free , mainly because unlike the competition (MSE and Avira) doesn't only rely on traditional prevention techniques to stop malware, and here I'm talking about the Auto-Sandbox and File reputation system : https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/
Another solid security product is Comodo Internet Security,this is all in one product so you'll also get a very powerful Firewall and a Host Intrustion Prevention System.Like Avast, Comodo will auto-sandbox unknown files so it has a very high prevention rate.It's good to know that this products comes with a HIPS which can generate some pop-ups even when you install or run some new or unknown but legit application so I would recommend this product if you want to get more involved in your computer security.

As a general knowledge,it's important to understand that most infection rely on social engineering to infect your computer, basically you'll need to run a compromised file so that they can work.
If you practice a smart online behavior then you should really decrees your chances of getting infected. You can read some tips on how to avoid infections here: http://malwaretips.com/Thread-5-easy-tips-to-avoid-infections

Browser protection

Internet Explorer is a very target browser by the cyber criminals so my suggestion here would be to use either Firefox or Google Chrome because both are very often updated and have very strong protection layers.


I would suggest also that you add the following addons to your browser:
Web of trust - site advisor
WOT (Free) - link
To help you avoid malicious sites you can use Web of Trust (WOT) a website rating browser plugin. After you add it to your browser make sure you only visit websites rated "Green" by WOT

Adblocker - an adblocker
For Firefox
Adblock Plus (Free) - link
Adblock is a content-filtering extension for Mozilla Firefox- and Mozilla Application Suite-based web browsers. Adblock allows users to prevent page elements, such as advertisements, from being downloaded and displayed.
For Chrome
Adblock Plus for Google Chrome (Free) - link
Adblock Plus for Google Chrome is a content-filtering extension for Google Chrome. Adblock allows users to prevent page elements, such as advertisements, from being downloaded and displayed.

On demand scanners

You should always upload all your downloads on virustotal.com and perform a scan with your on-demand to be checked for malware!

VTUploader (Free) - link
To upload a file to VirusTotal, you can visit the main analysis site, click the Browse button to select a file from your hard drive, and then click the Send file button. You can make this process even easier with the free VirusTotal Uploader utility. After installing it, you can simply right-click any file under 20MB and choose "VirusTotal" from the Send To Windows menu. The scan results will display in your browser as usual.

Hitman Pro (Trial ) - link
An on-demand scanner using multiple anti-malware engines and cloud technology. It offers unlimited free scanning but once you use it to remove detected malware it switches to a 30-day trial version. I recommend using it after you've scanned your hard-drive with the other products you have installed

Malwarebytes Anti-Malware Free (Free)- link
This product utilizes Malwarebytes powerful technology to detect and remove all traces of malware including worms, trojans, rootkits, rogues, dialers, spyware and more.

---

Virtualization:
Even if you submitted a file to virustotal.com and it said that it's clean , you'll need to run it in virtual environment because sometimes infection can be so new that security vendors don't have signs for it.

Virtualization software will allow you to browse the web or run another application in a completely safe environment. This is especially useful when visiting high-risk web sites, whether accidentally or deliberately, as the Web browser will be completely contained within the virtual enviroment, preventing any damage to your computer.
A sandbox can also be used to run any other applications which you think may be suspect - you can run the program inside the sandbox to determine whether or not it is safe while remaining completely protected against any malicious actions that it may try to carry out.
I strongly advise you to install Sandboxie and use it for when you're browsing the Internet or running shady/unknown programs.
Alternately you can try BufferZone PRO (Free) , another great virtualization software.
Sandboxie (Free/Paid) - link
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.




Always run suspicious of freshly downloaded files in a Sandboxie to verify that he download isn't compromised!Sandboxie will replicate perfectly your operating system so all the files should run without any problems in it.

---

 

[Deleted member 178]

RE: What is a good configuration of anti-virus software?

In fact, it is not how good the configuration is, but how good you are to run yours.

Look at me for example, i am the "wise paranoid user" type, i like going to malicious websites, test malwares, security softs or unknown apps; but i have enough skills to set and run a very secured layered security config, without getting slowdown from my Av/security suites.

My approach is the total opposite of Bo.Elam or Earth, they prefer the lightest system possible mostly only under a virtualization soft like Sandboxie, also they are doing safe-surfing so their needs are less demanding than mine.

i advise you to choose one security softs (av+fw or suite), test it for at least a 1-2 weeks, learn the settings, then if it satisfies you, keep it and improve your knowledge of it by visiting the vendors forum regularly so you can cover all potential issues.

I did that for all my apps.

 

[Ramblin]

RE: What is a good configuration of anti-virus software?

My approach is the total opposite of Bo.Elam or Earth, they prefer the lightest system possible mostly only under a virtualization soft like Sandboxie, also they are doing safe-surfing so their needs are less demanding than mine.

What you talking about. Who said that I do safe surfing. I go everywhere, as a matter of fact I go to the same sites that I use go when I use to get infected and download the same stuff that I use to download then. The only difference is that now, I know a little about security, don't use an antivirus and made the wise decision to use Sandboxie.

Bo

 

[Deleted member 178]

RE: What is a good configuration of anti-virus software?

I was talking more about Earth in that case.

 

[Ink]

How to Uninstall McAfee
http://service.mcafee.com/FAQDocument.aspx?id=TS101331

Windows XP users
1. Close all McAfee program windows.
2. Click Start, Settings, Control Panel.
3. Double-click Add or Remove Programs.
4. Select McAfee SecurityCenter.
5. Click Remove and follow any on-screen prompts.
6. Download and run the McAfee Consumer Product Removal (MCPR) tool (visit link above for full instructions and download link, mid-page)

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

 

[Ink]

RE: What is a good configuration of anti-virus software?

My approach is the total opposite of Bo.Elam or Earth, they prefer the lightest system possible mostly only under a virtualization soft like Sandboxie, also they are doing safe-surfing so their needs are less demanding than mine.

Safe-surfing? I visit all sorts of links, download different files (although not executed, because that's just asking for trouble).

In fact, I test Chrome's Malware Protection (in Incognito mode - don't want the links present in my history/omnibox) on my host. Since Chrome (v21) was released, I may test it again after the weekend.

 

[Deleted member 178]

I was sure you said that before...ok i apologize

 

[Ink]

While I did say something similar to that, I didn't mean 100% of the time.

 

[Ramblin]

Umbra, I think all sites are equally dangerous. Let me give you an example. I have never been infected or being prompted by an antivirus when surfing the dark side of the internet. In fact, all infections or prompts that I can remember, came while doing "safe, clean searches" while using Google.

In my opinion, the danger is the same when we go to the Vatican's website as when we look for fun stuff. Based on my personal experience, that's how it is. I always say, figuring out which sites are clean and which are not is not as easy as cherry picking. That makes it a good reason to always surf sandboxed.

Bo

 

[Plexx]

If the OP wishes to use McAfee because it came for example with his system and has an active subscription, then it is fine. Not the best but ain't that bad as you can see in my video. Note: I admire a user who uses McAfee simply because their UI drives me nuts by even looking at it, let along use it...

If the user simply has it to have and wishes to improve his configuration and is willing to ditch McAfee, then by all means try other free solutions like Avast, Avira, AVG and Comodo.

It depends on the OP's browsing habits. He would be better off with one of the above mentioned solutions, but then again he had a paid suite for free. Perhaps adding Sandboxie and bits and pieces can still allow him to use McAfee.

Just my thoughts on it.

 

[Deleted member 178]

Umbra, I think all sites are equally dangerous. Let me give you an example. I have never been infected or being prompted by an antivirus when surfing the dark side of the internet. In fact, all infections or prompts that I can remember, came while doing "safe, clean searches" while using Google.

In my opinion, the danger is the same when we go to the Vatican's website as when we look for fun stuff. Based on my personal experience, that's how it is. I always say, figuring out which sites are clean and which are not is not as easy as cherry picking. That makes it a good reason to always surf sandboxed.

Bo

i agree, the most infected sites i came across, were "sometimes" porn sites, but mostly "wallpaper" sites.