Gnosis's UPDATED (11-29-13) CONFIGURATION

[HeffeD]

RE: ZOU'S CONFIGURATION

If Threatfire is truly a "HIPS", I have heard that HIPS are the number one defense against rootkits because they can detect the initial attempts to install one on your PC as well as activity thereafter.

Unless they have changed the way their application works after I stopped using it, (several years ago) Threatfire is a behavior blocker, not a HIPS.

In other words, it doesn't question any system changing activity right off the bat, but instead only watches for suspicious behaviors. So while a BB is generally considered more user friendly that a HIPS because the user isn't being asked about every little thing, they don't offer quite as good protection as a HIPS. (Assuming the user controlling the HIPS knows what they are doing)

 

[Gnosis]

RE: ZOU'S CONFIGURATION

Very good. That was quite an efficient explanation.

I think your assumption is right that Threatfire is technically a behavior blocker.

 

[Gnosis]

RE: ZOU'S CONFIGURATION

ZOU'S CONFIGURATION.......UPDATED
General computer knowledge: Advanced
Level of security risk: Low
Operating system: Windows XP 2002 Service Pack 3 32bit
OS architecture: 32 bit
Non-admin account: No
Real-time protection: Threatfire AV
On-demand scanners: MBAM, HitMan Pro
Browser(s): Opera and Firefox WITH SANDBOXIE

 

[Gnosis]

RE: ZOU'S CONFIGURATION

I am done with Avast, AVG, and Avira AV's, and I am not paying for another one that will have the same symptoms, such as: mediocre protection, slow PC booting, or sluggish browsing and (or) program operations---AVG just plain STINKS. Avira nags too much over nothing, and Avast makes every click a tedious endeavor, even when its real time sensitivity is reduced.

When I am surfing randomly on the internet, I will utilize Sandboxie. When I am on familiar sites that I generally trust, I will take my chances with Threatfire AV set to level 5. If IT hits the fan, I have Dr. Web's live CD and KBRD. For further cleanup I have TDSS Killer, HitMan Pro, MBAM and NPE.

 

[Ramblin]

RE: ZOU'S CONFIGURATION

I can see that rootkits worry you a lot. If you don't want to worry at all about rootkits, use SBIE 100% of the time, not only when you are "surfing randomly". Rootkits DO NOT install in a sandbox as SBIE does not allow them to be installed. Myself, the only time that I run a browser out of the sandbox is when is time to do an update. Do the same and I promise you, you wont even think about rootkits anymore "when you are running sandboxed". Installing a malicious program infected with a rootkit would be the only time that your system can be infected. By the way, three years ago, I discovered SBIE while searching on how to deal and prevent getting infected by rootkits.

I don't blame you for feeling frustrated about real time antiviruses, I also felt that way and getting rid of that frustration IT is the main reason why I stopped using antiviruses. So, start using SBIE a little more and when you are ready, use it to sandbox most applications and files that you run in your computer and you ll be just fine. Don't think of SBIE as a browser in a sandbox.....

Bo

 

[Gnosis]

RE: ZOU'S CONFIGURATION

I am surprised to see that someone agrees with a method of my madness.

Sandboxie is a wonderful product. I look forward to using it more and more. I have set it to "drop rights", "delete contents of sandbox upon shutdown" and "quick recovery".

It seems that AV's have become as annoying as firewalls; THE BETTER THEY PROTECT YOU, THE MORE ANNOYING AND TIME CONSUMING THEY BECOME. Besides that, Avast got to where it was like I had an MBAM manual scan running constantly. It was hang after hang. I think it was gaining intelligence and taking over like some kind of rogue cyber being from the Cygnus X-1 system.

If MBAM Pro was free, I would try it out for a few months, but until then, I am satisfied with TF at level 5. It is a persistent little booger, yet not as complex as a firewall. It does not slow my PC one bit, in any way, shape or form.

In essence, popular AV's are "grayware", at best, IMHO.

As you said, I am not a big fan of rootkits. I don't like things going on in my system without my knowledge. That is why I have XueTr, Process Hacker 2, TreeSize, and Autoruns. I am not paranoid, I just don't appreciate some hacker thinking that they can get the best of me while pulling some cyber wool over my eyes.

I have to thank former members of rM (and Administrator) and current members of MT. Without them, and the positive influence that they have had on me over the last couple of years, there is NO WAY that I could be confident in the many decisions I have made pertinent to PC security and malware removal. In addition, they are simply great people. The newcomers, such as Yourself, NSG, Proroo, and others, have been great too.

 

[Guest28]

RE: ZOU'S CONFIGURATION

Your config looks great zou1 I know your a advanced user so I'm not so worried your not running a av.

 

[Gnosis]

RE: ZOU'S CONFIGURATION

ZOU'S CONFIGURATION.......UPDATED
General computer knowledge: Advanced
Level of security risk: Low
Operating system: Windows XP 2002 Service Pack 3 32bit
OS architecture: 32 bit
Non-admin account: No
Real-time protection: Threatfire AV
On-demand scanners: MBAM, HitMan Pro
Browser(s): Opera and Firefox (Ad-block Plus and Better Privacy) WITH SANDBOXIE

 

[Ramblin]

RE: ZOU'S CONFIGURATION

ZOU, as you use SBIE a little more, you ll learn that your only concern should be about the files that you recover as nothing inside the sandbox gets out unless you allow it. Recovering an infected file and executing it is the only way that you can get infected if you use SBIE the whole time. So, be careful about the files that you recover.

The good thing is, you can still keep Sandboxie protecting your computer if you run freshly recover files in a sandbox. ZOU, you don't need the paid version for doing this even though it works nicer and is automatic when you register your copy of SBIE. Thats why I said on my previous post, dont think of SBIE as a browser in a sandbox. Personally, I sandbox just about everything, there is not a reason not to do it. My sandboxes open fast, close fast, ALL programs work as fast with or without SBIE.

Myself, because of the way that I use SBIE, the only time that I am in danger is when I install something in my real system but since I only install well known programs and always get the installers from the developers site(rarely I don't), my chances of ever getting infected again are very little. When you use SBIE you can surf any site that you want BUT don't use P2P, cracks, keygen or anything illegal. My suggestion is based on my own personal experience as nothing makes me blink when I am running an application or a file under Sandboxies supervision but that changes if I run something not well known out of the sandbox.


Bo

 

[Gnosis]

RE: ZOU'S CONFIGURATION

I hear ya. I like Sandboxie too, because it keeps your PC from getting all cluttered up when you do a lot of surfing--what was there is gone, completely.

 

[jamescv7]

RE: ZOU'S CONFIGURATION

Well since you don't have an AV, a hardening HOST file could be really useful on that case.

Link

 

[Gnosis]

RE: ZOU'S CONFIGURATION

Just to give you all an idea of how Avast was interfering with things; even after I reduced Avast's real time sensitivity, MBAM was taking in excess of 23 minutes to scan my PC with Avast's shields active. Since I have removed Avast from my PC, MBAM now does a full scan in less than 15 minutes every time. During those many 23+ minute scans, the CPU was nearly idle (1 or 2%) just prior to running MBAM, and I would leave my PC alone the whole time it scanned with no windows open.

 

[malbky]

RE: ZOU'S CONFIGURATION

ZOU1 why dont you get an av like Avira Free. It is not a big resource hog. Is there any reason for not using a full security suite. Is this your test config or its your daily use machine?

 

[Ink]

RE: ZOU'S CONFIGURATION

Just to give you all an idea of how Avast was interfering with things; even after I reduced Avast's real time sensitivity, MBAM was taking in excess of 23 minutes to scan my PC with Avast's shields active.

Did you try disabling all the Shields or at least the File System Shield for (ie) 30 minutes?

Used to have this issue with CCleaner in the past.

 

[jamescv7]

RE: ZOU'S CONFIGURATION

Well not sure if Avira Free will be same like mine in Windows XP. Caused for Avira Free it isn't a resource hog but noticed an additional seconds when boot up.

 

[Gnosis]

RE: ZOU'S CONFIGURATION

ZOU1 why dont you get an av like Avira Free. It is not a big resource hog. Is there any reason for not using a full security suite. Is this your test config or its your daily use machine?

I used to use Avira. It could happen again. I am satisfied with Threatfire level 5 right now though.

Is this your test config or its your daily use machine?

Yes. This is my daily use machine.

Did you try disabling all the Shields or at least the File System Shield for (ie) 30 minutes?

I think I did, but I cannot remember what came of it.

 

[Ink]

RE: ZOU'S CONFIGURATION

Okay, don't worry about it. You seem content with SBIE and TF. Quick question, do you use VirusTotal Uploader?

Nothing can compete with SBIE, it's in a league of it's own.

 

[Gnosis]

RE: ZOU'S CONFIGURATION

Yeah, Sandboxie is really amazing.

I have known about VirusTotal for some time, but I don't ever recall utilizing it. Is it pretty handy?

FYI: To supplement Threatfire I do a full scan once every couple of weeks with afresh
Dr. Web Cureit download via Softpedia. I know it is not a real-time supplementation, but I will take an on-demand full scan from Dr. Web any day over real-time protection with AVG and others.

 

[jamescv7]

RE: ZOU'S CONFIGURATION

Of course Virustotal Uploader is pretty handy, its design to upload a file by right clicking and it will open the browser to upload the file immediately.

 

[Gnosis]

RE: ZOU'S CONFIGURATION

General computer knowledge: Advanced
Level of security risk: Low
Operating system: Windows XP 2002 Service Pack 3 32bit
OS architecture: 32 bit
Non-admin account: No
Real-time protection: Threatfire AV Level 5
On-demand scanners: MBAM, HitMan Pro
Browser(s): Mozilla Firefox w/adblock, Do Not Track Plus and KeyScrambler
Opera
ALL WITH SANDBOXIE