How much is too much?

kjdemuth

Level 9
Verified
Jan 17, 2013
410
I have to agree with moose (mostly). Nothing is 100% and layered security is the way to go. Norton's detection rate is partially determined by Sonar. Even before that Norton's detection rate isn't the greatest. I'm not saying that its horrific just not the greatest. Having said that without an internet connection you lose some of Norton's detection score. MBAM has all off line sigs. MBAM has a very good PUP and Rootkit detection rating. I wouldn't say that it rivals some security suites but it is very good. Apart from that it also has a very good IP filter. Keeping one out of trouble before they actually get in any. Norton is known to be very light which is good because MBAM can use up some resources (100k mem resources last time I used it).

Now there is a difference between EMET and MBAM AE. There is a good reason to keep both.

"EMET is mainly designed to enforce OS protections on third party (i.e. non-Microsoft) applications. So for example you can force non-ASLR compliant apps to use ASLR. It also includes other mitigations which are very nice and handy as well as the certificate trust feature.
MBAE on the other hand has been designed as a global (i.e. complete, as in you don't need anything else) multi-layer anti-exploit real-time protection. While some of the mitigations are similar in nature, MBAE is more complete as an anti-exploit as it includes multiple techniques against both stage 1 and stage 2 of the exploit attacks (while EMET is just stage 1). So basically in case something bypasses exploit stage 1 protections with EMET, you are out of luck. With MBAE if some exploit bypasses stage 1 you still have the stage 2 protection layers protecting you as a safety net.


Some other differences are the following:

  1. MBAE is growing and including EMET protections and even other types of protections not found currently in EMET or MBAE. We keep on adding new techniques every other week to make MBAE even more robust and complete as an anti-exploit.
  2. EMET’s protections are limited in older Operating Systems such as XP, while MBAE is not. Under XP MBAE is much more effective than EMET. This is especially important for larger companies where they still rely on older OS versions and are much more vulnerable.
  3. Finally potential bypasses for EMET (there have been a few in the past) do no affect MBAE as we include the exploit stage 2 protections not found in EMET as a safety net."
This was taken from MBAM website from the creator of MBAM AE.
 
  • Like
Reactions: Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361

Moose

Level 22
Jun 14, 2011
2,271
Earth! How is Sandboxie working out? I have no luck with Sandboxie at all. At one time I was big NOD32
fan. Moose
 

truoc

Level 1
Thread author
Jan 3, 2012
49
Again thank you all for contributing to this thread, you all are too kind!

I think I'm going to give the following a trial run for awhile and see how I like it:

Switch to a standard account instead of Administrator
Windows Defender in Windows 8.1
Malwarebytes Anti-malware Pro with realtime enabled
Malwarebytes Anti-exploit
EMET
Panda URL filter
OpenDNS (only because it's faster for me and does provide some phishing protection whereas when I tested NortonDNS it never stopped anything)
Chrome and Firefox with AdblockPlus and LastPass.

Maybe I could substitute Avast in place of default AV, but ever since I've had a few FP's with Avast it's put me off from using it. It is a fine product, but I've never been a fan.
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
Few things....
What are you using for you AV? Didn't see it in the list. Also I would re-try Norton DNS. It changed recently and works really well. Another thing MBAM already has an IP filter. I see no need to add another one through panda. Everything else looks good. Just my two cents.
 

aztony

Level 9
Verified
Oct 15, 2013
501
Zemana Antilogger Free
Malwarebytes Anti-malware Pro version
Malwarebytes Anti-exploit
MCShield USB protection
EMET
WinPatrol
I have that setup on both my XP and Win 7 rigs. AV I use is Panda Cloud on both, OA fw on XP, and Comodo fw on Win 7. I have seen no slowdown with either system, and experienced zero conflicts. Overkill? perhaps, but I see no discernible reason to change anything.
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
No that's not overkill. Panda AV is pretty light and you then have you Firewall/HIPS layering things up.
 

truoc

Level 1
Thread author
Jan 3, 2012
49
Let me know how Panda URL Filter work-out? :) Thanks!
I had used it in the past and do find that it does catch a few things every now and again when other things did not.

Few things....
What are you using for you AV? Didn't see it in the list. Also I would re-try Norton DNS. It changed recently and works really well. Another thing MBAM already has an IP filter. I see no need to add another one through panda. Everything else looks good. Just my two cents.
Windows Defender/MSE that comes with Windows 8.1 for AV. As far as retrying Norton DNS I may do that, but one test I did was used a link that redirected to a phishing test website and Norton DNS let the site load whereas when I had Panda URL filter installed it stopped the site from loading immediately. This made me reconsider just using OpenDNS + Panda URL filter instead of just Norton DNS and nothing. I'll test the site again with nothing and MBAM to see if it stops the site from loading too.

***Tested Norton DNS on the phishing site sample and it let the site load. Tested MBAM Pro on the same site and the site loaded fine. Tested Panda URL filter on the site and the site was blocked.***
 
Last edited:

truoc

Level 1
Thread author
Jan 3, 2012
49
Sorry I didn't see MSE there. Only saw defender.
No worries! Windows Defender in Windows 8.1 is basically what was MSE for Windows 7/Vista/XP Microsoft just decided to rename it. I think it might be slightly better than MSE, but I could be mistaken. Pretty much the same functionality, feel, and look.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Windows Defender in Windows 8.1 is the closest to Microsoft Security Essentials.

Windows Defender in Windows 8 lacks the Windows Defender Network Inspection Service - Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols.
You can check from Win+R > Type 'services.msc' without quotes > Enter > Scroll down the Windows Defender..
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
@kjdemuth Have you got a link to that MBAM AE post/article?

@Moose It's working as it should, I only use it for testing a few software, but not for general use.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top