- Oct 20, 2014
- 804
Is there any AV's free or paid that would be strong enough to prevent most malwares from reaching the system?
I always thought the best bet was Avast w/settings, Comodo w/settings. Also Qihoo.
- Status
Is there any AV's free or paid that would be strong enough to prevent most malwares from reaching the system?
I always thought the best bet was Avast w/settings, Comodo w/settings. Also Qihoo.
There is also different approach: anti-executable (AE).
With AE softs can be downloaded, but not executed\installed - this includes exploit payloads. Plus, all interpreters (e.g. commandline, powershell, cscript.exe, wscript.exe, etc.) are disabled by default.
1. Start with clean PC (clean install of OS).
2. Custom install desired softs.
3. Install anti-executable.
4. White-list all softs on system.
5. Lock-down system.
Anti-executable, used properly and with discipline, essentially negates over-dependence upon AV signatures. However, you still need outbound network notifications... The AV and firewall are there to protect the system should the AE ever be bypassed (it is very rare, but it can happen = AEs are not absolutely bullet-proof, but they are extremely close).
Freeware anti-executables = VooDooShield and NoVirusThanks Exe Radar Pro (beta versions at Wilders Security; betas extremely stable).
You can also create rule in Comodo sandbox to block any Unrecognized files (almost as good as AE, but current version can be bypassed by certain types of installers).
- Oct 20, 2014
- 804
Yes lol. All firewall settings, set! Comodo FW might have had trouble with my old CPU, as the instructions are missing SSE2? or 3... I can't remember but I have a new PC on the way to replace this outdated HP Compaq.
I did notice when I uninstalled CIS 8.1 the cloud dissolved, or things got a second faster, even the mouse,... like a magnet was pulled off the PC. This is what you talked about before, that CIS applies "weight" on the system.
Not a big weight overall, it just indicates its working!
I did notice when I uninstalled CIS 8.1 the cloud dissolved, or things got a second faster, even the mouse,... like a magnet was pulled off the PC. This is what you talked about before, that CIS applies "weight" on the system.
Not a big weight overall, it just indicates its working!
After version 8.2.0.4508 the system impact went down dramatically on my systems. Versions 4508 and 4591 have been only noticeable at system reboot - or when running a full system scan (any AV has this problem - even Webroot takes over an hour to complete full system scan; their default scan is "Custom" and only scans a very limited number of directories + registry entries).
- Oct 20, 2014
- 804
Nice info on how the AE's work. How would MB Anti-exploit do in the line of fire... ?
I used to use this, but after months I removed it, never got an alert from it.
I use MBAE free... but I rely upon keeping all softs that are routinely exploited fully updated with security patches.
MBAE free will only protect browsers - so it is really limited protection. I question its value, but I am too lazy to uninstall it.
My current favorite freeware system setups = CIS free + PeerBlock free + MBAE free + VooDooShield free + MBAM free. On other system instead of VS I use NVT ERP + PhrozenSoft Virus Total Uploader (free).
They all work together (except on W8.1 PeerBlock startup must be created using the built-in Windows Task Scheduler).
If you have Windows 7 then it will be worth your time to look into Quarri My POQ. Do Google search for "Quarri MY POQ."
Last edited by a moderator:
Yes. Enhanced Protection Mode = 64-bit system hooking.
I use CIS, ESET and Emsisoft on different W8.1 systems.
Last edited by a moderator:
Not as bad as you might expect... all of it is essentially "set-and-forget" - except Comodo, of course.
Once one learns how to configure CIS - and what to expect - it is essentially "set-and-forget" too.
CIS has some quirks - just like every other AV - that may initially confuse novice user; as well all know, Comodo is not perfect - but it is improving. The user can configure CIS to be "noisy" or silent. In "silent mode" it simply requires an occasional gander at the logs - and perhaps a tweak or two now-and-then.
VooDooShield and NVT ERP are easy to learn.
No exclusions required.
For typical use I am finding CIS is more than enough - just like all other AVs I've tested; most advanced AV features - from all vendors - are there "just-in-case" and very rarely, if ever, necessary.
I am a proponent of the deny-by-default school of IT security... so CIS is right up my alley.
Last edited by a moderator:
Comodo and Kaspersky... that is it as far as I know... and both require settings\configuration changes to enable default-deny.
Kaspersky just needs to fix that Application Control - Trusted Application Mode bug.
Comodo just needs to fix its AE bypass by certain types of installers bug.
If I only used "perfect" security software I'd be using nothing...
I was thinking about Avira free + CF, but in the end didn't do it = too lazy...
NOD32 and CF is solid combo.
- Jun 21, 2014
- 1,044
They also need to fix the installer, a lot of people told me that the during the installation it will get stuck at 65% and then the internet settings will be messed, you can't connect. Also if you get an error during the installation you will get half COMODO installed and you can't remove it from Control Panel, the leftovers will not let you do anything, there is a low chance that you will install other security product, the diagnostic tool doesn't work at all.
Another downside is that you can bypass with portable applications or .pfa
If you can install and configure it, you can have a small fortress
Another downside is that you can bypass with portable applications or .pfa
If you can install and configure it, you can have a small fortress
They also need to fix the installer, a lot of people told me that the during the installation it will get stuck at 65% and then the internet settings will be messed, you can't connect. Also if you get an error during the installation you will get half COMODO installed and you can't remove it from Control Panel, the leftovers will not let you do anything, there is a low chance that you will install other security product, the diagnostic tool doesn't work at all.
Another downside is that you can bypass with portable applications or .pfa
If you can install and configure it, you can have a small fortress
I haven't experienced any of the installation problems since version 8.2.0.4508, but I know they've been reported. Bummer. I know what it is like as I had a lot of problems with version 7 and early 8 installations.
I, as well as others, have active bug reports about .pfa bypass. We'll have to wait and see what Comodo development does - if and when...
I have mine configured to block all Unrecognized files (deny-by-default)... CIS web protections are absent but I've added PeerBlock.
CIS can be a mean little beast if properly configured\supplemented.
For Unrecognized files you can set the firewall to block all network requests... alternatively, you can configure the sandbox to block the execution of any Unrecognized files (same as Kaspersky's Application Control "Untrusted" zone).
There are multiple ways to achieve the same or equivalent results in CIS - which - can cause confusion and drive some people crazy...
I suppose typical user just needs one way to solve problem... I, on other hand, don't mind permutations.
- Jun 14, 2015
- 857
Wouldn't PeerBlock be redundant with CFW and wouldn't VooDooShield be redundant with Comodo's sandbox?
CFW does not block IP addresses.
CFW sandbox is not an anti-executable... unless you create rule for it.
- Status
Similar threads
-
- Locked
