To Supplement EAM or Not?

[bribon77]

Well this is out of the question sorry. But I can't resist the temptation to ask, @danb. For when VS in Spanis??

 

[Arequire]

Anti-executable is also user-intervention, I assume we are having this debate because I mentioned it previously and I knew it would be a sensitive topic for most but I wanted to share my opinion like everyone else. Your family member can download a picture of their cat which is really an executable with a fake extension for *.png but then they can also allow the alert because they wanted to run the picture of the cat. Oh, VoodoAi says it is dangerous? "Yeah sure this is just a cat picture I want to see it they are cute" -> infected.

My solution to this - for the one PC that I share with another who isn't particularly security conscious - is to completely deny them the ability to allow anything that isn't already on the whitelist. Left clicking of prompts is disabled and to allow anything they'd have to re-enable left clicking which requires them to insert a password that only I know.

 

[shmu26]

My solution to this - for the one PC that I share with another who isn't particularly security conscious - is to completely deny them the ability to allow anything that isn't already on the whitelist. Left clicking of prompts is disabled and to re-activate it they have to insert a password that only I know.

That's the way to do it. You locked down the system.

 

[Deleted member 65228]

My solution to this - for the one PC that I share with another who isn't particularly security conscious - is to completely deny them the ability to allow anything that isn't already on the whitelist. Left clicking of prompts is disabled and to allow anything they'd have to re-enable left clicking which requires them to insert a password that only I know.

That is fair enough in my opinion; your computer therefore your rules. I don't have a problem with default-deny at all, I might not use it but that doesn't mean I'm not a fan of it... I certainly am a fan of it. What I was saying earlier wasn't me bashing default-deny, my point wasn't even about one being better than the other.

If I had a system which was being shared then chances are I'd probably do the same as you. I am not sure, I wouldn't know until I am in the situation.

 

[Arequire]

That is fair enough in my opinion; your computer therefore your rules. I don't have a problem with default-deny at all, I might not use it but that doesn't mean I'm not a fan of it... I certainly am a fan of it. What I was saying earlier wasn't me bashing default-deny, my point wasn't even about one being better than the other.

Yeah, I agree with your point. If a user isn't knowledgeable about how something like VS works and they go ahead and click allow on all prompts that pop up then their system stands no chance. Sadly those are the people who probably need stuff like default-deny more than those of us who actually take a vested interest in our online security; they're more likely to run into malware thus more likely to benefit from having anything malicious blocked before it's allowed to execute.

 

[SearchLight]

Really an impressive and informative discussion amongst experts and newbies. I appreciate the debate, and guidance.

Someone like myself, depends upon receiving accurate security information to make an informed, and the operative word is "informed" decision.

Programs like VoodooShield Free, which I have tried, sometimes display info about programs that I have not heard about or am aware, and the only choice that I have is to Allow or Block. This opens up the potential for mistakes and malware penetration. As a result, not feeling reassured, I have had to uninstall it.

Being that EAM has a great reputation and is capable of making an informed decision regarding whether a program is safe or otherwise, I find reassuring.

That being said, if EAM were to be supplemented like some are recommending, what program would be a safe bet as far as guiding the user to making an informed decision? Specifically meaning like a recommendation, or an evaluation by the cloud for example?

I have also seen some recommendations regarding using Sandboxie or ShadowDefender with EAM. Thoughts on these as alternates?

Or bottom line, just use EAM and forget everything else?

 

[Deleted member 178]

That being said, if EAM were to be supplemented like some are recommending, what program would be a safe bet as far as guiding the user to making an informed decision?

What i do with my friends using EAM is that i install the Virus Total Uploader application, so i teach them if they download something and EAM block it, and if they truly believes it is what they must need, i require them to use the uploader to check the file; if many vendors detect it as malicious, they shouldn't go further and then delete the file.

Specifically meaning like a recommendation, or an evaluation by the cloud for example?

EAM already uses its own cloud reputation system. so in that regard users are covered.

I have also seen some recommendations regarding using Sandboxie or ShadowDefender with EAM. Thoughts on these as alternates?

Good complements, they do what EAM doesn't. I rather use those softs alongside EAM than any others.
Sandboxie (by default) will isolate/block stuff coming from browsers and selected folders (download, etc...).
Shadow Defender will virtualize the whole system (it doesn't focuses on malware, it just negate any changes happening in the system, legit or malicious),
By default settings both are susceptible to keyloggers since they don't have active malware detection, it is where EAM is efficient.

Or bottom line, just use EAM and forget everything else?

You can of course. Just maintain safe habits and common sense to minimize risks.

 

[HarborFront]

Really an impressive and informative discussion amongst experts and newbies. I appreciate the debate, and guidance.

Someone like myself, depends upon receiving accurate security information to make an informed, and the operative word is "informed" decision.

Programs like VoodooShield Free, which I have tried, sometimes display info about programs that I have not heard about or am aware, and the only choice that I have is to Allow or Block. This opens up the potential for mistakes and malware penetration. As a result, not feeling reassured, I have had to uninstall it.

Being that EAM has a great reputation and is capable of making an informed decision regarding whether a program is safe or otherwise, I find reassuring.

That being said, if EAM were to be supplemented like some are recommending, what program would be a safe bet as far as guiding the user to making an informed decision? Specifically meaning like a recommendation, or an evaluation by the cloud for example?

I have also seen some recommendations regarding using Sandboxie or ShadowDefender with EAM. Thoughts on these as alternates?

Or bottom line, just use EAM and forget everything else?

I'm using EAM with SD. So far so good

 

[SearchLight]

What i do with my friends using EAM is that i install the Virus Total Uploader application, so i teach them if they download something and EAM block it, and if they truly believes it is what they must need, i require them to use the uploader to check the file; if many vendors detect it as malicious, they shouldn't go further and then delete the file.


EAM already uses its own cloud reputation system. so in that regard users are covered.


Good complements, they do what EAM doesn't. I rather use those softs alongside EAM than any others.
Sandboxie (by default) will isolate/block stuff coming from browsers and selected folders (download, etc...).
Shadow Defender will virtualize the whole system (it doesn't focuses on malware, it just negate any changes happening in the system, legit or malicious),
By default settings both are susceptible to keyloggers since they don't have active malware detection, it is where EAM is efficient.


You can of course. Just maintain safe habits and common sense to minimize risks.

[/QUOTE][/QUOTE]

Thanks Umbra for the detailed and lengthy response.

I trialed SD but my concern about making Windows Updates exclusions, and turning it on and off to update, made it convoluted for me, so I removed it.

Regarding Sandboxie, I have a lifetime license but my problem is that I use an outside browser download manager, IDM, which no matter what I try, does not become isolated by Sandboxie, and hence the resulting downloaded file, makes SB a deal breaker for me so i removed that.

Now I have just EAM, and a new Windows Firewall add-on Glasswire Pro to harden it a little further. This may be all that I need now. I also just installed the VTUploader like you suggested.

 

[shmu26]

If you want info to make an informed decision, Voodooshield is the best. It tells you right in the prompt (you need to enable prompts) what Virus Total thinks about the file, and it also tells you if the file has a valid digital signature, and what its risk rating is, as calculated by artificial intelligence.
You can't get better than that.
Some people install voodoo just for the info it gives, they don't even care about the protection, because they have other programs doing that.

 

[SearchLight]

If you want info to make an informed decision, Voodooshield is the best. It tells you right in the prompt (you need to enable prompts) what Virus Total thinks about the file, and it also tells you if the file has a valid digital signature, and what its risk rating is, as calculated by artificial intelligence.
You can't get better than that.
Some people install voodoo just for the info it gives, they don't even care about the protection, because they have other programs doing that.

Is this available in the Free or Paid version of VS?

 

[shmu26]

Is this available in the Free or Paid version of VS?

Also in free version. When you install, it asks whether you want it automated, or you want to see prompts. I don't remember the exact wording.
If you make the wrong choice, you can change it from settings, you untick "default/deny", if I remember right.
In the language of VS, default/deny means you don't see a prompt, you just see a little toast notification that something was blocked.
I trust that current VS users will correct any mistakes in this post, I am talking from memory.

 

[SearchLight]

Also in free version. When you install, it asks whether you want it automated, or you want to see prompts. I don't remember the exact wording.
If you make the wrong choice, you can change it from settings, you untick "default/deny", if I remember right.
In the language of VS, default/deny means you don't see a prompt, you just see a little toast notification that something was blocked.
I trust that current VS users will correct any mistakes in this post, I am talking from memory.

Cannot untick "default/deny" in Free version to show prompts instead of balloon. Just installed and tried it.

 

[shmu26]

Cannot untick "default/deny" in Free version to show prompts instead of balloon. Just installed and tried it.

So then you can choose it during installation. Do a full uninstall, you can save your rules if you wish, it is in the program data folder, just paste it back into place after reinstallation.

 

[shmu26]

So then you can choose it during installation. Do a full uninstall, you can save your rules if you wish, it is in the program data folder, just paste it back into place after reinstallation.

Better yet, ask on the voodooshield thread for exact instructions. I don't have it installed right now, and anyway, we are hijacking this thread.

 

[SearchLight]

Better yet, ask on the voodooshield thread for exact instructions. I don't have it installed right now, and anyway, we are hijacking this thread.

Agreed.

However, after careful consideration, I have decided to use just EAM out of the box. By the time I get to configuring any of these supplemental programs just right, if I do it right, just opens the door to more potential vulnerabilities.

For me, the lesson learned is to just install a good, renowned security program, and use common sense with my surfing, and downloading habits. No program will protect my PC 100% but at least, this one, can make a good deterrent.

Thanks for your help and time.

 

[shmu26]

Agreed.

However, after careful consideration, I have decided to use just EAM out of the box. By the time I get to configuring any of these supplemental programs just right, if I do it right, just opens the door to more potential vulnerabilities.

For me, the lesson learned is to just install a good, renowned security program, and use common sense with my surfing, and downloading habits. No program will protect my PC 100% but at least, this one, can make a good deterrent.

Thanks for your help and time.

Best protection is good user habits.

 

[shmu26]

Agreed.

However, after careful consideration, I have decided to use just EAM out of the box. By the time I get to configuring any of these supplemental programs just right, if I do it right, just opens the door to more potential vulnerabilities.

For me, the lesson learned is to just install a good, renowned security program, and use common sense with my surfing, and downloading habits. No program will protect my PC 100% but at least, this one, can make a good deterrent.

Thanks for your help and time.

BTW, @Umbra's suggestion to use Virus Total uploader in cases of doubt is a very good suggestion. Just keep in mind that brand-new files might not have been detected yet. And over the weekend, VT detection is slow and sluggish. But if you see on VT that the file is like 5-7 days old, you can assume that it's been checked out pretty well, unless you got it from a rare source.

 

[Deleted member 178]

I trialed SD but my concern about making Windows Updates exclusions, and turning it on and off to update, made it convoluted for me, so I removed it.

I used SD for years, the best way to use it is to NOT do any exceptions, you just defeat the whole purpose; when you have the cumulative Windows Updates, get out of shadow Mode, update, re-enable S.Mode after. It took you 30seconds and avoid troubles and hassles. i called that "maintenance". of Course, if you dislike doing it, it can be solved

Regarding Sandboxie, I have a lifetime license but my problem is that I use an outside browser download manager, IDM, which no matter what I try, does not become isolated by Sandboxie, and hence the resulting downloaded file, makes SB a deal breaker for me so i removed that.

Yes IDM is a pain to isolate and sandboxie isn't helping on that. What i did when using both is to not isolate IDM itself, but put the destination folder (say "E:\my downloaded stuff") as "forced folder" so if i download a malware by accident, it got sandboxed in the folder if executed.

Now I have just EAM, and a new Windows Firewall add-on Glasswire Pro to harden it a little further. This may be all that I need now. I also just installed the VTUploader like you suggested.

simple and efficient, since you are in this forum and seems to listen carefully what people suggest, you know what are safe habits

The best protection is to know how to avoid threats in the first place, not to react when they appears.

 

[SearchLight]

I used SD for years, the best way to use it is to NOT do any exceptions, you just defeat the whole purpose; when you have the cumulative Windows Updates, get out of shadow Mode, update, re-enable S.Mode after. It took you 30seconds and avoid troubles and hassles. i called that "maintenance". of Course, if you dislike doing it, it can be solved


Yes IDM is a pain to isolate and sandboxie isn't helping on that. What i did when using both is to not isolate IDM itself, but put the destination folder (say "E:\my downloaded stuff") as "forced folder" so if i download a malware by accident, it got sandboxed in the folder if executed.


simple and efficient, since you are in this forum and seems to listen carefully what people suggest, you know what are safe habits

The best protection is to know how to avoid threats in the first place, not to react when they appears.

Thanks Umbra for the suggestions.