Advice Request [Windows 7-10] What would be in your opinion the most lightweight yet effective security?

[AtlBo]

Maybe it was @Evjl's Rain's videos?





Only issue there is that the videos are a year old now. Not sure how the settings of CCAV have changed. However, that is not good to watch by any means. Still, I feel sure Comodo did something about the situation, although I can't with certainty say so 100%.

CCAV has been improving quite steadliy I think over the last year. That said, I do seem to remember quite a fuss over CCAV over I believe these videos and some activity on the Comodo forums too.

 

[Chimaira]

Maybe it was @Evjl's Rain's videos?





Only issue there is that the videos are a year old now. Not sure how the settings of CCAV have changed. However, that is not good to watch by any means. Still, I feel sure Comodo did something about the situation, although I can't with certainty say so 100%.

CCAV has been improving quite steadliy I think over the last year. That said, I do seem to remember quite a fuss over CCAV over I believe these videos and some activity on the Comodo forums too.

Yep, those were the videos. I would hope they have improved CCAV but for some reason I'm not comfortable trusting that they have. We know that CFW works and is powerful thanks to Cruel Sister. If it ain't broke don't fix it.

 

[509322]

I am not much familiar with appguard, isn't it something intended for endpoints?

The AppGuard product is for Windows, and not exclusively for endpoints. However AppGuard has that reputation due to the fact that most sales are within the commercial and government markets. The product is made available to the general consumer for those that wish to purchase it.

The consumer version that can be purchased at this moment is AppGuard Business:

AppGuard Store

Within the past few months the Personal version sales have been suspended until the company decides how it wants to proceed with that particular version. That process is taking months. As soon as the process began and people noticed that the Personal version was no longer available for sale, the suzzlebutt comments began on both MalwareTips and Wilders Security forums - that the AppGuard version has been abandoned or discontinued, that they could not renew a license, licenses would no longer be honored, that the company ripped people off, etc. Never mind that 99.999% of the people commenting had no intentions whatsoever of ever purchasing an AppGuard license.

 

[DeepWeb]

Just Emsisoft Anti-Malware and nothing else.

 

[212eta]

Sandboxie has been among the lightest Security apps.

 

[AtlBo]

Yep, those were the videos. I would hope they have improved CCAV but for some reason I'm not comfortable trusting that they have. We know that CFW works and is powerful thanks to Cruel Sister. If it ain't broke don't fix it.

If I recall there was another video (not a MTs tester) that I think came up before @Evjl's Rain's videos and may have even inspired his test. Remembering better now that there was a fairly detailed discussion about problems with CCAV. If I recall, someone pointed out that the settings for CCAV were not correct in the other video or something. Maybe @Evjl's Rain recalls why he made these or if they were in response to a report or whatever. I can certainly understand your point though. A bypass of the sandbox is undeniably unacceptable for CCAV just as much as it would be for CF...

 

[Evjl's Rain]

There was another video that I think came up before @Evjl's Rain's videos and may have even inspired his test. Remembering better now that there was a fairly detailed discussion about problems with CCAV. If I recall, someone pointed out that the settings for CCAV were not correct in the other video or something. Maybe @Evjl's Rain recalls why he made these or if they were in response to a report or whatever. I can certainly understand your point though. A bypass of the sandbox is undeniably unacceptable for CCAV just as much as it would be for CF...

hi, thank you for tagging me
I made this video because when I was testing CCAV with petya, it failed unexpectedly. That's why I decided to make a video to let everyone know about this issue. After a month or something, comodo totally fixed it

in the end, CCAV is inferior to CF because it doesn't use hardware virtualization. CCAV's sandbox is similar to sandboxie (user-hook)
however, using the default settings in CCAV is better than CF because CCAV's default sandbox config is similar to Proactive profile in CF while CF's default profile has some rules to reduce FP rate (3-day old files, come from intranet,... I recall)
CCAV is clearly better than CF for average users who just install and forget and they don't know about CS's CF config

Comodo admitted the problem in CCAV so they fixed it unless they would have ignored it

 

[legendcampos]

I am using Win 7, I think lightweight for my system which is old 2011 for newer machines The win 10 is good. How much security depends on the Win 10, the vulnerabilities is safer because it is a platform still not much used.

 

[AtlBo]

in the end, CCAV is inferior to CF because it doesn't use hardware virtualization. CCAV's sandbox is similar to sandboxie (user-hook)
however, using the default settings in CCAV is better than CF because CCAV's default sandbox config is similar to Proactive profile in CF while CF's default profile has some rules to reduce FP rate (3-day old files, come from intranet,... I recall)
CCAV is clearly better than CF for average users who just install and forget and they don't know about CS's CF config

Thx for these great details Evjl's Rain. Does this mean that CCAV will not block hardware/system/driver based malware via the sandbox? If it cannot block the system malware will it sandbox the changes anyway?

EDIT: You are saying it blocks, but is the reason the CCAV sandbox is weaker because it records system changes (in the sandbox)? Don't know the specific difference between user hook and hardware virtualization, but it sounds like CF actually blocks changes to the system by isolated programs. This matches what I have seen as nothing works in CFs sandbox. Would be interesting to see if something might work in CCAV as long as the changes are being recorded so the sandbox can then be emptied etc.

I messed around with the 360 sandbox last night. Executables won't run in the sandbox, except when executed by something in the sandbox. I dropped Autoruns it there and ran it via the manual choice to sandbox an application. It worked perfectly. Seems like a pretty good idea for portable applications. Installing Dexpot to the folder didn't work out so well, but the test got kind of off kilter. I meant to install to the sandbox Programs folder but installed on the sandbox root. It did run, however, but removing it was a problem, because, a tmp file for unistalling wouldn't run. Just turned off the sandbox protection of the app, emptied sandbox, reinstalled app and then removed no problem. Think I could get this to work for some applications.

Really interesting concept that borders on what ReHIPS is doing. The 360 sandbox is a root sandbox that will record changes system-wide. It just won't allow .exes in the sandbox to be executed from the outside or via mouse click etc. Wondering if you are saying that CCAV's sandbox is more this same way.

 

[Electr0n]

I am using Win 7, I think lightweight for my system which is old 2011 for newer machines The win 10 is good. How much security depends on the Win 10, the vulnerabilities is safer because it is a platform still not much used.

Windows 10 recently beat windows 7 as the most used desktop os around the world- https://www.forbes.com/sites/ianmorris/2018/02/02/windows-10-is-finally-more-popular-than-windows-7/#70182f116f2d

 

[shmu26]

The AppGuard product is for Windows, and not exclusively for endpoints. However AppGuard has that reputation due to the fact that most sales are within the commercial and government markets. The product is made available to the general consumer for those that wish to purchase it.

The consumer version that can be purchased at this moment is AppGuard Business:

AppGuard Store

Within the past few months the Personal version sales have been suspended until the company decides how it wants to proceed with that particular version. That process is taking months. As soon as the process began and people noticed that the Personal version was no longer available for sale, the suzzlebutt comments began on both MalwareTips and Wilders Security forums - that the AppGuard version has been abandoned or discontinued, that they could not renew a license, licenses would no longer be honored, that the company ripped people off, etc. Never mind that 99.999% of the people commenting had no intentions whatsoever of ever purchasing an AppGuard license.

It looks like you can buy Appguard personal from here:
AppGuard Store
But it is full price -- users will have to send them an email to ask for their discount.

 

[legendcampos]

Windows 10 recently beat windows 7 as the most used desktop os around the world- https://www.forbes.com/sites/ianmorris/2018/02/02/windows-10-is-finally-more-popular-than-windows-7/#70182f116f2d

I do not know if this site serves as a parameter, in which I put the participation of Windows 7 is still 42.39% and Windows 10 is 34.29% this growth of Windows 10 was because of its free distribution, and sales of recent machines already with Windows 10, at that rate maybe end of the year Windows 7 is overcome.
Operating system market share

 

[TairikuOkami]

Windows 10 recently beat windows 7 as the most used desktop os around the world

According to MS wishes.

Steam Hardware & Software Survey

 

[Nightwalker]

According to MS wishes.

Steam Hardware & Software Survey

View attachment 181007

Steam users (gamers) dont represent the market share worldwide at all.

Screenshot

If it was the case we would have the absurd that 15,41% of computers have a GTX 1060.

 

[Electr0n]

windows 10 had surpassed windows 7 in number of users across the world and that is not surprising due to the deceptive upgrade tactics, revoking support for other windows versions in new hardware etc. Just because more people use it doesn't mean everyone likes it, that especially holds true in case of a monopoly like MS windows.

 

[AtlBo]

Yes but the numbers actually rose for Windows 7. This suggests gamers are at least giving it a second chance or are maybe experiencing disappointment with Windows 10. Considering it was already fairly high, I do think it's a serious number that could have reverberations at some point if the trend were to continue.

I think the hardware manufacturers will notice this trend, for example, and possibly make sure to provide for drivers. IT professionals may notice and ask why this trend is happening. It would be interesting to find out why gamers seem in the graphic to be moving back to Windows 7...

 

[Captain Awesome]

What would be in your opinion the most lightweight yet effective security?
-EXE Radar Pro+Windows Defender

 

[AtlBo]

Just because more people use it doesn't mean everyone likes it, that especially holds true in case of a monopoly like MS windows.

For networkability in the class of Windows, it is true. Windows is a monopoly product, and Microsoft has done everything possible to make sure that noone will be able to compete with the same caliber (scope of networkability) of OS. Ironically, I think one of the worst situations is the fact that MS owns and controls DirectX. What a gigantic conlict of interest that hostage code represents while in MS' hands. It's not just a problem for gamers, though it is one for them, but I think it all but guarantees that advancements in graphics will have to come from MS of all places. This is a horrible thought for me. Only a lawsuit will wrestle control of DX from MS.

The other really horrible situation is the complete dominance of .NET when it comes to development platforms. This is another area where MS has vehemently controlled the marketplace by setting up everything so that it's easy to develop for Windows and by making sure that the developments for Windows aren't 100% easily adaptable to other plaforms.

Linux competes with Windows with the scalability and better than Macs do. Apple is too concerned with keeping their own identity and maintaining loyalty to their product line amongst customers. They don't care about networkability as much as MS do. The problem for Linux is that it's not as simple to develop for the platform, and also it's an entirely new platform to learn. None of the language of the OS is common to Windows. There isn't any money in developing for Linux, so who can afford to devote their life to the platform. Thank goodness it's there and thanks to those who have worked on it, but it's not easy competing with Windows while not being able to use the exact same language references for elements of the OS when speaking to potential users.

When MS bought DOS, this whole sequence of falling dominos began. I feel like we kind of have ourselves to blame for letting it get to this point in a way...

 

[XhenEd]

AppGuard + uBlock Origin/AdGuard

Currently, I'm using Emsisoft Anti-Malware and AppGuard, with uBlock Origin (advanced user mode) as content blocker.

 

[Nightwalker]

Yes but the numbers actually rose for Windows 7. This suggests gamers are at least giving it a second chance or are maybe experiencing disappointment with Windows 10. Considering it was already fairly high, I do think it's a serious number that could have reverberations at some point if the trend were to continue.

I think the hardware manufacturers will notice this trend, for example, and possibly make sure to provide for drivers. IT professionals may notice and ask why this trend is happening. It would be interesting to find out why gamers seem in the graphic to be moving back to Windows 7...

The reason is that chinese gamers are using Windows 7 (pirate copy) to play PUBG (with cheats).


‘PUBG’ release in China may be behind the surge of Windows 7 use on Steam

Steam data suggests gamers are ditching Windows 10, but there’s another explanation | PC Gamer