Jump to content

The Layered Security Approach


dallas7

Recommended Posts

In response to Immunet's latest blog up embracing the layered security approach, I'd like to report my success in running what I consider to be a superb, and totally free, implementation of that approach:

 

Lavasoft Ad-Aware Free 8.3 - just released, it uses their latest advanced genotype detection technology and Sunbelt's Vipre engine.

 

AUG 06 EDIT: While the overall efficiency of Ad-Aware was very good, I found the Update Manager to be flawed. It takes several minutes for a "no updates" to return and some updates involving multiple modules took up to 10 minutes! The drag was several components grabbing 90-100% CPU while re-initializing after downloading the updates; it's not bandwidth related. Granted, this was on my ancient 1 GHz P3 laptop but there are posts in various forums (including Lavasoft's) where users are reporting similar issues.

 

AUG 06 EDIT: PC Tools Free AV 7 - powerful, fast and smooth; near instant updates. This worked superbly, but it's time for something else...

 

AUG 18 EDIT: Spyware Terminator 2.7 - installed without the Win32 ClamAV or Web Security modules. One of the best, and free, HIPS apps available with a mature and competent anti-malware component. 64 bit users need v2.8!

 

AVG Linkscanner - For IE and Firefox, one of the best Web filtering and monitoring applications which began life as "Haute Secure" by TRUSTe, a leading Internet privacy service.

 

JUL 16 EDIT: Oops. I got TRUSTe mixed up with Exploit Prevention Labs, the latter having developed the Linkscanner tech purchased by AVG.

 

Spy Shelter Free - for 32 bit Windows, a highly acclaimed security application providing six of the most important of the nine components in their paid version. Note: the popups are not for the uninitiated. (FYI: the need for this class of protection in a 64 bit environment remains a matter of highly charged debate.) 64 bit usability is provided by the paid version.

 

AUG 18 EDIT: While SpyShelter free is primo, I resumed using Zemana since I still have several months remaining on my license. Currently, Zemana is 32 bit only.

 

Immunet Protect Free - need I say more?

 

AUG 06 EDIT: I began using Immunet Plus 2.0.14.

 

Malwarebytes' Anti-Malware Free and Hitman Pro scans run swiftly to completion.

 

Cheers!

 

Sidebar: I've been running Immunet Protect Plus (since RC1) on my production Intel E8400 desktop in parallel with AVG 9 Free and its paid Identity Protection component, Malwarebytes Pro, and Zemana AntiLogger. Of course, some money was parted with for these. ;)

Link to comment
Share on other sites

for me the following is ok :-)

immunet.

perhaps an restrected user accound, sandboxie + firefox + noscript + adblock

windows updates, fully updated software, i use to check it secunia.

no toolbars and all this useless stuff. and the most important, backups backups and again backups.

no keygens cracks etc. i never got an malware since 10 years and under win7 i'm surfing in my admin account.

Link to comment
Share on other sites

@ Alfred

I just began using SpyShelter Free on the setup I described above. Otherwise, I use Zemana which is not free. Zemana has been kicking derriere in Malware Research Group's current and ongoing Online Banking Browser Security Tests. I've been using Zemana for almost two years. SpyShelter is a recent player and in direct competition with Zemana. SS's development is progressing as evidenced by very active changelogs. Their free version piqued my interest but as of right now if I were to buy an app for that level of protection, it would be Zemana. Anyhow, SS Free plays well with Immunet.

 

BTW, Al, Malware Research Group has mentioned in their forum (to one of my postings, in fact) that Immunet will be included in their next round of tests: Dynamic Real-Time Protection. They had originally announced Immunet's inclusion in the aforementioned banking test, but dropped it for some undisclosed reason.

 

@ Pedersen

That's a very good security environment you have. But it's not free by any means which was the thrust of my original posting.

Zemana has a Sunbelt based HIPS component. SS does theirs in house as far as I know.

I did see where Sunbelt with ClearCloud is jumping onto the filtered DNS bandwagon, but their branded reference to "cloud" is misleading. I don't know where they get their lookups so I'm not wild about them yet.

Norton DNS is licensing a portion of DynDNS's Internet Guide service which is what I've been using for almost a year after dumping OpenDNS. DynDNS uses Barracuda's very expensive enterprise service. Internet Guide lets you create a free account and customize your lookups (white/black lists, parental, etc.) like OpenDNS without the OpenDNS experimentation-at-user-peril product development.

 

@markusg

I'm a big fan of Immunet and fully trust its core protection but even they embrace a layered strategy; ignore it at your own risk (which is what you are doing). My original posting is about a light, fast, free and tested SYSTEM setup. Sandboxie, etc. you reference are add-ons or layers to individual apps and, while excellent choices, are irrelevant to this thread. The current threat scenario within the last six months is far far more severe than the last nine and half years of your experience and continues to escalate with alarming effectiveness. As confident as you are, IMHO it's a false confidence; you could be infected and not even know it. Your safe computing discipline is admirable, tho.

 

Cheers.

Link to comment
Share on other sites

@ Alfred

I just began using SpyShelter Free on the setup I described above. Otherwise, I use Zemana which is not free. Zemana has been kicking derriere in Malware Research Group's current and ongoing Online Banking Browser Security Tests. I've been using Zemana for almost two years. SpyShelter is a recent player and in direct competition with Zemana. SS's development is progressing as evidenced by very active changelogs. Their free version piqued my interest but as of right now if I were to buy an app for that level of protection, it would be Zemana. Anyhow, SS Free plays well with Immunet.

 

BTW, Al, Malware Research Group has mentioned in their forum (to one of my postings, in fact) that Immunet will be included in their next round of tests: Dynamic Real-Time Protection. They had originally announced Immunet's inclusion in the aforementioned banking test, but dropped it for some undisclosed reason.

 

 

They actually pulled it at my request - we had just gotten a really bad review from Neil Rubenking and it was a tough week here so we asked them to pull us, and they did. Decent guys. The quarantine issues which popped up in review from Rubenking are largely addressed in the build currently in the Insiders area on the site. We have two more detection/quarantine fixes to ship soon (with the upcoming release on the 26th or just after) which allow ETHOS to be used in Custom Scan and on Exec which it currently is not set up for. We're also feeding about 30 times more data into ETHOS now and it's conviction rates are trending up nicely. However, it's still a bit heavy for my liking. SPERO is expected to go live in the middle of August, we have some cool announcements around that which we'll put out around then. Also we have another engine coming in the fall (two actually). Detection efficacy and language support are our two big pushes over the next 3 months. We've a long way to go but we will get there.

 

 

@ Pedersen

That's a very good security environment you have. But it's not free by any means which was the thrust of my original posting.

Zemana has a Sunbelt based HIPS component. SS does theirs in house as far as I know.

I did see where Sunbelt with ClearCloud is jumping onto the filtered DNS bandwagon, but their branded reference to "cloud" is misleading. I don't know where they get their lookups so I'm not wild about them yet.

Norton DNS is licensing a portion of DynDNS's Internet Guide service which is what I've been using for almost a year after dumping OpenDNS. DynDNS uses Barracuda's very expensive enterprise service. Internet Guide lets you create a free account and customize your lookups (white/black lists, parental, etc.) like OpenDNS without the OpenDNS experimentation-at-user-peril product development.

 

I personally think that IP blocking has a place at the DNS level but it's too broad. I do like though that it allows for really quick repudiation unlike static lists which go stale and are not updated.

 

 

Cheers,

al

Link to comment
Share on other sites

sorry hope i do not understand you wrong, i think you do lot like my setup :D

but i can only say, this works for years.

 

its wrong to think. more programms are more helpfull. some persons are installing 3 or more antivirus programms and are infected...

 

 

when you are making online banking and so on, you need perhaps an higher level of security.

 

but i think you must take a more secure procedere.

there is some out to use chipcards and so on, the normal proced is the most unsecure.

Link to comment
Share on other sites

...we had just gotten a really bad review from Neil Rubenking...

 

I personally think that IP blocking has a place at the DNS...

That review was a hack job. Neil has always focused on clean up which is apparently the target: "Uh oh! I don't run an AV and I got whacked! What will save me?" So he tests first by cleaning up a dirty system and in that respect historically, I don't think the man will ever be happy. Merely breaking the infection and restoring system operation is not enough. Nothing less than squeaky clean will suffice.

 

IMHO, prevention is reason why we need anti-badstuff software. In this light, even though his own tests place Immunet Free on par or better than the other apps on his chart, he concludes "...60 percent of...users...run Immunet alone for protection. Based on my testing that's not good, not good at all." Going by his logic and data, his chart reveals differing levels of "not good." Foo!

 

Immunet Free did as well as PAID apps, only two others being free. (Malwarebytes is listed as free but as he tested the paid version, this is in error.)

 

I'm not sure that secure DNS services like OpenDNS, Internet Guide, DNS Advantage, et. al. can be considered as simply as "IP blocking." I prefer to think of them as "URL Validation." Internet Guide and Firefox's resident Google Safe Browsing (the urlclassifier3.sqlite store) has saved my bacon too many times to remember.

 

Cheers!

post-17-011116100 1279577282_thumb.jpg

Link to comment
Share on other sites

  • 3 weeks later...

Old thread but just wanted to add that DynDns Internet Guide + Avast Network Shield (main feature is url-blocking) + Firefox malware blocking make it much more time consuming to make silly Youtube videos showing how cool whatever tool is ;) In fact I would guess most turn them off when hunting "malware" urls. Pretty high hit-rate without any local scanner of importance/impact being activated, the less dependency on those the better. I would say on level with the very best AVs with magic "heuristic" features.

 

Was going to suggest that Immunet looked in to dns market. The way to do that is probably through $$$. Black listing is only as good as source so probably a big task to start from scratch. There must be a reason why OpenDNS charge a lot for "malware" protection.

 

Problem with this invisible, 99.9% foolproof and effective dns-protection is CDN. Youtube think I live in Frankfurt, London or somewhere in Holland when in fact I am in Denmark. Can suck as much as false positives. No pain no gain and all in all a minor problem if you happen to cover the globe like Google, heh. Anyway, perhaps possible to sneak in, brand a dns-service like others do. Perhaps promote is as a new premium service. If what dallas7 says about Norton buying this service is correct probably way out of Immunets budget to even consider as a free bonus.

Link to comment
Share on other sites

  • 4 weeks later...

IP filtering, URL filtering

 

… ClearCloud … I don't know where they get their lookups so I'm not wild about them yet. …

 

Similarly, whilst trialling an Intego product I was warned against visiting a site (AFAICT a site that wasn't 'caught' by Google Safe Browsing) but the product offered no clear explanation; I had no idea what basis Intego had for the warning.

 

Lack of explanation is frustrating.


… IP blocking has a place at the DNS level but it's too broad. I do like though that it allows for really quick repudiation unlike static lists which go stale and are not updated.

 

I toy with the idea of running an Untangle server on a spare machine, primarily for the free Web Filter or the eSoft Web Filter. I'd configure this to provide cautions without absolutely blocking — leaving the end user to decide whether to proceed with browsing to the URL.

 

According to http://wiki.untangle.com/index.php/Web_Content_Control_FAQs#Does_Untangle_Use_Blocklists.3F they use URLBlacklist.com (a commercial managed service). There's also a community-oriented URL Submission tool but I can't tell how widespread the benefits are (in an ideal world I'd like submissions to benefit e.g. at least one of the databases listed at http://sanesecurity.co.uk/databases.htm).

 

Thoughts?

Link to comment
Share on other sites

DynDNS.com Internet Guide: first impressions

 

… DynDNS's Internet Guide service which is what I've been using for almost a year … DynDNS uses Barracuda's very expensive enterprise service. Internet Guide lets you create a free account and customize your lookups (white/black lists, parental, etc.)

 

Internet Guide is initially confusing, I went round in circles a few times before realising that beyond signing up and logging in, there's the additional step of adding the zero cost Internet Guide Free product to my shopping cart. Then, more confusion: http://setup.dynguide.com/ confirms that my computer "is currently using Internet Guide" and directs me to https://www.dyndns.com/account/services/dynguide/ where (on the contrary) I'm told that I "don't have any Internet Guide-protected networks" and the invitation to add a defense plan fails, "Invalid static IP or CIDR submitted". I'll report this experience in the DynDNS support area …

Taking the hint from https://www.dyndns.com/services/dynguide/readme.html#network I created a host service for use with a defense plan.

 

For me, the blocking is too coarse:

* either accept the block, or reconfigure the plan to not block

* no option for the user to temporarily override a block.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...