safety on the nexus

[Thandal]

I'm curious about trying MSE but doesn't it seem likely that as a "standard" Microsoft piece of software, virus makers would create their programs specifically to defeat that security suite? :huh:

No more than they already do to defeat McAfee, or Symantec, or AVG, or...

 

The "MS ForeFront Security" team is one of the most sophisticated around. MSE is just the consumer piece of a much more robust capability.

 

And as a matter of fact, the origins of MSE are in a small European A/V company, (former East-bloc, IIRC. Forget the name ATM) that was doing some incredibly good work with incredibly tiny code. MS saw a good thing and grabbed it in a purchase that probably made the founders of the small firm very happy...

[Fatalmasterpiece]

MSE is just the consumer piece of a much more robust capability.

 

This sentence is a little confusing, do you mean it's the consumer end of a robust anti-virus software development team?

 

I may have to try it out.

[DarkeWolf]

MSE is just the consumer piece of a much more robust capability.

 

This sentence is a little confusing, do you mean it's the consumer end of a robust anti-virus software development team?

 

I may have to try it out.

 

When dealing with AV or other security software, most companies produce a version that is available for home or small office (SOHO) use. And then a version that may have more options for configuration for company/corporate use, where they may need to make further modifications to the software's behavior patterns in order for it to fit into the way that the corporate servers and network run.

 

I'm curious about trying MSE but doesn't it seem likely that as a "standard" Microsoft piece of software, virus makers would create their programs specifically to defeat that security suite? :huh:

I agree with the response to the question that Thandal gave. Some of the malware authors already try to take measures to counter AV systems. Norton and McCaffee are high on that list, because a lot of computer manufacturers ship that out on their computers. But they're not going to limit that to just those particular AV's. They're going to try to cover as much protection as possible.

One counterstrike to this is to run a much lesser known AV system. Or to use an online scanner for detection/removal.

 

I tried out Lon's recommendation for Comodo. That is an EXCELLENT scanner for detection and removal. It found a few remnants of malware in my temp internet folders that Avast! Avira, and MalwareBytes had missed.

My particular system couldnt handle it's full capabilities very well, it ended up causing a lot of lag on my poor box, but it was a really, really good scanner. I wish that there was a portable version of it, so that I could run it only when I wanted to.

Edited March 12, 2011 by DarkeWolf

[evilneko]

Comodo's AV is excellent?

 

When did this happen? The firewall's okay, but I've never, ever or heard anything good about the antivirus.

 

Anyway, products are all well and good, but they should be backed up by "safe hex" practices such as logging in as a limited user and tightening the settings on your browsers. Just like your security, malware is often multi-layered. It may exploit a hole in Firefox to get a foot in the door, then launch IE (possibly even in a hidden window) to run further exploits to get more crap down. Thus just not using IE isn't enough, you need to make sure your settings are secure on all your browsers. This is actually how my dad's computer was compromised once.

 

IE-SpyAd is a tool to help prevent known malware sites from doing anything in IE by mass-adding them to the restricted zone. This is a somewhat older page about securing IE, though most of the settings are still pretty much the same.

 

Another thing you can do to keep safe (and, as a bonus, less annoyed) is disable Flash and only re-enable it on a per-site basis. Flash has suffered from a lot of attention from malware writers lately so using a whitelisting approach is definitely a wise idea. In some browsers disabling Flash will have an adblocking effect because they still advertise Flash-capability even if it's disabled (notably, IE). Others respond properly, allowing text/image ads to be shown in place of Flash ads.

 

Disabling Flash:

 

In Iron (a Chrome-based browser without the privacy concerns): Find it under Options -> Under The Hood -> Content Settings -> Plugins. Choose Block All. Iron will now block all plugins, and when you run into a site that uses them it will have an icon for you to click on to allow it.

(This should apply to Google Chrome as well)

 

In Opera, right click somewhere on the webpage and click Edit Site Preferences. Under Content, uncheck Plugins.

 

In IE, under Tools go to Manage Addons. Find Adobe Flash and disable it. (Disables it globally. Site-specific blocking can be achieved with the proper use of the security zones however)

 

Firefox and SeaMonkey require an extension, either NoScript or Flashblock.

 

In K-Meleon (a Gecko-based browser), under Tools -> Privacy -> Block Flash. (Global, not site-specific)

 

Disabling javascript will also have an ad-blocking effect on most sites (which is bad for the finances of most sites, natch). Whether or not this can be worked around so that ads are displayed (you know, so you can support the site you're at) but the actual ad host doesn't get to run scripts depends on the site. On the other hand, disabling scripting is a pretty powerful tool to prevent infection.

[Thandal]

MSE is just the consumer piece of a much more robust capability.

 

This sentence is a little confusing, do you mean it's the consumer end of a robust anti-virus software development team?

 

I may have to try it out.

Yes, that was exactly my meaning (sorry it was a bit obscure.)

 

I've worked with some really good A/V teams, (Full Disclosure: my Brother-in-Law is a programmer for Symantec) and the ForeFront guys really do "get it". The video blog that their network access protection Team Lead was posting thoughout their internal deployment/test cycle two years ago was incredible. (I finally met him in person at RSA that year.)

[urbex]

I've worked with some really good A/V teams,

my Brother-in-Law is a programmer for Symantec

good

anti virus

symantec

 

Pick two.

[LHammonds]

Comodo's AV is excellent?

 

When did this happen? The firewall's okay, but I've never, ever or heard anything good about the antivirus.

Matousec

[evilneko]

Ah, matousec.

 

I wonder how much melih paid for that result.

[urbex]

Ah, matousec.

 

I wonder how much melih paid for that result.

Right? I mean it has Norton 33% above Nod32. Silly.

[Eiries]

I can't look at charts like that, I always instantly assume them to be fixed in some way. Especially when there's almost 20 programs, which includes the one that I use, that says it has a protection level of "0." Like it's just wasting hard drive space and the whole thing's a dud. Gimme a break.