This is a good resource for anyone who is new (and not) to security for answers to your basic questions.....
My thoughts and practices on security programs and process, by sumdumguy.
If you simply wish to load a program and let it keep you safe, this should point you to some very good options. None of which will keep you safe with relying only on the program, but safe enough for anyone that does not frequent hacker/porn sites and material. Most people will know or laugh at my minimal ?knowledge? but may find a pretty good,and detailed comparison of programs with lists of helpful links to where I gathered the data and or programs. I think it would be really cool to list below each program how many have successfully cracked them by program. 2 reasons, 1 seems scary to depend on people who crack security to supply your security, AND not that those that can bypass it don't obviously know the subject very well but the company's people are paying to protect them from hackers can't, and if someone can tweak a program to fool itself one way can obviously tweak it in other ways the downloader is unaware of. 2 I am rather good at getting any program I have ever wanted rather easily, yet my highest failure rate by category would be AV programs or anti-Trojan tools, like TDS-3. Also if people will come and list Trojans and packers or virus that ARE NOT identified by certain programs based on real life experience, well that would be very interesting too?. If anyone lists programs not detected or even are detected by experience I will add them up and compile a list to post later for quick ref, though this may be meaningless as fast as things jump on and fall off that list. Luckily most of these programs consistently leave holes so I?ll be more than happy to compile the data.
Below is a chart I put together with data from Virus Bulletin and there 100% in the wild AV vendor competitions, here is some info on the validity of them and the competition:
Virus Bulletin started in 1989 as a magazine dedicated to providing PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack.
Virus Bulletin quickly became the leading specialist publication in the field of viruses and related malware.
Editorial independence has always been VB's prime concern. From the very first issue, VB has cut through AV hype and remained uninfluenced by sales pitches and marketing babble. The aim of the magazine is to arm users with all the information they need to stay current with the latest developments in the anti-virus field.
The inaugural Virus Bulletin conference took place in 1991, its objectives were to present factual information about computer viruses, to demonstrate defensive procedures, to discuss probable future virus developments and countermeasures and to attempt to harmonise research efforts.
The objectives of the VB conference remain unchanged today and it has become a major highlight of the anti-virus calendar, with many of its regular attendees citing it as the anti-virus event of the year.
The VB conference provides a focus for the AV industry, representing an opportunity for experts in the anti-virus arena to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world. Delegates range from dedicated AV researchers to security experts from military organizations and large corporations worldwide.
Worst to best from Top to bottom (meaning line 1 is the Worst of the 10 by the statistics used)
Tries Pass Fail NoShow %Fail Vendor
30 9 21 12 70% GRISOFT
40 22 18 2 45% MCAFEE
15 9 6 27 40% BIT_DEFENDER
32 20 12 10 38% FSECURE
34 22 12 8 35% E-Trust
37 24 13 5 35% ZONE ALARM
23 15 8 19 35% F_PROT
42 29 13 0 31% KASPERSKY
35 29 6 7 17% SYMANTEC
37 34 3 5 8% ESET
Tries Total 100% in the wild competitions entered
Pass How many times 100% of all virus were found
Fail How many times 100% of all virus were not found or cleaned
NoShow How many times never entered
%Fail The percentage based on failure divided by total they failed
Vendor Software Vendor
The test is a test of unknown or new IN THE WILD virus's and all party's get 3 try's to detect a threat, if not they fail. This is a competition Every major AV competes at and if successful they are considered a superior AV.
All data gathered from https://www.virusbtn.com/
for the above chart.
Here we go
Ah, my first AV, well McAfee CA of course, it came with my 1st computer and a little box popped up with a bunch of bars showing me that I was only 1/5th as secure as I could be and how much to pay for that ?other? protection I have never heard of. I had 9 out of 10 for virus; I must be fine, right, NO. I quickly got infected and quickly lost my data, and in the process learned there is much more than virus protection needed and the importance of preparing for the inevitable with dos disks and recovery practices. Many would disagree with me but I don?t recommend them for anything other than there special virus removal tools for ?sasser, bagle, Zafi, myDoom, lovsan/blaster, klez, and bugbear. You can find them here http://us.mcafee.com/virusinfo/default.asp?id=vrt
. If you disagree and want to use MacAfee first look through the paper work you have for any ISP or significant hardware/software purchase you have made, if you use your noodle you can keep MacAfee on 3 computers for years without paying a dime that is for Virus protection only what does that tell you. The install is long, and if you sign up for the internet download it can be a hassle when switching the service to new or rebuilt systems. Anyway I will assume anyone reading this is a home user you can currently get 1-3 licenses (1 lic per system) @ $32.00ea per year or $47.00 per 2 years. There firewall is great as long as you do not want to use the internet, and there spy ware is mediocre, to get a suite that suites all your needs (guessing) it cost me once about $85.00 to get virus and firewall and spam for 3 computers. I ended up giving the subscriptions away by putting them on people?s computers I fixed that I did not want to show piracy to. I still told them to switch ASAP. I do like a division of MacAfee http://foundstone.com/
for there abundance of great free tools, though there products are in no way cheap. I recommend only using MacAfee to jump to their page, but I?m a dildo.
Things it does not catch, or stop: any spectorsoft (pro or e-blaster)
successfully cracked and used: Yes
Symantec/Norton: It?s a better and easier to use version of MacAfee. My company uses it and behind firewalls and proxy?s it keeps my system slightly secure. I have noticed at least from a network download to a managed or unmanaged pc every once and a while it just has a line through it and I have to uninstall and reinstall to fix. Many do. I have taken my pc out of the work environment and was quickly infected, often having only the choice to go to Symantec.com and read a bunch of crap and download new programs in my opinion should have already been there, and this is difficult when said infection prevents internet access. Now if you get the Norton suite you get a lot more cool options and choices which I used for quite a while and liked it, but in the end both of my experiences over lengthy use ended with infections that could only be fixed and my opinion prevented correctly by using another (or knowing a lot more about security) AV, but I know 3 IT directors of subsidiaries of AMD, Solectron and Microsoft that all swear by it, though I saw the price break from moving from Mcafee to Symantec and am convinced dollars were the main reason they switched. With good spy ware and frequenting the mother site it will keep you safe. A side note though I have seen entire sites dedicated to only Exploiting Mcafee and Symantec that contained well over 20 for each that were no more than a year or two old. Like MacAfee there specific virus removal tools are excellent you can find them here http://securityresponse.symantec.com...ools.list.html
they have a cool site and lots of info, there prices are pretty much the same depending on the recovery tools (which MacAfee does not have) like ?go back? ?ghost? (good prog) and ?partition magic? (good prog) it ranges from $70.00 for virus and firewall/privacy, $80.00 to add spy ware to that, $90 to add password protection and parental control and some other bs to $100.00 with recovery tools.
Things it does not catch, or stop: 007spy, any spectorsoft (pro or e-blaster) win-spy 8.0-8.5
successfully cracked and used: Who has not? Kgens and kgens with crack at diff steps, I have found it?s very easy if you bump into a corporate ftp to find and use an unmanaged copy, if you know the server though leave it managed, they?ll never know.
Trend Micro ? PC Cillin ? I have used Trend many times for many years and they are a solid Av, there firewall is good and they have a mediocre spy ware. You get updates daily and it comes with 3 licenses for about $80.00-$90.00 all with 1 year service. It?s easy to use with lots of options but lack the specialty virus removal tools and library the previous 2 have. Regardless I would use last years trend before MacAfee or Symantec, remember this is just my opinion but I have used all 3 over long periods of time and in this order, so it is quite possible as my knowledge grew I got less infections rather than the software I was using was that much better. Trend is a partner of D-Link, Lynksis, bullion, (server side only hp, IBM, turbo linux, suse, redhat, novell) and have 4 different programs (Server, internet, policy and messaging and email for domino) specially designed for Linux/Redhat/Solaris as others may due to their growing popularity in the corporate world. Http://TrendMicro.com/
Things it does not catch, or stop: I forget
Successfully cracked and used: No and I was pist, tried kgens and crackz always loaded never updated
CA ? e-trust Pest Patrol ? I would rank it with Trend Micro, they probably have the most resources and partners of anyone I have ever seen http://www3.ca.com/Solutions/ProductsAZ.aspx
They also have the only PC to Mac compatible program for AV as well as networking and file sharing utilities to help PC and Mac live together like stevie wonder says. Somehow MacAfee, e-trust, and zone alarm use computer associates AV, and seeing there Corporate affiliation many more do as well. IMHO AV is only as good as the tools you use with it and that?s where Pest Patrol comes in, it is one of the best spy ware programs out there; use it systematically with others with good results. And they have a have a great resource on line http://www3.ca.com/securityadvisor/virusinfo/
It will run you about 70.00 online for their suite containing AV, FW, Anti-Spy (very good) and Anti-Spam for 1 licence, 3 is $125.00.
Things it does not catch, or stop:
Successfully cracked and used: Yes with keygens only. Updates included 1 year. Service.
ESET ? NOD32 ? It does nothing but prevents Virus?s, well nothing much more, but what it does it does well, dam well. If you are an experienced user (nod asks for a more knowledgeable user IMHO) get it. Great and up to date news and specific virus/worm removal tools can be found on their site http://www.nod32.com/home/home.htm
. They have 64-bit releases, as well as DOS, Linux, Novell, Lotus Domino, and Keri. In 8 years of Virus Bulletin 100% ?in the wild? awards NOD has won more than any other participant 23 times and is the only company that gas NEVER failed to identify new ITW worms during testing. After further investigation I found they have passed 100 % 37 times failed 3 and not entered 5. Which made me do a comparative analysis (see chart above) that takes all the AV to be mentioned in this Essay and compares its ?TOTAL? results and its latest ?Platform? results. I thought this might be interesting as well as informative as ALL major AV compete here since 1998 more importantly they are an independent AV with no affiliation to the Software Manufacturers. ESET has all the ITW worms found and there tools chronologically listed at the link mentioned before. Rather impressive and I recommend them highly. See also http://www.virusbtn.com/
which I just discovered and enjoyed thoroughly. It will cost you $40.00 for 1 license or $170.00 for 5. They also sell a FW option which uses Kerio Wingate. http://www.eset.com/products/nt.htm
Things it does not catch, or stop: I have yet to find a VIRUS
successfully cracked and used: No and I am pissed, always work never updates and always fails. Update found it at trustworthy site, untested.
Just found one 9-6-05
Zone Alarm Security Suite ? My current and Favorite, For a suite! Not that is is some amazing AV or something but it is good, class with e-trust and MacAfee, but coupled with the firewall, and new versions anti-spy it is a real asssss kicker. This is getting long so here are the features and my thoughts: For an intermediate skilled user, with minimal effort one can stay protected quite easily. Updates often, offers control of not only every program but components of those programs with ease. Quite helpful when you know what is attacking, lock the internet then the program, it will automatically be stopped any time it starts. Anti ? spy I would not depend on seems to work but I use 3-5 others rotating so I doubt they get that far. If you have a d-link ZA is affiliated and offer some cool features when using both on the newer models. Cost $70.00
Things it does not catch, or stop:
Successfully cracked and used: But of Course
Sorry I will have to continue later if anyone finds the above useful as it is taking a while to write. There is so much more to be said, anti-spy ware and the importance of more than 1 or 2, Trojans, where not to go and what not to open, reverse proxy?s, filesharing and worm protection, but so little time. Please remember the most important thing, NO SOFTWARE WILL FULLY PROTECT YOU. In order to safe you MUST get intimate and have a great understanding of your Services (run-start-services.msc) your registry (start-run-regedit) TCP/IP protocols and port mapping, and Windows Policy Auditing. If you are specifically targeted without this knowledge (and sometimes with) you will have very little chance to stop a determined hacker. Please correct me where wrong or direct me to other resources I am unaware of. Happy Securing.
********************RESOURCES and UPDATES*******************
List of lists
A Very Comprehensive list of links to Spy ware and Virus resources, this list ---'or the links on each page they take you to---should have a link to most everything.
- Steve Gibson?s site ? spin-rite and shields up among others
- program that fixes the following errors - Cannot delete file: Access is denied
there has been a sharing violation. The source or destination file may be in use. The file is in use by another program or user.
- ssl encrypted DL remove unwanted hijackers/Trojans/viruses from your PC and give you back control of your computer
Reset "shellopencommand" registry entries
- spy ware feature comparison
Trend Micro (Java; thanks to nellie2!)
Windows Update (IMPORTANT!)
Avast Virus Cleanup
- interesting spy ware info concerning corporations and there use and payment of spy ware
- great all around resource ? a link to links
- great tools most cost eventually
- free scan and resources for Parasites, or unsolicited commercial software
- use with spy-bot site has 1 or 2 other tools
XP SP2 on CD (FREE!)
spywarewarriors blog with tones of links to security sites, blogs, and forums.
PC Pit stop antivirus
McAfee Freescan antivirus
PC Pit stop spy ware check
Pest Patrol spy ware check
- great site, tons of references and resources to av-sw
needs registration I highly recommend it.
- well its free, and better than nothing, I did not get the great results I read about though, but I?m a dildo
- A MUST HAVE, PLUS VERSION IS PRICELESS BUT 25 BUCKS GETS YOU LIFETIME USAGE. HIGHLY RECOMMENDED.
- I use and like the security suite though I must tell you your going to need more than a suite and 50 bucks to stay secure.
*new* link to links
- safe computing for XP
- this is from the way back machine as the site is currently down - THIS IS A MUST HAVE if you have a need or desire to know what services are running on your machine, and what they do. Quite often you can identify bad things this way - Please read secure your pc 101 for a better understanding of the importance of knowing such things.
- one of the more complete lists of anti anything....
Avoid These Products-products listed on page the following link takes you, not the links below: http://www.spywarewarrior.com/rogue_anti-spyware.htm
Two other great sites I will try to touch on later but no reason you have to wait on me, first is prevyx a great firewall and registry monitor, hope you like pop-up authorization boxes ;-0 ? second is r-tt tools drive wiper, data encryption or better yet data policy setting, firewall and anti-virus, never uses av but the others work well. Don?t mess with r-guard unless you understand policy?s and keep good records or memory of your pass, I still can?t access data I locked last year, but I?m a dildo?.
Here is another link that I found useful when learning my computers Services its a slightly tweaked mirror of Black Viper's Services Configuration which has been down quite a while and explains services in depth.
Okay I have been trying some new product and would like to report my meaningless, uneducated but possibly useful thoughts on them. Remember kids opinions are like asssholes, everyone has one and most of them stink! Have a whiff?.
Name : eTrust Pest Patrol by Computer Associates version 220.127.116.11
SDK Version 18.104.22.168
PPFILE.dat,PPINFO.dat,PPLOC.dat as of 9/29/2005
My Opinion: This program since I have loaded it has found something all my other ones missed at least 10 times, and not little something?s, I?m talking a password stealer in the uninstall of a cracked program I had registry mechanic from ?WHEREDOWN? avoid, a key logger someone slipped in the help files of Adobe Go live amidst 7 total cd?s and 4.2 gig of other goodies, a 7 disc 4.2 g download from btjunkies via torrent, just clean it the suite is worth the attempt to key log you. And a few others that were no less important. Though I do not like most of what this program has to offer the most important thing it does I like and that?s backup my obviously other weak programs.
Pro?s and features: Catches inactive threats and many most miss, great resources at mother site. What it caught last run that MS Beta, CWShredder, Ad-Aware 6, spybot, and ewido all missed:
Contraband 9g ? found on old boot drive now secondary in 4 areas
Friends Greeting ? same as above only 2 areas though
Password finder ? in cracked version of Extreme Movie Manager from Wheredown ? found on my active directory, oops!! It says within the NFO, someone school me on this as I am more naive than once believed?
Spy anywhere and zango search assistant inside the crack for SpyCleanerPro from ttdown - Old boot 3 program files
Con?s: Your Options, they are in their entirety and quite weak:
Active protection which you can choose to delete pests in memory, delete cookies, and start protection at boot.
Update ? yes or no or schedule
Participation in some bullish ? yes or no
Sounds ? yes or no
Quite dull, quite slow, and it updates the license to the server like almost every use, I am still forced to recommend it though because there are very few programs I have used that have the success and consistency PP has over the past 2 years I?ve used it off and on.
Name -WebRoots Spy Sweeper 4.0Stop reading and go get it, hands down the best AS I have ever used, it has more features than TDS-3 ok but close, and always finds what the others miss. I have never paid so I always have to part ways as it is a difficult program to keep fully updated without paying (try them all I did they all work and all fail within a month or upon major updates) Truly is a program I would I mean will pay for??.someday.
Pros ? features too many to list at the least use the shareware and see for yourself. Multiple processes have to run to clean all of system, a lot to configure. Absolutely is a spy ware bully, cry spy ware cry, wha, wha, you?ll shoot your eye out.
Cons ? Takes a lot of resources to run, updates license like PP does, is slow. Multiple processes have to run to clean all of system, a lot to configure. Yeah I put it twice so what, depends on your level for where this falls.
Briefly Names -Ad Aware 6 and SpyBot 1.4:
They are the Barber Shop with the candy cane pole out front, old, slow, miss spots, talk too much and take to long. Still the first things I put on a new system though, I ain?t getting my haircut at no f*cking salon for 38.50 as long as my barber does at least ? the good job at 1/8th the price in a place that feels much more like home. Bottom line though these 2 alone will no longer in any way keep you protected against anymore than 70% of threats unless used ritually at the highest configurations, add-ons, and skill sets.
Name - Sunbelt Counterspy previously Giant software and originators of MS Beta
Counterspy ? it?s the same mother company as MS Beta was, it?s the continuation of MS Beta, or the good brother and its better, very few things look and feel different, but CS just works better, it really is a great tool and I recommend it, it get updated much more often than MS beta and that probably adds to its better success. It does however cost?..some.
Pros ? has all the cool features and usefulness of MS beta, but works like you wish it did
Cons ? very slow maneuvering threw the configs, costs and MS beta does not still one or the other is a good idea to use.
4 tools that are a must have when you lose control and are catching a virtual beat down and outnumbered:
Name-Diamond CS Process Guard ? You will hate this program, learn to love and master it and you shant have nothing less than total control again.
From attacks by other processes, including viruses, Trojans, worms and all forms of spy ware. DID YOU KNOW that your antivirus and firewall programs are useless if they've been terminated by a Trojan? Process Guard stops these attacks and alerts you, telling you exactly which programs are trying to attack others. Powerful kernel-mode spy ware protection that's easy to use for both novice and advanced users. Process Guard will even stop root kits from installing.
Name: Worm guard ? want to always know what other all the extensions that will launch after that second click?..WORMGUARD I love it when I get a zip it pops up this file says it is a .zip but at the end of execution it really is a .exe or .xls, or.doc, then you can search the entire file in a safe environment to see all the hidden program or file names without executing. Now feel better, them run it and its that easy, find something bad, rename it and reply back to the source!
Worm Guard is an advanced anti worm system for Windows. It's one of the easiest anti worm programs available to use, yet also one of the most powerful - Worm Guard uses new deep-scanning generic detection technology to detect and block worms using its smart analysis engine, which actually allows it to identify and stop worms with no prior knowledge of them. Stop worm viruses now with Worm guard, the perfect companion for your anti virus scanner! Worm guard was designed to help protect against outbreaks of super-propagating computer worms. These worms have proven that traditional anti virus scanning techniques (scanning for known worms) are useless against new worms that spread around the globe faster than you can update your anti virus software. Often thousands of computers are already infected before the first updates are available to protect anti virus users. This is where Worm Guard comes in - Worm Guard uses generic, heuristic detection of worms which means it finds out what the worm actually does and gives you an alert if it is something possibly harmful. The user can then analyze the output from Worm Guard to determine if the file is safe to run. It's a good idea to update your anti virus and scan the suspicious file as well.
Name - R-TT Tools R-Guard ? gives you the equivalent control of Windows Policy?s but easier, more powerful and from a drive down to a file. I would highly recommend being of admin type level if using this, and I do not mean just logging on as the admin to your machine, I mean understanding and coherent in windows policy. I really dig this and for that matter ALL R-TT Tools. They are different, in a good way, I started testing their stuff about a year ago and am still impressed, they do not mind raping your wallet though and they are not too popular yet so cracks are far and few between....
Offer Total control over file/folder operations at the user and application level;
Login monitor traces user activity: user login, logoff, etc from the local computer and network;
Two types of access control: user-specific and process-specific access rights;
File isolation. R-Guard administrator can completely isolate any file from any process;
True file/folder hidden attribute to make the file/folder inaccessible for any Windows program, unlike the Dos and Windows HIDDEN attribute;
File access blocking (Read\Write\Rename\Delete);
Ability to block the start of any executable file (EXE DLL COM BAT HTML XML JS CLASS, 32/16 bit applications, Win32, Win16, Dos, DPMI);
File system-independent extended attributes stored in a distributed database (UNIX-stile data security architecture). This allows the user to set extended attributes on removable network media;
File wiping to prevent unauthorized data recovery. Upon deleting, a file will be automatically wiped without further chance to recover deleted file. No need to wipe files manually;
Unauthorized file modification protection (CRC-128). If a file is modified by a user, R-Guard will block access to it until R-Guard administrator finds the reason and source for that modification using the R-Guard audit system.
True-On-The-Fly-Encryption (TOTFE) allows the user to enter its password only once at windows logon;
Guarantee that a decrypted file will never appear in Windows swap files;
Strong Encryption. R-Guard uses an industry standard AES encryption algorithm with 256-bit key in the Cipher Block Chaining mode;
Secure encryption key generation. The R-Guard Data Encryption System uses a complex randomized block key and variable-length key generated from the user password (MD5 algorithm);
Secure files transferring. Files from the remote storage are transferred in the encrypted form and decrypted only on the host.
Name: BILLP Studios Win Patrol 22.214.171.124 Don't act like you know act like you knew, Scotty a pimp. WP this is one of my favorite programs by far, from there policies $25 lifetime, frequent updates, ridiculous options and mystery file definitions. Even the free version is better than any other free AS I?ve used. Especially for those that like to know and control everything that runs on there system.
Pros-Notifies you of any change to anything, logs it all, immediate access to all services and process running or not on your system you can add comments to them and change or stop them even while active. Really gives you control without controlling you, access and locking of your cookies and hosts file.
Cons ? that spy ware makers and there so called enemies our defenders (anti-*Spy*) make millions in there war that will become the same as the drug war, pointless and endless, There should be some kind of regulation, if all company?s only made you pay 1 fee for all updates for life how much better do you think our AV?s and AS?s would be, I bet they would somehow do there F*cking job all the sudden wouldn?t they. I would be quite surprised if the anti-virus/spy and the pro-virus/spy are not 1 and the same ? the time. They are the oil industry of the cyber world and they will never (even if it was possible) provide a final revision or a lifetime subscription because they would lose millions. Just think how many companies would not even exist, if not for spy ware and viruses. I mean so many of these yahoo?s write this crap to spite MS, B. Gates, GW F*ckstick or Corporate America when in reality it does nothing but fuel peoples fears and fill all 4 of the 4?s pocket books. I laugh at anyone who has attacked MS and caused huge loss?s because in economy like anywhere else sh*t rolls downhill, trickle down economy, so who?d it really cost. How many security company's just overnight became 2, 2 different products, prices and supposed function. I am no expert but I would like to know how different is AV and AS (anti-spyware) code? Was MacAfee, sim, trend and all the others forced to write AS outside the AV for legitimate reasons or was it so it needed a separate box and price tag? How many new company were born and partnered with MS all due to someone trying to show people how weak and vulnerable they are. Seems it only made them stronger and safer. Let me guess, "but there losing market share because of there flaws and exploits" NO they lost market share because they lost lawsuits, as of last time I checked they still are used by over 90% of the business world. I?m willing to bet that every major threat has generated more income for these guys than any marketing strategy could dream. I?m sure they appreciate people pointing out how bad their current product are so they can ?save the day? with the new and improved raping of my wallet to replace what I already have. Sorry for dennis miller moment, certainly there are reasons and probably good ones for these actions, but bottom line is I doubt it worried any of those 4 entities any more than a wet fart would?.