PDA

View Full Version : Free Security Software (reviews)


jdh
May 15th, 2008, 05:09 PM
Free Security Software

05.13.08

by Neil J. Rubenking

http://www.pcmag.com/article2/0,1895,2304349,00.asp


BTW, PC Tools THREATFIRE looks like it would be an excellent supplement to signature scan based security (e.g. AV) software. It should be able to catch 0-day attacks and polymorphism based attacks that the latter would miss.

David H.

Peter Creasey
May 16th, 2008, 08:12 AM
David, He obviously is not a fan of Spybot...

I salute Spybot's pioneer spirit, but I wouldn't use it in the modern world.

I've always liked the Spybot scan features but would never use its real time shield.

jdh
May 16th, 2008, 09:27 AM
David, He obviously is not a fan of Spybot...



I've always liked the Spybot scan features but would never use its real time shield.

AFAIK, the main "real time shield" in Spybot S&D is TeaTimer. Basically, all that TeaTimer does is monitor certain changes in the Registry of Windows. Changes that happen when a program installs itself. The intent is to catch spyware in the act of installing itself in the "run" section of the registry, i.e. when the spyware or other software basically tells the Windows OS "please run me when you start the OS". So..., AFAIK, Spybot S&D does not have a real-time scanner.

I do still use the TeaTimer (registry monitoring). I had stopped using TeaTimer for a while because there was a bug in its user interface that made it hard to operate. However after that bug was fixed I started using it again.

I once bought WebRoot SpySweeper but its on-demand scans were too slow at least on that PC at that time. And because of that and other reasons I uninstalled it. Since then until AVG 8 I have not had a real-time resident spyware scanner because I was too cheap to go out and buy and try other scanners besides my SpySweeper. Finally with AVG 8 I now do have a free real-time resident spyware (and virus) scanner.

Previously, in spite of the lack of a real-time resident scanner for spyware, I did not feel too exposed since I've been running the Firefox security extensions:
1. NoScript
2. Finjan Secure browsing
3. Firekeeper

and now

4. AVG 8 Search Shield toolbar

These four extensions (add ons) generally do different things although there may be some overlap. Therefore since I don't see any significant or noticeable speed hit in browsing, I keep them all running in Firefox.

As mentioned before, because of 0-day exploits and because of polymorphism of exploits, both anti virus scanners and anti spyware scanners should not be relied on with full confidence because their signature def scanning these days is probably at most 80 % effective and often 60 % effective or less. Of course, when exploits are new, the effectiveness is MUCH LESS.

Because of the increasing lack of coverage and effectiveness of signature based scanning, it seems almost certain to me and major security vendors have admitted this openly that other approaches such as "behavior based" malware detection will sooner or later come to predominate over signature based detection. One "behavior based" example is ThreatFire (mentioned in prev. msg.) from PC Tools. (I tried it out but had some stability problems so will probably wait until a later 'incarnation'.) Eventually this type of "behavior based" detection will have to be built into the OS itself, which is how it should have been done in the first place. Of course when that happens there will be a fight between the OS vendors (MS) and the security vendors, the latter would be faced with significant loss of business.

BTW, I still do occasional on-demand scans with Spybot S&D but do not put much reliance on them since it is impossible for an essentially freeware product like it to compete in spyware coverage with for-profit companies. Just look at the number of malwares it claims to screen as compared to any commercial product such as AVG, much less. I still use Spybot to browse the startup program list of Windows (in the registry, etc.) since its info database tells what many of those programs in the startup list do, so that I can decide if it's safe or desirable to disable them out of the list. There are probably other programs besides Spybot that can do this too but I don't know them or if they are free or not.

jdh
May 16th, 2008, 09:36 AM
I think a couple cartoons are a good picture of malware versus security.

1. The old Spy vs. Spy cartoons in Mad Magazine

2. Wil E. Coyote vs. Road Runner

never ending always escalating battles

Don't assume that technology that once seemed bullet proof will remain so for long.

The only programs that don't have bugs and security holes are those that are so trivial that they don't perform any useful function.

D.H.

Peter Creasey
May 16th, 2008, 10:06 AM
If I had known we would have AVG updates until 12/31 (instead of what the AVG popup said -- 5/31), I would have stayed with V 7.5 as long as possible. I'm not wild about the add-ons in V 8.0.

You seem to carry a heavy load with your security protection efforts. I suspect you have a fast powerful PC. Have you ever measured what you are paying in terms of system performance?

jdh
May 16th, 2008, 12:44 PM
If I had known we would have AVG updates until 12/31 (instead of what the AVG popup said -- 5/31), I would have stayed with V 7.5 as long as possible. I'm not wild about the add-ons in V 8.0.

You seem to carry a heavy load with your security protection efforts. I suspect you have a fast powerful PC. Have you ever measured what you are paying in terms of system performance?

I have mainly been using Windows 98 SE on a 500Mhz 64MB RAM PC since 1999 until December 2007. A couple years ago, I upgraded RAM to 192MB because I mistakenly thought that I needed to do so to get some Roxio CD+DVD burning software to run. Instead it turned out that I just needed to change a DMA setting.

My Christmas present in 2007 was a much more powerful Dell Windows XP system. However the only significant to me advantage I got from it was the ability to play and burn DVD's and to efficiently run CrossLoop remote desktop (both of which I don't do a lot). The only reason I went from Dial Up to DSL Lite was to run Crossloop remote desktop efficiently. Now it actually turns out that DSL Lite is cheaper than Dial Up because with DSL I don't need call waiting.

On that Win 98 500Mhz 192MB PC I had 1. AVG 7.5, 2. Zone Alarm (old version), 3. Firefox 2.x + NoScript + McAfee SiteAdvisor. I think I had Finjan Secure Browsing and Firekeeper exensions running in Firefox too earlier but not right now as I am posting via the Win 98 PC. I don't remember if Firekeeper and Finjan caused any noticeable slow down or not.

I really don't have the techincal know how or ambition to figure out how to measure the speed hits from 1. NoScript 2. SiteAdvisor 3. Finjan, 4. Firekeeper, & 5. SiteAdvisor running in the Firefox browser. All I have to go on is my subjective opinion.

Of course, I use the Dell XP system more now because it's faster and because it uses less power (LCD display vs. CRT, etc.). One of the main advantages I notice with the XP system is watching videos is smooth (not jumpy) compared to the old Win 98 system because the latter's image rendering could not keep up with the DSL Internet video stream. But I hardly care about videos at all, so for most purposes the old Win 98 is fine. Of course I also appreciate the faster video rendering on my Dell XP when I am running a remote desktop with CrossLoop so that I can see the changes on the remote PC screen with very little delay.

I still run NT 4.0 Server SP6a on my old Acer Pentium I 60Mhz with 64MB but I use old Opera 6 browser since Firefox 1.5 and higher need too much horsepower.

I really don't see the problem with putting a bunch of security extensions into Firefox as compared to installing actual regular full fledged EXE security programs. Why? Because the extensions can easily be enabled or disabled in Firefox. You don't have to uninstall them. And even if you do install them, they don't leave garbage in the Windows registry because they don't put anything there in the first place.

That is unlike any kind of resident security scanner whatsoever. They all have to put their hooks down into the OS and need to install special drivers.

Furthermore, tho' I have never had any stability problems with Firefox extensions, even if one FF extension DID have such problems, Firefox can be started in it's own built in Firefox safe mode and you could disable or uninstall the guilty extensions if one ever found such a one.

So I don't really see a basis for a statement or impression that AVG 8 or the Firefox extensions I mentioned are resource hogs. Esp. when Grisoft claims that AVG 8 is faster than 7.5. Of course , running ANY software takes CPU power, but that does not necessarily make a HOG.

All I can say is YMMV and try and see, esp. the FF add ons which will be easy to remove if you don't like them. However, I would say that FF + NoScript add on is probably almost as effective TODAY as anti-spy or anti-virus since it can block the infections which are most prevalent today some of which AV can't block! The main drawback to NoScript is that for each site you trust you have to do a ONE TIME action of a couple clicks to enable javascript for that site. To me that is a small price to pay for such a powerful protection. Of course for those who want to view all the bells and whistles for every site they stumble across, no matter what, it would be intolerable and MOREOVER pointless. Since the effect of the latter behavior is effectively to say, "please come and blow me out of the water or steal my ID".

DH