windows live onecare
in [Security]
|
Prev: wordpad unable to open rtf file - security warning - win xp sp3 64 bit
Next: Screen Upside Down Virus
From: Warren on 13 Mar 2010 09:08 have any of you ever used windows live onecare...a waste of $50.00. Now i know why they are discontinuing it. it finds NOTHING and i have to run antispyware and antimalware to keep my pc clean. please suggest the best free protection for my machine since i won't be using this one anymore.
From: msnews.microsoft.com on 13 Mar 2010 09:38 I agree with you about Live Onecare. it did suck. That said - Windows now has Microsoft Security Essential at http://www.microsoft.com/security_essentials/ which seems to be working for me. It found 2 infections that Norton 360 did not. So far, I like it. "Warren" <Warren(a)discussions.microsoft.com> wrote in message news:4790CBF8-B642-493A-82FC-DBF5E10A2E7B(a)microsoft.com... > have any of you ever used windows live onecare...a waste of $50.00. Now i > know why they are discontinuing it. it finds NOTHING and i have to run > antispyware and antimalware to keep my pc clean. please suggest the best > free protection for my machine since i won't be using this one anymore.
From: David H. Lipman on 13 Mar 2010 11:54 From: "Warren" <Warren(a)discussions.microsoft.com> | have any of you ever used windows live onecare...a waste of $50.00. Now i | know why they are discontinuing it. it finds NOTHING and i have to run | antispyware and antimalware to keep my pc clean. please suggest the best | free protection for my machine since i won't be using this one anymore. Avira AntiVir used in conjunction with Malwarebytes' Anti Malware. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: VanguardLH on 13 Mar 2010 14:55 msnews.microsoft.com wrote: > I agree with you about Live Onecare. it did suck. > > That said - Windows now has Microsoft Security Essential at > http://www.microsoft.com/security_essentials/ > > which seems to be working for me. > It found 2 infections that Norton 360 did not. > So far, I like it. > > "Warren" <Warren(a)discussions.microsoft.com> wrote in message > news:4790CBF8-B642-493A-82FC-DBF5E10A2E7B(a)microsoft.com... >> have any of you ever used windows live onecare...a waste of $50.00. Now i >> know why they are discontinuing it. it finds NOTHING and i have to run >> antispyware and antimalware to keep my pc clean. please suggest the best >> free protection for my machine since i won't be using this one anymore. To clarify, the anti-virus engine used in MSE is different than the one that was used in OneCare. That is, you aren't stuck with the same bad AV that was in OneCare.
From: VanguardLH on 13 Mar 2010 16:00 Warren wrote: > have any of you ever used windows live onecare...a waste of $50.00. Now i > know why they are discontinuing it. it finds NOTHING and i have to run > antispyware and antimalware to keep my pc clean. please suggest the best > free protection for my machine since i won't be using this one anymore. Basically what you are really asking is what other users are currently using. Even after trialing several products and users deciding what they like best, you are still going to get responses that reflect what users have chosen as their current security suite. So, with that in mind, here is my setup: - Avast! 5 (fully operable so using its on-access scanner). o Free version. o Not all "shields" are installed since I don't need them (I don't use prattle IM clients or P2P file stealing) or they can be problematic (like timeouts due to delays in e-mail traffic from the scanning). I only installed the following shields: * Web shield (with intelligent streaming disabled) * Network shield * File shield o Prior free versions only let you do a quick scan (ashquick.exe) that you could schedule in Task Scheduler. V5 lets you add a schedule to both the quick and full scans so, for example, you could quick scan on Mon-Sat and full scan on Sun. o Unlike Avira, Avast lets you schedule how often to check for updates with a single setting. With Avira, you will need to add more scheduled jobs that do an update check (recommended since the free version of Avira hits the same server for all users which makes it busy and it could be 3 days before you get an update if you just go with the default 1-per-day update scheduled job). o The free version of Avira does not include their web shield. Avast includes their web shield in their free version. o Avira free version does not include the e-mail scanner (but often you end up having to disable it for other AV products due to the problems it creates). - MalwareBytes AntiMalware o Free version. o Does not include an on-access (real-time) scanner. This is actually desirable to avoid conflict with whatever is your AV program of choice. o There is no option to check for updates before running a manual scan. The update dialog is also on a different tab. Be sure to do an update before you run a manual scan. - SuperAntispyware o Free version. o Disable the on-access (real-time) scanner. Used only as an on-demand (manual) scanner to avoid conflict with other security software. o Be sure to update before scanning. It has an option to ensure checking for updates before you run a manual scan. - WinPatrol o Free version. o Does not include an on-access scanner. o Polls at intervals for changes to system to alert on critical modification. * Change the default poll interval for all monitors down to 1 minute. Waiting 5 minutes to find out something changed is too long. - ReturnNil Home o Lets you make changes to your system which are obliterated when you reboot (or you can choose to keep the changes). o Any install that requires a reboot would be obliterated if ReturNil were active since it discards all changes made to the virtual disk (so ReturNil is not useful for any install that requires a reboot - instead use a virtual machine, like VirtualPC 2007, VMware Server, or VirtualBox). o Can be configured to activate on Windows startup. Handy when giving a host to kids or strangers since a reboot wipes everything they changed. o Microsoft's similar product is called SteadyState. - SpywareBlaster o Free version. o No on-access scanner (this product isn't potent enough to use for real-time scanning, anyway). o Usefuleness lies in adding ActiveX killbits in the registry to prevent known malware from running. This is passive but always-present protection. o Can add "bad" domains to Restricted Sites security zone to neuter them. * This does not prevent sites from relaying content from those bad sites. It merely disables many HTML features if and when you visit those sites. o Can add "bad" domains to the cookie blacklist in the web browser. - Virtual Machine (VM) o Free version(s). o VirtualPC 2007 (have also used VMware Server and VirtualBox in the past). o Provides isolation of an application by running it inside a guest OS instead of on your host OS. o Legally you will need another license of Windows if you want to run an instance of it in a VM. * Windows 7 comes with XP Mode which is a licensed copy of Windows XP SP-3 (but which is legal only under that instance of Windows 7 so there is no portability). You install XP Mode (since Microsoft didn't include it as an install-time option) and follow with an install of VirtualPC. o VM is more protective than using a sandbox (e.g., Sandboxie) to isolate an application. They make an excellent environment under which to test unknown or untrusted software. * With the effort and side effects of using a sandbox, the setup and use of a VM is no more difficult than a sandbox but a VM affords more isolation. * Sandboxie is probably the only currently support (and least flaky) sandboxing program available. - The free version turns into nagware after the 1-month trial period. - The free version does not have the option to force every instance of a program to get sandboxed, like a child process for a web browser started by clicking on a URL link in a message in an e-mail. Only the paid version has the force option. By reducing privileges on normal Internet-facing apps and using a VM as a test environment, I get covered on lower and higher levels of isolation that what is afforded by a sandbox. - Of course, with a sandbox, you don't need another license for Windows to run it inside a VM. - PC Tools Firewall Plus o Free version. o Includes both firewall (with rules for which apps are allowed to connect to the network) and HIPS (Host Intrusion Protection System) which are rules as to which apps can even load or what actions they can perform with other apps. o Includes a whitelist of known good apps to reduce the number of prompts to the user to make a decision. o Alternatives are Tall Emu's Online Armor and Comodo Firewall (both are firewall + HIPS). * Online Armor has its Run Safer feature which can force apps, like the web browser, to run under reduced privileges (same as if you had logged under a limited user account). Running an app under a LUA (limited user account) token restricts what actions a malware can commit if its infection vector is through the restricted app (web browser, e-mail client, newsreader, or other Internet-facing app). * Comodo Firewall has its sandbox (which is not a full sandbox but still provides some isolation). You can add an app, like the web browser, to the sandbox but disable file/registry virtualization to only force that app to run under a LUA token. (Note: Comodo still needs to work on their sandbox as it is still to flaky in its operation.) * Both Online Armor and Comodo include whitelists of known good apps. o Unlike Online Armor but like Comodo Firewall, PC Tools will will let you specify rules as to WHERE an app may connect. * For example, you may want an app to phone home to check for updates and nuisance you with alerts that a new version is available, especially if you have already tested that new version and have problems with it or otherwise decide you don't want it. But you could let that same app connect everywhere else. o All firewall+HIPS products suggested here: * Can be quickly disabled by right-click on their tray icon. For example, you will need to disable them when visiting the Windows Update site so you can install updates to Windows or Office. * All these products are at the top of Matousec's list of best firewalls (http://www.matousec.com/). o While both Online Armor and Comodo Firewall have the means of forcing the web browser (or any app) to run under a LUA token (to reduce it privileges and throttle any malware through that infection vector), PC Tools is lacking in this feature. See the next point about using SRPs to restrict applications. - Software Restriction Policies (SRPs) o Every version of Windows from XP and on up (not sure about 2000) can have an SRP rule defined to restrict a program. The available choices for a security level in an SRP rule are: * Unrestricted: App runs at the same privileges as your Windows account. * Blocked: App is never allowed to run. * Basic User: Available in Windows Vista and up, hidden in Windows XP but can be added via a registry edit. Restricts the program to run under a limited user account's privileges. o By using an SRP rule to force a program to run under an LUA token, you get the same benefit as Online Armor's Run Safer option or Comodo's firewall with its sandbox (but with file/registry virtualization disabled for that app). So I can combine PC Tools Firewall Plus with SRP to give me the same functionality as, say, Online Armor with its Run Safer option but I get better detailed control in PC Tools firewall rules than I do in Online Armor's firewall rules. I have several outstanding problems with Comodo Firewall (see their forums by searching on my moniker there) and why I don't use that product. o SRP is available already in Windows and requires no addition software installation from 3rd party vendors. o You can still run the app without restriction. SRP path rules are based on, yep, the path you specify to the program so the same executable in a different path won't have that SRP rule applied against it. o How to setup an SRP rule (and how to get the Basic User security level added to Windows XP) is too lengthy for this already long post. If you want more info on using SRP that is part of Windows, ask for more info and I can spew out my canned response. - GeSWall (isolation + policy enforcement) o Free version. o Only isolates web browsers and some prattle (IM) clients. o Is not a proper sandbox but does provide some virtualization to isolate an application. o Instead of using Windows' privileges assigned to an app, it enforces its own access control rights on the isolated app. o I don't currently use this anymore because it can get in your way too much. It can interfere with the functions of an app. It is designed to be transparent but isn't quite invisible. I would still be using GeSWall except for the interference it has in how an app can operate. o More restrictive in its policies than those afforded by using an SRP rule. o Tracks any downloads using the app (web browser) to make them run isolated, too. When you run the downloaded app, you have the choice of running it isolated or unisolated (so an install you download can actually do the install to your host if you opt to do so). o Easy switch an app from isolated to unisolated. A "G" icon gets added to the titlebar of the isolated app. If you want to run it unisolated, click on the G and select to restart as unisolated. A bit easier than having to right-click on a tray icon to disable all protection, especially when you only want one instance of the app to be unisolated. o Does NOT prevent malware files from getting deposited onto your host. Only prevents them from committing their malicious action. o Between having an anti-virus and firewall+HIPS security software, VMs, and SRP rules, GeSWall becomes pretty superfluous. It's when you don't have all those other techniques that GeSWall will shine.
|
Next
|
Last
Pages: 1 2 3 4 Prev: wordpad unable to open rtf file - security warning - win xp sp3 64 bit Next: Screen Upside Down Virus |