Multiple protection levels - a case of paranoia?

[BernardStewart]

Having been the victim of two serious virus attacks over the last few years and increasingly concerned about spyware and tracker software I thought I was being sufficiently careful. I had the following installed protection:-

1) I am running latest version of Norton Internet Security Professional. Run on a daily schedule scan.

2) Latest version of Webroot Spymaster - on a daily scan and with all options set e.g. memery scan etc - discovered 1 new spyware.

3) Lavasoft Ad Aware - found 2 more

4) Yesterday also added AOL Spyware Protection - ran it and found 1 more.

5) Today installed Spyware Docto and ran it - found 6 supposedly serious threats!!!

What can one do to stop this!!! (other than never logging on. Any one else had the same experience?

 

[tazuk]

You are not alone BernardStewart.

Having dealt with spyware infected pcs of friends and family, as well as at work I have worked extra hard at minimising my home network's exposure. I (currently) rarely find any threats on my main box at home since running the combination below:

1) Fully stealthed wireless router with NATs firewall (configured to block major known threat ports and with stealthed IDENT port) and SPI. Tested on grc.com.

2) Windows 2000 SP4 box hardened according to the white paper I found on the internet (from the NSA if memory serves). File and print sharing are disabled on the Network connection.

3) ZoneAlarm PRO configured to deny cookies unless explicity authorised and fully stealthed. Tested on grc.com.

4) NAV2004 - automatically updated, automatic scans 4 x per week.

5) SpywareBlaster - updated as often as updates are released.

6) Spybot (with resident protection on, system protection off) - updated as often as updates are released.

7)Bazooka spyware scanner (scanning tool)

8)HijackThis (scanning tool)

9)IECookieViewer (freeware viewing tool)

10) Weekly online scans using the Trend Micro site.

11) Fortnightly online trojan scans.

I instituted this regime after I was attacked by some individual using an unsecured server located in China (if my traces were accurate). Since that time (Jan 2004) I've had no problems with this setup, other than having to reconfigure my security on occasion when installing new software / services.

Unfortunately for the moment it seems that security is a constant learning / configuration process, although I note with interest talk (in yesterdays news) of requiring ISPs to monitor their customer's security.

HTH.


TazUk

Blue-screening PCs since 1998

 

[vop]

Other thoughts that should be on people's radar:

Your main remaining virus connection is often email. More SPAM also equals more (dangerous?) email. It is user email habits that can create most remaining major vulnerabilities. Some may need to consider a non-HTML client to avoid potential (vulnerability) scripting impacts.

A good HOSTS file also is a very useful tool. This prevents and blocks you from going to known bad places. You can't become a victim of a drive-by download if you don't go there in the first place.

Also have a look at the following link:

Stop IE hijacking before it happens

http://amazingtechs.com/index.php?showtopic=8993

THere are also tools to control content delivery, alert you, or further immunize and protect your system settings from being hijacked or attacked [such tools as SpyBlocker, SpywareGuard, TeaTimer (in SpyBOT), Ad-watch (in Ad-aware, and TCActive/TCMonitor (in The {trojan}] Cleaner from Moosoft)].

 

[BernardStewart]

It would seem that it is not paranoia.

However, the point becomes clear that no one or two of the tools suffices, yet to have to subscribe to numerous blockers seems to be daft.

Why don't the main players such as McAfee and Norton, etc., wake up and deal with this more effectively?