Updating My Protection

[bushka]

OK, so awhile back Hoov helped me out and made some recommendations on replacing my current antivirus software.  I'm not happy with my TrendMicro because of their terrible customer service, and my year has just expired.  I wanted to be sure I was getting a good replacement.  I believe Hoov recommended AVG to give me both antivirus and realtime malware protection, while using ZoneAlarm as a firewall.  These recommendations were quite awhile ago, and before I pay for AVG I want to be sure this is still recommended.  I'm a bit concerned because of a slowdown issue mentioned by this website:

http://anti-virus-software-review.toptenreviews.com/avg-review.html

I also note that others on SpywareHammer do like the Windows firewall.  Is it now updated to the point of being OK to use (IE 8.0)?

Any thoughts?

[PCBruiser]

Personally, I recommend AntiVir Free and Online Armor + Malwarebytes AntiMalware (Paid) and WinPatrol.

Links:

http://www.free-av.com/en/download/index.html
http://www.tallemu.com/free-firewall-protection-software.html <-------Bottom most download on the download page
http://www.malwarebytes.org/mbam.php
http://www.winpatrol.com/

I use this setup except that I use the paid versions for all of them.

[bushka]

OK, so let me see if I understand.  I get the free Avira AntiVir program for viruses, and Online Armor as a firewall (turning off Windows' firewall).  In addition, I get the paid-for Malwarebytes which will protect against malware in real time, rather than after the fact.  (It is confusing to me that one program can't protect against viruses AND malware at the same time). One of the problems I had with TrendMicro is that every time I started the computer, it would take a good two minutes for the program to load!  Will I have a wait time like this while these 3 programs load on startup?

Also, how does Winpatrol fit into this.  Does it load also, or is it used on demand?

Thanks!

[PCBruiser]

Hi,

The Online Armor installer will automatically handle the Windows firewall.  BTW, the firewall was not changed by IE8, they actually have nothing to do with each other in that regard.

After you train Online Armor, your boots should be faster than with TM.  It does take a few (4 or so) boots to train that.  The AntiVir, MBAM and WinPatrol software loads quickly.

WinPatrol is a monitoring program, not active antimalware like the others.  What it does is watch for changes in critical areas (startups and services, for example) and requires that you permit them before allowing them to run.  Basically, it is watching for important changes in your system that it isn't sure about, and prevents then from being made without your permission.  It "knows" about all normal Windows system programs, so they don't trigger any warning.
 
One further thing, if you use broadband, but do not have a hardware router/firewall (even if yours is the only system to connect), then I strongly recommend getting one.  They are not expensive these days and for inbound protection and inbound or outbound blocking access to "bad" sites or protocols at your gateway, it significantly hardens your security.

[bushka]

OK, I'll give it a shot.  Let me ask you about phishing filters -- on my TrendMicro I had to turn this feature off as it slowed down everything too much.  How is this handled with Antivir/Malwarebytes etc that I will be downloading?

[PCBruiser]

I've not had any issues with that at all.  But, I don't use or recommend IE.  I use Firefox for everything, even Windows Updates (using the IE Tab extension).

BTW, that setup is also running full time on my netbook, not exactly a complete speed demon - it has a 1.6 gHz HT CPU, and even that has no issues with all of them.  I am also using Windows 7 on all my systems, and that is excellent - faster and more comprehensive than even XP with all the good features of Vista, but none of the heavy overhead Vista has.   Really, it is Vista done right.

[bushka]

Well maybe I'll get into Firefox and all that on the next round.  For now I'll download your recommendations and see how it goes.  BTW, I'm online without any virus protection and everything loads lightening fast!  So I can get viruses in record time, too. 

Thanks for the recommendations!

[PCBruiser]

After you download and install everything, run full scans with AntiVir and MBAM just to make sure you haven't been reinfected.  Then also run ShieldsUp! from here:

http://www.grc.com

to make sure all your firewall settings are correct.  All the "blocks" should be green - you will understand that when you run it.

[bushka]

I"ll do that.  I just downloaded Antivir and it says when you install it that it detects malware!  It's a little confusing.  Does it do viruses and malware, but AntiMalwarebytes just does it better?

[PCBruiser]

It is a little confusing.  Viruses are a subset of malware, with malware traditionally being Trojans, worms, rootkits and spyware/adware; or in other words "all other infections".  The border between them all is blurring now, and in many cases both traditional anti-virus and antimalware software catch both.  However, it is the heuristics that really count.  The ways viruses and other malware work is somewhat different, so the heuristic elements need to be somewhat different as well. 

AntiVir is one of the best antiviruses out there, and also contains heuristics to catch a lot of malware.  It does well with pernicious  endemic malware like Vundo.H for example, which MBAM also catches.  There is overlap, but that too is good.  If one doesn't catch something, the other usually will.  I always tell people that good security is like an onion requiring malware to penetrate all the layers before it actually infects a system.  Fail to penetrate any of them, and the malware won't infect the system.

[bushka]

OK so now I've got AntiVir and Online Armor running, and I "think" I've got AntiMalwareBytes running.  I had the freeware version, and when I paid the $25 and tried to register, it wouldn't accept my ID and Key.  So, I downloaded the freeware again to replace the older version and was successful in entering the ID and Key.  But now, I'm not sure if the program is running!  There is no icon in the tray to indicate any kind of real time protection, but I do have the box checked next to "start with Windows."

Also, I went to GRC and ran Shields UP! but I'm not sure what you mean by "all green."  I ran each of the button items under Shields Up!  Under Common Ports, I get a message that Ping Reply Failed.  It says my firewall settings can fix this, but I can't figure out how, or whether it is wise to eliminate replies to pings!

So as you can see I'm still a bit clueless.    Any comments are appreciated.

[Mister2]

Hi bushka,

Go to Start, Run, type taskmgr and click OK.  In the Task Manager window click on the Processes tab.  You should see the name 'mbamgui.exe' in the left hand column and 'Malwarebytes anti malware in the Description column.  That indicats MBAM is running in the background.  Close Task Manager using the cross at the top right corner.

At GRC, after running the 'All Service Ports' test you will see a block of squares when the test has finished.  A red suare indicates that particular port is open and hence could allow malware through (bad).  A blue square square means the port is closed - malware knows the port is there but cannot get through (better).  A green square indicates the port is 'stealthed' - malware cannot get through and doesn't even know the port is there (best).

So a blue port is safe but any malware knows the port exists and so it may keep trying to get in (in extreme cases that could have an impact on your internet connection speed).  A green port does not, to all intents and purposes, exist to the outside world and so malware will leave it alone after the first try.  That is what PCBruiser was referring to when he said the blocks should all be green.

The ping failure is not life threatening.  My systems allow pings and I don't have a problem with that.  When your computer is pinged it is letting the world know it exists, but if your ports are stealthed (or closed) then that in itself is not much use - nothing can get in anyway.  Unless you are conversant with the workings of the firewall I would suggest you leave it.  Turning the ping reply off could cause more problems than it solves. :)

[bushka]

Thanks Mister.  All my squares were green, so I'll leave the ping thing alone.

As far as Malwarebytes, I do not see the file you mentioned in Processes.  It seems like MalwareBytes kind of leaves customers hanging after they pay for the upgrade version.  There are no instructions provided, really, to enter the key info and how to make sure it is running in the background.

[mona7865]

When you have received the email with your ID and Key, you click the MBAM icon on your desktop, then you click on the "Protection" tab.  There you can enter your ID and Key (it's best to copy/paste from your email) and then you click on the button "start protection now".

Now you should have a litte "M" (red background with a white M in it" in your system tray.  When you right click this you can check whether "Enable protection" and "IP protection" are checked.

Hope this has been of help.

[bushka]

I've already done that and it doesn't seem to work.  Under Protection it said "Protection module is disabled."  I clicked on the button to "Start Protection" and then I get a message that says Protection is already enabled.  I got a couple of blocks from the AntiVir program.  Update: I tried this a couple of times and the last time it seemed to take.  I'll let things go for now and assume it had something to do with the virus blocker.

Thanks!