What security setup do you have?

DJG · 17 Aug 2009

MadMax said:

yeah for some reason I haven't seen any good comment about them too,but as far as i care the moar the merrier

gonna try it out to see if it works on seven:)
btw did you try the tests from comodo?

I ran the Comodo leak tests - I scored 270 out of the 340. How did you do?

KazeNoKoe23 · 17 Aug 2009

Can't believe so many people disable UAC. There's no reason for it.

Anyway, my setup is pretty basic. NOD32 v4.0 x64 + UAC enabled + Windows Defender enabled + Windows Firewall.

pparks1 · 17 Aug 2009

KazeNoKoe23 said:

Can't believe so many people disable UAC. There's no reason for it.

Well, keep in mind that UAC is generally designed for the less savvy computer user who might be unaware of what they are doing. For many enthusiasts here, they are well aware of what they are doing and they do want to do it and not be bothered by it. Personally, I just leave it enabled as I really don't see it too much...but I could see others not wanting the disruption.

The sad part is, for those who really do "need it", they don't take the time to read or even question why something is just happening and go ahead and blindly click on ok.

MadMax · 17 Aug 2009

DJG said:

Aah! That's who they're from? I'll check them. Although do I trust tests from a provider of firewalls to be impartial

???

oh yea

but neither of us are using comodo at the moment so if it leaks it leaks:)

I ran the Comodo leak tests - I scored 270 out of the 340. How did you do?

got 280/340,although the result is a bit faulty

4. RootkitInstallation: ChangeDrvPath Vulnerable

that result is wrong cuz kaspersky gave me popup,but then again who knows

23. Impersonation: ExplorerAsParent Vulnerable

gets right pass outpost,even while it says that it blocked it in the log,how about you?

24. Impersonation: DDE Protected

another wrong result,cuz it gets pass outpost too.

lol all in all an inconclusive result,but yeah we're leaking

btw are you using the x64 version of win 7?

A320 · 17 Aug 2009

pparks1 said:

Well, keep in mind that UAC is generally designed for the less savvy computer user who might be unaware of what they are doing. For many enthusiasts here, they are well aware of what they are doing and they do want to do it and not be bothered by it. Personally, I just leave it enabled as I really don't see it too much...but I could see others not wanting the disruption.

The sad part is, for those who really do "need it", they don't take the time to read or even question why something is just happening and go ahead and blindly click on ok.

Having said all that, due to what I stated earlier I have Defender now off, is there any real reason for me to turn it back on, considering my computer knowledge level?

DJG · 17 Aug 2009

MadMax said:

oh yea

but neither of us are using comodo at the moment so if it leaks it leaks:)
...
got 280/340,although the result is a bit faulty
...
lol all in all an inconclusive result,but yeah we're leaking

btw are you using the x64 version of win 7?

I'm running x64 RTM.

Quote:
4. RootkitInstallation: ChangeDrvPath Vulnerable
Got that ...

Quote:
23. Impersonation: ExplorerAsParent Vulnerable
Got that ...

Quote:
24. Impersonation: DDE Protected
Got that ...

Also got as vulnerable:

8. Filedrop
11. SetWindowHook
12. SetThreadContext
16. DupHandles

Hey, a guy's gotta take a leak every now & then

.

tw33k · 17 Aug 2009

zigzag3143 said:

A320

You know we all think it is more complex than it truely is sometimes. Just a matter of finding out. You solved it. I like the saying if you hear hoofbeats think horses not zebra's.

Glad you are working and I think you will like eset

Ken

Occam's razor: "when you have two competing theories that make exactly the same predictions, the simpler one is the better."

applied to pc errors this theory rings true 99.999% of the time

AlexT2889 · 18 Aug 2009

I got 200/340, meh, just wait till Windows 7 recieves security updates after the first month of availability and RTM of MSE 1.0 then things will improve. Comodo website labels my OS as "Vista SP0 7600".

MadMax · 18 Aug 2009

DJG said:

I'm running x64 RTM.

Quote:
4. RootkitInstallation: ChangeDrvPath Vulnerable
Got that ...

Quote:
23. Impersonation: ExplorerAsParent Vulnerable
Got that ...

Quote:
24. Impersonation: DDE Protected
Got that ...

Also got as vulnerable:

8. Filedrop
11. SetWindowHook
12. SetThreadContext
16. DupHandles

my complete list would be
4. RootkitInstallation: ChangeDrvPath Vulnerable
5. Invasion: Runner Vulnerable
8. Invasion: FileDrop Vulnerable
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
15. Injection: KnownDlls Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable

I got a KAV popup for number 4 and most probably a popup from OP for the rest(too many popups to keep up with lol) except for 23,damn thing is oblivious to a attack of that kind :S
btw could you pls run firehole and post the results,it kinda uses the same tactic as number 23 and get right pass OP

DJG said:

Hey, a guy's gotta take a leak every now & then

.

lol word

wallyinnc · 18 Aug 2009

pparks1 said:

The sad part is, for those who really do "need it", they don't take the time to read or even question why something is just happening and go ahead and blindly click on ok.

Agree and I wonder whether I am becoming one of those...
I have an additional issue and question: I set up separate users for my kids as Standard users. Now every time they log in there are at least 3 programs (all ASUS) that require my Administrator passoword to run. Why UAC doesn't learn what programs we have once (or many times) authorized to run and then we dont' have to do that anymore (I read about viruses disguising as the actual programs. I think in that case we will just blindly click anyway).
Is there a way to avoid the issue with the startup programs?