I run symantec end point protection on my win7 boxes, but i also have an "IP-COP" firewall protecting my network from the outside and my wifi network is segregated from the wired one. All traffic on the wifi passes through the firewall as if it was from the internet.
huh what? patch guard ? did I miss something? o.O Please elaborate =)...
and oh I'm just a happy person... and you make me laugh... so yea
LMFAO ROFL LOFL.
@ DJG
I mean the test itself is how a (trojan)virus attacks your OS... but the leak test is not a real (trojan)virus... it just runs like one and it will check if the malicious functions it did were successful then deducts your overall score...and because of that code in it, eset detected it.... theres nothing to worry about... :P and I downloaded the 5 test thing from here Firewall Test for Computer Security is a Free Personal Firewall Test
its not a threat but its good that you're anti-virus doesn't even let it in your doors... or else other threats will go in the same way =)
Avira AntiVir Personal - Free Antivirus
Windows Firewall
Windows Defender
UAC OFF
from what i can see it detected it with heuristics (meaning that by using a very educated guess it thinks its something bad)...
Windows Vista Security : An Introduction to Kernel Patch Protection
that good read...
and oh I'm just a happy person... and you make me laugh... so yea
LMFAO ROFL LOFL.
as am i...
the thing is we are not testing your antivir but your firewall...@ DJG
I mean the test itself is how a (trojan)virus attacks your OS... but the leak test is not a real (trojan)virus... it just runs like one and it will check if the malicious functions it did were successful then deducts your overall score...and because of that code in it, eset detected it.... theres nothing to worry about... :P and I downloaded the 5 test thing from here Firewall Test for Computer Security is a Free Personal Firewall Test
its not a threat but its good that you're anti-virus doesn't even let it in your doors... or else other threats will go in the same way =)
its good that ESET detected it but what if one virus does slip thorough...(trust me all of them trip up once in a while)
that is where your firewall comes in....
and if your firewall is not setup correctly the it will let pther malware get in...
this is good example (this was one of the first leaktest software created)
and one of first "Intrusion Protection" packages to block it...
http://www.grc.com/lt/leaktest.htm said:
okay I didn't really get the first part but I' guessing you're reffering to the APIs MS put out for security products? or was it something else? omg....well acording to what i know there are api's which make it able to secure the kernel without such patching (and as you with every bug there is a possibility of exploit)...
it might be weaker protection but it is better than nothing...
to me kernel patching is bad thing (coming at this from the a security and stability standpoint) because your are messing with the core of windows itself and any bug in their kernel drivers can cause massive consequences...
sophos was even quoted saying
Symantec and McAfee 'should have prepared better' for Vista - V3.co.uk - formerly vnunet.com
and the corporate edition of symantec's antivirus has not been using KPP for some time now (which i used to use for some time now, when i was in HS and for a while in college)...
anywho problem is that patchgurd can be bypassed by any malware author,irony is that a legit company can't do that.not the biggest of deals unless you're only dependant on HIPS alone.
I'm not taking any stand on kernel patching but almost every(if not all) anti malware products used it,specially HIPS applications,well HIPS kinda need it since they stop threats at runtime,so just imagine if something hooks the kernel the security product can't do shii bout it cuz its locked out of the kernel.so there is a bit of an issue there.
lol yeah read that before.haven't used symantec in 6 or moar years
Well as far as my experience, MSE is still a work in progress, norton is dumb, avg sucks, trend micro is a failure, avast doesn't have a complete 64bit mode, eset smart security firewall blocks my internet and file sharing many times and never tried panda and f-secure AV.
Whereas, Kaspersky is a good product, mcafee is just ok, Eset NOD32 4 AV is a solid protection. I guess i will go with ESET NOD32 FTW. :)
sorry wrote in the wrong section...
here is like it should have been..
well acording to what i know there are api's which make it able to secure the kernel without such patching
it might be weaker protection but it is better than nothing...
to me kernel patching is bad thing (coming at this from the a security and stability standpoint) because your are messing with the core of windows itself and any bug in their kernel drivers can cause massive consequences (and as you with every bug there is a possibility of exploit)......yes that is true (there is a well laid out article on the code project that i really like..anywho problem is that patchgurd can be bypassed by any malware author,irony is that a legit company can't do that.not the biggest of deals unless you're only dependant on HIPS alone.)
but this is the first step (it seems) of locking the kernel down and preventing access from anyone unauthorized to do so...
patchguard feels to me more like a bandaid (blocking the good guys from patching, while the bad guys can still get in)
my prediction is that we will end up with some sort of hypervisor protection scheme (which will no doubt have its bugs too) which is that we need, something above the kernel enforcing protection upon it (that cant be too easily accessed)...
and of course using no security thorough obscurity (but i doubt that will happen...
I'm not taking any stand on kernel patching but almost every(if not all) anti malware products used it,specially HIPS applications,well HIPS kinda need it since they stop threats at runtime
yes and i have heard accounts from a number of people having bsod's and amoung other things because of this (eventually their code matures and is more stable but you still see bsod's by AV's kernel drivers happening in xp...)
i mean Microsoft isnt perfect either but at least they know this way when they need to patch the kernel they know that none of the av vendors are in there hooking the kernel and if they patch something it will not break or BSOD because something is not patching the kernel (unless of course malware is there but then again you should have a hips or a heuristics to counter such things)...:)
and i do remember the times when KPP was not around (as i used to a very secure hips/firewall called core force which i used before comodo's early betas...:)) they also use KP and with that style of protection and with enough knowledge (which is what you really need with such a advance product as this one) nothing and i mean nothing should should get into your computer and execute without your approval (it was also incredibly flexible, i kinda actually wished UAC would have a more simpler version of this (im pretty sure it would have been seen better if was more flexible...
yes and like i said this is just a step (as i think of it) to a more robust solution like hypervisor protectionso just imagine if something hooks the kernel the security product can't do shii bout it cuz its locked out of the kernel.so there is a bit of an issue there.
i really do like their corporate products but recently (with a Endpoint protection feature not compatible with vista, forgot which one though) i changed to using more "the user in control" approach (as of now, using noscript and carefully checking whether to allow scripting or not, and adblock plus and nothing else apart from UAC and the Winfirewall, i have not been exploited by malware[expecpt that firefox heap bug, which i initiated downloading from millw0rm and executing the script, but then again no payload was there...lol yeah read that before.haven't used symantec in 6 or moar years
--> Router (with all defensive rules activate, ex. DDOS, Portscan, etc...) Admin account only, AVIRA, Spybot (host immunized), Comodo Firewall (free vers.), "my brain"... and Chrome !!!!
mine :
nod32 anti-virus ver 4, comodo [firewall only], threatfire....
the best for me so far.. gives me peace of mind...
Quote
