Password vault software

Discussion in 'Computer Security' started by Ed, Aug 18, 2007.

  1. Ed

    Ed Guest

    How secure are "password vault" products like Faena MyID? I'm not
    talking
    about what they claim about the length of key they use, but how
    trustworthy
    the supplier/developer is. Or, perhaps I should be asking how much
    trust I
    have to place on the supplier/developer. For example, what would keep
    an unscrupulous supplier/developer from embedding a little piece of
    code
    to send all my passwords to him?

    TIA

    Ed
     
    Ed, Aug 18, 2007
    #1
    1. Advertising

  2. Ed

    Vanguard Guest

    "Ed" wrote in message news:2dqxi.430$...
    > How secure are "password vault" products like Faena MyID? I'm not
    > talking
    > about what they claim about the length of key they use, but how
    > trustworthy
    > the supplier/developer is. Or, perhaps I should be asking how much
    > trust I
    > have to place on the supplier/developer. For example, what would
    > keep
    > an unscrupulous supplier/developer from embedding a little piece of
    > code
    > to send all my passwords to him?



    So are you saying that you have never heard of personal software
    firewalls? If not, time to get one. Get one with outbound control,
    like application rules. Then you can decide which applications can
    make Internet connections and which cannot.

    Comodo's firewall is top-rated amongst the free personal firewalls.
     
    Vanguard, Aug 18, 2007
    #2
    1. Advertising

  3. Ed

    Todd H. Guest

    "Ed" <jag_manR__EM*> writes:

    > How secure are "password vault" products like Faena MyID? I'm not
    > talking about what they claim about the length of key they use, but
    > how trustworthy the supplier/developer is. Or, perhaps I should be
    > asking how much trust I have to place on the supplier/developer. For
    > example, what would keep an unscrupulous supplier/developer from
    > embedding a little piece of code to send all my passwords to him?


    This is a worthy concern. Is it open source? Has the source been
    made publicly available for vetting and comment? If not, I'm not
    sure I'd be quick to trust it.

    Password Safe is an open source alternative.

    http://passwordsafe.sourceforge.net/
    http://sourceforge.net/projects/passwordsafe/
    http://en.wikipedia.org/wiki/Password_Safe

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Aug 18, 2007
    #3
  4. Ed

    Ed Guest

    Thanks. I use a Netgear FM114P firewall router so I assume that
    a software firewall would be redundant. I'll take a look at it and
    see if I can disallow particular programs for Internet access.

    Ed


    >
    > So are you saying that you have never heard of personal software
    > firewalls? If not, time to get one. Get one with outbound control,
    > like application rules. Then you can decide which applications can
    > make Internet connections and which cannot.
    >
    > Comodo's firewall is top-rated amongst the free personal firewalls.
    >
    >
     
    Ed, Aug 18, 2007
    #4
  5. Ed

    Ed Guest

    Ed, Aug 18, 2007
    #5
  6. Ed

    Todd H. Guest

    "Ed" <jag_manR__EM*> writes:

    > Thanks. I use a Netgear FM114P firewall router so I assume that
    > a software firewall would be redundant.


    No, it would be considered "defense in depth."

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Aug 18, 2007
    #6
  7. Ed

    Vanguard Guest

    "Ed" wrote in message
    news:q%Fxi.57$...
    >
    >> So are you saying that you have never heard of personal software
    >> firewalls? If not, time to get one. Get one with outbound
    >> control, like application rules. Then you can decide which
    >> applications can make Internet connections and which cannot.
    >>
    >> Comodo's firewall is top-rated amongst the free personal firewalls.


    >
    > Thanks. I use a Netgear FM114P firewall router so I assume that
    > a software firewall would be redundant. I'll take a look at it and
    > see if I can disallow particular programs for Internet access.


    Firewalls in a personal router cannot provide application rules.
    That's because the application (and its processes) aren't running on
    the router. Router firewalls can provide some outbound control, like
    on protocols, IP or MAC addresses, time of day, IP name/address
    censoring, etc. They don't know what application generated what
    traffic that is going out through them.

    If you want to control which applications can connect OUT from the
    host on which they execute, get a software firewall that runs on THAT
    same host. Very nasty malware can circumvent firewalls but you aren't
    talking about malware.

    Didn't find an "FM114P" listed at netgear.com but did find "FR114P".
    They mention "Network Software (e.g. Windows)". Is that a software
    firewall that runs on each intranet host? Or is that just some local
    app to provide a web-based interface to their router device? I saw no
    mention of app rules (or inclusion of IPS to control what process can
    call what program to make the connection). I did a very cursory scan
    of the manual at
    ftp://downloads.netgear.com/files/FR114P_FR114W_FM114P_RefGuide.pdf
    but still saw nothing to control which applications (and their caller
    processes) would be allowed a network connection, to what target
    sites, for which ports, and for what protocols.

    For example, with your Netgear router, how would you prevent the
    wgatray.exe program from connecting to Microsoft when you start
    Windows? (I actually stop it from loading by using an IPS, like
    System Safety Monitor, but used to block its connection attempt in the
    Comodo firewall.)
     
    Vanguard, Aug 19, 2007
    #7
  8. Ed

    Ed Guest

    "Vanguard" <> wrote in message
    news:...
    Firewalls in a personal router cannot provide application rules.
    > That's because the application (and its processes) aren't running on
    > the router. Router firewalls can provide some outbound control,
    > like on protocols, IP or MAC addresses, time of day, IP name/address
    > censoring, etc. They don't know what application generated what
    > traffic that is going out through them.


    Thanks. That helps a lot.

    > same host. Very nasty malware can circumvent firewalls but you
    > aren't talking about malware.


    What would you call a little piece of code embedded in a passworad
    vault
    that shipped the passwords back to the software provider? Sounds "mal"
    to me.

    >
    > Didn't find an "FM114P" listed at netgear.com but did find "FR114P".


    This router is probably among the no longer supported models. At it's
    time
    it was considered pretty good. But, you're right. Ther is no way to
    specify
    a particulzr app to block.

    > They mention "Network Software (e.g. Windows)". Is that a software
    > firewall that runs on each intranet host?


    Don't know.

    I do have Panda AV software which offers a firewall. I've never
    activated it
    for (misguided) reasons stated previously. I will look to see what it
    can do.

    >
    > For example, with your Netgear router, how would you prevent the
    > wgatray.exe program from connecting to Microsoft when you start
    > Windows?


    Don't know hat that is.

    Thanks. I need this kind of enlightenment. Don't want someone draining
    my
    retirement accounts...

    Ed
     
    Ed, Aug 19, 2007
    #8
  9. Ed

    Vanguard Guest

    "Ed" wrote in message
    news:L3Oxi.119$...
    >
    > "Vanguard" wrote ...
    >> same host. Very nasty malware can circumvent firewalls but you
    >> aren't talking about malware.

    >
    > What would you call a little piece of code embedded in a passworad
    > vault
    > that shipped the passwords back to the software provider? Sounds
    > "mal" to me.


    The malware has to target the specific software firewall. Most
    malware doesn't even check for a firewall. They just try to connect.
    I said "very" nasty malware, the type specifically aimed to defeat
    software firewalls. Comodo is better than many in that it can block
    any network connects until it loads (to eliminate that window of
    opportunity) provided you enable that option. It is also more
    difficult for malware to kill Comodo but not impossible (compared to
    many of the other software firewalls).

    > I do have Panda AV software which offers a firewall. I've never
    > activated it
    > for (misguided) reasons stated previously. I will look to see what
    > it can do.


    You might want to visit http://www.firewallleaktester.com/ to see how
    well your Panda firewall resists leaks and termination. For example,
    if you visit
    http://www.firewallleaktester.com/termination_overview.php (click on
    the Results button at the bottom) for the termination testing, you'll
    see the free Comodo firewall fared equally or better to the paid
    firewalls (and other free firewalls fared worse than Comodo). In the
    summary, Comodo (free) was third with Outpost ($40) and Kasperksy
    ($80) taking 1st and 2nd place, respectively. Panda wasn't even
    included in the test list (or did so poorly that it ranked at 14th
    place, or worse, so as not to be included), or it simply repackages
    another firewall (Computer Associates, for example, repackages
    ZoneAlarm under their EzArmor product name). However, if you visit
    their leak testing results at
    http://www.firewallleaktester.com/tests_overview.php, Comodo only get
    a mediocre rating. Also notice that ZoneAlarm Pro does well but the
    free version does very poorly. Jetico was 1st in preventing leaks but
    poor at preventing itself from being terminated. Outpost was 1st or
    2nd in both tests. Note that these tests are over year old so there
    has probably been some change in results (but don't expect a poorly
    rated product to suddenly jump to the top; they usually just jostle
    around within a few ranking positions of each other).

    I use Comodo because it's hard to beat free unless the product's
    quality and effectiveness equates to its price. I don't want a
    firewall that can be easily terminated. I also want one that can
    block connections until the full firewall is loaded. For the mediocre
    leak protection, I rely on a layered approach to prevent malware
    getting on my host in the first place, the utmost of which is an IPS
    (intrusion prevention system) program, like System Safety Monitor
    (also free although the paid version has more protections). If a
    program can't get into real memory, it can't run. But an IPS is not
    for the newbies or lazy users.

    Comodo's firewall already includes IPS for apps and processes wanting
    a network connection. Their next version anti-virus program is
    supposed to also include IPS (by integrating their somewhat antiquated
    BOClean product but improving it to meet with standard features found
    in current IPS software). Right now the antivirus program is far too
    bloated on memory consumption. For now, I use AVG for anti-virus
    protection although I might go back to AntiVir although after Avira it
    became bannerware; see
    http://www.av-comparatives.org/seiten/ergebnisse_2007_02.php for
    coverage comparisons (Panda isn't listed but maybe they bundle in
    someone else's AV product that is listed, but Comodo's AV isn't
    listed, either; also, they don't show std deviation so don't go by the
    total score but instead check how consistent they are on coverage
    across all categories but giving Windows virus the heaviest
    weighting).
     
    Vanguard, Aug 19, 2007
    #9
  10. Ed

    Sebastian G. Guest

    Vanguard wrote:

    > "Ed" wrote in message
    > news:L3Oxi.119$...
    >> "Vanguard" wrote ...
    >>> same host. Very nasty malware can circumvent firewalls but you
    >>> aren't talking about malware.

    >> What would you call a little piece of code embedded in a passworad
    >> vault
    >> that shipped the passwords back to the software provider? Sounds
    >> "mal" to me.

    >
    > The malware has to target the specific software firewall.



    Why? No need.

    > Most malware doesn't even check for a firewall. They just try to connect.



    No. They just hook a trusted process like iexplore.exe or firefox.exe.

    > Comodo is better than many in that it can block
    > any network connects until it loads (to eliminate that window of
    > opportunity) provided you enable that option.



    Ehm... isn't that a triviality?

    > It is also more difficult for malware to kill Comodo but not impossible


    > (compared to many of the other software firewalls).


    Nonsense, it's always trivial. Hooking some little kernel functions won't
    help ever.

    > You might want to visit http://www.firewallleaktester.com/ to see how
    > well your Panda firewall resists leaks and termination.



    LOL.

    > For example, if you visit
    > http://www.firewallleaktester.com/termination_overview.php (click on
    > the Results button at the bottom) for the termination testing, you'll
    > see the free Comodo firewall fared equally or better to the paid
    > firewalls (and other free firewalls fared worse than Comodo).



    For example, if you visit this website, you'll see that Comodo firewall is
    listed. Thus, it's obviously a highly defective software.

    > I use Comodo because it's hard to beat free unless the product's
    > quality and effectiveness equates to its price.



    LOL? Even the Windows Firewall is better.

    > I don't want a firewall that can be easily terminated.



    Then don't run with admin rights, you stupid fool.

    > I also want one that can block connections until the full firewall is
    > loaded.


    Well, isn't that trivially a standard behaviour?

    > For the mediocre leak protection, I rely on a layered approach to prevent
    > malware getting on my host in the first place,


    <img src="https://www.malware.org/malware.exe">

    > the utmost of which is an IPS (intrusion prevention system) program, like
    > System Safety Monitor


    Still it doesn't prevent you from brabbling bullshit.

    > If a program can't get into real memory, it can't run.


    <img src="https://www.malware.org/malware.exe">
     
    Sebastian G., Aug 19, 2007
    #10
  11. Ed

    Vanguard Guest

    I mentioned Avira's AntiVir in my prior post. I tried it for awhile
    but got rid of it. Although it might have higher coverage than AVG, I
    couldn't take the constant banner crap. They'd spew out a large
    window telling you the free version doesn't include anti-spyware
    protection. A window appears during the daily update that will push
    you out of any game and be on top of all other windows (i.e., it
    forces their banner window in your face).

    When you install, you get a 3-month trial period. They say the
    license will extend itself for another 4 weeks but it then goes into
    "demo" mode (you'll see "Key expired [DEMO Mode]" in the update
    report). That means it will detect but not disinfect (i.e., it
    becomes worthless). After expiration, you don't get any more
    signature updates (i.e., the product goes dead and can detect only the
    old malware). Then you have to buy the Personal Premium version
    ($27). You could save a partition image before installing AntiVir and
    then restore it after the expiration to again install AntiVir but then
    you lose any other changes made to that partition over that 3-month
    interval. AntiVir was a good product until Avira got their hands on
    it and fucked it up.

    I knew there were reasons why I dumped Avira's demoware. Not
    interested in popup windows (i.e., banners), especially when they
    interfere with other programs. Not interested in trialing an AV
    product for just 3 months whereupon it becomes crippled for another
    month and then it stops accepting sig updates. Freeware it is not.
    Demoware it be. Not interested in self-destruct software.

    Note:
    AVG also has a banner but also an option to turn it off.

    The free versions don't have all the features testing in the
    av-comparatives report. For example, the free version of Avast does
    not include script blocking. If you just look at the average of
    Windows and macro viruses (what Avast can handle), Avast is 97.01%
    versus 94.46% for AVG. I can't tell if AVG includes script blocking
    (no option to configure it). Avast is much more configurable than
    AVG. I can run AVG using a command line so I can use the far superior
    options in Task Scheduler rather than the scheduler included in AVG.
    Alwil says their Avast doesn't have a CLI (command-line interface).
    Either AVG or Avast will do you well. I can't tell how well Panda's
    AV works.

    You might decide not to stick with Panda and use one of the freebie AV
    alternatives which means you definitely don't need to stick with what
    firewall is included in Panda's suite.
     
    Vanguard, Aug 19, 2007
    #11
  12. Ed

    Bogwitch Guest

    Vanguard wrote:
    > I mentioned Avira's AntiVir in my prior post. I tried it for awhile but
    > got rid of it. Although it might have higher coverage than AVG, I
    > couldn't take the constant banner crap. They'd spew out a large window
    > telling you the free version doesn't include anti-spyware protection. A
    > window appears during the daily update that will push you out of any
    > game and be on top of all other windows (i.e., it forces their banner
    > window in your face).
    >
    > When you install, you get a 3-month trial period. They say the license
    > will extend itself for another 4 weeks but it then goes into "demo" mode
    > (you'll see "Key expired [DEMO Mode]" in the update report). That means
    > it will detect but not disinfect (i.e., it becomes worthless). After
    > expiration, you don't get any more signature updates (i.e., the product
    > goes dead and can detect only the old malware). Then you have to buy
    > the Personal Premium version ($27). You could save a partition image
    > before installing AntiVir and then restore it after the expiration to
    > again install AntiVir but then you lose any other changes made to that
    > partition over that 3-month interval. AntiVir was a good product until
    > Avira got their hands on it and fucked it up.
    >
    > I knew there were reasons why I dumped Avira's demoware. Not interested
    > in popup windows (i.e., banners), especially when they interfere with
    > other programs. Not interested in trialing an AV product for just 3
    > months whereupon it becomes crippled for another month and then it stops
    > accepting sig updates. Freeware it is not. Demoware it be. Not
    > interested in self-destruct software.
    >
    > Note:
    > AVG also has a banner but also an option to turn it off.
    >
    > The free versions don't have all the features testing in the
    > av-comparatives report. For example, the free version of Avast does not
    > include script blocking. If you just look at the average of Windows and
    > macro viruses (what Avast can handle), Avast is 97.01% versus 94.46% for
    > AVG. I can't tell if AVG includes script blocking (no option to
    > configure it). Avast is much more configurable than AVG. I can run AVG
    > using a command line so I can use the far superior options in Task
    > Scheduler rather than the scheduler included in AVG. Alwil says their
    > Avast doesn't have a CLI (command-line interface). Either AVG or Avast
    > will do you well. I can't tell how well Panda's AV works.
    >
    > You might decide not to stick with Panda and use one of the freebie AV
    > alternatives which means you definitely don't need to stick with what
    > firewall is included in Panda's suite.


    Hi Vanguard,

    I have Avira Antivir PersonalEdition Classic loaded onto one of my lab
    machines. It is bannerware but it is _NOT_ crippleware. It has been
    running succesfully for well over a year with full updates and no
    license timeout. I don't know if this is something that has changed
    since you last used it. Yes, the banner is annoying but I have found
    detection rates to be excellent, better than a lot of the commercial
    A/V. It is the product I have recommended to home users within my family
    and friends. I have no experience of it in it's commercial clothes -
    they would not provide the commercial version for my lab - I may ask
    again. :)

    I was put off AVG some time ago when they used to have updates only once
    a fortnight for the home version - I am reliably informed that they have
    changed the policy on this and now provide daily updates but it's
    difficult to forgive and forget - the same as you with Avira, I guess!

    IMHO, the detection rates with Panda are dismal. (comparitively speaking)

    Do you have any experience of submitting virus reports to any of the AV
    companies? I have had mixed success from AV companies but the response
    from Avira has been excellent, only surpassed by Sophos and don't get me
    started about McAfee!

    Bogwitch.
     
    Bogwitch, Aug 19, 2007
    #12
  13. Ed

    Vanguard Guest

    "Sebastian G." wrote in message news:...
    > Vanguard wrote:
    >
    >> "Ed" wrote in message
    >> news:L3Oxi.119$...
    >>> "Vanguard" wrote ...
    >>>> same host. Very nasty malware can circumvent firewalls but you
    >>>> aren't talking about malware.
    >>> What would you call a little piece of code embedded in a passworad
    >>> vault
    >>> that shipped the passwords back to the software provider? Sounds
    >>> "mal" to me.

    >>
    >> The malware has to target the specific software firewall.

    > Why? No need.


    So you expect malware to kill every process hoping to hit those for
    the firewall? You think all firewalls respond to a common method
    called via API or CLI so they can all be asked to disable or unload?
    Yes, malware can target multiple firewalls to terminate them but they
    are still targeting specific firewalls based on vulnerabilities of
    each.

    >> Most malware doesn't even check for a firewall. They just try to
    >> connect.

    > No. They just hook a trusted process like iexplore.exe or
    > firefox.exe.


    Not if you use a firewall that checks who is the caller process.
    Comodo does that. Some others, too, but not all. I said most don't
    *check* for a firewall and instead just connect. I didn't say HOW
    they try to connect. Many firewalls don't include IPS. Some do.

    >> Comodo is better than many in that it can block any network
    >> connects until it loads (to eliminate that window of opportunity)
    >> provided you enable that option.

    > Ehm... isn't that a triviality?


    That a process can connect before the firewall loads? So it can
    connect before any rules from the firewall can be applied against that
    process? If it is so trivial, why don't all firewalls provide this
    function?

    I was suggesting personal software firewalls based on the OP's
    question. He certainly doesn't look to be searching for an
    enterprise-level solution or a firewall appliance (which is still
    separate and doesn't have app control on the host).

    >> It is also more difficult for malware to kill Comodo but not
    >> impossible

    > Nonsense, it's always trivial. Hooking some little kernel functions
    > won't help ever.


    DiamondCS has their tool to attempt several different methods to kill
    a process. The testing mentioned used it and some other kill tools.
    So what are YOUR *specific* tools that go beyond these recognized
    tools? Apparently you think there is a long list of other kill
    methods not touched by these tools.

    Did I say that Comodo passed every kill test? You actually saw me say
    that somewhere? It's a *software* firewall so obviously it is not
    absolutely impervious to every attack. The idea was to provide some
    level of app control that a separate firewall appliance cannot
    provide.

    >> For example, if you visit
    >> http://www.firewallleaktester.com/termination_overview.php (click
    >> on the Results button at the bottom) for the termination testing,
    >> you'll see the free Comodo firewall fared equally or better to the
    >> paid firewalls (and other free firewalls fared worse than Comodo).

    >
    > For example, if you visit this website, you'll see that Comodo
    > firewall is listed. Thus, it's obviously a highly defective
    > software.


    Oh, I see. If I had recommended Outpost then the results for Outpost
    are somehow obvious in showing Outpost is defective software. Since a
    large number of personal software firewalls are listed, they must all
    be defective, uh huh. Did you miss the part that they are *software*
    firewalls which means they are also running on the SAME host as the
    malware? I wasn't discussing separate firewall appliances.

    >> I use Comodo because it's hard to beat free unless the product's
    >> quality and effectiveness equates to its price.

    > LOL? Even the Windows Firewall is better.


    This from someone claiming "Even further, there's no need for running
    Windows Firewall with a proper network configuration" but never
    addresses application control. The Windows firewall does nothing
    regarding outbound control for any apps. The Windows firewall is what
    you start with during and just after the Windows install. Then you
    get something *better*.

    So beyond all this hoopla over malware, has anyone yet declared that
    the vault software mentioned by the OP is actually malware? If not,
    it's just another normal application that could easily be controlled
    by a software firewall with app rules.

    >> I don't want a firewall that can be easily terminated.

    > Then don't run with admin rights, you stupid fool.


    Sure, uh huh, no one ever needs to run under administrator rights
    under any situation. For example, try using WinRunner for install and
    uninstall testing. If the malware is there, and since there ARE times
    when users need admin rights to do something, like installs or manage
    user profiles or take ownership of files, BOOM, the malware is still
    there when the user has to go into an admin account. Those accounts
    don't stop users from downloading files, or stop them from running
    them when logged on even if only occasionally under an admin account.
    Users can always thwart security. You think the user that believes
    they are downloading some security software which turns out to be
    rogueware won't be logging in under Administrator to then install that
    rogueware? The user will circumvent that protection at the earliest
    inconvenience. Relying on a non-admin account to protect you from
    malware is like relying on "Do Not Enter" sign to keep the pets from
    escaping through an unlocked door. Whether the user or admin, the
    Administrator account is unlocked to anyone with the password who then
    runs the infected software to install it.

    > > I also want one that can block connections until the full firewall
    > > is
    > > loaded.

    > Well, isn't that trivially a standard behaviour?


    No, since many software firewalls do NOT include this functionality.

    > > For the mediocre leak protection, I rely on a layered approach to
    > > prevent
    > > malware getting on my host in the first place,

    > <img src="https:// www. malware. org/ malware. exe">


    Did you have a point here? That there is no such file to download
    from there? That even this guy recommends using a firewall
    (http://www.malware.org/faq/faq.htm#how_protect)?
     
    Vanguard, Aug 20, 2007
    #13
  14. Ed

    Vanguard Guest

    "Bogwitch" wrote in message
    news:CY2yi.11374$...
    >
    > I have Avira Antivir PersonalEdition Classic loaded onto one of my
    > lab machines. It is bannerware but it is _NOT_ crippleware. It has
    > been running succesfully for well over a year with full updates and
    > no license timeout.


    Just before posting, I ran a test of AntiVir in a VM under VMWware
    Server. After the install (and reboot) done today (Aug 2007), I did a
    sig update. I then moved the clock forward to 2 weeks beyond the
    3-month trial period and rebooted. The sig update still occurred but
    the log showed that AntiVir was now in DEMO mode. Something must
    change regarding the functionality of a product that switches from
    full to demo mode. I then moved the date ahead to Mar 2008, rebooted,
    and an attempt to run a sig update now showed in the log showed
    "invalid license key" plus the sig update failed (so it still showed
    the last update was back in Aug 2007 when it was first updated). I
    saw the product change to DEMO mode after the 3-month trial period but
    before the extended month had elapsed. At 7 months out, it refused to
    retrieve sig updates complaining about an invalid license and still
    showed the 7-month old sig datestamp. This was tested using AntiVir
    version 7.00.04.15 (since that's what the download is today) under
    Windows XP Pro SP-2 but under VMWare Server 1.0.3.

    It is unclear what exactly happens when AntiVir goes into DEMO mode
    but it does happen after the 3-month trial. I suspect that you don't
    get program updates in the 4th month but still get sig updates (but I
    had their latest version so there were no program updates to retrieve
    to test). I've seen many posts by other AntiVir users who complain
    that their last signature update was sometime before the trial
    expiration; i.e., after the trial expires then no more updates.

    If it weren't for the banners and the expiration then I'd be using
    AntiVir (free version). I just removed AVG (free) and put in Avast
    which consumes twice the memory (real + virtual) of AVG: 3.3MB real +
    37.1MB virtual for AVG, 41.7MB real + 41.1MB virtual for Avast. There
    are several features of Avast that I like but it definitely consumes
    more memory. Hopefully another 40MB won't matter with 2GB real RAM.
    Unfortunately I've had several more false positives with Avast than
    with AVG. I understand why the false positives on the Nirsoft
    utilities but not why on the .vdmk files for the VMs in VMWare (which
    are base OS installs with no other software, like Windows XP Pro SP-2,
    Solaris 10, and Fedora 7). For AVG, I could schedule an on-demand
    scan using the command-line in a Task Scheduler event (the schedulers
    suck that are in AV products) but the ashCmd.exe for command-line
    access to Avast is missing in the free version. I can run
    "ashQuick.exe c:\ d:\" to scan my 2 drives but it halts on a detection
    (even a false one) so it is worthless for scheduling a scan when no
    one will be at the host.

    I suppose that eventually I'll have to abandon the freebies and get
    the commercial versions. Oh joy, then I get to trial all the
    commercial versions to compare them against each other.

    > I was put off AVG some time ago when they used to have updates only
    > once a fortnight for the home version - I am reliably informed that
    > they have changed the policy on this and now provide daily updates
    > but it's difficult to forgive and forget - the same as you with
    > Avira, I guess!


    From what I've seen from using AVG (free) for several months, you get
    one update per day for the free version. You get to schedule it to
    occur within a selected 2-hour slot so you can vary the time of day
    when it happens. The default for Avast (free) is 4 hours although you
    can change it. I gave up on the AntiVir retest when I saw it
    interferring with my fullscreen apps with its popover banner windows,
    saw it go into DEMO mode after the 3-month trial expiration, and
    couldn't get sig updates after the 3+1 trial period, so I don't know
    what are the scheduling options for updates in AntiVir.

    > Do you have any experience of submitting virus reports to any of the
    > AV companies? I have had mixed success from AV companies but the
    > response from Avira has been excellent, only surpassed by Sophos and
    > don't get me started about McAfee!


    I figure if the AV program tells me about a virus then there is no
    point to report it. They already know. Last time I submitted any
    suspect files was to Symantec who started a discussion within 3 days.
    That was several years ago (and for false positives). It's been so
    infrequent that a virus or malware made it to my host that I can't
    remember when I last had any show up. Despite all the security
    software (which I've pared down to IPS, AV, firewall, and anti-spyware
    where only 1 of each is running since I still want a usable host), I
    figure the final protection is at the user. All the security software
    in the world cannot circumvent an ignorant or corruptive user since
    their general-purpose computer must still be usable to them.
     
    Vanguard, Aug 20, 2007
    #14
  15. Ed

    Vanguard Guest

    I searched on "demo mode" in Avira's forums and found several posts
    which state that I need to download and also install the hbdev.key (a
    license file). After installing AntiVir, I need to copy this file
    into AntiVir's install directory and reboot. Despite the install
    generating a random serial number, apparently you need this newer
    license file. So I did the following in a virtual machine:

    - Download latest version of AntiVir.
    - Download new hbdev.key file.
    - Install Antivir but choose to NOT do any updates (so they'd be
    available later since never applied yet).
    - The product's status says it license expires on 11/30/2007.
    - I set the clock ahead to 12/14/2007, two weeks after the expiration
    and supposedly within the 1 month extension.
    - Rebooted the VM.
    - Tried to do an update.
    - The update failed with "no valid license key" and "key expired [DEMO
    Mode]".

    So feel lucky that you have an older version and/or a license key that
    pushes the expiration out a long ways for you. I can only get a
    3-month trial of AntiVir Personal Classic (the free version).
     
    Vanguard, Aug 20, 2007
    #15
  16. Ed

    Sebastian G. Guest

    Vanguard wrote:


    > So you expect malware to kill every process hoping to hit those for
    > the firewall?



    No. It doesn't need to deactivate it at all.

    > You think all firewalls respond to a common method
    > called via API or CLI so they can all be asked to disable or unload?



    No. But the OS does.

    > Yes, malware can target multiple firewalls to terminate them but they
    > are still targeting specific firewalls based on vulnerabilities of
    > each.



    There is a trivial vulnerability: You're running with admin rights.

    >>> Most malware doesn't even check for a firewall. They just try to
    >>> connect.

    >> No. They just hook a trusted process like iexplore.exe or
    >> firefox.exe.

    >
    > Not if you use a firewall that checks who is the caller process.



    Caller? We're talking about IPC.

    > That a process can connect before the firewall loads? So it can
    > connect before any rules from the firewall can be applied against that
    > process? If it is so trivial, why don't all firewalls provide this
    > function?



    So, you can name some counterexamples?

    > I was suggesting personal software firewalls based on the OP's
    > question. He certainly doesn't look to be searching for an
    > enterprise-level solution or a firewall appliance (which is still
    > separate and doesn't have app control on the host).



    Well, and I was simply talking about firewalls. You know, packet filters you
    can build routing firewalls from.

    > DiamondCS has their tool to attempt several different methods to kill
    > a process. The testing mentioned used it and some other kill tools.
    > So what are YOUR *specific* tools that go beyond these recognized
    > tools? Apparently you think there is a long list of other kill
    > methods not touched by these tools.



    Right. And that's a triviality for anyone who has a clue about how operating
    systems work.

    > Did I say that Comodo passed every kill test? You actually saw me say
    > that somewhere? It's a *software* firewall so obviously it is not
    > absolutely impervious to every attack. The idea was to provide some
    > level of app control that a separate firewall appliance cannot
    > provide.



    The idea obviously was to try something useless and furtile.

    > Oh, I see. If I had recommended Outpost then the results for Outpost
    > are somehow obvious in showing Outpost is defective software. Since a
    > large number of personal software firewalls are listed, they must all
    > be defective, uh huh.



    Correct.

    > Did you miss the part that they are *software*
    > firewalls which means they are also running on the SAME host as the
    > malware?



    See? That's why they're defective.

    > I wasn't discussing separate firewall appliances.



    Me not either. But hooking APi functions doesn't belong to a packet filter,
    since it's useless.

    > This from someone claiming "Even further, there's no need for running
    > Windows Firewall with a proper network configuration" but never
    > addresses application control.



    Application control cannot be addressed at all.

    > The Windows firewall does nothing regarding outbound control for any apps.



    Because it would be useless anyway.

    > So beyond all this hoopla over malware, has anyone yet declared that
    > the vault software mentioned by the OP is actually malware? If not,
    > it's just another normal application that could easily be controlled
    > by a software firewall with app rules.



    If it's not malware, that it doesn't require any such control.

    >>> For the mediocre leak protection, I rely on a layered approach to
    >>> prevent
    >>> malware getting on my host in the first place,

    >> <img src="https:// www. malware. org/ malware. exe">

    >
    > Did you have a point here? That there is no such file to download
    > from there? That even this guy recommends using a firewall
    > (http://www.malware.org/faq/faq.htm#how_protect)?


    Argh. Now will you get a clue that malware.org was a generic example for
    hosts hosting malware and that the real point is the IMG tag and the HTTPS
    protocol? It will load the file into memory and also into the browser's cache.
     
    Sebastian G., Aug 20, 2007
    #16
  17. Ed

    Vanguard Guest

    "Sebastian G." wrote in message news:...
    >> Oh, I see. If I had recommended Outpost then the results for
    >> Outpost are somehow obvious in showing Outpost is defective
    >> software. Since a large number of personal software firewalls are
    >> listed, they must all be defective, uh huh.

    >
    > Correct.
    >
    >> Did you miss the part that they are *software* firewalls which
    >> means they are also running on the SAME host as the malware?

    >
    > See? That's why they're defective.


    Padlocks don't stop determined burglars, either, yet I bet you still
    lock your house and car doors when you leave them.
     
    Vanguard, Aug 20, 2007
    #17
  18. Ed

    Sebastian G. Guest

    Vanguard wrote:

    > "Sebastian G." wrote in message news:...
    >>> Oh, I see. If I had recommended Outpost then the results for
    >>> Outpost are somehow obvious in showing Outpost is defective
    >>> software. Since a large number of personal software firewalls are
    >>> listed, they must all be defective, uh huh.

    >> Correct.
    >>
    >>> Did you miss the part that they are *software* firewalls which
    >>> means they are also running on the SAME host as the malware?

    >> See? That's why they're defective.

    >
    > Padlocks don't stop determined burglars, either, yet I bet you still
    > lock your house and car doors when you leave them.


    Many mistakes in the argument:


    - Padlocks aren't supposed to protect your house or car, but to fulfill the
    requirements from your assurance.
    - In the analogue world, there is always a "use more force". In the digital
    world, all states are enumerable and can be addressed, thus security
    measures can be complete. However, all incomplete measures can be trivially
    circumvented.

    At any rate, such functionality does not belong to a packet filter. And a
    packet filter isn't supposed to to protect against malware on the host.
     
    Sebastian G., Aug 20, 2007
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim Chapman

    Trojan Horse cannot be put in vault by AVG free version

    Jim Chapman, Aug 7, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    554
    ┬░Mike┬░
    Aug 7, 2003
  2. Bun Mui
    Replies:
    3
    Views:
    8,136
    Duane Arnold
    Apr 30, 2004
  3. O.Phooey

    AVG's virus vault.

    O.Phooey, Jun 5, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    3,926
    O.Phooey
    Jun 6, 2004
  4. ami
    Replies:
    1
    Views:
    644
    Yves Leclerc
    Jul 2, 2004
  5. PC

    AVG virus vault

    PC, Nov 28, 2004, in forum: Computer Support
    Replies:
    19
    Views:
    1,107
    Old Gringo
    Nov 30, 2004
Loading...

Share This Page