open windows security apps

I love it. There are a number of free security-related tools floating around these days and they seem to be of the “do more, have more features” variety. On my Windows systems at home I prefer to run ClamWin as my AV and Sygate Pro (a full version pre-Symantec purchase/dump) as my personal firewall. I’ve been using Comodo firewall for a while now on one laptop, but I really have no taken the time to baby it and nurture it and really get to know it, so I might just revert back to a Sygate install.

But I keep getting tickles to try something new. I see OSSEC has Windows agents that do things like HIDS, log analysis, registry and rootkit scanning, integrity scanning, and more on the server component. I also see CoreForce which provides a BSD-like firewall, registry and file permissions, integrity scanning, and malware prevention. Both tools are free, although the latter is Windows-bound and standalone while OSSEC likes to have a server component to shuttle data to.

It is nice to see multiple pieces getting packaged together in, hopefully, light-weight apps that won’t be hogs like NAV or your more commercial type protections. I like integrity checking, access monitoring, log scanning, and firewalling, along with the typical HIDS/behavioral analysis and malware detection/prevention. I’m just hoping these two products don’t overlap too much if I want features from both. And of course, there’s my poor ClamWin to think of.

Anyway, tools for thought. I really wish Sygate hadn’t been raped…after ZoneAlarm got dumbed down back in like 1999, Sygate was my saviour…

4 thoughts on “open windows security apps

  1. Speaking of ClamAV, have you seen the article PCMagazine did on the different AV softwares?
    http://www.pcmag.com/article2/0,1895,2135092,00.asp
    ClamAV was, apparently, one of the worst ones they tested which really sucks because I use it extensively on a lot of my Linux gateways. That and F-Prot, which didn’t do that well, either.
    Personally, I use AVG just because I feel the most secure with it. I tried Avast once and couldn’t stand the interface. It also didn’t trigger near as much as AVG did on my “tools” folders. I lost faith in it rather quickly after that. I don’t think ClamAV does real-time protection does it? It only does scans when you manually start one, right?
    As for firewalls, I used to run Tiny back before Kerio bought it. I’ve tried Kerio a few times but those free firewalls just aren’t worth it; they’re pretty trivial to bypass. I just noticed the CoreForce article on the Security-Hacks blog you posted the other day. I haven’t had a chance to read it yet; the writeup on it is still open on another tab.
    Going back to the AV test, I’m real surprised to see Symantec rated so high. It seems every time you turn around someone’s posting about how Symantec is one of the easiest vendors to slip your malware past. The article did say they used 6-12 month old malware so that might have had something to do with it, which _really_ doesn’t speak very highly of the vendors that didn’t do well like ClamAV.
    I’m curious to see what Anton Chuvakin says about the report. He’s written a few articles on how ineffective AV is.
    -chris

  2. Yeah, I’ve never seen an option for Clam to do real-time scanning. I think part of that desire has simply been my background. I didn’t want realtime to interfere with my slower laptops and gaming machine. I’ve since gotten enough boxes to offload my gaming elsewhere…
    I’ve used AVG, Antivir, and Avast, but I really just never felt compelled by them. Admittedly, it’s been years since I tried AVG. I may try something else based on that pcmag review though. Clam does integrate with my mail server though.
    I just don’t necessarily believe in paying for AV protection. I really think people (and companies) get nickle and dimed to death with all these disparate apps and softwares that they need to run. Running even more just for protection is slowly becoming more and more annoying for regular consumers. I guess I also don’t consider myself an at risk user. I don’t download and install/run nearly as many executables as I used to, nor do I browse the web with IE randomly or run attachments in email or work with Office docs much at all. This leaves me with a far lower risk of a virus than most people I know. I won’t always pirate software, though, and I totally prefer free to pay if possible.

  3. I just noticed that there’s a Linux version of AVG. A quick Google search seems to indicate that you can use it with Amavis which is really nice. There’s even a Debian package for AVG which makes my life a lot easier. I’m definitely testing this out on one of my gateways soon.
    As for paying for software, I agree. I think companies should get paid for their software but I’m also extremely grateful for the ones that offer free versions of their products, like AVG and Avast.
    You mentioned that the real-time AV products slow your system; I’ve never experienced that. I only ran Avast for a couple of days so I can’t really comment on that, but I’ve never noticed a slowness on any of my systems … even the systems I game on.
    I do like how ClamAV has gained a lot of exposure. Even portableapps.com has a version of it. I have a version on my USB stick that I’ve used several times, though now I’m questioning its effectiveness.
    If you get a chance to test CoreForce, let us know what you think of it.
    What do you think of the software on this site?
    http://www.castlecops.com/postlite7736-.html
    Have you come across any must-have apps that you put on friend’s and family’s computer?

  4. My slowness issues really stem from a few years ago when I had a system that was playing games it really probably should not have been playing, so every little app, even AV realtime, would be noticable. My income is now matching my hobbies, so my gaming machines are not quite so thin anymore!
    Yeah, I like the proliferation of Clam, but I certainly would love to get something new that I can use both on my Windows and Linux boxes. I know CoreFront and OSSEC both does intrusion things, but they’re really not siganture-based AV at all, either.
    I think I have that Castlecops post bookmarked somewhere, I’ve seen it before and was impressed at how concise yet rather complete it was. I don’t do even half that stuff on my own, but for someone less geek than I am, I would totally recommend they do those things and use those programs.
    I should review in a separate post some of the things I recommend to friends and family, but with my lowering tolerance to paying for software, I tend to just say, “Patch Windows regularly, turn your computer off when not in use, keep Windows firewall on, don’t install programs without thinking three times if you really need it, use Firefox and not IE, and install a free AV tool unless your computer came with Symantec, then use it and keep it updated.” That covers most of my bases I hope. The weak link is people clicking on damn banners, ads, getting spyware from web browsing, and installing screensavers and other cutesty junk that I really just can’t stop. If I do any “tuning” of systems now and then, I’ll just manually check start-up locations, running programs, check that things update automatically properly, maybe run MS Office Update, and run one or two free spyware/AV checks.
    Wow, that’s not a bad idea for a full post someday! Recommended products, Things to do for Yearly Checkups, and things to do for systems I may touch more than once like a roommate or close buddy. =)

Comments are closed.