Winsonar/Abtrusion Protector

Discussion in 'Malware Help (A Specialist Will Reply)' started by roark, Oct 14, 2005.

  1. roark

    roark Private E-2

    What would my vulnerabilities be if I used software like Winsonar or Abtrusion Protector as my only defense?

    I gave up a little while ago on fighting the spyware (etc) on my computer and decided to just backup to a second hard drive and then reinstall Windows from scratch. This time around, I want to do a better job of protecting my computer. However, I'm put off by using a large number of programs (one antivirus, one firewall, and then ad-aware, spybot, etc. and still need more for complete protection).

    I would like a minimalist solution that's also easy to monitor.
     
    roark, Oct 14, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First Winsonar provides no protection at all. Second, I seriously doubt Abtrusion Protector will properly protect you. Also note that it has not even been updated since 2002. It is way behind where malware has advanced to.
     
    chaslang, Oct 14, 2005
    #2
  3. roark

    roark Private E-2

    Winsonar has an option that kills all unknown processes (the current version allows this option while offline as well as online) before they can load into memory. This seems to me it would defeat all problems before they occur. If this is not so, I would appreciate a specific explanation to aid my understanding.

    Abtrusion Protector specifically states that the approach it uses does not require updates. It only allows things to run that you have instructed it to (same effect as Winsonar, different responsibility for the user). The website says it does not stop scripts; however it still offers protection because it will stop any normal executable file that the script tries to run. But if scripts are its weakness, perhaps ScripTrap would be a good idea to use in conjunction.
     
    roark, Oct 14, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    And how many valid processes do you think exist that Winsonar does not know about? You would then have to decide for yourself each time something new comes up. This is no different than a firewall, but a firewall will also protect you incoming and outgoing.

    In reality I do not think they will do that good a job but you can be the test of that and decide for yourself. I personally see no problem with using three processes as opposed to the two you are thinking of:

    - a firewall
    - an antivirus
    - a spyware blocker

    I'm online more than most people and have been for many years. I have had zero viruses and zero malware problems. Security starts with the user.
     
    chaslang, Oct 14, 2005
    #4
  5. roark

    roark Private E-2

    I'm trying to learn here: why?

    I guess the question I'm trying to ask is: what does the software I'm considering -not- do? Are there threats that do not come in the form of a process/executable?

    Also, what do you mean by incoming and outgoing? (Wouldn't problems only be outgoing, if I let them in first?) You said that was the only difference between Winsonar and a firewall; but most firewalls seem a lot more complicated and much worse at their job because they try to guess what the user would like, instead of simply consulting the user. I've seen firewalls that monitor all sorts of things, and I agree it's cumbersome if I had to approve every site that I open, every frame that loads, etc. Yet, if all threats are essentially an executable, then Winsonar is indeed monitoring the only relevant thing. So...are all threats an executable?

    I'm not trying to see if these programs are better in general. I just think they might suit -me- better. I wouldn't mind approving every new process that comes up. The basic flaw, it seems to me, is Window's attempt at being "user friendly" which for some reason takes the form of not letting the user know what's happening, and not giving the user the ability to intervene.

    It seems like antivirus and spyware detection relies on consulting an ever-growing list of bad files to look out for, while this other approach instead consults the user and the user's shorter list of approved files. Am I overlooking something? Admittedly, I'm no expert. I want to make sure I'm not missing some gaping vulnerability here.
     
    roark, Oct 15, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I am not really sure how to answer your questions since I really do not use the programs and have no real experience with exactly what they can and cannot do. However, what these programs definitely do not do is scan your system and remove traces of malware. So you still need an antivirus and spyware scanning tool anyway. Also I'm not sure whether they provide full protection against things like:

    - batch file execution
    - DLL execution via attachment to a legitimate system process
    - Script file execution (like VBS scripts or Java scripts)
    - Active X scripts
    - if something does get into your system and hooks itself into a valid windows process you will always just be allowing it to run. An AV or spyware blocker would be looking for possible malware rather than just saying "oh it is an approved process, let it run".

    Do you ever use floppies, CD, or a flash drive or and other removable media to copy or transport files between systems? Does anyone else do that on this PC? What happens if any of that media has an infection?

    A firewall can also block scripts, cookies, bad sites etc. A firewall also will all close and protect open ports on your PC so no one can get into them using programs that look like valid process. Like while you are running Internet Explorer, you are connected to the internet and communication will be going on via your browser which is a valid process. However what packets are actually being transferred and using what ports may not be valid. These tools will not detect any problem. I firewall is not cumbersome. In fact it may be less cumbersome that what you are thinking about and a firewall provide much greater protection.

    Also using programs like SpywareBlaster and Spybot you can block thousands of bad websites from ever being accessed.

    In short, if these tools were actually better than an AV, AntiSyware, and firewall programs, more people would really have been using them.
     
    chaslang, Oct 16, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds