First, stop looking for best security product. The status “best” is temporal at most. It also depends on your own needs for support, speed, level of protection  and configuration of your PC.  The key is having something that works and knowing its limitations. That way one can cover the unprotected holes with different software.

I use ESET’s Smart security as first line of defense. Having good antivirus is important, and ESET is known to provide quite good protection over the years. But Smart Security provides firewall functions as well. We started using it in 2006 or 2005, I believe. I have not used Kaspersky for a while, but it was long time ago. It is still good, though. As there are lots of other good tools.

Free  antivirus choices work well too. I have installed AVAST, Microsoft Security Essentials on different PC’s with quite good results, though most of Security/Internet Suites are paid. MSE is great as it does not asks for email. You could use PCTools Antivirus as well.

However, there are antiviruses, that have holes in free versions. For example, AVG lacks rootkit protection, but has a strong community that promotes it. It will remain a popular choice.

So, you have chosen antivirus, but there is a need for second opinion tool that targets fresher parasites and does not interfere with antivirus. There are couple categories of such tools. For example, Threatfire uses behavioral detection, which helps against new parasites.

Another class of second-opinion tools are Anti-malware tools. This term is misleading, though. Anti-virus tools protect from broadest spectrum of parasites. Typical Anti-malware tools protect from parasites that are not viruses (that is, modify other executable content). Though the term Malware includes viruses as well.  The problem is that while viruses are geared towards spreading around, malware is geared towards you: either steal or extort your personal information, get paid for advertisements that are shown to you.

Which anti-malware to choose? Personally, I run Spyware Doctor, and it is the tool I install most often for this purpose. I install free version from pack.google.com on all PC’s except mine usually, even if it is older and limited one.   My friends and family like free software Another free choices would by Spybot S&D, Spyware Terminator, etc.

Commercial anti-malware choices would be the Spyware Doctor, Spyhunter (though highly expensive), Malwarebytes anti-malware, Superantispyware. Although last 2 are marketed as free tools, they are not. Both of them are commercial tools without any real time protection in free version.  The free versions are great for malware removal, though. I have free versions of both installed for testing purposes, but  I am not planning on buying full versions of these.

For me SuperAntiSpyware is somewhat misleading, as it’s  free version starts at system startup and is running all the time. But it does not actively protect the PC, which might be missed by many users. My free version of Malwarebytes started at system startup as well, however exited soon after. I am unsure if this unnecessary startup was removed in fresh version.

There are also toolbars, like SiteAdvisor or MyWot. They might provide some insight for safer browsing, but they will not protect from infected domains that fast. SiteAdvisor is more suitable for this, as it actually scans the websites for malware rather than being community opinion based.

To wrap it up, get Internet Security suite from any of major antivirus vendors. If you want to save some money, get free antivirus, and get firewall separately. Then you will need a second-opinion tools like threatfire and a good anti-malware with real time protection.  And some self-control not to click on every advertisement on the net

To remove Antispyware Soft, first you have to reenable internet connection first. To do so:

1. Reboot into safe mode with networking.

2. Launch your internet explorer and make sure your internet connection does not uses proxy server. Do so in other browsers as well

3. Download Spyware Doctor using this link (it should not be blocked by Antispyware Soft). Run and perform full scan.

If it fails, try blocking Antispyware Soft manually.

The best way to do so is start task manager (or, for example, process explorer) and stop all Antispyware Soft processes. The processes typically end in tssd.exe.

Afterwards, I would recommend doing full scan  with Spyware Doctor or Malwarebytes anti-malware.  It is critical to have a security suite that provides real time protection against such infections like this.

Today I want to talk about really unproductive topic – that is how to code poorly. Or, more exactly, I am going to pick on my unfavorite  piece of social site again, that is Boonex. We will talk about how one should not implement user sessions and how to do it better.

Boonex uses unencrypted cookies to store session data, that is member ID and hashed member password. Each request Boonex checks database for memberID and password combination. This is to ensure that the person would be logged off the system if password is changed by someone else.

Thus, what is the problem with this approach?

Well, what about making hashed passwords save on PC user logs in? These passwords remain available till user explicitly logs out.  And the hash used is a simple md5 hash which is fast one-way function. You cannot reverse it, but it is susceptible for dictionary or brute force attacks. There are databases for such md5 strings as well.

You could partly solve that problem by using a seed with the hashed password. However, it would make the password guessing game more complex but not impossible. Also, you do not need the password for being logged in, just the cookies. And it is quite simple to change values in them with Firefox.

Another problem we had is with effectiveness of this password checking. It is one of multiple requests that are done on each page load. Even when they are fast, they affected boonex performance, which is quite bad anyways. But caching this information makes a security hole open:  ID could be changed and your system could be compromised.

It is much safer to save session information on server side.  PHP native session management is much better than what boonex has to offer, thus you should switch to it in the code (I have demo version of boonex  7 on August, it still has this problem).   It is quite some work, but it is worth it. Or, even better, look for some other social network script.

My main concern was that community-driven opinions might be incorrect regards some of the product vendors due to popular opinion and not facts. This still remains true. WOT still votes out some of the commercial sites that have low reputation in non-commercial or competitor/managed communities in security field. Some of relatively good product vendors still suffer for their former actions and public opinion years after they corrected (more or less) their behavior. Well, nothing surprising.

The good thing is nice warning system I use both for avoiding bad sites and looking for them when I want to spot new threats. I like search result enhancement the most, and it helps me distinguishing sites I need when I browse security related search results.

What would improve MyWot? Here are my thoughts:

1. Allow user to browse site without warnings WHEN he is on it. Its quite annoying to close warning screen on each page. Or give an option "this session only" to disable the screen.

2. More consistency on what are good sites and bad sites, some guidelines as different people rate same level sites quite differently. To confirm this, I checked couple of poker rooms, rated quite high in industry (ratings from poker works room ratings  ) . The WOT ratings vary from very bad, to good although these rooms provide more or less same level of service, and I have not heard any specific complaints on the bad rated ones. Interesting enough, best ratings are for rooms that DO NOT complies with UIGEA, which prohibits accepting money from USA players, and worst ratings are for the rooms that prohibit American players from playing. Revenge? Well, More like distribution of WOT users.

The idea of the software is quite nice, a community based votes on sites and warning system. The single fear is that it might happen to become a web tool of revenge between competing security advisors, companies and tool developers. Everyone in this market has strong opinions what is legitimate and what is not, and this might be imposed on users. I have yet to know what stoppers are in WOT to protect from this behavior.

That’s why I have tried to install the add-on and ultimately failed. First time it installed, my firefox hanged in the background on restart and I had to kill it. It looked like that the WOT is installed, however it was not activated and no ratings were given.

Thus I have decided to reinstall it. The reinstall went smooth, and an agreement screen appeared, where I confirmed that I want to participate. Sadly, nothing changed, and I still can’t rate anything, or even see ratings.

The funny thing is that to access forum and (probably) the support, you need to be a member, and that means you have to have an active working copy of WOT. Thus I am not sure I’ll want to try fixing WOT installation again.  Even if they might be caused by VISTA or firewall settings (no warnings though, and I assume in the 1mb download there is the site list).

Also, WOT settings page works interestingly, it looks like the apply button is disabled, but that’s might get caused by installation problems.

More information can be found at http://www.mywot.com.

UPDATE

Couple of restarts later the extension started to work. And props for mywot.com support. Will post the results of testing the extension later.