[Resolved] THREE Web Shields: Conflict?

[umbrapolaris]

MBAM realtime protection is useless and heavy, just use it with "on-demand" scans.

[jjb2012]

"It is just an IP Blocker that intercepts the packet communications and filters the IP address for known Malicious activities."

Here is the problem: I work on a large university campus (30,000 plus people). Our IT people look for patters of visiting IP addresses with "known Malicious Activities." MBAM blocked them all before (or instead) of AIS. When I turned off MBAM web shield, AIS missed some of the malicious IPs and my PC visited.

Result: IT shut down my ethernet so I'm without a computer for a week or more! Universities are the worst.

Here's what I do:

1. OFF campus, I don't run all three, I only run Avast web shield, use OA Free "Run Safer" (guest account by program). MBAM is scheduled to run weekly but doesn't run 24/7. It shuts itself off after updating and scanning.

2. I turned to an additional web shield (MBAM) because it seems to be best at getting scareware and my wife and kids fall for that all the time (sigh). We power users know to kill the process and scan but 99.9% of people don't.

How does that sound?

[CraigB]

MBAM realtime protection is useless and heavy, just use it with "on-demand" scans.

I quite think the opposite, the realtime protection of MBAM Pro is unsurpassed and probably the best at what it does, opening some system files can be a little slower sometimes by a split second but browsing speed is not affected at all and i would never go surfing without it.

jjb2012 why do you not use the firewall in AIS ? online armor is a great firewall but i dont see the point of having it since you also have a great firewall in AIS which you have paid for  by getting rid of OA you have solved your issue with too many programs and your then able too run MBAM in realtime which will protect you better imo 

[sded]

One thing you can do if you want to cut down on redundancy is to use the AIS Firewall, remove the OA firewall, and just use the OA HIPS and Run Safer.  I haven't used this mode, but Avast! is a silent firewall without a HIPS capability (what you get as a substitute is in the shields) and OA is a very strong HIPS. The OA Run Safer feature allows you to selectively reduce the privileges of things like your browsers to a LUA, dramatically reducing the ability of malware to harm you without reducing everything to the nuisance of being a local user. 

[doktornotor]

Or use the license for avast! Pro.

[jjb2012]

"One thing you can do if you want to cut down on redundancy is to use the AIS Firewall, remove the OA firewall, and just use the OA HIPS and Run Safer."

FYI: I _am_ using the Firewall of AIS but I love the "Run Safer" mode of OA Free -- it is the ONLY thing I use at home.

Again, my workplace is a paranoid place for good reason -- with gads of internatinoal students, computer engineering students, and ordinary students torrenting, the place is a vector for every nasty you can imagine! But everywhere else, I use

AIS
OA Free ("Run Safer" only) plus

MBAM (on weekly schedule)

I don't know why more people don't incorporate the "Run Safer" option from "Drop My Rights" (free from Microsoft). Yes, there are a few user-mode rootkits that can elevate privileges but that simple measure gets rid of a LOT of issues. And it is really light.

Thoughts?

[doktornotor]

FYI: I _am_ using the Firewall of AIS but I love the "Run Safer" mode of OA Free -- it is the ONLY thing I use at home.
Thoughts?

For that, there is DropMyRights, using limited user account or something like Drop Rights feature in Sandboxie. Sorry but what you are doing makes little to no sense. Find a different product/way of dropping your privs, not a full-featured firewall.

[jjb2012]

DropmyRights is NOT user friendly.

I'm not using a full featured firewall, I'm just using the Limited User part of it. The advantage, as many have noted, is that you can right-click open as "Normal" (with admin privileges) instead of switching users from a Guest to Admin account.

Personally, I don't like sandboxie or Avast sandbox -- too much fuss. A tiny bit of RAM on OA "Run Safer" (no firewall) is easier as an extra layer for things that get by.

[jjb2012]

PS: Sandboxie didn't workn on 64-bit for the longest time and a new 64-bit version requires losing the protection of the Windows kernel:

http://en.wikipedia.org/wiki/Sandboxie#64-bit_Windows

I'm not going THERE.

Basically, this thread has answered my questions. Thanks!

[doktornotor]

A tiny bit of RAM on OA "Run Safer" (no firewall) is easier as an extra layer for things that get by.

There is no way to have "Run Safer" without getting all the firewall drivers loaded. Sorry, OA is not intended as a standalone to drop priviledge tokens.