Internet security programs
in [Dell]
|
Prev: Dell Posts a 52% Increase in Profit, but Still Awaits a Wave of CorporatePC Buying
Next: Why does Dell send frequent BIOS updates ? (Inspiron 1464)
From: pip22 on 25 May 2010 05:43 Be aware that "Microsoft Security Essentials" is not a 'Security Suite', it's an antivirus only (no two-way firewall). For a combined antivirus with two-way firewall, Comodo Internet Security is currently the only one that's free as far as I'm aware. However, I stopped using it because it's way too sophisticated and confusing to work with. I use two separate applications, both free: PC Tools Firewall Plus: http://www.pctools.com/firewall/ Avast! Antivirus Free: http://www.avast.com/en-gb/free-antivirus-download Registration is required for both but that doesn't cost anything, I assume it's just there way of ensuring that they have your email address. Almost all the free stuff requires you to give an email address these days for marketing purposes. If you decide to get antivirus only, you should also be aware that the firewall built into Windows XP and later is not a two-way firewall. It only monitors traffic coming in, not going out. That's not good enough for me. I want to know which of my programs are sending out data so I can either allow it or block it if I think it's suspicious or uneccessary.
From: William R. Walsh on 25 May 2010 13:25 Hi! > Be aware that "Microsoft Security Essentials" is not a 'Security > Suite', it's an antivirus only (no two-way firewall). Which is just fine for many things... A two-way firewall is another story entirely. For the most part, it's "feel good" security. But there are some other problems that I will touch on below. The Windows XP integrated firewall is a sort of two-way firewall with SP2 and later. Programs that attempt to open ports and accept socket connections from the outside world will be filtered. Those that merely transfer information without binding themselves to a TCP/IP port will be able to do so without restriction. Now for the two biggest problems I see with "two way" or "application filtering" firewalls: 1. Many of them are part of a more complex software program, of which multiple components all have to be working in concert for the thing to work properly. The more complex the software is, the more fallible it is. Also, the longer it takes to start up and get to protecting your system. I've seen at least one that doesn't appear to do anything to protect your system unless a user is logged on and working. (This hasn't been aggressively verified.) 2. If you get ahold of something like a kernel-mode rootkit, no two- way firewall is going to save you. The operating system has been subverted in that case, and it will lie to you and your software. If you have software that is communicating and you don't want it to do so, maybe you should examine its preferences to turn such options off or just uninstall it to be really sure. I don't recommend Internet Security packages as a whole because they try too hard to do too much and don't end up doing some things very well at all. William
From: yirg.kenya on 25 May 2010 14:56 On May 25, 10:25 am, "William R. Walsh" <wm_wa...(a)hotmail.com> wrote: > Hi! > > > Be aware that "Microsoft Security Essentials" is not a 'Security > > Suite', it's an antivirus only (no two-way firewall). > > Which is just fine for many things... > > A two-way firewall is another story entirely. For the most part, it's > "feel good" security. But there are some other problems that I will > touch on below. > > The Windows XP integrated firewall is a sort of two-way firewall with > SP2 and later. Programs that attempt to open ports and accept socket > connections from the outside world will be filtered. Those that merely > transfer information without binding themselves to a TCP/IP port will > be able to do so without restriction. > > Now for the two biggest problems I see with "two way" or "application > filtering" firewalls: > > 1. Many of them are part of a more complex software program, of which > multiple components all have to be working in concert for the thing to > work properly. The more complex the software is, the more fallible it > is. Also, the longer it takes to start up and get to protecting your > system. I've seen at least one that doesn't appear to do anything to > protect your system unless a user is logged on and working. (This > hasn't been aggressively verified.) > > 2. If you get ahold of something like a kernel-mode rootkit, no two- > way firewall is going to save you. The operating system has been > subverted in that case, and it will lie to you and your software. > > If you have software that is communicating and you don't want it to do > so, maybe you should examine its preferences to turn such options off > or just uninstall it to be really sure. > > I don't recommend Internet Security packages as a whole because they > try too hard to do too much and don't end up doing some things very > well at all. > > William William, what do you recommend re firewall. Didn't see that in your earlier post in the thread. MS security essentials doesn't include a firewall as far as I can see from viewing their description. Is that correct? I now use zone-alarm. I used to use comodo but I get too many of the "is this OK" msgs.
From: William R. Walsh on 25 May 2010 15:32 Hi! > William, what do you recommend re firewall. Didn't see that in > your earlier post in the thread. Buy or build and use a "hardware" firewall with a NAT router. Put this between your Internet connection and computer system. If you have an old computer gathering dust and two spare network cards, you can use software such as m0n0wall, Smoothwall, IPCop or pfSense as the basis for your firewall/NAT router box. Doing this keeps your computer from being directly exposed to the 'net. Even a truly ancient computer is likely to be able to shift packets fast enough to saturate your Internet facing connection and so will not be a bottleneck. http://greyghost.mooo.com/monowall/ Anyone looking at your public IP address will see very little sign of life, as most of these devices stay pretty quiet when examined. Programs that try to bind themselves to TCP/IP ports so as to accept socket connections from other computers won't be visible from the outside world unless you forward their ports through the router/ firewall device*. Programs that communicate with another server on the Internet and transmit information to it are harder to filter. If you don't want programs doing this, check their options or try not to use those that do so. Or use a software firewall and block them if you must...but do keep in mind that a software firewall "keeps honest programs honest" and cannot be depended upon for any other purpose. A system with a sufficiently nasty virus, malware or rootkit will walk right through a software firewall running on that same machine, especially one doing "application filtering". MS Security Essentials is only an anti-virus and anti-malware program. It does not contain a firewall. Generally, the Windows firewall works very well and it's compact size and integration with the operating system does a lot to improve its reliability. William * some routers and NAT devices support UPnP and have it activated out of the box. UPnP allows software programs to set up port forwarding (amongst other things) automatically by sending commands to your router. Although this is convenient, malicious programs can abuse it. You should investigate and turn if it off if you do not need it.
From: yirg.kenya on 28 May 2010 13:10
On May 25, 12:32 pm, "William R. Walsh" <wm_wa...(a)hotmail.com> wrote: > Hi! > > > William, what do you recommend re firewall. Didn't see that in > > your earlier post in the thread. > > Buy or build and use a "hardware" firewall with a NAT router. Put this > between your Internet connection and computer system. If you have an > old computer gathering dust and two spare network cards, you can use > software such as m0n0wall, Smoothwall, IPCop or pfSense as the basis > for your firewall/NAT router box. Doing this keeps your computer from > being directly exposed to the 'net. Even a truly ancient computer is > likely to be able to shift packets fast enough to saturate your > Internet facing connection and so will not be a bottleneck. > > http://greyghost.mooo.com/monowall/ > > Anyone looking at your public IP address will see very little sign of > life, as most of these devices stay pretty quiet when examined. > > Programs that try to bind themselves to TCP/IP ports so as to accept > socket connections from other computers won't be visible from the > outside world unless you forward their ports through the router/ > firewall device*. > > Programs that communicate with another server on the Internet and > transmit information to it are harder to filter. If you don't want > programs doing this, check their options or try not to use those that > do so. Or use a software firewall and block them if you must...but do > keep in mind that a software firewall "keeps honest programs honest" > and cannot be depended upon for any other purpose. A system with a > sufficiently nasty virus, malware or rootkit will walk right through a > software firewall running on that same machine, especially one doing > "application filtering". > > MS Security Essentials is only an anti-virus and anti-malware program. > It does not contain a firewall. Generally, the Windows firewall works > very well and it's compact size and integration with the operating > system does a lot to improve its reliability. > > William > > * some routers and NAT devices support UPnP and have it activated out > of the box. UPnP allows software programs to set up port forwarding > (amongst other things) automatically by sending commands to your > router. Although this is convenient, malicious programs can abuse it. > You should investigate and turn if it off if you do not need it. Thanks, William. I took a look at my router and indeed, UPnP was enabled! So, I disabled it. Thanks!! But I'm confused on the following: (1) Buy or build and use a "hardware" firewall with a NAT router. Is the firewall provided by the router sufficient? How would I know? The router I have, a trendnet TEW-631BR has LOTS of settings, particularly in the advanced menus. However, it seems to me that very few options are set. What settings should I have to make sure it's providing the proper firewall protection? (In general as I can try to match them up with what I see for my specific router.) (2) port forwarding I'm supposed to be able to control this, but I can't see where to do it. It's on the help menu, but not in the actual options available. I couldn't find it anywhere. Looked several times. But the nat endpoint filtering (4d), below, seems to turn off port forwarding for connections already established. (3) need for both s/w and h/w (router) The router is set currently in NAT mode, so my question is, assuming my router firewall is correctly configured do I need a software firewall, like the windows firewall too? I'm not clear what purpose this would serve. Are there things that the s/w firewall will catch that the h/w one won't? That it provides another level of protection "just in case". Sort of like using several AV programs. (4) some settings I have in place (a) wan ping: disabled (b) multicast streams: enabled (c) spi: enabled (d) nat endpoint filtering: both UPD and TCP are port and address restricted (this seems to provide a sort of non-port forwarding) (e) non-upd/tcp/icmp lan settings: enabled. (Said it was helpful for single VPN connections which I use.) (f) application level gateway (ALG) configuration: enabled: pptp (for vpn), ipsec(vpn), rtsp, windows/msn messenger, ftp, h.323 (not meeting), sip, wake-on-lan (but I have no devices configured for it), mms |