Norton vs Zone Alarm firewalls

[Poprivet`]

f'ups set to microsoft.public.windowsxp.general

Why do you want to remove the XP firewall? Installing more then one
(i.e. two or more) software firewall on a computer (i.e. in addition
to the XP firewall) is not really useful.


Exactly. It does not integrate. That's why it is so difficult to
uninstall that stuff afterwards???

No, not really. If your questions are serious, I'll go thru here and give
you what I have experience and knowledge with, so maybe that'll help.
"Integrate" means to essentially become a part of. However, I do
understand that the term is used very loosely by many people. AV sw looks
into, and captures, system communications in order to monitor and function.
Depending on what you've asked it to do, some of those can be more than just
inserting itself in between your internet connection and your email client
of browser, which is where most of the detection is done.

A software firewall wants to provide security. For that it must
establish itself somewhere deep in the OS to prevent evasion or the
ability to turn it off quickly.


Why exactly do you need additional tools available from Symantec to
uninstall Norton completely from your computer?? Is that untrue?

No, it's definitely true! There are some silly reasons and some good
reasons for it. The silly reason is that you might want to reinstall it in
the future and that way it preserves all your settings and things should you
reinstall it to "fix" a file corruption or whatever. But if your aim is to
get it off your computer, it's a pia. The good reason is that the way
theyve chosen to install files and where to put them isn't tracked well by
XP nor Norton, and can be a very considerable amount of data. This is some
of the "bloatware" that people often refer to, but only a piece of it. The
"big deal" is that Norton creates a LOT of files "on the fly" and only
Norton knows the best way to rid a system of everything so that it won't
interfere with anything later. Sucks, and I hate it, but that's how it is.
FWIW, the methodology Norton uses isn't particular to them; many other
applications do the same thing for basically the same reasons. IMO it's
mostly because of the rush to market, inability to be sure of MS's various
proprietary areas and what it's doing, and a few others but I'd be
rationalizing and want to stop here with that thought.
In reality, this "tool" should have been part of the installation but if
you notice, Norton (and others) must look at your installations to be able
to give you the correct tool to use. So, it's obviously not something
simple and is widespread. I think really, in Norton's case, it's a matter
of rush to market after having coded themselves into a corner over the years
and of course, when Symantec bought Norton, the problem only got worse
because the Norton SW coders didn't go with it and they had to relearn it
from scratch.
So now they have a mess to work themselves out of.
OTOH, I find the products bug free and fully functional so I've stuck
with them since I have a well managed and maintained system. I've never had
any serious problems with Norton (I use SystemWorks) and the only reason I'd
leave them would be over money. Which is an event in progress; their virus
subscriptions are getting pretty expensive and considering the other
protections I have, I may forego Norton when my subscription is up next
year.
As for bloatware, it probaby is, and as for slowing down a system, there
is only one part of their apps that I've noticed slows anything down; that
is their GoBack. It works wonderfully and I used it to great advantage
until I got backup imaging applications running, after which I dispensed
with it. It did slow down boot and shut-down times although I never noticed
any other delays it caused. Others will tell you differently but in my
circle of friends and acquaintances, we all have pretty much the same
experiences.

There is an uninstaller available. That does something but not
everything. Why again does it happen to so many people that there
networking still does not work correctly after they have uninstalled
ZoneAlarm? The stupid uninstaller forgot to remove the proxy setting
in the internet settings... Hic. It was just not built to be
uninstalled.

I can't answer that one because I don't have any issues with it. I use
ZoneAlarm Pro after using the free version for a long time, and never had
issues with it. The proxy I use is a very simple one, and my LAN is small,
so maybe that has soemthing to do with it. I'd probably start at ZA and if
there's any good reason for it, I'm sure they have it covered there. I've
no idea whether it's a Norton or a ZA issue so ... can't say anything here.

O.K. What was exactly the good reasons why some uninstallers forgot to
remove the proxy setting in the internet options which prevented
people to use the internet after uninstallation?

As I've said above, I have no experience with that. My most recent removal
of Norton was a few weeks ago in order to try out the free NIS my ISP was
offering, but it also wanted me to remove ZoneAlarm before it'd install, so
that that says there IS some truth to what you're alleging. But if it's not
Norton's proxy, I wouldn't expect it to fix anything that ZA did and vice
versa. It does however, appear to be covered in the documentation. I read
that I should uninstall ZA, but didn't, and NIS just refused to install
until I did uninstall it. AFter the install, I reinstalled ZA and all was
fine.
Again though, I see the same things in other applications and not always
explained or recognized. Norton at least controlled the sitiation with NIS
2007. I had no issues at all uninstalling it and reinstalling my
SystemWorks 2006.
So, that's the extent of my experience there. Sorry.

What is your problem? Do you have anything else to say except
personal insults?

I simply believe that inconsistancies and misinformation are bad, very bad,
in a public place because too many newbies will hook onto the one they like
the best and remember that instead of the more accurate assessments. I
think I've said a LOT other than insults, and if you find them personal, you
need a slightly thicker skin. I'm gentle by many standards but I do say
what I think and mean what I say. If I'm wrong then so be it; I'm not
afraid to say so, and if you're actually reading this, I guess I was wrong
and apologize for that. I felt that the misinformation needed to be pointed
out, in particular, and wanted it to stop.

If it does not fix itself deeply in the OS as they do they can
obviously very easily circumvented.

Hmm, that's a sort of semantics thing I think, depending on what one
considers the meaning of those words in that context. What you mean is
probably correct as far as it goes. It's not the "deepness" but the logic
and points of the application's connection that are important, along with
what it does with such information of course. But I'm rationalizing,

Do you have any arguments except personal insults?


No argument. Personal insult. What are you trying to say:

* A software is more intelligent than a human being?

No, but it's more reliable, consistant and usually much more dependable.

* It is more effective to use some security software then to learn
something about security and to be careful while in the internet?

* It is not possible to run a computer securely connected to the
internet without any antivirus and firewall?

Not really. Within minutes, the "noise" of the internet is likely to
discover one or more of your open ports and start testing them. One can
literally become infected with a virus or spyware within minutes of
accessing the internet without some sort of protection in place, especially
considering all of the "noise" looking for you are covert in nature and
aren't going to announce themselves. You'll find very, very few
recommendations to EVER connect to the 'net without some sort of protection
installed. If fact, if you find such a site saying you can connect safely,
get the hell away from them; they are likely already probing you. It can
ruin a good afternoon of rebuilding a system.

There's a little hype involved, but if you'd like to see what's happening on
your machine and who can see what in and on it, visit grc.com and let them
run a few tests on you ports. In my current configuration, I'm fully
"stealthed", meaning no one on the 'net can see me in any way. That's the
target to shoot for. It's a free service, and pretty good. There are
others also but I like grc.

...


The amount of personal insults and the lack of argument in your post
makes me thinking your lack a few interpersonal skills and some
experience.

Very possible, and a fair shot! I obviously could/should have chosen my
words much better than I did. My apologies if you felt attacked; it wasn't
really my intent nor was it deserved; but I guess Freud was at work.

You are the parrot here. You just write what everybody else repeats
all the timing withing thinking.

"You must install AV. You must install PFW."

That of course is not entertaining but boring.

Face reality. It is possible without AV and with PFW.

No idea where PFW came from; that's a product I don't use but is still a
viable firewall.
If you're really sans firewall and antivirus software, you're going to
understand soon enough; that's about all I can say.

I do apologize if you felt attacked.
I'm more than willing to discuss things amicabley.
If you're just trolling though, I'm done.

Cheers,

Pop`

 

[Poprivet`]

Please, there is no need for you guys to get into a flame war over my
post. I understand that you are trying to be helpful, but I have to
disagree with you on the points that you have to reinstall windows to
uninstall security software or that running a windows system without
av or pfw is a good idea. I appreciate all the advice and thank
everyone for their help.

No flame war intended, Luis. I've apologized and responded to him that if
he wishes to debate amicably that's fine with me. I was off target and
admit it. See my response if you're curious. We all have those "bad"
days I guess.

Regards,

Pop`

 

[ChronJob]

Thanks. My understanding of router firewalls is that they only block
incoming traffic and if there is some malware on the system then
outgoing stuff is not blocked. Is that correct?

If you've got malware on your system you're already done, cooked, finished,
hacked, and compomised. The ONLY serious remedy at that point is to flatten
your system and rebuild it.

Software firewalls are garbage, pure and simple. If it makes you feel
better though, use Windows native free firewall.

Do use a NAT router and hardware firewall. You can get these for $100.00 or
so.

See: http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

and http://samspade.org/d/firewalls.html

Good luck!


ChronJob
_____________________________________
"-When you have to shoot, shoot, don't talk."

 

[Poprivet`]

If you've got malware on your system you're already done, cooked,
finished, hacked, and compomised. The ONLY serious remedy at that
point is to flatten your system and rebuild it.

There are very few good reasons to "rebuild" a system. Much better to start
with AV and an arsenal of spyware tools to clean things up as much as
possible. Results might be faster obtained, too.
OTOH it's not "wrong" to rebuild/reinstall, just very seldom necessary.
The best solution is to be prepared with images of the system stored away
and updated automatically. Then it's a minor detail to put the system back
to pre-malware state with a few key clicks.

 

[Ansgar -59cobalt- Wiechers]

There are very few good reasons to "rebuild" a system. Much better to
start with AV and an arsenal of spyware tools to clean things up as
much as possible. Results might be faster obtained, too.

Nonsense. Once a system got compromised there are virtually no reasons
*not* to flatten and rebuild the system.

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

cu
59cobalt

 

[Gerald Vogt]

There are very few good reasons to "rebuild" a system. Much better to start
with AV and an arsenal of spyware tools to clean things up as much as
possible. Results might be faster obtained, too.

I would not want to run a computer cleaned up "as much as possible"
leaving some malware undetected behind because that malware so well
hidden is the really dangerous one. A trojan, key logger, similar.

If you use the computer to send a single password, credit card number,
or any thing else personal I would never use a computer which is cleaned
up "as much as possible".

Either reinstall the computer or restore a 100% sure clean system image.
IMHO anything else is bad advice.

Gerald

 

[Lars-Erik Østerud]

There are very few good reasons to "rebuild" a system. Much better to start

Haven't rebuild my system since I installed Win98se.
When I upgraded to XP I cloned the Win98se partition.
Still stable as ****. OK, I do some reg cleaning, but.

 

[HEMI-Powered]

Gerald Vogt added these comments in the current discussion du
jour ...

I would not want to run a computer cleaned up "as much as
possible" leaving some malware undetected behind because that
malware so well hidden is the really dangerous one. A trojan,
key logger, similar.

If you use the computer to send a single password, credit card
number, or any thing else personal I would never use a
computer which is cleaned up "as much as possible".

Either reinstall the computer or restore a 100% sure clean
system image. IMHO anything else is bad advice.

Nice name, Gerald, same as mine! I completely agree with you
here. Before I run a periodic image backup with Acronis True
Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
Patrol, and NAV 2006 (in addition to the latter 2 running all the
time) because it makes no sense to image an infected HD. Still, I
am never completely sure it is clean, probably I never will be
but at least I don't notice any obvious or even subtle signs of
an infection.

 

[Kayman]

Nice name, Gerald, same as mine! I completely agree with you
here. Before I run a periodic image backup with Acronis True
Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
Patrol, and NAV 2006 (in addition to the latter 2 running all the
time)...

Is security software becoming a security risk?

http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html

"People think that putting one AV engine after another is somehow defense
in depth. They think that if one engine doesn't catch the worm, the other
will catch it," he said. "You haven't decreased your attack surface; you've
increased it because every AV engine has bugs"

Although attackers have exploited parsing bugs in browsers for years now
with some success, Zoller believes that because antivirus software runs
everywhere and often with greater administrative rights than the browser,
these flaws could lead to even greater problems in the future.

The bottom line, he says, is that antivirus software is broken. "One e-mail
and boom, you're gone," he said.

Zoller says he has been criticized by his peers in the security industry
for "questioning the very glue that holds IT security all together," but he
believes that by bringing this issue to the forefront, the industry will be
forced to address a very real security problem.
---
Interesting report:
(Though Russ Cooper, a senior scientist with Verizon Business, had some
criticism for the work of n.runs)

The Death of Anti-Virus Defense.

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf

 

[HEMI-Powered]

Kayman added these comments in the current discussion du jour
....

Is security software becoming a security risk?

http://www.infoworld.com/article/07/11/21/Is-security-software-
becoming-a-security-risk_1.html

"People think that putting one AV engine after another is
somehow defense in depth. They think that if one engine
doesn't catch the worm, the other will catch it," he said.
"You haven't decreased your attack surface; you've increased
it because every AV engine has bugs"

I don't think anyone thinks that having more than one true AV
utility running at a time is a good idea. But, what I listed
running all the time, eTrust Pest Patrol, commercial Zone Alarm,
and NAV 2006 are all intended to do different things in different
ways. And, running Ad-Aware and Spy Bot Search & Destroy as
separate utilities periodically do yet another security-related
purpose. So, I see no conflicts here.

Now, as to one malware scanner finding things another misses, I
don't think this is uncommon or unexpected behavior as the
creation of definitions to detect new threats is not done in
tandem with other developers and different specific utilities
perform in entirely different ways.

Although attackers have exploited parsing bugs in browsers for
years now with some success, Zoller believes that because
antivirus software runs everywhere and often with greater
administrative rights than the browser, these flaws could lead
to even greater problems in the future.

The bottom line, he says, is that antivirus software is
broken. "One e-mail and boom, you're gone," he said.

Zoller says he has been criticized by his peers in the
security industry for "questioning the very glue that holds IT
security all together," but he believes that by bringing this
issue to the forefront, the industry will be forced to address
a very real security problem. ---
Interesting report:
(Though Russ Cooper, a senior scientist with Verizon Business,
had some criticism for the work of n.runs)

The Death of Anti-Virus Defense.

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisi
ting_Anti-Virus_Software.pdf

Interesting. What there's a "death" of, IMO, is people who're
aware enough to pay attention to safe computing and have at least
a modicum of defenses against the bad guys. The popular malware
utilities will catch the vast majority of common threats but if
one's PC is attacked by a sophisticated enough hacker or
whatever, it is doubtful that any software will catch it.

 

[Gerald Vogt]

I don't think anyone thinks that having more than one true AV
utility running at a time is a good idea. But, what I listed
running all the time, eTrust Pest Patrol, commercial Zone Alarm,
and NAV 2006 are all intended to do different things in different
ways. And, running Ad-Aware and Spy Bot Search & Destroy as
separate utilities periodically do yet another security-related
purpose. So, I see no conflicts here.

The problem is only that you are running the security software on the
infected machine. If you have got malware which runs with
Administrator privileges you cannot rely on anything in your system
anymore. It may have installed a good root kit which goes undetected.
It may patch the signatures of your security software to go
undetected. It can effectively disable your firewall even though the
firewall and Windows still think it is running

Thus, if you have an infected machine you simply cannot tell how bad
it is. Once you have a trojan on your computer which allows remote
access to your computer you are well off the standard malware which
you'll find in the wild and which security software may detect. And as
some people are more then happy to clean the computer "as good as
possible" (or until none of the security software finds more) you can
never tell what goes undetected on a computer if you check it on the
same system. You should never trust a security check which is running
on the infected system. If you want to scan you should use a clean
boot disk and scan the file system from there or run a full comparison
of the compromised file system with a clean backup to see what has
been modified. That would give you more trustworthy results although
even then I would rather recommend to restore a clean system image.

Now, as to one malware scanner finding things another misses, I
don't think this is uncommon or unexpected behavior as the
creation of definitions to detect new threats is not done in
tandem with other developers and different specific utilities
perform in entirely different ways.

There is a lot out there which no malware scanner finds or will ever
find. They find what you can find very often. A malware which only
appears a few hundred or thousand times, for instance for a little bot
net, is unlikely to be found ever. And even if eventually the code is
sent to a security company for analysis and is added to their
signatures, you can as well just recompile the malware with some code
obfuscation and it goes undetected again.

Interesting. What there's a "death" of, IMO, is people who're
aware enough to pay attention to safe computing and have at least
a modicum of defenses against the bad guys. The popular malware
utilities will catch the vast majority of common threats but if
one's PC is attacked by a sophisticated enough hacker or
whatever, it is doubtful that any software will catch it.

Exactly that's why you cannot trust a infected system with whatever
security scanner you may scan it. I will never understand why some
people still use the same computer with the same system after 20
different scanners found a dozen different trojans, worms, viruses,
etc. They use various removal tools and continue to use the computer
after the next scan does not report anything anymore...

But that is what people do when they think a malware infection is
simply inevitable eventually if you connect your computer to the
internet.

Gerald

 

[raylopez99]

Hi Luis,

The XP firewall is "decent" but only checks incoming traffic, not outgoing,
so if you had something that was calling home with your account passwords,
it would miss it. It's real use is so that you CAN have a firewall when you
first hit the internet and until you get all of your updates and other
protection apps into place and updated. I seldom have to rebuild my system
so I've only used it once or twice, but it does give basic protection but
that's about all.

I keep hearing this 'fact' about outgoing messages having to be
checked by a firewall, but, though I see the logic behind it, I'm not
entirely convinced. After all, if a virus is smart enough to
penetrate the incoming firewall, don't you think it will be smart
enough to penetrate the outgoing firewall? Say by pretending it is a
legitimate windows process (like MSFT Update) and then tricking the
user into approving of it? I think so.

You're also correct in that having two software firewalls working at the
same time is a no-no. They will step on each other's resources even if they
seem to work together. Many firewalls won't even install until you disable
any other one you have working. Some even make you actually Remove the
other firewall before they'll install and XP also has a firewall monitor
that'll complain to you.

Two software firewalls may be a no-no, but I have three antivirus and
spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
and they all happily play nicely together, with the most obnoxious of
the three programs being Kaspersky (the "heuristics" is a pain),
followed by Webroot (has given false positives in the past, though the
company is good at correcting these mistakes) and AVG (works so nice,
with no problems, that I sometimes wonder if it's doing anything at
all, since I've seen ads saying that of all the vendors AVG products
miss the most viruses, but when scanning your system AVG finds
tracking cookies that the other two programs miss). Also Blacklight's
free online Windows Explorer ActiveX product has found tracking
cookies that all three of the above programs have missed.

RL

 

[Kayman]

Kayman added these comments in the current discussion du jour
...


I don't think anyone thinks that having more than one true AV
utility running at a time is a good idea. But, what I listed
running all the time, eTrust Pest Patrol, commercial Zone Alarm,
and NAV 2006 are all intended to do different things in different
ways. And, running Ad-Aware and Spy Bot Search & Destroy as
separate utilities periodically do yet another security-related
purpose. So, I see no conflicts here.

Conflict(s) is/are not the issue; The OS may appear working smoothly. But
installing anti-whatever applications has made your OS more vulnerable to
attacks.

Now, as to one malware scanner finding things another misses, I
don't think this is uncommon or unexpected behavior as the
creation of definitions to detect new threats is not done in
tandem with other developers and different specific utilities
perform in entirely different ways.


Interesting. What there's a "death" of, IMO, is people who're
aware enough to pay attention to safe computing and have at least
a modicum of defenses against the bad guys.

It is important that administrators follow the rule of least privilege.
This means that users should operate their computer with only the minimum
set of privileges that they need to do their job

The best denfenses are:
1. Do not work as administrator, use limtited user account (LUA) for
day-to-day work.
2. Keep your system (and all software on it) patched.
3. Review usage of IE and OE; Look for good alternatives.
4. Don't expose services to public networks.
5. Routinely practice safe-hex.
6. Backup, backup, backup.

The popular malware utilities will catch the vast majority of common
threats but if one's PC is attacked by a sophisticated enough hacker or
whatever, it is doubtful that any software will catch it.

The least preferred defenses are:
Most popular anti-whatever applications.

 

[Robert]

My Zone Alarm Pro firewall subscription expires in a few days and I recently
bought a Norton Internet Security 2008 package that contains a firewall.
I currently have the Norton firewall turned off and just use the Zone Alarm
Pro firewall.
I don't use the Win XP firewall because I heard that it's not a good idea to
have several firewall on at the same time.
We get internet through a Belkin pre-N wireless router that is supposed to
have some sort of firewall built in and that one is turned on.
My computer connects to the router with an ethernet cable and my son's
computer uses a Belkin N usb wireless adapter. They both have the same
current setup I describe regarding firewalls.
Can anyone please advise on whether the Zone Alarm Pro firewall is any
better than the Norton firewall in my situation?
Should I renew the Zone Alarm Pro subscription or uninstall it when it
expires and turn on the Norton firewall?
Thanks for any advice.

I use to have Norton anti-virus and firewall and it caused nothing but
problems and is a resource hog. I eventually removed it, and glad I
did. I now use AVG for my anti-virus along with A-Squared and Spybot
for malware removable, and Comodo for my firewall, all of which are
free and I haven't had a problem since.


Robert

 

[Robert]

My Zone Alarm Pro firewall subscription expires in a few days and I recently
bought a Norton Internet Security 2008 package that contains a firewall.
I currently have the Norton firewall turned off and just use the Zone Alarm
Pro firewall.
I don't use the Win XP firewall because I heard that it's not a good idea to
have several firewall on at the same time.
We get internet through a Belkin pre-N wireless router that is supposed to
have some sort of firewall built in and that one is turned on.
My computer connects to the router with an ethernet cable and my son's
computer uses a Belkin N usb wireless adapter. They both have the same
current setup I describe regarding firewalls.
Can anyone please advise on whether the Zone Alarm Pro firewall is any
better than the Norton firewall in my situation?
Should I renew the Zone Alarm Pro subscription or uninstall it when it
expires and turn on the Norton firewall?
Thanks for any advice.

I forgot to mention that if you decide to remove Norton remember to
uninstall Live Update and you also need to go to Norton's site
(Symantec) for their removal utility. Your computer should run alot
faster without it.


Robert

 

[Ansgar -59cobalt- Wiechers]

Conflict(s) is/are not the issue; The OS may appear working smoothly.
But installing anti-whatever applications has made your OS more
vulnerable to attacks.

Not true. Conflicts between two on-access scanners are a very real issue
and are indeed the main argument against installing concurring scanners.
Also, installing applications does not necessarily make an OS more
vulnerable. The OS only becomes more vulnerable if some application has
an exploitable bug. Of course installing additional software does
increase the chance of that happening, but it doesn't automagically make
the OS (more) vulnerable.

For example: you can easily run two or more on-demand virus scanners
without a single problem, because they're running as simple userspace
applications (and thus won't affect each other), and only run with the
privileges of the user initiating the scan.

However, that doesn't mean that it'd be okay to install arbitrary AV
software, because several of them have issues aside from what I
mentioned above.

cu
59cobalt

 

[RalfG]

It doesn't need to be a virus. I did encounter that one time when accessing
a web page unexpectedly triggered OE and the firewall blocked it. A
firewall may have the ability to block -any- application from sending email
without explicit approval. Monitoring outbound traffic also entails
differentiating the legitimate processes from suspicious ones or spoofs. All
firewalls are not equal, but if the firewall is doing the job well it's not
enough for a process to pretend to be "iexplore.exe" in order to pass the
firewall, it has to be c:\program files\internet explorer\iexplore.exe, with
additional identifying information, be it a specific version number, CRC
etc. etc..

Viruses aren't smart, they're all constrained to operating within specific
program parameters. Some are more cleverly written than others but the vast
majority have already been beaten.

Anyway this thread seems to be missing the point. It's analagous to saying
that we shouldn't bother using crosswalks or crossing at the lights because
it is always possible that some idiot driver might ignore the signals and
run us down anyway. One side (anti-security) says avoid the problem by never
crossing a street, the other side (pro-security) says use due caution and
cross with the lights. I use a firewall mainly to keep unauthorised -people-
out of my PC, AV and AS software to keep out or kill malicious software.

 

[Unknown]

The interesting thing is that you probably wouldn't have any problems even
without
AVG, A-Squared, Spybot and Comodo.

 

[Poprivet`]

Kayman added these comments in the current discussion du jour
...
....

Interesting. What there's a "death" of, IMO, is people who're
aware enough to pay attention to safe computing and have at least
a modicum of defenses against the bad guys. The popular malware
utilities will catch the vast majority of common threats but if
one's PC is attacked by a sophisticated enough hacker or
whatever, it is doubtful that any software will catch it.

Actually I think it's more akin to birth than death. The major problems are
most always for the newbies who haven't yet been educated, have been
mis-educated, or simply kept in the background by people purposely talking
over their heads when they do try to learn.

Pop`

 

[Poprivet`]

....

I keep hearing this 'fact' about outgoing messages having to be
checked by a firewall, but, though I see the logic behind it, I'm not
entirely convinced. After all, if a virus is smart enough to
penetrate the incoming firewall, don't you think it will be smart
enough to penetrate the outgoing firewall? Say by pretending it is a
legitimate windows process (like MSFT Update) and then tricking the
user into approving of it? I think so.

An entirely possible set of events, yes. But there are other avenues onto a
system than always in-bound and alone through the 'net ports.
One example is being invited in: there's a program or 5 out there that
will let you use smilies wherever you want to use them; Word, IE, Wordpad,
most any application. Yahoo carries it as a link. Lots of newbies think
Yahoo is pretty danged neat and go ahead and download it. I forget what
it's called and it is pretty neat at first, but then the machine starts to
slow down and you keep noticing lots of downloads coming into your machine.
If the firewall see is, they allow it because it's a familiar name and has
to do with the app they just downloaded, claiming to be its updates. Only
the "updates" never stop. It's the GAIN spyware though it goes by several
different names. It's a PIA to remove and even their remove instructions,
of course, don't fully work.
I found it on the client's machine quickly with a malware scan.

Another possibility is a disk from a friend or acquaintance. It may or
may not get scanned by a newbie. If it's only spyware it covertly contains,
AV won't catch a problem. Not all spyware detectors will find it right away
so if all you use is say Windows Defender, there's a good chance you're not
going to catch it, if you did bother to scan it. So, it starts calling home
and guess what? You have spyware being downloaded into your machine, small
pieces at at time until ... .

There's another side of this discussion too I'd like to mention. It
seems a lot of the posts have begun to concentrate on the really miserable
malware out there that's actually seldom seen by the normal user. Rather
than discuss the generally relevant information in addition to the tough
ones, they are contentrating on the tough ones as though they are all that
exist. It appears to me to be more an attempt to display inflated egos than
to impart any useful information to the masses and is dangerously close to
being trolling in more than one of the posters; the others are just being
sucked into endless discussions, the signature responses trolls hope for.

Two software firewalls may be a no-no, but I have three antivirus and
spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
and they all happily play nicely together, with the most obnoxious of
the three programs being Kaspersky (the "heuristics" is a pain),
followed by Webroot (has given false positives in the past, though the
company is good at correcting these mistakes) and AVG (works so nice,
with no problems, that I sometimes wonder if it's doing anything at
all, since I've seen ads saying that of all the vendors AVG products
miss the most viruses, but when scanning your system AVG finds
tracking cookies that the other two programs miss). Also Blacklight's
free online Windows Explorer ActiveX product has found tracking
cookies that all three of the above programs have missed.

That's a reasonable arsenal you have, IMO with the exception of possibly
Webroot, which I've only read about but don't have any actual experience
with. Heuristics, for what it's worth, IS good, but by its nature very
prone to false positives; better a false positive than a false negative.
The user should be fairly savvy and understand what is causing the hits with
heuristics or it can create a sense of worry that's totally unnecessary.
Heuristics is simply watching for virus-like activity, unable to know
whether it's legitimate accesses due to a user's programs or viral activity,
so it notifies the user each time.
Cookies, IMO I don't worry too much about. I only keep a few of them
on my machine that I need for certain web site password, fast signongs etc
and delete everything else. I use WinPatrol for that but for a lot of other
things unrelated, too.

REgards,

Pop`