Does Vista need extra software for security?

[Stan Kay]

Within a short while of adopting Windows XP Pro I experienced a series of
security issues (viruses, Trojans etc) and so quickly searched for Security
software. I eventually adopted Zone Alarm Security Suite and have used it
without problems for a few years.

Now to the point of this question. I moved to Windows Vista Ultimate on the
30th November 2006 and, perhaps luckily, have encountered no problems. So,
my question is:-

1.. with the built in extra security do I really need other software such
as Zone Alarm (current version does not work with Vista but a compatible
version is promised soon.
2.. If I do need extra security software can anyone please offer any
experience based suggestions?
Any help would be greatly appreciated.

 

[Kerry Brown]

The built in firewall in Vista is more than adequate. You do need antivirus
software. You may need antispyware software.

 

[Jeff]

Stan,

Kerry is right-grab a good av thats Vista compatable;most are now.
I use Avast-it's free, and never have had any issues-no bugs(so far)
It's at www.avast.com
if ya want it-
The Home Edition is free

Jeff

 

[John Barnett MVP]

The windows Vista firewall is more than adequate. Of course you do need anti
virus cover and there are a few 'free' ones around, AVG anti virus
(www.free.grisoft.com) is one Avast (www.avast.com) is another.
Spyware/malware cover is catered for in Ultimate with the built in Windows
defender software.

--
John Barnett MVP
Associate Expert
Windows Shell/User

Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..

 

[Jeremy]

I started using Zone Alarm a number of years ago, and have since stopped
using it. It actually modifies the stack, which I don't like. The built
in firewall should be more than adequate especially if you are behind a
router which I would recommend to anyone.

 

[Stan Kay]

Many thanks guys for very helpful feedback. It reinforces my own view that
all I really need with Vista is antivirus software.

 

[Guest]

Hello Stan,

Are you using Vista's BitLocker and Vista's Encrypted File System (EFS) ?

Perhaps it's just me, because I practice very safe browing, but personally,
I'm not convinced third party anti-virus applications are really needed or
necessary while using BitLocker and EFS.

What could a hacker or virus attack if they try attacking an 256 Encrypted
Firewall? Maybe I'm over looking something, but don't think so.

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

Hello Stan,

Are you using Vista's BitLocker and Vista's Encrypted File System (EFS) ?

Perhaps it's just me, because I practice very safe browing, but personally,
I'm not convinced third party anti-virus applications are really needed or
necessary while using BitLocker and EFS.

Neither BitLocker nor EFS provide you with anything even
approaching anti-virus protection. They are technologies that
are designed for a completely different purpose.

What could a hacker or virus attack if they try attacking an 256 Encrypted
Firewall? Maybe I'm over looking something, but don't think so.

The firewall is not encrypted. You're really not understanding
how either BDE or EFS work. If you open a document, or an email,
or what have you that contains a virus and you're not running an
anti-virus program you're going to get infected whether or not
you're using both BDE and EFS.

Your post is really, really bad advice.

 

[Jupiter Jones [MVP]]

In another post you stated:
"Factually, Vista’s BitLocker is indeed the newest most high tech Firewall"
Does much of your incorrect information stem from this incorrect belief of
yours?
BitLocker is not a firewall, and is not intended to replace a firewall.

You really need to read up on the tools and their purposes.

 

[Guest]

Paul and Jupiter,

Please understand that fully I'm aware that Vista's Firewall is -NOT-
encrypted.

As you are fully aware, BitLocker fully Encrypts the OS. EFS fully encrypts
user defined files and/or folders.

As I previously shared, I practice very safe browsing and possibly only
Charlie Russell and I are the only individuals absent a/v, and then maybe
not.

My previous Post was not ridged advice. Instead, merely sharing my views, in
respect to a/v and Vista's incredible internal applications. Actually, too
many others practice the equal application as mine.

What works for others and my self, may not work for you... have faith and
courage for respecting Microsoft's Technology. Only requires a very short
time for reformatting and re-loading Vista.

However, if a person is using many third party applications that alone
increases the potential for intruders.

Safe hex prevents hostile intruders, considering my email is auto a/v scanned.

Thanks for your comments, might consider consulting with Guru Charlie.

 

[Guest]

Hello Jupiter,

Well, please just consider my previous statment; "Factually, Vista’s
BitLocker is indeed the newest most high tech Firewall" a very accurate
analogy and hyperbole.

Moments ago, made a Post to Paul Adare that referenced you regarding the
prevuios Post of discussion. Could be wrong but I don't think hackers can
penetrate 256 encryption. What is your opinion?

 

[Kerry Brown]

I also run Vista without an AV program. I don't recommend it to anyone else.
I'm specifically doing it as an experiment. I know what the consequences are
and can deal with them. I am trying to find out how hard it is to infect
Vista and then how hard it is to clean the infection. So far I haven't been
infected, uac and the better security does work. I fully expect to be
infected as Vista becomes more popular and is targeted. If you truly believe
that Bitlocker and EFS have anything to do with a firewall or AV then your
education has been lacking. The malware would attack just like an
unencrypted system. The only difference would be the malware files would be
encrypted on your hard drive. Booting from external media to clean the pc
wouldn't be an option. If anything Bitlocker and EFS make it harder to clean
an infected pc. I can't speak for Charlie but I'd be very surprised if he
agrees with any of your statements.

If your email is auto scanned then you are using an AV application. It is on
the server rather than your pc and only protects against the currently most
common method of infection.

 

[Guest]

Hello Kerry,

Approximately one-year ago, I too begin experimenting using Vista absent a/v
- - also, initially I was -not- using BitLocker or EFS, and never did I
intercept any type of virus or trojan. That experience left me more than
impressed with Vista, yet I remained curious pondering if I would intercept
not desired attacks.

During the last month or two, I begin using BitLocker and EFS, learning
those applications provides me ultimate online confidence, never concerned
for intercepting any type of OS confrontation. Although, my machines use AMD
Athlon x2 that enhances a/v protection, somewhat as DEP.

Possibly, if I used several third party applications or "free ware" or third
party applications abscent a valid certificate, and wildly browsed, maybe
that might alter my judgment, maybe...

Still I remain extremely confident that hackers can not penetrate 256
cipher, period. Yet, remain most aware online criminal hackers void of morals
will be working over time attempting to prostitute Vista's 256 cipher, and
some may grow old attempting.

My definition of an OS and files that's encrypted with Vista's 256 cipher is
simply an encrypted Firewall !! yes, Firewall is used as an acronym.

The email server a/v I have no control, although have no objection for its
usage. Just as I practice safe browsing, never do I open not recognized
emails.

Just occurred to me that I used XP x64 with Athlon x2 for approximately one
year absent a/v and never encountered online attacks, other than a few
trackers that were quickly controlled or identified.

Progressively Windows Vista will revolutionize our World's computer usage.
Those that seemingly disagree are living a life of self-delusion or simply
spewing propaganda for self-promotion not fully aware of Vista's inherent
security.

It is my observation, from reading various Windows Newsgroups, the majority
of genuine conflict complaints toward Vista are user induced attempting to
rapidly install Vista just as we did with Windows 3.1.

Thank you for your comments.

 

[Guest]

Hello Kerry,

Well, apparently the first time reading your Post, I read a little to fast
and overlooked your "malware" discussion.

Please share with me, is it possible for malware intruding Vista's 256
cipher? If so, my conclusions might rapidly change.

The more I learn, the more I realize how ignorant I am. Sincerely, if
Vista's 256 encryption can be compromized, very much would I appreciate you
for sharing your knowledge with me, as soon as possible, please.

 

[Kerry Brown]

While you are running Vista the system accounts and your account have the
keys to decrypt the files. The malware would run in the context of one of
these accounts and thus have access to the files. Whatever you can do the
malware can do. Encryption is to stop someone who cannot logon from
accessing the files even if they have physical access to the computer. In
other words if someone steals the computer or removes the hard drive they
wouldn't be able to decrypt the files unless they had a password to get into
Windows. There is a fundamental difference in what encryption is designed to
do and what anti-malware programs do. They are not the same thing.

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

Well, please just consider my previous statment; "Factually, Vistaâ??s
BitLocker is indeed the newest most high tech Firewall" a very accurate
analogy and hyperbole.

Moments ago, made a Post to Paul Adare that referenced you regarding the
prevuios Post of discussion. Could be wrong but I don't think hackers can
penetrate 256 encryption. What is your opinion?

You don't understand how BDE or EFS work. Take two computers,
and two users, neither of which are running any anti-virus
software. One computer has BDE and EFS enabled, and one has
neither. Both users inadvertently open an infected document
which contains a virus. Guess what? Both of them are going to
get infected exactly the same way. It should be patently obvious
to you why the computer that isn't using BDE or EFS will get
infected. Think about the other computer. The virus payload will
be launched in the security context of the user who opened the
infected document. In the case of EFS, that means that the
process that the virus is running will have access to the same
decryption key(s) that the user has so there is zero protection
there. In the case of BDE, once the OS volume is unlocked, there
is no protection at all. BDE, unlike EFS, is not user specific.
Once the OS is up and running, if you can log on to the
computer, the OS will happily decrypt any file that is encrypted
via BDE.
You are deluding yourself if you think that BDE or EFS give you
any protection at all against getting infected with a virus.
I know Charlie, and I know that he'd agree with me here. Since
you seem to be in awe of him, go ask him for his opinion. Your
statements have no merit.

 

[Kerry Brown]

I agree with Paul's post. Go talk to Charlie again. You have misunderstood
him. I've only met him a couple of times but his depth of knowledge was
obvious.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

 

[Kerry Brown]

Many of us have answered your question already. You are missing an
understanding of what encrypting files or a file system is designed to do.
It's hard to put in simpler words than we've already done. Malware doesn't
need to compromise the encryption. Malware installs while you are using the
computer. Encryption of files is designed to protect the file from being
accessed while you are not using the computer. If you don't unlock a volume
then malware couldn't infect it but neither could you use it. While you are
using it malware could infect it. I hardly see how this can be equated with
malware protection as in an AV or firewall application. They are designed to
protect you while you are using the volume.

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

Please understand the purpose for this continuing request is for additional
confirmation that Vista's 256 cipher can or can not be compromised.

You still don't understand how all of this works. No one is
talking about comprising encryption here.

Please share a simple yes or no response: Can Vista's OS using 256 cipher be
compromised via malware or virus, if the user *never* un-locks the volume?

Again, you just don't get it. The user doesn't unlock the
volume. If you boot the OS, the volume is unlocked, it is as
simple as that.

Please share a simple yes or no response: Can Vista's EFS folders / files be
compromised via malware or virus if the user *never* decrypts the files /
folder?

Again, you're missing the point. I've explained this in my
previous response. Perhaps you should do some reading and
attempt to understand how the technology actually works before
making wild claims about virus protection that simply cannot
possibly be true.

 

[Guest]

Paul,

Please accept my apology for not understanding your syntax regarding
un-locking the volume.

Since my continuing request is for one very elementary question:
“Please understand the purpose for this continuing request is for additional
confirmation that Vista's 256 cipher can or can not be compromised.â€

Repeatedly, my request for your belief, in respect to, can Vista’s 256
cipher be compromised, remains *not* answered by you.

Why you refuse answering my repeated question by stating that *“no oneâ€* is
talking about *compromising Vista’s 256 cipher* exceeds mysterious.

Since you and I used the same syntax *â€compromising Vista’s 256 cipherâ€*
quite obviously you and I are talking about *â€compromising Vista’s 256
cipherâ€*

If it is a benefit for you, just consider this repeated request as a NEW
Question: Can Vista’s 256 cipher be compromised, yes or no?

Surely you understand that a simple question deservers a simple answer.

Yes, I feel as if I'm waiting for the bus to arrive.