Firewall etc

[jo5030]

Can anyone comment on the effectiveness of the MS supplied Firewall and
Defender offering when compared to other commercial products (such as McAfee
and Norton)? I use Norton at the moment, and it seems to me that if one is
offered through Vista for nothing, I may as well use it rather than pay for
another?

 

[Kayman]

Can anyone comment on the effectiveness of the MS supplied Firewall and
Defender

Both are good-quality applications, especially the firewall. (Steer away
from 3rd party software (so-called) firewall applications!!).
Educational reading:
Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx

Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html

offering when compared to other commercial products (such as McAfee
and Norton)?

A number of experts agree that the retail AV version of McAfee, Norton and
Trend Micro has become cumbersome and bloated for the average user.

The major Norton criticisms are related to stability and footprint, the
most common problem being slow-downs because of the massive system
resources Norton hogs. There are products on the market with equal or
better test results than Symantec's products, consuming less resources at a
lower price (*even free ones*).

I use Norton at the moment, and it seems to me that if one is
offered through Vista for nothing, I may as well use it rather than pay for
another?

Download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003
products and Norton 360 from your computer.

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
Viral Irony: The Most Common Cause of Corruption.
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser

and (optional but highly recommendable)

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.

Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/

Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Note: It is Free for private use. Just download (do NOT buy) and install.

A clarification on the terminology: the word "malware" is short for
"malicious software." Most Anti-Virus applications detect many types of
malware such as viruses, worms, trojans, etc.
What AV applications usually don't detect is "non-viral" malware, and the
term "non-viral malware" is normally used to refer to things like spyware
and adware.

Good luck

 

[John Barnett MVP]

Personally I only use the Windows Firewall and have found it more than
adequate. McAfee and Norton I would not use they are system hoggers and,
especially Norton, cause more problems than they solve.

--

--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience

Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..

 

[Root Kit]

Matousec ran a very comprehensive test of the available products for
Windows..
'Matousec Firewall Challenge'
(http://www.matousec.com/projects/firewall-challenge/)

Windows firewall in it's default state scored a rather dismal 5% but
does better with some advanced configuration, still not as good as
others tho.

This is getting boring.... Testing the windows FW for outbound
capabilities is like testing your car for the ability to fly....

Comodo scored the best for Free firewalls at 95%

Yes. Because they specifically targeted leak tests in order to gain
popularity. You do know that Comodo FW was developed for company
promotional purposes, don't you?

and is the choice of
many of the security pros here in the Forums.

Pros? What's a pro?

Some in the Newsgroups here get rather "testy" when anyone mentions
(God forbid) using a 3rd party firewall...call them "Snake Oil"

Well, that's what they are. But heck, do go install them if it makes
you feel good. Just realize that there is a difference between real
security and the subjective feeling of security. Indeed, the latter
has value - just not in a technical sense.

and the like, but Matousec's test suite is very comprehensive and runs
the toughest firewall attacks and go-rounds available

They test for some publicly known and also some self-made ones. The
problem is there is no end to ways of leaking. Dealing with outbound
control is nothing but gap stopping.

so I'll take their word over the ...ahem "other" guy here who may come in and start
bashing this post for Blasphemy.

I don't care, but you are aware that the malware industry offer
services like testing your malware's ability to by-pass firewalls and
anti-malware products, right?

 

[FromTheRafters]

I assume you are talking about the security suite offerings of
McAfee and Norton. In that case, their offerings provide an
"anti-virus" along with the personal firewall and anti-foistware
Vista offers.

There are excellent freeware programs in all categories, so
there is no reason to consider yourself obligated to run what
you already have.

I use the firewall application and defender that came with Vista
and added Avast! anti-virus (free). I also am behind a router/
wireless access point that has (is) a fairly configurable firewall.

Modern personal firewall applications have attempted to tackle
data leakage. You may be the kind of person willing to pay for
a good one of these, I'm not.

 

[Mark H]

Ditto!

Additionally, a simple router is cheaper than any software product you will
buy, doesn't require annual updates and with a simple one time setup will
provide a stronger defense than most firewalls. (Even if not setup for
portforwarding.)
http://portforward.com/english/routers/port_forwarding/routerindex.htm

But, no matter what you use, if you click "OK" or "Continue", your security
has just been bypassed. You must use common sense.

 

[Ken Blake, MVP]

Can anyone comment on the effectiveness of the MS supplied Firewall and
Defender offering when compared to other commercial products (such as McAfee
and Norton)? I use Norton at the moment, and it seems to me that if one is
offered through Vista for nothing, I may as well use it rather than pay for
another?

There are three kinds of software products you need for adequate
protection:

1. Firewall. I used to prefer the ZA firewall (or other third-party
firewalls) because it also provided outbound protection. I've become
convinced, however, that outbound protection is meaningless. Once one
of the nasties gets into your computer, it can essentially do whatever
it wants, including circumventing the firewall. So the extra
protection that a firewall that monitors outbound traffic provides is
more apparent than real, and I think the Windows firewall is fine.

2. An anti-virus program. Windows provides *nothing* in this regard,
and you should run a third-party product. I recommend NOD32, if you
want to pay for a product, or the freeware Avast! if you don't.

3. Anti-spyware programs. No single anti-spyware is adequate to
protect you against everything. Windows defender comes with Windows
Vista, but it alone isn't sufficient. I recommend adding at least one
or more of the following: Spybot Search and Destroy, Spyware Blaster,
Adaware, and Super AntiSpyware.

You mention McAfee and Norton. In my view (and that of many other
regulars here), Norton is the worst product on the market, and McAfgee
is only slightly better. Although they are the best-known and the
biggest sellers, I strongly recommend against both.

 

[Kerry Brown]

Matousec ran a very comprehensive test of the available products for
Windows..
'Matousec Firewall Challenge'
(http://www.matousec.com/projects/firewall-challenge/)

Windows firewall in it's default state scored a rather dismal 5% but
does better with some advanced configuration, still not as good as
others tho.
Comodo scored the best for Free firewalls at 95% and is the choice of
many of the security pros here in the Forums. Some in the Newsgroups
here get rather "testy" when anyone mentions (God forbid) using a 3rd
party firewall...call them "Snake Oil" and the like, but Matousec's test
suite is very comprehensive and runs the toughest firewall attacks and
go-rounds available so I'll take their word over the ...ahem "other" guy
here who may come in and start bashing this post for Blasphemy.

I guess I'd be considered a "security pro". I manage network security for
several businesses for a living. Microsoft has seen fit to award me the
"Most Valuable Professional" award for the past three years. I totally
disagree with your statements. The only time I use third party software
firewalls with older OS's that don't have a built in firewall. Software
firewalls that advertise outbound filtering as some sort of anti-malware
goodness are indeed snake oil. Yes they stop some malware from phoning home.
There is no way they can stop a determined hacker once your computer is
owned. The fact that they stop some poorly programmed malware only gives
people a false sense of security. Outbound filtering can be useful. You may
want to stop business users from using p2p apps or messenger while at work.
You may want to stop your kids from accessing certain sites or using certain
applications. A software firewall running on the computer being used is not
the best solution for this. If you do want to use a software firewall for
these purposes the built in Vista firewall does this better than any 3rd
party software firewall I've seen. Personally I use either a hardware
firewall or a Linux box as a gateway device for doing this kind of stuff.
Even most home routers have these features now. Use the appropriate tool for
the job. Software firewalls aren't really the appropriate tool to stop
malware once it's on your computer.

 

[Nonny]

Personally I use either a hardware firewall or a Linux box as a
gateway device for doing this kind of stuff. Even most home
routers have these features now. Use the appropriate tool for
the job. Software firewalls aren't really the appropriate tool to
stop malware once it's on your computer.

Hi Kerry,

I am using only my router's firewall. Another "MVP" (don't recall who
it was) advised that people like me should also be running Vista's
firewall for the additional outbound protection.

Your post and another I just read from Ken Blake seems to downplay the
need for ANY kind of outbound protection using the argument that a
good piece of malware can easily bypass such protection.

I think I'm fine with the hardware firewall. Am I correct?

 

[Kerry Brown]

Hi Kerry,

I am using only my router's firewall. Another "MVP" (don't recall who
it was) advised that people like me should also be running Vista's
firewall for the additional outbound protection.

Your post and another I just read from Ken Blake seems to downplay the
need for ANY kind of outbound protection using the argument that a
good piece of malware can easily bypass such protection.

I think I'm fine with the hardware firewall. Am I correct?

Have you disabled Vista's firewall? I wouldn't recommend that. I don't
enable outbound protection but inbound protection is very useful. I
recommend the Vista firewall in it's default configuration be used at all
times. I don't bother configuring it for outbound protection. If that's
needed I use an appropriate external device.

To answer your question. Yes with a NAT router (preferably with a built in
firewall of some type) and the Vista firewall you're fine as far as
firewalls go. You do need other protection like AV and anti-spyware. I
currently recommend the following setup.

Router, Vista firewall, Windows Defender, and NOD32 (or Avast if you want a
free AV). You may want to run another anti-spyware as a scanner only once in
a while. You don't want it monitoring in real time. My current favourite for
this is Superantispyware.

http://www.eset.com/products/nod32.php

http://www.avast.com/eng/avast_4_home.html

http://www.superantispyware.com/

 

[Nonny]

Have you disabled Vista's firewall? I wouldn't recommend that. I don't
enable outbound protection but inbound protection is very useful.

Why would it be needed when I'm running behind a hardware firewall?

I
recommend the Vista firewall in it's default configuration be used at all
times. I don't bother configuring it for outbound protection. If that's
needed I use an appropriate external device.

To answer your question. Yes with a NAT router (preferably with a built in
firewall of some type) and the Vista firewall you're fine as far as
firewalls go. You do need other protection like AV and anti-spyware. I
currently recommend the following setup.

Router, Vista firewall, Windows Defender, and NOD32 (or Avast if you want a
free AV). You may want to run another anti-spyware as a scanner only once in
a while. You don't want it monitoring in real time. My current favourite for
this is Superantispyware.

I have all the A/V and malware protection I could possibly need.

 

[jo5030]

Guys

Thank you all very much for your help. As a result of it, I have
reconfigured my protection as follows:

1. I am using my broadband hub as a firewall (for those of you that may
know it, a BT Home Hub set to Standard security level)

2. I have turned on my Windows Firewall as well with automatic updating,
but malware protection turned off (and removed Norton).

3. I have installed Avast! On-Access scanner as virus protection

4. I am considering using SuperAntispyware or Spybot as well.

To you experts - does this seem enough, and would you advise me to use on or
both of the products mentioned in 4 above.

Thank you all again for helping me.

John

 

[Nonny]

2. I have turned on my Windows Firewall as well with automatic updating,
but malware protection turned off (and removed Norton).

Turn malware protection (Defender) back on. Use one or two others to
supplement it.

If you're not totally fatigued by UAC's constant prompts, I would
suggest you install Spybot Search and Destroy. It's free, and it has a
feature named "teatimer" that keeps a lookout for any changes to your
registry and prompts you before letting them be made.

 

[FromTheRafters]

That is basically the setup I have. The Windows firewall could be
eliminated, but I don't feel it hurts to have it enabled just in case
I end up not behind my router. This can happen with wireless
networking. )

Do make sure your HUB's firewall is *yours* - that is you should
change the default password to something more secure than 'admin'
or 'user'.

 

[Kerry Brown]

Why would it be needed when I'm running behind a hardware firewall?

It's an added layer of protection. Firewalls are very good at filtering
inbound traffic. There is very little overhead involved. What if another
computer on your network gets infected with a network worm? What if a trojan
is executed on another computer that reprograms your router via uPNP? What
if your neighbour hacks into your wireless network? If you are always behind
the router and the router has a good firewall (most home routers have very
basic firewalls) then the risk of running without the Vista firewall isn't
that great. On the other hand the cost of the extra protection isn't that
much. It's just a very minimal amount of overhead.

If the computer in question is a notebook that may be used outside of your
network then it's imperative that the Vista firewall be enabled. When you
connect to a new network and Vista asks you if it's a public, home, or work
network, Vista changes the firewall rules to be appropriate for your choice.

 

[Ken Blake, MVP]

Guys

Thank you all very much for your help. As a result of it, I have
reconfigured my protection as follows:

1. I am using my broadband hub as a firewall (for those of you that may
know it, a BT Home Hub set to Standard security level)

Good.


2. I have turned on my Windows Firewall as well with automatic updating,

Good.


but malware protection turned off

When you say "malware protection," do you mean anti-spyware
protection? Spyware and viruses are both different kinds of malware.

If so, I assume that that means you turned off Defender. That's a
mistake. Defender may not be the single best anti-spyware app
available, but it's much better than nothing, and works well in
combination with other such products. It sounds like you presently
have no protection against spyware, and that leaves you very
vulnerable.

(and removed Norton).

Good.


3. I have installed Avast! On-Access scanner as virus protection

Good.


4. I am considering using SuperAntispyware or Spybot as well.

Good, but do more than consider. I would install them both, if I were
you. Just don't scan simultaneously with both.

To you experts - does this seem enough, and would you advise me to use on or
both of the products mentioned in 4 above.

Thank you all again for helping me.

You're welcome. Glad to help.

 

[Kerry Brown]

That is basically the setup I have. The Windows firewall could be
eliminated, but I don't feel it hurts to have it enabled just in case
I end up not behind my router. This can happen with wireless
networking. )

Do make sure your HUB's firewall is *yours* - that is you should
change the default password to something more secure than 'admin'
or 'user'.

And turn off uPnP on the router. There are two steps to securing a router.
Make sure a strong password is in place for the router setup. Turn off uPnP.
UPnP can be used to program a router bypassing the need for authentication.

 

[Nonny]

It's an added layer of protection. Firewalls are very good at filtering
inbound traffic. There is very little overhead involved. What if another
computer on your network gets infected with a network worm? What if a trojan
is executed on another computer that reprograms your router via uPNP? What
if your neighbour hacks into your wireless network? If you are always behind
the router and the router has a good firewall (most home routers have very
basic firewalls) then the risk of running without the Vista firewall isn't
that great. On the other hand the cost of the extra protection isn't that
much. It's just a very minimal amount of overhead.

If the computer in question is a notebook that may be used outside of your
network then it's imperative that the Vista firewall be enabled. When you
connect to a new network and Vista asks you if it's a public, home, or work
network, Vista changes the firewall rules to be appropriate for your choice.

Thanks for the info!

 

[Kayman]

And turn off uPnP on the router. There are two steps to securing a router.
Make sure a strong password is in place for the router setup. Turn off uPnP.
UPnP can be used to program a router bypassing the need for authentication.

Countermeasures against DNSChanger:
http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

 

[Mr. Arnold]

Matousec ran a very comprehensive test of the available products for
Windows..
'Matousec Firewall Challenge'
(http://www.matousec.com/projects/firewall-challenge/)

Windows firewall in it's default state scored a rather dismal 5% but
does better with some advanced configuration, still not as good as
others tho.
Comodo scored the best for Free firewalls at 95% and is the choice of
many of the security pros here in the Forums. Some in the Newsgroups
here get rather "testy" when anyone mentions (God forbid) using a 3rd
party firewall...call them "Snake Oil" and the like, but Matousec's test
suite is very comprehensive and runs the toughest firewall attacks and
go-rounds available so I'll take their word over the ...ahem "other" guy
here who may come in and start bashing this post for Blasphemy.

If you think I was tuff on you, you post this nonsense to
comp-security-firewalls and let them rip you a new one. And I am going to
tell you again that Commode or any other 3rd party host based personal
firewall/packet filter are not FW(s). A FW's job is to stop unsolicited
inbound traffic by default, to stop inbound or outbound traffic by creating
packet filtering rules and two separate networks by the usage of two
interfaces with one facing the network it is protecting from and the other
interface protecting the network it is to protect. That's is their job. A
good 3rd party packet filter, I won't call them FW(s), but their job is NOT
to be malware detection/stoppage solutions with snake-oil in them.

The buck stops at the O/S for anyone that knows how to harden the O/S to
attack. The protection doesn't stop at some snake-oil solution that's trying
to protect *you* from *you*.