Which Internet Security suite is best?

[hacker]

I am a home user with 2 networked computers. I plan to buy a third
soon. I use a linksys router to connect the machines to each other,
the internet, and for DHCP.

I currently use AVG Internet Security suite. The license is about to
expire. Basically I think it's a good product, but I find the
interface to be very awkward, and the firewall doesn't appear to do
full stealth mode since I haven't been able to stop it from responding
to a ping (I use the test available at grc.com). One review said it
doesn't protect against scripting viruses either.

In the past I tried Trend Micro, Norton, and ZoneAlarm. Norton seemed
to go deep into my system and mess things up real good. I ended up
reinstalling the OS to remove all traces. Apparently, being the most
popular software doesn't make it the best. Trend Micro was OK, but it
also responded to a ping and their support really pissed me off so to
hell with them. ZoneAlarm was the only one that would do total
stealth, but it really impacted system performance and had to be
disabled for quite a few websites to work.

Right now I'm looking at Kaspersky and NOD 32. I would appreciate
comments about your preferred software (not necessarily limited to the
2 above). Positive and/or negative comments would be appreciated.

 

[Char Jackson]

I am a home user with 2 networked computers. I plan to buy a third
soon. I use a linksys router to connect the machines to each other,
the internet, and for DHCP.

I currently use AVG Internet Security suite. The license is about to
expire. Basically I think it's a good product, but I find the
interface to be very awkward, and the firewall doesn't appear to do
full stealth mode since I haven't been able to stop it from responding
to a ping (I use the test available at grc.com). One review said it
doesn't protect against scripting viruses either.

I thought the default Linksys configuration would prevent a response
to external pings. Did you change that behavior?

Right now I'm looking at Kaspersky and NOD 32. I would appreciate
comments about your preferred software (not necessarily limited to the
2 above). Positive and/or negative comments would be appreciated.

I used AVG Free for over a year, (Norton Systemworks before that), and
recently (5-6 months ago) switched to NOD32, partly based on
recommendations I saw in this group and including links to other 3rd
party AV testing sites. So far, I like NOD32 and plan to use it
indefinitely.

 

[Langly]

I thought the default Linksys configuration would prevent a response
to external pings. Did you change that behavior?

No. The only linksys changes I made were to update to the latest
firmware and change the default password. In the software firewalls I
disabled anything having to do with ICMP echo as well. I don't recall
having to do anything with ZoneAlarm. I just did it without me having
to do anything.

I used AVG Free for over a year, (Norton Systemworks before that), and
recently (5-6 months ago) switched to NOD32, partly based on
recommendations I saw in this group and including links to other 3rd
party AV testing sites. So far, I like NOD32 and plan to use it
indefinitely.

Thanks for the feedback.

 

[Maximus the mad]

Langly aka (e-mail address removed),after much thought,came up with this
jewel:

No. The only linksys changes I made were to update to the latest
firmware and change the default password. In the software firewalls I
disabled anything having to do with ICMP echo as well. I don't recall
having to do anything with ZoneAlarm. I just did it without me having
to do anything.

Perhaps you should check the firewall settings on the router. My
netgear router got a perfect score on the grc test.

Thanks for the feedback.

NOD gets my vote.
max
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.

 

[Char Jackson]

No. The only linksys changes I made were to update to the latest
firmware and change the default password.

On my Linksys WRT54G running firmware 4.21.1, the web GUI includes a
Security tab. Clicking it defaults to the Firewall page. On that page
I have the following:

Firewall Protection: [X] Enable [ ] Disable

Block WAN Requests
[X] Block Anonymous Internet Requests
[X] Filter Multicast
[ ] Filter Internet NAT Redirection
[X] Filter IDENT(Port 113)

Those are the defaults, and here's what the Help says about the "Block
Anonymous Internet Requests" option:
"By enabling the Block WAN Request feature, you can prevent
your network from being "pinged," or detected, by other Internet
users. The Block WAN Request feature also reinforces your network
security by hiding your network ports. Both functions of the Block
WAN Request feature make it more difficult for outside users to
work their way into your network. This feature is enabled by
default. Uncheck to disable this feature."

Note that it's enabled by default. If you're running a different model
Linksys, or different firmware, you may have to hunt around a little
to find the same or similar setting.

In the software firewalls I
disabled anything having to do with ICMP echo as well. I don't recall
having to do anything with ZoneAlarm. I just did it without me having
to do anything.

One of the nice things about a NAT router is that it blocks that
garbage traffic coming from the Internet so that your software
firewall never sees it.

-Char

 

[Ernie B.]

No. The only linksys changes I made were to update to the latest
firmware and change the default password. In the software firewalls I
disabled anything having to do with ICMP echo as well. I don't recall
having to do anything with ZoneAlarm. I just did it without me having
to do anything.

On my Linksys RT41-BU Security > Firewall tab "Block Anonymous Internet
Requests" is *not* checked by default, probably the same on your router. Try
checking the box, disable your firewall and run the grc.com ShieldsUp test. I
did this and came up with full stealth.

BTW I use Zonealarm free. Zlclient.exe runs in the background, uses 6,240 K
of memory, and makes no noticeable impact on the system.

 

[David H. Lipman]

From: "Char Jackson" <[email protected]>

| On Wed, 27 Jun 2007 19:37:30 -0600, Langly <[email protected]>
| wrote:
||
| On my Linksys WRT54G running firmware 4.21.1, the web GUI includes a
| Security tab. Clicking it defaults to the Firewall page. On that page
| I have the following:
|
| Firewall Protection: [X] Enable [ ] Disable
|
| Block WAN Requests
| [X] Block Anonymous Internet Requests
| [X] Filter Multicast
| [ ] Filter Internet NAT Redirection
| [X] Filter IDENT(Port 113)
|
| Those are the defaults, and here's what the Help says about the "Block
| Anonymous Internet Requests" option:
| "By enabling the Block WAN Request feature, you can prevent
| your network from being "pinged," or detected, by other Internet
| users. The Block WAN Request feature also reinforces your network
| security by hiding your network ports. Both functions of the Block
| WAN Request feature make it more difficult for outside users to
| work their way into your network. This feature is enabled by
| default. Uncheck to disable this feature."
|
| Note that it's enabled by default. If you're running a different model
| Linksys, or different firmware, you may have to hunt around a little
| to find the same or similar setting.
||
| One of the nice things about a NAT router is that it blocks that
| garbage traffic coming from the Internet so that your software
| firewall never sees it.
|
| -Char

As always...
I suggest to specifically block both UDP and TCP ports 135 ~ 139 and 445 on *any* SOHO
Router.

 

[Langly]

From: "Char Jackson" <[email protected]>

| On Wed, 27 Jun 2007 19:37:30 -0600, Langly <[email protected]>
| wrote:
||
| On my Linksys WRT54G running firmware 4.21.1, the web GUI includes a
| Security tab. Clicking it defaults to the Firewall page. On that page
| I have the following:
|
| Firewall Protection: [X] Enable [ ] Disable
|
| Block WAN Requests
| [X] Block Anonymous Internet Requests
| [X] Filter Multicast
| [ ] Filter Internet NAT Redirection
| [X] Filter IDENT(Port 113)
|
| Those are the defaults, and here's what the Help says about the "Block
| Anonymous Internet Requests" option:
| "By enabling the Block WAN Request feature, you can prevent
| your network from being "pinged," or detected, by other Internet
| users. The Block WAN Request feature also reinforces your network
| security by hiding your network ports. Both functions of the Block
| WAN Request feature make it more difficult for outside users to
| work their way into your network. This feature is enabled by
| default. Uncheck to disable this feature."
|
| Note that it's enabled by default. If you're running a different model
| Linksys, or different firmware, you may have to hunt around a little
| to find the same or similar setting.
||
| One of the nice things about a NAT router is that it blocks that
| garbage traffic coming from the Internet so that your software
| firewall never sees it.
|
| -Char

As always...
I suggest to specifically block both UDP and TCP ports 135 ~ 139 and 445 on *any* SOHO
Router.

Thanks for the feedback.

My router is a linksys BEFSR41 V2, with firmware: 1.46.02, Aug 03
2004. Here are the current relevant setting values I have:

Block WAN Request: Enable
Multicast Pass Through: Enable
IPSec Pass Through: Enable
PPTP Pass Through: Enable
Remote Management: Disable Port: 8080
Remote Upgrade: Disable
MTU: Disable Size: 1500
Filter Internet NAT Redirection: Disable
Filter IDENT(port 113): Disable

I'll try changing the last one (port 113 filtering), and the suggested
port blocks too. Right now none are filtered.

What has me puzzled is that ZoneAlarm seemed to get the job done with
these settings. It's a pity it caused such a noticeable performance
hit with the antivirus, antispyware, etc. and had to be disabled for
several trusted websites to work.

So far NOD is getting best software feedback, unless others need more
time to respond.

I do appreciate the responses from everyone.

 

[Char Jackson]

As always...
I suggest to specifically block both UDP and TCP ports 135 ~ 139 and 445 on *any* SOHO
Router.

My understanding is that all inbound ports are blocked by default, as
confirmed by grc.com. By "block", do you mean specifically opening
those ports and perhaps forwarding them to a non-existent LAN IP? I
just prefer to let them be blocked along with everything else.

-Char

 

[David H. Lipman]

From: "Char Jackson" <[email protected]>


|
| My understanding is that all inbound ports are blocked by default, as
| confirmed by grc.com. By "block", do you mean specifically opening
| those ports and perhaps forwarding them to a non-existent LAN IP? I
| just prefer to let them be blocked along with everything else.
|
| -Char

Effectively they are not. They are akin to doors that can be opened.
Specifically blocking the ports on the Router effectively locks those doors and they can not
be opened.

 

[Char Jackson]

From: "Char Jackson" <[email protected]>


|
| My understanding is that all inbound ports are blocked by default, as
| confirmed by grc.com. By "block", do you mean specifically opening
| those ports and perhaps forwarding them to a non-existent LAN IP? I
| just prefer to let them be blocked along with everything else.
|
| -Char

Effectively they are not.

Please explain.

They are akin to doors that can be opened.

From the outside? I think not, but please correct me if I'm wrong.

Specifically blocking the ports on the Router effectively locks those doors and they can not
be opened.

So let me ask again - what do you mean by "specifically blocking the
ports on the router"? I only have experience with Linksys and D-Link
routers, and neither of them offers that feature. I repeat, are you
talking about specifically OPENING those ports and forwarding them to
a non-existent LAN IP? Is opening those ports more secure than leaving
them closed?

-Char

 

[James Egan]

Please explain.


From the outside? I think not, but please correct me if I'm wrong.

Dave's been advocating this for a long time now. iirc it was after
some local lan netbios packets traversed his router outbound. Not
inbound, as you say, since they are dropped unless specifically
forwarded.

However, uPNP (often enabled by default) allows the router to be
configured automatically from the inside so if you think uPNP and
trojan at the same time, perhaps it's not a bad idea after all.

So let me ask again - what do you mean by "specifically blocking the
ports on the router"? I only have experience with Linksys and D-Link
routers, and neither of them offers that feature. I repeat, are you
talking about specifically OPENING those ports and forwarding them to
a non-existent LAN IP? Is opening those ports more secure than leaving
them closed?

-Char

He doesn't mean that. He means blocking them with the router's
firewall (if available) even though they are already blocked by the
general operation.

Just in case.


Jim.

 

[Char Jackson]

Dave's been advocating this for a long time now. iirc it was after
some local lan netbios packets traversed his router outbound. Not
inbound, as you say, since they are dropped unless specifically
forwarded.

Ahh, I see, once bitten, twice shy.

However, uPNP (often enabled by default) allows the router to be
configured automatically from the inside so if you think uPNP and
trojan at the same time, perhaps it's not a bad idea after all.

I don't have a use for uPNP, so I have it disabled. Good point,
though.

He doesn't mean that. He means blocking them with the router's
firewall (if available) even though they are already blocked by the
general operation.

Just in case.

Jim.

Got it, thanks!

 

[bassbag]

I am a home user with 2 networked computers. I plan to buy a third
soon. I use a linksys router to connect the machines to each other,
the internet, and for DHCP.

I currently use AVG Internet Security suite. The license is about to
expire. Basically I think it's a good product, but I find the
interface to be very awkward, and the firewall doesn't appear to do
full stealth mode since I haven't been able to stop it from responding
to a ping (I use the test available at grc.com). One review said it
doesn't protect against scripting viruses either.

In the past I tried Trend Micro, Norton, and ZoneAlarm. Norton seemed
to go deep into my system and mess things up real good. I ended up
reinstalling the OS to remove all traces. Apparently, being the most
popular software doesn't make it the best. Trend Micro was OK, but it
also responded to a ping and their support really pissed me off so to
hell with them. ZoneAlarm was the only one that would do total
stealth, but it really impacted system performance and had to be
disabled for quite a few websites to work.

Right now I'm looking at Kaspersky and NOD 32. I would appreciate
comments about your preferred software (not necessarily limited to the
2 above). Positive and/or negative comments would be appreciated.

Responding to ping is nessacary for path MTU discovery to work.You may
find that blocking this will make some sites time out.Personally i would
not block this in the router ,however the choice is yours.I also use AVG
ISS ,though ive removed the firewall component and use another,so
basically you can use AVG iss and a different firewall if you wished.If
you want to try a different suite its best to just trial them as many
behave differently on different users systems.
me

 

[Leythos]

However, uPNP (often enabled by default) allows the router to be
configured automatically from the inside so if you think uPNP and
trojan at the same time, perhaps it's not a bad idea after all.

If you have a UPNP router and have not disabled that feature then you've
got more problems that wondering about security.

Additionally, if you have a cheap NAT Router (which is not a firewall)
and you've left it at the default subnet (192.168.0.x or 192.168.1.x)
then you need to change it to something else (192.168.32.x) so that the
known hacks can't find it at the default address - you should have
already changed the login password also.


--
Leythos - (e-mail address removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.webservertalk.com/message1907860.html
3rd link shows what he's exposed to children (the link I've include does
not directly display his filth). You can find the same information by
googling for 'PCBUTTS1' and 'exposed to kids'.

 

[Char Jackson]

Responding to ping is nessacary for path MTU discovery to work.You may
find that blocking this will make some sites time out.

Fortunately, that's not the case.

Personally i would
not block this in the router ,however the choice is yours.

I block external pings unless I'm troubleshooting a problem that
requires enabling that capability.

-Char

 

[David H. Lipman]

From: "Char Jackson" <[email protected]>

| On Fri, 29 Jun 2007 01:31:32 GMT, "David H. Lipman"

|> My understanding is that all inbound ports are blocked by default, as
|> confirmed by grc.com. By "block", do you mean specifically opening
|> those ports and perhaps forwarding them to a non-existent LAN IP? I
|> just prefer to let them be blocked along with everything else.
|>
|> -Char

|
| Please explain.
|

I wish I could explain it better.

|
| From the outside? I think not, but please correct me if I'm wrong.
|

They can be invited by the inside and it is possible a well crafted packet may open the port
from the outside.

|
| So let me ask again - what do you mean by "specifically blocking the
| ports on the router"? I only have experience with Linksys and D-Link
| routers, and neither of them offers that feature. I repeat, are you
| talking about specifically OPENING those ports and forwarding them to
| a non-existent LAN IP? Is opening those ports more secure than leaving
| them closed?
|
| -Char

I use a Linksys BEFSR81 and have used the BEFSR41.
http://192.168.1.1/Filters.htm

I have also setup other Routers such as Asante and D-Link. Specifically blocking ports is
there and it has NOTHING to do with uPnP. It also has NO negative consequences, only
benefits.

See the graphic posted in; alt.binaries.comp.virus
Subject: Re: Which Internet Security suite is best?

 

[Char Jackson]

I use a Linksys BEFSR81 and have used the BEFSR41.
http://192.168.1.1/Filters.htm

I have also setup other Routers such as Asante and D-Link. Specifically blocking ports is
there and it has NOTHING to do with uPnP. It also has NO negative consequences, only
benefits.

See the graphic posted in; alt.binaries.comp.virus
Subject: Re: Which Internet Security suite is best?

I found the graphic, thanks. I don't think this is something I'm going
to worry about, but I see your point.

-Char

 

[James Egan]

I have also setup other Routers such as Asante and D-Link. Specifically blocking ports is
there and it has NOTHING to do with uPnP. It also has NO negative consequences, only
benefits.

What's the benefit of blocking something that is already blocked,
then?


Jim.

 

[James Egan]

They can be invited by the inside and it is possible a well crafted packet may open the port
from the outside.

I find that hard to believe. Can you post a link with a bit of detail.


Jim.