Firewall etc

Discussion in 'Windows Vista Security' started by jo5030, Jul 16, 2008.

  1. jo5030

    jo5030 Guest

    Can anyone comment on the effectiveness of the MS supplied Firewall and
    Defender offering when compared to other commercial products (such as McAfee
    and Norton)? I use Norton at the moment, and it seems to me that if one is
    offered through Vista for nothing, I may as well use it rather than pay for
    another?
     
    jo5030, Jul 16, 2008
    #1
    1. Advertisements

  2. jo5030

    Kayman Guest

    Both are good-quality applications, especially the firewall. (Steer away
    from 3rd party software (so-called) firewall applications!!).
    Educational reading:
    Managing the Windows Vista Firewall
    http://technet.microsoft.com/en-us/magazine/cc510323.aspx

    Interesting reading:
    http://www.pcworld.com/article/id,136195/article.html
    "...Windows Defender did excel in behavior-based protection, which detects
    changes to key areas of the system without having to know anything about
    the actual threat."

    A-S applications - for non-viral malware.
    The effectiveness of an individual A-S scanners can be wide-ranging and
    oftentimes a collection of scanners is best. There isn't one software that
    cleans and immunizes you against everything. That's why you need multiple
    products to do the job i.e. overlap their coverage - one may catch what
    another may miss, (grab'em all).

    SuperAntispyware - Free
    http://www.superantispyware.com/superantispywarefreevspro.html
    and
    Ad-Aware 2007 - Free
    http://www.lavasoftusa.com/products/ad_aware_free.php
    http://www.download.com/3000-2144-10045910.html
    and
    Spybot Search & Destroy - Free
    http://www.safer-networking.org/en/download/index.html
    A number of experts agree that the retail AV version of McAfee, Norton and
    Trend Micro has become cumbersome and bloated for the average user.

    The major Norton criticisms are related to stability and footprint, the
    most common problem being slow-downs because of the massive system
    resources Norton hogs. There are products on the market with equal or
    better test results than Symantec's products, consuming less resources at a
    lower price (*even free ones*).
    Download and run the Norton Removal Tool:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
    The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003
    products and Norton 360 from your computer.

    Real-time AV applications - for viral malware.
    Do not utilize more than one (1) real-time anti-virus scanning engine!
    Disable the e-mail scanning function during installation (Custom
    Installation on some AV apps.) as it provides no additional protection.

    Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
    http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
    Viral Irony: The Most Common Cause of Corruption.
    http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

    Avira AntiVir® Personal - FREE Antivirus
    http://www.free-av.com/
    You may wish to consider removing the 'AntiVir Nagscreen'
    http://www.elitekiller.com/files/disable_antivir_nag.htm
    or
    Free antivirus - avast! 4 Home Edition
    It includes ANTI-SPYWARE protection, certified by the West Coast Labs
    Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
    GMER technology.
    http://www.avast.com/eng/avast_4_home.html
    (Choose Custom Installation and under Resident
    Protection, uncheck: Internet Mail and Outlook/Exchange.)
    or
    AVG Anti-Virus Free Edition
    http://free.grisoft.com/
    (Choose custom install and untick the email scanner plugin.)
    or
    ESET NOD32 Antivirus - Not Free
    http://www.eset.com/
    or
    Kaspersky® Anti-Virus 7.0 - Not Free
    http://www.kaspersky.com/homeuser

    and (optional but highly recommendable)

    On-demand AV applications.
    (add them to your arsenal and use them as a "second opinion" av scanner).
    David H. Lipman's MULTI_AV Tool
    http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
    http://www.pctipp.ch/downloads/dl/35905.asp
    English:
    http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
    Additional Instructions:
    http://pcdid.com/Multi_AV.htm
    and/or
    Kaspersky's AVPTool
    http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
    There's no updating involved since the scanning engine is updated
    several times a day and you simply download the updated scanner whenever
    you want to do a scan.

    Dr.Web CureIt!® Utility - FREE
    http://www.freedrweb.com/cureit/

    Malwarebytes© Corporation - Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Note: It is Free for private use. Just download (do NOT buy) and install.

    A clarification on the terminology: the word "malware" is short for
    "malicious software." Most Anti-Virus applications detect many types of
    malware such as viruses, worms, trojans, etc.
    What AV applications usually don't detect is "non-viral" malware, and the
    term "non-viral malware" is normally used to refer to things like spyware
    and adware.

    Good luck :)
     
    Kayman, Jul 16, 2008
    #2
    1. Advertisements

  3. jo5030

    Chappy Guest

    Matousec ran a very comprehensive test of the available products fo
    Windows.
    'Matousec Firewall Challenge
    (http://www.matousec.com/projects/firewall-challenge/)

    Windows firewall in it's default state scored a rather dismal 5% bu
    does better with some advanced configuration, still not as good a
    others tho
    Comodo scored the best for Free firewalls at 95% and is the choice o
    many of the security pros here in the Forums. Some in the Newsgroup
    here get rather "testy" when anyone mentions (God forbid) using a 3r
    party firewall...call them "Snake Oil" and the like, but Matousec's tes
    suite is very comprehensive and runs the toughest firewall attacks an
    go-rounds available so I'll take their word over the ...ahem "other" gu
    here who may come in and start bashing this post for Blasphemy

    --
    Chapp

    ::*_DAVE_* ::- vista ultimate 64bit - nzxt lexa classic case - asu
    commando mobo (p965/ich8r) - intel e6750 core 2 - zalman 9700 cpu coole
    - 4g's crucial ballistix tracer ddr2 pc26400 ram - bfg 8800gts oc2 320m
    - 2 x 22\" w2207 lcd monitors - 2 x 250g, 2 x 500g sata ii hdd's, 2 dv
    burners c/w lightscribe (sony, tsst) - enermax noisetaker ii 600w ps
    with custom chrome cable sleeving - hauppauge hdtv tv tuner card - 5.
    logitech z5500 speakers - 15 in 1 multi-card reader

    ::*We will _NEVER_ Forget!*::
     
    Chappy, Jul 16, 2008
    #3
  4. Personally I only use the Windows Firewall and have found it more than
    adequate. McAfee and Norton I would not use they are system hoggers and,
    especially Norton, cause more problems than they solve.

    --

    --
    John Barnett MVP
    Windows XP Associate Expert
    Windows Desktop Experience

    Web: http://xphelpandsupport.mvps.org
    Web: http://vistasupport.mvps.org

    The information in this mail/post is supplied "as is". No warranty of any
    kind, either expressed or implied, is made in relation to the accuracy,
    reliability or content of this mail/post. The Author shall not be liable for
    any direct, indirect, incidental or consequential damages arising out of the
    use of, or inability to use, information or opinions expressed in this
    mail/post..
     
    John Barnett MVP, Jul 16, 2008
    #4
  5. jo5030

    Root Kit Guest

    This is getting boring.... Testing the windows FW for outbound
    capabilities is like testing your car for the ability to fly....
    Yes. Because they specifically targeted leak tests in order to gain
    popularity. You do know that Comodo FW was developed for company
    promotional purposes, don't you?
    Pros? What's a pro?
    Well, that's what they are. But heck, do go install them if it makes
    you feel good. Just realize that there is a difference between real
    security and the subjective feeling of security. Indeed, the latter
    has value - just not in a technical sense.
    They test for some publicly known and also some self-made ones. The
    problem is there is no end to ways of leaking. Dealing with outbound
    control is nothing but gap stopping.
    I don't care, but you are aware that the malware industry offer
    services like testing your malware's ability to by-pass firewalls and
    anti-malware products, right?
     
    Root Kit, Jul 16, 2008
    #5
  6. I assume you are talking about the security suite offerings of
    McAfee and Norton. In that case, their offerings provide an
    "anti-virus" along with the personal firewall and anti-foistware
    Vista offers.

    There are excellent freeware programs in all categories, so
    there is no reason to consider yourself obligated to run what
    you already have.

    I use the firewall application and defender that came with Vista
    and added Avast! anti-virus (free). I also am behind a router/
    wireless access point that has (is) a fairly configurable firewall.

    Modern personal firewall applications have attempted to tackle
    data leakage. You may be the kind of person willing to pay for
    a good one of these, I'm not.
     
    FromTheRafters, Jul 16, 2008
    #6
  7. jo5030

    Mark H Guest

    Ditto!

    Additionally, a simple router is cheaper than any software product you will
    buy, doesn't require annual updates and with a simple one time setup will
    provide a stronger defense than most firewalls. (Even if not setup for
    portforwarding.)
    http://portforward.com/english/routers/port_forwarding/routerindex.htm

    But, no matter what you use, if you click "OK" or "Continue", your security
    has just been bypassed. You must use common sense.
     
    Mark H, Jul 16, 2008
    #7

  8. There are three kinds of software products you need for adequate
    protection:

    1. Firewall. I used to prefer the ZA firewall (or other third-party
    firewalls) because it also provided outbound protection. I've become
    convinced, however, that outbound protection is meaningless. Once one
    of the nasties gets into your computer, it can essentially do whatever
    it wants, including circumventing the firewall. So the extra
    protection that a firewall that monitors outbound traffic provides is
    more apparent than real, and I think the Windows firewall is fine.

    2. An anti-virus program. Windows provides *nothing* in this regard,
    and you should run a third-party product. I recommend NOD32, if you
    want to pay for a product, or the freeware Avast! if you don't.

    3. Anti-spyware programs. No single anti-spyware is adequate to
    protect you against everything. Windows defender comes with Windows
    Vista, but it alone isn't sufficient. I recommend adding at least one
    or more of the following: Spybot Search and Destroy, Spyware Blaster,
    Adaware, and Super AntiSpyware.

    You mention McAfee and Norton. In my view (and that of many other
    regulars here), Norton is the worst product on the market, and McAfgee
    is only slightly better. Although they are the best-known and the
    biggest sellers, I strongly recommend against both.
     
    Ken Blake, MVP, Jul 16, 2008
    #8
  9. jo5030

    Kerry Brown Guest


    I guess I'd be considered a "security pro". I manage network security for
    several businesses for a living. Microsoft has seen fit to award me the
    "Most Valuable Professional" award for the past three years. I totally
    disagree with your statements. The only time I use third party software
    firewalls with older OS's that don't have a built in firewall. Software
    firewalls that advertise outbound filtering as some sort of anti-malware
    goodness are indeed snake oil. Yes they stop some malware from phoning home.
    There is no way they can stop a determined hacker once your computer is
    owned. The fact that they stop some poorly programmed malware only gives
    people a false sense of security. Outbound filtering can be useful. You may
    want to stop business users from using p2p apps or messenger while at work.
    You may want to stop your kids from accessing certain sites or using certain
    applications. A software firewall running on the computer being used is not
    the best solution for this. If you do want to use a software firewall for
    these purposes the built in Vista firewall does this better than any 3rd
    party software firewall I've seen. Personally I use either a hardware
    firewall or a Linux box as a gateway device for doing this kind of stuff.
    Even most home routers have these features now. Use the appropriate tool for
    the job. Software firewalls aren't really the appropriate tool to stop
    malware once it's on your computer.
     
    Kerry Brown, Jul 16, 2008
    #9
  10. jo5030

    Nonny Guest

    Hi Kerry,

    I am using only my router's firewall. Another "MVP" (don't recall who
    it was) advised that people like me should also be running Vista's
    firewall for the additional outbound protection.

    Your post and another I just read from Ken Blake seems to downplay the
    need for ANY kind of outbound protection using the argument that a
    good piece of malware can easily bypass such protection.

    I think I'm fine with the hardware firewall. Am I correct?
     
    Nonny, Jul 16, 2008
    #10
  11. jo5030

    Kerry Brown Guest


    Have you disabled Vista's firewall? I wouldn't recommend that. I don't
    enable outbound protection but inbound protection is very useful. I
    recommend the Vista firewall in it's default configuration be used at all
    times. I don't bother configuring it for outbound protection. If that's
    needed I use an appropriate external device.

    To answer your question. Yes with a NAT router (preferably with a built in
    firewall of some type) and the Vista firewall you're fine as far as
    firewalls go. You do need other protection like AV and anti-spyware. I
    currently recommend the following setup.

    Router, Vista firewall, Windows Defender, and NOD32 (or Avast if you want a
    free AV). You may want to run another anti-spyware as a scanner only once in
    a while. You don't want it monitoring in real time. My current favourite for
    this is Superantispyware.

    http://www.eset.com/products/nod32.php

    http://www.avast.com/eng/avast_4_home.html

    http://www.superantispyware.com/
     
    Kerry Brown, Jul 16, 2008
    #11
  12. jo5030

    Nonny Guest

    Why would it be needed when I'm running behind a hardware firewall?
    I have all the A/V and malware protection I could possibly need.
     
    Nonny, Jul 16, 2008
    #12
  13. jo5030

    jo5030 Guest

    Guys

    Thank you all very much for your help. As a result of it, I have
    reconfigured my protection as follows:

    1. I am using my broadband hub as a firewall (for those of you that may
    know it, a BT Home Hub set to Standard security level)

    2. I have turned on my Windows Firewall as well with automatic updating,
    but malware protection turned off (and removed Norton).

    3. I have installed Avast! On-Access scanner as virus protection

    4. I am considering using SuperAntispyware or Spybot as well.

    To you experts - does this seem enough, and would you advise me to use on or
    both of the products mentioned in 4 above.

    Thank you all again for helping me.

    John
     
    jo5030, Jul 16, 2008
    #13
  14. jo5030

    Nonny Guest

    Turn malware protection (Defender) back on. Use one or two others to
    supplement it.

    If you're not totally fatigued by UAC's constant prompts, I would
    suggest you install Spybot Search and Destroy. It's free, and it has a
    feature named "teatimer" that keeps a lookout for any changes to your
    registry and prompts you before letting them be made.
     
    Nonny, Jul 16, 2008
    #14
  15. That is basically the setup I have. The Windows firewall could be
    eliminated, but I don't feel it hurts to have it enabled just in case
    I end up not behind my router. This can happen with wireless
    networking. :eek:)

    Do make sure your HUB's firewall is *yours* - that is you should
    change the default password to something more secure than 'admin'
    or 'user'.
     
    FromTheRafters, Jul 16, 2008
    #15
  16. jo5030

    Kerry Brown Guest

    It's an added layer of protection. Firewalls are very good at filtering
    inbound traffic. There is very little overhead involved. What if another
    computer on your network gets infected with a network worm? What if a trojan
    is executed on another computer that reprograms your router via uPNP? What
    if your neighbour hacks into your wireless network? If you are always behind
    the router and the router has a good firewall (most home routers have very
    basic firewalls) then the risk of running without the Vista firewall isn't
    that great. On the other hand the cost of the extra protection isn't that
    much. It's just a very minimal amount of overhead.

    If the computer in question is a notebook that may be used outside of your
    network then it's imperative that the Vista firewall be enabled. When you
    connect to a new network and Vista asks you if it's a public, home, or work
    network, Vista changes the firewall rules to be appropriate for your choice.
     
    Kerry Brown, Jul 16, 2008
    #16

  17. When you say "malware protection," do you mean anti-spyware
    protection? Spyware and viruses are both different kinds of malware.

    If so, I assume that that means you turned off Defender. That's a
    mistake. Defender may not be the single best anti-spyware app
    available, but it's much better than nothing, and works well in
    combination with other such products. It sounds like you presently
    have no protection against spyware, and that leaves you very
    vulnerable.


    Good, but do more than consider. I would install them both, if I were
    you. Just don't scan simultaneously with both.


    You're welcome. Glad to help.
     
    Ken Blake, MVP, Jul 16, 2008
    #17
  18. jo5030

    Kerry Brown Guest


    And turn off uPnP on the router. There are two steps to securing a router.
    Make sure a strong password is in place for the router setup. Turn off uPnP.
    UPnP can be used to program a router bypassing the need for authentication.
     
    Kerry Brown, Jul 16, 2008
    #18
  19. jo5030

    Nonny Guest

    Thanks for the info!
     
    Nonny, Jul 16, 2008
    #19
  20. jo5030

    Kayman Guest

    Kayman, Jul 17, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.