I plan to use BitTorrent and mIRC on a daily basis and was wondering what everyone's network security setup is. What are the good software to use for a secure environment?

I use P2P and I just have KIS 7.0 realtime with SAS for occasional ondemand scans. Works great.

I use Limewire, mainly for music/music vids.
Have Avast AV configured with the p2p shield (one of seven available) on, Comodo firewall, and SpywareTerminator.
I used to scan every file prior to allowing them to run, and that's probably wise, but (so far) nothing has been found, and I've stopped doing it.
I'd imagine scanning with 2 or more scanners would be important if downloading zips, or applications (Highly NOT recommended) but most mp3's, if they seem to be the right sort of size (3-10Mb) and title/comment seem to be OK.
Avoid files that have a lot of "keywords/tags" in the title. They're usually junk/porn.

[EDIT] PS, I also use Peerguardian for blocking certain advertising sites and the download police etc. Don't know how effective it is, updates seem to be a problem at times.

I'm looking for strong protection from inbound traffic that I will be getting.

I have my NAS box running 24/7 w/ P2P. Both uTorrent & Crux. I use Outpost Pro w/ tight ruleset for P2P, NOD32 scans any / every file before opening along w / Spyware Terminator scan every file and a2 occasional scans (suspicious files). Box also has BoClean (new install) and ProSecurity.

I've D/L'd some trojans, but they were caught and eliminated prior to launching and doing their evil deeds.

And, forgot to mention, I'm behind a router w/ protection.

...screamer

edit: Yes... PeerGuardian too ;)

{QUOTE-> I'm looking for strong protection from inbound traffic that I will be getting. <-QUOTE}

The strength of your protection will depend on your firewall ruleset.

Screamer, what made you choose OutPost firewall? And what rules should I be writing if I may inquire?

Hi, all


Besides FireWall specific rules, AV that look into data (e.g. the Avast Module for P2P, Internet etc) there is a good way to secure your download/shared directories:

- using block (to execute) with classical HIPS like SSM for the shared directory
- set the P2P application AND shared directories as untrusted/blocked with DefenseWall & GeSWall
- using a executable startup filter/rule for behavior blockers in that specific directory (just add the shared directory to the C:\ and C:\WINDOWS directories protected by your 'file protection' rules).

Regards K

{QUOTE-> Screamer, what made you choose OutPost firewall? And what rules should I be writing if I may inquire? <-QUOTE}

I've been using Outpost for a few years on all but one of my machines. Laptop uses Comodo, just because Outpost was conflicting w/ Spyware Doctor. Work fine together on main box though. Go Figure...

Here's a basic ruleset:

[your apps name=??]
VisibleState: 1
Exe:
??, ??.exe
DefaultState: 1
RuleName: ?? HTTP connections
Protocol: TCP
RemotePort: 80
Direction: Outbound
AllowIt

DefaultState: 1
RuleName: ?? Outbound TCP connections
Protocol: TCP
RemotePort: 1025-65535
Direction: Outbound
AllowIt

DefaultState: 1
RuleName: ?? UDP connections local Port
Protocol: UDP
LocalPort: 6346<-- whatever port you decide to use
AllowIt

DefaultState: 1
RuleName: ?? UDP connections remote Port
Protocol: UDP
RemotePort: 6346
AllowIt

DefaultState: 1
RuleName: ?? Inbound TCP connections
Protocol: TCP
LocalPort: 6346
Direction: Inbound
AllowIt

DefaultState: 1
RuleName: Block ?? UDP connections
Protocol: UDP
LocalPort: 0-1024
BlockIt

DefaultState: 1
RuleName: Block ?? Inbound TCP connections
Protocol: TCP
LocalPort: 0-1024
Direction: Inbound
BlockIt

DefaultState: 1
RuleName: Block ?? Outbound TCP connections
Protocol: TCP
RemotePort: 0-1024
Direction: Outbound
BlockIt

hth,

...screamer

I'm surprised no one mentioned ProtoWall (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=31) or PeerGuardian (http://phoenixlabs.org/pg2/) (both freeware). These are specifically designed for filesharing privacy, as they would block "bad" IPs. Speaking of which, Outpost has a great plugin called 'Blockpost' (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=7229) (freeware), which serves the same purpose as the applications mentioned above.

Cheers,

Seer, between ProtoWall or PeerGuardian, which one is better? Or which one has the bigger "bad ip address" list?

screamer, thanks for the basic rules. How does Outpost compare to other firewalls?

Tarq57, how is PeerGuardian working out for you?

I activate Peerguardian every time I open Limewire. It can be set to block HTTP also. Currently says it's blocking 975134210 IP's.
Updating is sporadic. Often when searching for the updates it blocks itself from updating, perhaps because several of the IPs that have the updates are on the block list. I don't know what that's all about.
The program has no actual application problems apart from being bombastically slow to process the update list, when this has been successful, and there is a forum that's pretty informative.
Don't know how watertight it is. Certainly better than nothing, though. Certainly its' presence doesn't cause me to relax at all about the possibility of malware in anything downloaded, and I think that's a pretty good approach to anything done on the web.
(Just coz you have good airbags in the car doesn't mean you drive to crash.)

I use pg2 also, and i too have noticed that updating can be a pain, but I very rarely use p2p these days, so it doesn't bother me much.
It does also seem to crash on startup about once a month on average. I have it set to start with windows, mainly coz I'm too lazy to change it.

I also have windows set to show all file extensions, so that I won't be bitten by cool song.mp3.exe

{QUOTE->

screamer, thanks for the basic rules. How does Outpost compare to other firewalls?

<-QUOTE}

It scored an 8700 = Very Good on Matousec's list:

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

Like I said, I've been using it for a coupla years and I'm comfortable w/ it. Its yet to let me down. It has several plug-ins: Adware, Anti-Spyware, Attachment Quarentine... I only use DNS, Attack Detection & http log.

hth,

...screamer

Hello.

First off, apologies to Tarq57, he mentioned PeerGuardian before me :)

{QUOTE-> Seer, between ProtoWall or PeerGuardian, which one is better? Or which one has the bigger "bad ip address" list? <-QUOTE}

They are both equal regarding "bigger" list, as they both use Bluetack's list for updating IP addresses, if I am not mistaken. Protowall is Bluetack's app. I have used both, for a short time, but I have noticed that PeerGuardian tends to be a little heavier on the CPU, as it produced occasional spikes. But you need to try them on your system to see the exact differences.

Cheers,