hi..........i was wondering if there is a major difference in firewall capabilities or safety parameters in firewalls of security suites like Kis2009...Norton2009 or pure firewalls like outpost pro2009....zonealarm pro....

-{ Quote: "hi..........i was wondering if there is a major difference in firewall capabilities or safety parameters in firewalls of security suites like Kis2009...Norton2009 or pure firewalls like outpost pro2009....zonealarm pro...." }-

In case of ZAPRO as compared to ZA Suite, NONE.

Cheers,
Fax

Being part of a suite or being standalone doesn't make it any more or less 'secure'. But what are you looking for in a firewall?

-{ Quote: "hi..........i was wondering if there is a major difference in firewall capabilities or safety parameters in firewalls of security suites like Kis2009...Norton2009 or pure firewalls like outpost pro2009....zonealarm pro...." }-

With respect to the OP, I don't think any of the products you mentioned are "pure" FW's. Certainly ZA Pro was a suite of tools when I used it.

The only pure FW I have actually used is Kerio . There are others.

I have often wondered about this also. Is one better off using an A/V like Avira, Norton 2009, GData ect. & then using a separate firewall like Online Armor, Outpost 2009 as apposed to using their security suite? It seems like the Suites are lacking in one or the other.

-{ Quote: "hi..........i was wondering if there is a major difference in firewall capabilities or safety parameters in firewalls of security suites like Kis2009...Norton2009 or pure firewalls like outpost pro2009....zonealarm pro...." }-
Sometimes you see more features and perhaps configurability in the stand-alone firewalls as opposed to ones in suites.

Also, in a suite, typically one component of the suite is the strongest and one is weaker. For example, the developers may start out, produce a great AV product, Avira for example, then later create a suite by adding a firewall, something that Avira is not particularly known for. So in that case you get a good AV, but a weaker firewall perhaps. In the ZA Suite, you get a stronger firewall, their main product, and perhaps a weaker AV along with it. Similarly for others..

Many folks prefer separates over a suite, the advantage is to get the best of both products in stand-alones and make your own "suite" of sorts.

However, nowadays, some suites are really quite good overall, and would serve you well enough. Just depends on what you prefer....

-{ Quote: "I have often wondered about this also. Is one better off using an A/V like Avira, Norton 2009, GData ect. & then using a separate firewall like Online Armor, Outpost 2009 as apposed to using their security suite? It seems like the Suites are lacking in one or the other." }-

You have to be carefull of overlaping functions and potential conflict when you build your own "suite". Best to research exactly what features the product has before laying out your money or your time. Trial version is the most reliable way to do this.

If you have say Avira and then had OA with AV + as an example you end up with 2 AV's and that is a no no!

BTW OA is not a separate FW it is a suite, with Program Guard ( HIPS) a 2 way FW, Web site protection and a email shield for spoofs.

Research by user essential. One good suite may be a better choice that 4 poorly selected and set up stand alone packages.

If I were building a free stand alone layered set up I would start with the FW, Kerio then add Avira for my AVand SAS free for ASW. I'm unsure on HIPS. At one time it was TF but no longer.

Currently using OA V3 Premium that gives me a FW and HIPS and I also have SAS Paid and Nod32. As well FF with no script.

-{ Quote: "With respect to the OP, I don't think any of the products you mentioned are "pure" FW's. Certainly ZA Pro was a suite of tools when I used it.

The only pure FW I have actually used is Kerio . There are others." }-


well agreed, but that's the issue today it is difficult to find pure stand alone products...av's have adware,malware capabilties and spyware suites are having av.......firewalls have hips,spyware dealing potential.....so the question remains.......if one buys say outpost pro 2009 then which top notch av would work in its entirety....for one or the other component in either would conflict....so back to original question.......

I prefer the router to do the job of filtering traffic and AV to keep out the nasties, why bother adding a slowing down second layer of firewall when you already have a router which does a capable job.

Security Suites are basically bundled for novice/home users. Hence they tend to overlook or hide many functions that you may find in a stand-alone firewall product like say OA.

In the end, it your requirements that takes presidence. If you are looking for ability to add custom rules set, have a powerful traditional HIPS, Competent SPI you may want a stand-alone firewall product which has been created for this purpose.

Remember security suites are designed to be jack of all trades and hence logically can't be master of all trades. So choose as per you requirements ( and budget ).

-{ Quote: "With respect to the OP, I don't think any of the products you mentioned are "pure" FW's. Certainly ZA Pro was a suite of tools when I used it.

The only pure FW I have actually used is Kerio . There are others." }-

Possibily GhostWall also?

Gerard

-{ Quote: " Many folks prefer separates over a suite, the advantage is to get the best of both products in stand-alones and make your own "suite" of sorts." }-

The only problem I see with this approach is that inexperienced users are increasingly faced with conflicts of separate tools as compared to suites. Separate tools tends to add features overlapping with already existing tools or block by design competing brands.

'Best-of' approach will be increasingly limited to a close round of more expert/advanced users.

While for the large majority of users a suite will been more than enough since (IMO) the marginal advantage of a suite as compared to 'best-of' is often not proportional to the efforts needed to troubleshoot compatibility problems.

From a security point of view hybrid suite (using different components from different companies such as F-secure, GDATA, ZA Suite) are per se already diversifying and minimising risk of one suite going OFF in one strike...

Cheers,
Fax

-{ Quote: "Security Suites are basically bundled for novice/home users. Hence they tend to overlook or hide many functions that you may find in a stand-alone firewall product like say OA.

In the end, it your requirements that takes presidence. If you are looking for ability to add custom rules set, have a powerful traditional HIPS, Competent SPI you may want a stand-alone firewall product which has been created for this purpose.

" }-

This the reason for I go on to use KIS 7 and I didn't upgrade at KIS 2009. In KIS 2007 I'm the only owner of the fw rules. In the future, I think to have KAV and a stand alone fw like Outpost.

-{ Quote: "The only problem I see with this approach is that inexperienced users are increasingly faced with conflicts of separate tools as compared to suites. Separate tools tends to add features overlapping with already existing tools or block by design competing brands.

'Best-of' approach will be increasingly limited to a close round of more expert/advanced users.

While for the large majority of users a suite will been more than enough since (IMO) the marginal advantage of a suite as compared to 'best-of' is often not proportional to the efforts needed to troubleshoot compatibility problems.

From a security point of view hybrid suite (using different components from different companies such as F-secure, GDATA, ZA Suite) are per se already diversifying and minimising risk of one suite going OFF in one strike...

Cheers,
Fax" }-

I would agree. I do PC support and on average a user is doing well if they're aware of the need for antivirus and keep it current. The idea of using multiple resident security applications is more then many people can handle - suites give the average user better protection because they cover the bases with what the user sees as one application.

Symantec claims that there is a distinct benefit to a security suite – namely, it provides integration across the layers of security. For their perspective, read on.

-{ Quote: "Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. The approach is considered necessary so that threats leveraging different vectors of attack can be blocked, and to mitigate the damage that a compromised system is exposed to. To this end, suites bring together several protection layers, typically starting with antivirus, antispyware and a 2-way firewall, and also including other technologies like intrusion protection, antiphishing, antispam, vulnerability assessment, and parental controls depending on the package. But, are security suites more secure than a combination of individual products? …

The one aspect of multilayer security that is not widely embraced and discussed, but that is key in opening the potential for suites to deliver better security, is the level of integration across security layers. This is where true security suites can really make a difference. Take the two most fundamental layers in a security product: antivirus and firewall. How can integration between these two technologies provide better security? Outbound firewalls control whether applications running on a computer can send information out to the Internet. They try to determine whether an application attempting a connection is a safe application that should be allowed access or a malicious application that should be blocked. Firewalls on their own are illequipped to make this decision and constantly seek to improve their ability to allow or block access automatically. In a suite, and with some integration, AntiVirus technology can help the firewall tremendously in this process. Let’s say that a Trojan found its way onto a system, and is calling "home". The firewall will see the Trojan establishing a network connection, and will need to decide whether to allow it, block it, or ask the user what to do. If the firewall can instruct the antivirus program on that system to check whether it matches a signature, and the antivirus program sees that this is a Trojan and can pass that information to the firewall, the firewall can now take automatic action and block the network connection. The system is more secure, since the communication from the Trojan was blocked; the system overall is more usable, since this happened without relying on user action. Integrated security layers can improve the overall security of a system. Unfortunately, many security suites in the market don’t provide a level of integration that really makes a difference.

Delivering integrated security layers is just as important as embracing a multilayer security approach, and is an important consideration when trying to decide whether to use a security suite versus individual products, or when making a product selection amongst suites." }-Source: Norton Protection Blog (http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=suite_security&profileid=laura_garcia-manrique)

-{ Quote: "NIPS (Network Intrusion Prevention Systems) technology complements and works in tandem with firewalls in providing the first and last line of defense in a layered security solution. NIPS technology offers two main benefits, preventing remote code execution by exploitation of vulnerabilities and blocking malware from phoning home. Technically, NIPS inspects packet headers and payloads, blocking bad traffic and allowing good traffic to get through without ever requiring user interaction and complementing what firewall and antivirus technology alone can do. …

With NIPS complementing a firewall, all network traffic going past the firewall will be examined, decoding protocols looking for suspicious patterns. If a pattern is found, the network packet is dropped and the connection disconnected, blocking the attacker from further penetrating the system. The effectiveness of NIPS technology is that it is a clean kill. No artifacts of the attacker are allowed to persist on the disk, and no cleanup is required.

With these clear benefits, and overall effectiveness, NIPS technology becomes an important component of a desktop security product, strengthening and working in tandem with antivirus and firewall technologies for a more complete and effective system defense." }-Source: Norton Protection Blog (http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=network_intrusion&profileid=laura_garcia-manrique)

For more information on this subject, see: Security Suite: More Than the Sum of Its Parts? (http://radified.com/cgi-bin/yabb2/YaBB.pl?num=1155920404)

First of all, it is "vis a vis";D Secondly, the former post is exactly why I use a suite. For many years I used ZA and NAV, but when CA came along with a good ISS, I opted for it. What do I know? I have only been building computers since 1982. I now run a non-computer business and don't have the time to piddle with my 'puters, so the ISS fills the role of a member of my virtual IT team. I try to automate as much as I can on my LAN, and an ISS helps a great deal. I spend most of my time trying to run a business... I don't have time to waste with mundane computer chores. My hobby days are over.

That integration of all the security components into one suite can also be a disadvantage. Shared components means shared dependencies and shared vulnerabilities. It can put the user in the unfortunate position of having the entire security suite crash if the vendor messes up on an update. Symantec has done this more than once. If a successful attack is found against that suite, the same results are possible. This is far less likely with separate applications where the only components in common are parts of the OS itself.

The biggest problem with building your own is avoiding overlapping functions and the potential conflicts they bring. "Pure" firewalls are getting rare. That's one reason I stay with Kerio 2.1.5, besides the fact that it's a good firewall. Most of the firewalls are suites now, and most of them have some components that run at a kernel level. The problem begins when another security app is added, like HIPS for instance, or an AV with a rootkit module. Then you end up with more than one security app hooked into the kernel, each expecting to be hooked the deepest and having the "final say" over what goes on. They might get along fine. They might not. It depends on the apps, what version each is, the OS, how it's equipped, even what's installed.

Even if you get lucky and all the apps work together great, it doesn't mean it will stay that way. If any of those kernel level apps updates, there's no guarantee that they'll still be compatible when it does. This happened with SSM and AntiVir when they released that rootkit module for their AV. The initial release was fine. The first update caused problems.

If you're going to build your own suite, try to limit it to one kernel level security app. Little is gained by having more than one security app protecting at the kernel level. If you choose to have more than one, update them manually and have a system backup available. Make a system backup before you even start building your suite. Few apps have more potential to conflict than security apps. Just because 2 apps get along on one users PC doesn't mean that they will on yours.

My favorite combination for a security suite is Kerio 2.1.5, SSM (either version) and Proxomitron. If you like rule based apps and a highly configurable setup, this is a hard combination to beat, provided the user knows how to configure them. AntiVir (without the rootkit module) works well with them. Script Sentry can add script protection to the combination for a very complete package. If you're really serious or paranoid, add a file integrity checker.

-{ Quote: "The only problem I see with this approach is that inexperienced users are increasingly faced with conflicts of separate tools as compared to suites. Separate tools tends to add features overlapping with already existing tools or block by design competing brands.

'Best-of' approach will be increasingly limited to a close round of more expert/advanced users.

" }-
Hi Fax,

Yes, this is true, and suites certainly seem to be doing well and becoming ever more popular these days... It is becoming more and more difficult to take the old approach of mixing and matching separates and coming up with a good set of apps that cover things well and don't conflict. For most, a suite is probably fine...

-{ Quote: "
My favorite combination for a security suite is Kerio 2.1.5, SSM (either version) and Proxomitron. If you like rule based apps and a highly configurable setup, this is a hard combination to beat, provided the user knows how to configure them. AntiVir (without the rootkit module) works well with them. Script Sentry can add script protection to the combination for a very complete package. If you're really serious or paranoid, add a file integrity checker." }-
Yep, that sounds like a good combo of apps that would get the job done well, and light and fast also. I tend to prefer to keep it simple too. Sometimes a lot of problems are generated by just overloading on apps.

Hi,

I used to have all featured security suite installed on my PC a few years ago but now, I'm using stand-alone security applications to protect it.
The reason behind my decision: All software available for use regardless it's for bussines use or home use have flaws. No matter who is the vendor, all of them have flaws.

Therefore, if you're using a security suite (AntiVirus, Firewall, Anti-Spyware, etc.) and there is a vulnerability that can be exploited on that software you may be at risk unless the vendor rushes off a patch to fix that vulnerability.

However, if you're running separate applications 1 stand-alone AV, 1 stand-alone firewall and one stand-alone anti-spyware it's going to be difficult that all of them have a simultaneous vulnerability that can be exploited at the same time, right?


Having said that, I'd rather use stand-alone applications to protect my PC than a full featured security suite that can be compromised because some bad guys might find a flaw that can be exploited.


Just my 2¢

Carlos

http://www.wilderssecurity.com/showthread.php?t=222528
:blink: