Comodo Firewall + EAV: good total security?

Discussion in 'ESET NOD32 Antivirus' started by SilentMusic7, Aug 29, 2008.

Thread Status:
Not open for further replies.
  1. SilentMusic7

    SilentMusic7 Registered Member

    Joined:
    Aug 29, 2008
    Posts:
    16
    The foundation for my internet security is prevention, including a hardware firewall (provides stateful packet inspection, NAT and port stealthing), Mozilla Firefox as the default browser (Internet Explorer used only for Windows Update and two other sites), Mozilla Thunderbird as the email client, Adblock Plus add-on for Mozilla products, Sun Microsystems Star Office (doesn't support macros) and an ISP that provides email virus and spam blocking. Based on 3rd-party comprehensive comparisons of firewalls (http://www.testmypcsecurity.com/view_results.html and http://www.matousec.com/projects/firewall-challenge/results.php), Comodo Firewall Pro is currently the most secure, so I plan to install it (using Clean PC Mode). I plan to also install the Comodo Memory Firewall and Comodo BOClean software. See http://www.comodo.com/products/free_products.html

    I have Windows XP Pro SP3 on two PCs, where the older PC runs at 500MHz and has the maximum allowed RAM installed, which is 288MB. I use my PCs for real-time music recording/mixing and general internet and email. The feedback I got from hardware developers and audio PC integrators is that Windows Vista has serious problems for real-time audio, some of which cannot be worked around. One vendor mentioned that Microsoft has committed to continuing to sell XP to OEMs up to January 2010. I plan to avoid Windows Vista and wait for the next stable Windows OS.

    I am now looking for one software application that provides real-time protection against known and unknown viruses and spyware. The reason for one software application is that several companies warn about system problems with having real-time (on-access scanner) protection from two software applications simultaneously. Based on 3rd-party comprehensive comparisons of anti-virus SW (http://www.av-comparatives.org and http://www.virusbtn.com/vb100/index), especially with proactive protection against unknown malware, the SW that is most secure with few false positives is Avira AntiVir Premium and ESET NOD32 Antivirus (EAV). Note that the free Avira AntiVir Personal does not have anti-spyware.

    To achieve good total security, I need the system (firewall + AV) to block untrusted applications for accessing the internet and prompt for permission before allowing new applications for accessing the internet. An example of an untrusted application is Real Player, which uses insecure Internet Explorer for downloading advertizing if I accidently click Real Guide, and sends info to its server even when I disable all automatic updates. When the AV SW acts as a local proxy for HTTP protocol filtering, since the AV SW is trusted by the firewall, there is no way to block or prompt for permission other applications from accessing the internet using HTTP.

    Based on my above requirements, I see the following options for AV SW:
    1. Avira AntiVir Premium with WebGuard disabled (local proxy for HTTP protocol filtering).
    2. ESET NOD32 Antivirus v2.7, which does not have a local proxy for HTTP protocol filtering.
    3. ESET NOD32 Antivirus v3.0 with HTTP protocol filtering disabled.
    ? 4. ESET NOD32 Antivirus v3.0 with HTTP protocol filtering only for trusted Internet browsers and other applications.

    Here is what the manual says about AntiVir WebGuard: "When surfing the internet, you are using your web browser to request data from a web server. The data transferred from the web server (HTML files, script and image files, Flash files, video and music streams, etc) will normally be moved directly into the browser cache for display in the web browser, meaning that an on-access scan as performed by AntiVir Guard is not possible. This could allow viruses and unwanted programs to access your computer system. WebGuard is what is known as an HTTP proxy which monitors the ports used for data transfer (80, 8080, 312:cool: and checks the transferred data for viruses and unwanted programs. Depending on the configuration, the program may process the affected files automatically or prompt the user for a specific action."

    I am aware that EAV v3.0 has better rootkit detection and smaller/more-reliable updates than v2.7, and that v2.7 is lighter on resources and more stable than v3.0, which is helpful for my PC with 288MB RAM.

    My questions:
    a. Does option 4 meet all of my above requirements? In other words, do applications not marked as Internet browsers in EAV still connect via EAV's local proxy (which implies that the firewall cannot block untrusted applications)?
    b. Can Comodo Firewall Pro be configured to control which applications access the internet, even when the AV SW acts as a local proxy?
    c. Are there other options that meet all of my above requirements?
    d. What are the specific security risks with each option above?
     
  2. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    Sorry, your thread is way too long to read in detail but I recently abandoned ESS and moved to Comodo with EAV and my system is running fine. I haven't had any issues. It seems faster, especially web browsing but it could be my imagination.

    If you change the default Protocol Filtering setting in ESET from Ports and Applications to just Applications (middle option) Comodo works perfectly as expected.

    Have fun! :)
     
    Last edited: Sep 1, 2008
Thread Status:
Not open for further replies.