Did Avira just take 2 steps backwards with their Suite

so true, its all about trust.... you buy the AV, but you need to trust them to do 'their job' otherwise, its just plain pointless.

 

I know of an excellent firewall, supported on these forums, that also only closes 2 ports instead of stealthing them. The user must create a rule to stealth these ports, if they want to be completely stealthed. Not sure why.

Anyway, the following quote from a recent thread might help explain why stealthed ports are probably not critical for good security:

 

Nonsense. The Avira firewall does not stealth all ports even in the non-recommended high setting. Saying that stealthing all ports is only vital if you think it is, is an obfuscation (evasion) of the issue. The premise that a closed port is the same as a stealthed port is absurd. If that were true, than software would only need to close ports-not stealth them. Avira makes mistakes and then attempts to rationalize them. If you buy into this, you do not understand what firewall software should be doing.

 

Sorry, but if you buy a AV, you can do whatever you please with it. Trust it, Trash it, change it, reinstall it. It is up to the buyer to decide as it is his product.

Avira will work this out, but I will not go back. I would do as Jerry but KIS does not like Sandboxie with Vista. Yes I wish the AV portion of the beta for Eset would hurry up, but for now 2.7 purrs like a kitten.

 

I use NOD32. It provides the best overall protection and I have never, ever, had a problem with it in three years. I cannot say the same for all the other AV products-and I have tested most all of them.

90% of the posts in this forum are about problematic programs. That should tell you something. Get something that works on your machine and stick with it.

 

Exactely my opinion. "Never change a Winning Team"!! But testing is important too to find other great sw, running well on my machine. But, test is important for all here on WSF!!!!!!

Mike

 

I'm sorry, I have to disagree. This is not a 'flaw' or 'mistake' in Avira's security software. It may offend someone's sense of 'completeness' that a few ports are merely closed and not stealthed like all the rest (ok, it offends my sense of completeness), but not stealthing a port or two does not in any way make those closed ports more possble to penetrate. If you want to verify this, ask some of the firewall experts here.

 

You missed my point-again. It is not about penetration per se- it is about software that does not stealth common ports. And Avira does not do what others have done successfully. You are entitled to think that is acceptable, but most others certainly do not. That is why Avira is a small company. They are going to be "right" even if the marketplace is demanding something else (stealthed ports). Even the maligned Windows XP SP2 firewall does a great job of stealthing ports, and it protects the system at boot. Outbound "protection" is a useless feature that will not protect you-it is a delusion. Once the thief is in your house, he will find a way to get out.

As to expertise, I have been in the computer industry since 1968, and have owned major computer firms. [Snipped unsupported and sweeping accusation - Blue]

 

Yes, I'm afraid I did. The experts on Wilders I was referring to have actually written firewalls. Perhaps you're one of them?

 

I have written enough code and used the proper software on my machines that I have never, ever had a serious virus or malware invade my systems. Even if they do, now we have Acronis and we can time-travel back to before the invasion.

 

Just hooked up my old router which has no firewall to test out avira, only ports 0-1 were not stealthed. I was a bit surprised by this. It only took me a few seconds to add a couple of rules to fix it so i can't see why the developers don't include them by default. It sure makes me glad i have my firewalled router.

 

That was my original point. I said that here and on the Avira forum. Either their programmers are unable (unlikely) or unwilling (very likely) to write the code to fix the issue. They will lose business because of it-like mine.

 

Avira's claim is, and I'll cite them

Assuming, the above is true, why should I care if a port is stealthed or not.

By the way, Bunkhouse, you or anyone stating they've been in computers x years and so forth does not impress me. That's called "appeal to authority".

What impresses me is when someone has posted a lot with good solutions.

 

Respect is earned, not given.

 

I've just given Avira Suite a whirl on the 90 day trial offer.
I found a perceptible and unusual delay before web pages displayed. This must be because the whole page is scanned before passing to the browser.
I found it annoying, as it doesn't happen with other suites, or AVs, I've tried.
So pro tem, it's back to the combination which runs best on my laptop - NOD32 (either V2 or V3 beta - both are fine), and COMODO firewall.

 

I have seen this behavior on a few other firewalls that I've tried over the past year or two, I think I reported it and one of them fixed it quickly. Chances are Avira will fix/change it in time, perhaps they are just a little slow at getting to it as it's not really a critical issue..

 

It still just makes me mad web scanning was not included in the AV. Just about all that offer it, also ave it in their AV product.

 

Agree.
Web scanning should be in a companies AV product. You shouldn't have to buy a suite to get that basic feature.

 

I admit I have not looked at the firewall included in this since the Beta.

I did take part (shortly) in beta testing and found that for example: When DNS client was disabled, then all aplications would need to be allowed inbound UDP for the replies, but, also needed "allow" inbound TCP to allow the returned UDP(DNS) packets. I did report this, but was basically told this was not a problem (I left beta testing after that).

Stealth,.. I do not care if a firewall does this or not,.. but do agree it should be possible with a firewall.

 

I disabled my dns client service and everything seems normal. Or is that not the proper way to test it?

 

I have been going around and around about this at the Avira forum. I keep being told that stealth isn't necessary, and to create a rule if I really want Port 0 stealthed. They don't seem to understand that this should be fixed on their end. That particular rule that seems to work for this gentleman, doesn't work for me for some reason or another.

The argument that stealth is not necessary, or closed is just as good, is a moot point. If a customer, in this case me, who purchases a suite, and is expecting it's firewall to pass the ShieldsUp test with all ports stealth, and the firewall does not achieve this, even with the firewall settings set to "High", why shouldn't I or anyone with the same expectations, be upset. To basically be told by their "experts", there isn't a problem, and that you're just gullible to marketing hype, is unacceptable as far as I'm concerned.

 

Because if it doesn't decrease your protection any, it's a moot point.

 

Has I have mentioned, I have not looked at the final release (or updates).
If, for your example, you have disabled the windows DNS client, then check the rules for your browser and ensure that inbound(server) TCP is blocked.

Again, with respect to "stealth". I can discover any IP I want, regardless of this "Stealth",.. Stealth is only a drop of inbound Syn packets,.. there are many other methods to see/check if an IP is active. (The fact no responce is indication of active IP, there should be ICMP unreacable))

 

I understand - I just wanted to try it myself out of curiosity.
Thank you for the reply and thank you for your opinion on the stealth matter.

 

Well, it really isn't a critical issue, however, all the others for the most part stealth all ports, so this one should too. It's pretty silly that it doesn't actually...