If Firewall fails then AV?

Discussion in 'other anti-virus software' started by JerryM, Feb 13, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I was just wondering why, if a firewall were penetrated, the resident AV would not prevent infection? If not shouldn't the AV pick it up during a scan?

    Thanks,
    Jerry
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    hmm,
    just because the firewalls fails doesnt mean the av will.
    it depends if it can detect that malware or not and if the av has self protection or not.
    lodore
     
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Well I was just thinking how we get hung up over some leaktest, and while that is not unimportant, I figured that if one had a good AV that he still should not get infected.


    Thanks,
    Jerry
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    From what I know, the purpose of a firewall is not to stop malware directly but to control the inbound and outbound communications to your PC. Firewalls can't discriminate what is a valid data stream versus something that might contain malware. As the system files in your PC are accessed or written into, the firewall program has no monitoring of what goes on there. AV programs are supposed to detect certain abnormalities that occur when you use the PC whether while it is downloading something or accessing a file. The AV program would not be able to stop the infection if it could not detect that type of malware with or without a firewall present.
     
  5. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Agreed. If the AV can stop the leak from happening, then a "leaky" firewall is not that vulnerable. Most people are looking for "rock solid" protection. Programs that will stop everything and let nothing get past it. The search continues...... :D
     
  6. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi ccsito,

    Thanks for clarifying the relationship.

    Best,
    Jerry
     
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    It seems that I don't get this thread, really. What are you talking about here? Firewall, HIPS, AV? They all do completely different things in my opinion. A firewall can't recognize virus infection. It only does packet filtering. On the other hand, if your HIPS fails you, and a malware terminates your resident AV, where is your virus protection? I may be wrong, but...
     
  8. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    If you are talking about a single exe: to bypass the firewall the malware has to run and any resident antivirus scan executables before they can run. So if the firewall fails, the antivirus has to fail first.
    If you are talking about a trojan downloader or similar, the antivirus can prevent infection if it can detect the downloaded malware.
     
  9. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    I think it depends on "what's penetrate in". If they're a network worms, some AVs such as avast! (Network Shield), Kaspersky that have a network scanner module will catch it in a memory, based on the AV signatures.

    If they're an unknown botnets/zombies use SMTP to "spread out", then some AVs such as avast! (and others I don't know about them) that have a special module (called heuristics) in its e-mail scanner will catch it. So, for avast! users, this is the reason why even if you don't use any e-mail clients (especially if you use one-way firewall such as Windows Firewall only) but it's so good to have the avast! generic e-mail scanner (Internet Mail provider) installed and set it to "high level" for optimal layer protections.
     
    Last edited: Feb 13, 2007
  10. EASTER.2010

    EASTER.2010 Guest

    Interesting. I had just the opposite happen to me when i first turnd to XP Pro.

    Grisoft AVG 7 was as about good as it gets for a free version AV IMO at the time but something new/undetected easily dropped straight into the c:\ folder and i wouldn't even have known it was there had not it been for my firewall (Kerio2.15) alerting/prompting to an "outgoing connection attempt" being requested by the malicious downloader file.
    With that critical first hurdle successfully completed it had virtually nothing in it's way to attract all sorts of problems if the firewall had been compromised such as bypassed or terminated.
     
  11. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    Do you have a router with SPI FW?

    If not I urge you to purchase one.

    BTW, go through this mandatory reading:

    http://www.markusjansson.net/exp.html
    http://tweakhound.com/xp/security/page_1.htm
    http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

    In addition:

    1. Use common sense during web surfing.
    2. Use a Limited Account, and if in the unlikely event of a virus attack you (which I doubt if your windows is fully patched and you follow the instructions given in the links above) delete that account and the infection will be history.
     
Loading...
Thread Status:
Not open for further replies.