Please read this and see if I am on the right track.

Discussion in 'other firewalls' started by brjoon1021, Aug 17, 2005.

Thread Status:
Not open for further replies.
  1. brjoon1021

    brjoon1021 Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    143
    Win XP SP2, Cable internet.
    From reading these forums and others. I have gathered that security falls into two general concerns: 1) inbound intrusion, and 2) malware on the system.
    I do regular Spybot, Ad-Aware MS antispyware scans, no live protection from these three, though. I have read the post where minimim , standard, and serious configuration suggestions are layed out. I am not going to go that far. I am thinking AV, router, something to see if malware is trying to phone home.

    For inbound intrusion I have a NAT firewall router. From what I have read, this is pretty good to keep me safe from crackers. So, assuming that I have inbound covered well enough. I am working on the next stage, malware on the system.

    2) From reading, it seems that I need to kill malware and control its outbound communication if it tries to do so.

    Questions-

    1. AV software running in the background at all times is a must, right ? I am trying out NOD32 right now. Seems good.

    2. With my router and NOD32 in place. What do you suggest I do to make sure that malware can't phone home with my account numbers. I am not savvy, I do not know port numbers. I can probably even be fooled by a trojan that says that it is Internet Explorer or some service host of windows. I do not know whether free firewalls or some other kind of program is more suitable for this purpose with me and my limited knowlege running the show.

    3. which free firewalls are generally considered the best of the bunch ? 2 or three that are good is what I am asking. I am trying out Jetico on my laptop and I like it. Also, if there is another kind or type of program for this purpose, which ones should I look into?

    Thanks for your help,
    B.
     
  2. tlu

    tlu Guest

    Yes, I guess so. I use Kaspersky, but from everything I've read NOD32 belongs definitely to the better AVs.

    First of all, it's important to control active content, especially ActiveX, Javascript and Java. If you're still using Internet Explorer you should disable ActiveX in the Internet Zone. Better yet, switch to Firefox! There are some tools that can control Active Content on a site-by-site basis. I use the Active Content filter of Outpost Personal Firewall where I have disabled all kinds of Active Content by default and enabled it only for trusted sites.
    The second issue is that your firewall can be fooled - you will find comprehensive infos about this on http://www.firewallleaktester.com/ . According to newer comparison tests most Personal Firewalls do not block many of these leaktests.

    I'm not familiar with Jetico. I use Outpost because it offers the best protection against leaktests according to all comparison tests, and it offers a good control of Active Content. For me, Outpost is a comprehensive all-in-one solution (well ... close of).

    Result: I run Ad-Aware once in a while - but it simply doesn't find anything on my computer. My protection seems to be rather good.

    You should also consider to use ProcessGuard and RegDefend - read the appropriate forums here!

    And one of the most important things to consider: Do NOT surf under your administrator account like 95% of all Windows users! Consequent use of a restricted user account makes your Windows PC much safer! However, if you use the WinXP Home version it's rather difficult to manage file access rights since the security tab is not available unlike in the Professional version (only Bill Gates knows why ...). But luckily you can add this functionality for the Home version via the tool Fajo XP FSE from here.
     
    Last edited by a moderator: Aug 17, 2005
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    For "live" malware protection consider Ewido which has a trial version or BOClean which has a 30 day money back guarantee.They will also handle malware already installed on your system. They are classified as AT's but handle more than that. See here https://www.wilderssecurity.com/forumdisplay.php?f=33
     
    Last edited: Aug 17, 2005
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Tlu's point about the need to filter webpage traffic is an important one - if you filter ActiveX/Java/Javascript by default, then there is virtually no scope for a site to download malware on your system (and you can then discard all the "anti-spyware" software) - the risks that remain are file downloads and email attachments (which anti-virus/trojan scanners are best suited for).

    The router firewall will cover unsolicited scans/probes so a software firewall is best for monitoring outgoing traffic. Unfortunately more sophisticated malware now tries to alter or use existing programs (e.g. Internet Explorer) to send its data and uses encryption to foil any simple "ID Lock" or "Private Data" feature on firewalls. To that extent, the best advice would be to pair a firewall with the free version of Process Guard which can block program manipulation attempts (make sure that it is configured to protect every program given network access).

    As for free firewalls, if you want simple then ZoneAlarm would be the best choice (though not without its issues). Outpost Pro is great for the more experienced user but Outpost Free is dated - in particular it does not detect the bypass techniques used by the latest malware. NetVeda and Jetico are currently free also and have been discussed in other threads here.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I am in a similar situation here having recently bought a router. I am currently debating on what to use (if anything) for outbound protection. I am running with the router for inbound protection and Avast for AV. Firefox for browser, and Opera as well.

    I have narrowed it down to either Kerio 2.1.5 with Antihook, OR ZAP 6. Am leaning a little toward ZAP 6 right now. But still haven't decided.

    I would run the AV 24/7 no doubt about that, and then try out several of the more popular firewalls for outbound and then see which strikes you best. You can see from all the other posts which ones are most popular and why.
     
Thread Status:
Not open for further replies.