Which type of firewall / security might be best

Hi,

I have bought a new laptop (standalone and business type usage) along with mobile broadband; idea is I can have the laptop anywhere and always have access to e-mail / web etc. PC specs are 2Gh, 2Gb RAM, with Vista Business. The laptop will probably never connect to fixed broadband, and may probably only rarely use Wi Fi hot spots (ie if abroad - and hence without the mobile broadband). Surfing habits tend to be google (or similar) led, and more research driven; leisure based benign / well known..

Have off loaded the pre-installed trial Norton (apols, but a deep rooted knee jerk, and "read only"!), and am looking at security before exposing the laptop further.

Options might be:
1) Windows Vista F/W, with Defender, and then add to it; eg an AV package, ad blocking etc.

2) Put a suite on like Outpost (or other). Have used ZA Pro, with Spybot / Adware etc (and without any AV) for years on my old dial up laptop, but getting a little tired of the regular (and much reported) "raves" that VSMON increasingly enjoys in the latest version. Also ZA IS does not yet appear stable (and ZA Pro does not exist) on Vista.

3) Have seen options that might connect a bit of hardware in a similar way that a router does on a normal PC??.. The Yoggie is one such option, although the USB "Pico" option (rather than the "Gateway") is a redirect only option, rather than the data going through the device before it gets to the PC, with drivers using the host PC (?), and running lots of "best of breed" software on the device including AV / anti spyware etc. Hence, in reality not too different from a software F/W combo, but on a separate device with its own processor; it also hides the IP address etc, and apparently unobtrusive when running.

Simple truth is that I am not IT technical in this context. I want something that will certainly not pop up any more than ZA Pro. Ideally I would like something that is very easy to use (and set up), but will also give excellent security and privacy.

Is 1) genuinely sufficient for this purpose, and would I then need to understand how to set up the outbound blocking process; or is a 2) or 3) type solution a better option, and does anyone have any knowledge as to whether 3) would have any real merit over 2) - ie better security / potentially fewer user interrupts? Although I have mobile broadband, it is very simple and quick to disconnect and reconnect when needed, and hence my normal instinct would be to not leave it always connected.

Free / paid is not really a key factor; if the surgeon is about to perform a critical one-off operation, I am more concerned as to his proven expertise and track record than his fee for the day (ok, not a perfect analogy!). I also understand that the real key here is regular and robust data backup, but that is a given.

Apols for the long post, but any good advice would be hugely appreciated..

Regards, Peter

 

Option one would be good though I would use SUPERAntiSpyware instead of Defender.

 

Option one is good enough. You should seek to ensure that your system is malware-free by sealing off all possible points of entry for malware. Typically these involve the web browser/email client, USB autoruns, and IM programs - a sandbox program handles them nicely (Sandboxie, GeSWall, SafeSpace). Do this right, and the only use for outbound access control on your system will be to harrass you when legitimate apps need to connect to the net.

 

OK, that's interesting. Basically: 1) should be a perfectly sound inbound F/W product given the circumstances.

I've just appreciated something new re sandboxes! Looks useful and have been investigating Sandboxie.. It does slow Explorer down a little and I may have some user rights problems with it, but will look into it all further.

"Do this right, and the only use for outbound access control on your system will be to harrass you when legitimate apps need to connect to the net."

I understand the harassment... Are you suggesting don't actually bother with the outbound F/W protection? I must admit that that might go against the grain in principal.

Many thanks,
Peter

 

Hi Peter:

On this forum there are 1000's of posts on the AV and ASW questions raised in your post.

The security key IMO is a solid in/out FW with a complete set of accept and blocking rules

Scanners are for finding the parasites after they get past the FW and the AV's with good Heuristics.

I've been trialling FW's now for years and have yet to find the best one I suspect I'm suffering from FW "testing_itis". No known cure.

You seem to know a lot about security just based on your post here

I am interested in any source links or references that relate to your option 3.

If I could move all the FW/AV/ASW ip stealth functions to a front end HW device and only have a good HIPS in my PC I would do it! Someday soon I will hook up a PC front end to my LAN and do that. But you can't carry a lan set up like that to an airport gate!

Can you contribute any links and or references for Option 3?

 

If you want to preserve your sanity, reformat and install XP.

 

I personally have no need for outbound control. My system is malware-free and is going to stay that way, so no backdoor trojans are connecting to IRC servers or sending spam or hosting HTTP servers. I run only reputable software, and I'm not concerned with any seedy programs phoning home. The stuff on my computer all have legitimate reasons to connect to the Internet, if they indeed need to, so why would I need outbound control?

The XP firewall is perfect for my needs. Yours may vary.

 

Actually, my knowledge on this is absolutely nothing more than a need to know / research what I am dealing with before jumping. My preference is very much for ease of use; ultimately the machine is a tool (it'll never be a hobby, that's the camera's job!).

For me, the other key aspect of this is simply being careful. I suspect user requirements often also come down to a judgement call on what works depending on personal habits etc, and that is where people with real experience can add far more value to the process (and hence, the too verbose original intro!)..

Re 3), here are a few I picked from Google (there are many others), was interested to know how it compared in real experience:

On the Pico:
http://www.linuxdevices.com/articles/AT8368967523.html

http://weblog.infoworld.com/tcdaily/archives/2007/10/hands_on_yoggie.html?source=rss

And on the Gatekeeper:
http://www.smallbusinesscomputing.com/testdrive/article.php/3667846

Home site:
http://www.yoggie.com/products

And maybe a less flattering analysis:
http://it.slashdot.org/comments.pl?threshold=-1&mode=flat&commentsort=0&op=Change&sid=236573

I guess the Pico possibly doesn't meet your criteria above for a front end hardware device, simply because it redirects (ie relies on the host PC to get the data from the comms device), hence not dissimilar to a S/W firewall, although it does hide the IP address? But my gut instinct is that it is a step in the right direction. The Gatekeeper (although not necessarily re-direct) is a slower USB.

Lots of critical comments on that final link suggest the concept may be flawed as a separate device as it stands? I guess most will also say it is simply far too expensive (at current), assuming that they believe the concept to be a good one (which is what I was trying to understand better). I personally like the idea of something offering excellent security and without too much user intervention...

Peter

 

The latest thread about this issue is https://www.wilderssecurity.com/showthread.php?t=187509 . My opinion can be read here.

 

OK, yes I appreciate this is a quite separate issue, and one that is covered lots elsewhere.. I'll follow the links...