Re: OT Antivirus / firewall

Pope Pompous XVIII illuminated uk.sport.football.clubs.liverpool by typing:

<...>
Yes. It blocks access to processes and apps that you haven't given
internet access to.

*Some* software firewalls do. Care to look at Matousec's leak tests
showing how "leaky" most of these so-called firewalls really are?

http://tinyurl.com/yzuw9a

Thanks for that. Bookmarked.

Your PCTools firewall rates very poorly, allowing some of the most
malicious trojans through without as much as a whimper. The protection
offered by the AVG firewall is completely non-existent. AVG have
admitted themselves their software firewall offers inbound-only
protection. As does the Windows XP SP2 software firewall.

All well and good. But if you take out the "won't run on Vista"
firewalls, you are left with PCTools as a top performer.

Also, PCTools is extremely configurable.

Would you have a novice PC user running without one? I thought not.
Hang on, don't tell me you would!!!!

Thus you can't just blithely state that a software firewall will give
you protection against malicious outbound traffic. I would rely on
just two software firewalls to do this reliably -- Agnitum Outpost Pro
and Jetico 2.

Heh. You're funny. You have a "I believe this set of results *only*
mentality".

The rest do not implement it or fail to implement it properly.

Leak tests perhaps. Real world application blocking is completely
different. As you well know.

do you create a unique rule for every single process and every single
browser request requiring access to port 80 then?

No. You create a rule to *allow* unknown process access. If you don't,
it simply doesn't get through a software firewall.

Unless of course it piggy-backs on traffic going through port 443

or port 22

Or it takes advantage of a loophole in the firewall's design

Or the software firewall hasn't been designed to protect you against
malicious outbound traffic.

Ermmm. Aren't we saying the same thing?

Browser requests through both ActiveX and BHO's (for instance) may be
allowed at browser level rather than firewall level. Hence why you
need to use secure browsing tips and perhaps even "add-ons". Generally
though, any change to any .exe's file size, version number or write
date will prompt a software firewall to block external access. The
changed process won't be allowed through, unless you specifically allow
it.

See above.

Anyway, your dubious warning about ZoneAlarm "phoning home" has been
commented on by Zonelabs and you either believe their explanation or
not. BTW. I've yet to see it try and access the outside world via my
VPN/Firewall/Unix appliance.

As I told you before, ZoneAlarm Free will go out on port 80 to a
Checkpoint/Zonelabs server. Unless you block HTTP traffic to the
various servers they use, by IP address, I don't think you're outer
appliance actually does block ZA phoning home. Don't take my word for
it; stick the Wireshark Packet Sniffer on your Unix box and watch it
phone home. Same for Comodo Free. A real threat to privacy that one.
If you can't rely on your software firewall then it's time to stick in
a hardware firewall and boot up your packet sniffer, coz these bastards
are up to everything.

I run wireshark constantly. I still haven't seen Zonealarm phone home.

Still. You have. So I'll take your word for it.

If that worries you. There is always PCtools firewall plus as a decent
alternative. I would reccomend home users using one or the other even
if they do have a router and know how to set it up. Denying
application/process access is a must unless you're behind well set up
corporate level security appliances.

PCTools gives negligible protection against outbound attacks.

In Vista, it is probably the best solution.

I don't really care whether people run firewalls or not, but I'd
prefer my fellow usenetters to at least have options that actually
beat the *** out of windows standard firewall. Wouldn't you?

Anti-Virus? AVG free edition. While you're there, also get AVG Spyware
free edition. Free programs that do as good a job as most professional
software. NOD32 for instance. If you really must pay, then Kaspersky
is probably the best, but why on earth bother? If you are running in a
business environment, you are obliged to pay BTW.

If people don't care about having keyloggers and rootkits on their
systems then I agree wholeheartedly. Why bother paying for an
excellent security solution when you can have a mixed bag of free
alternatives to do a reasonable job instead?

Heh. You're funny. You know that keyloggers and rootkits will be
mostly combated by what I suggest. You also know that *nothing* can
guarantee a 100% free system from these issues. Unless of course, you
run Linux, Open Solaris or *BSD

OK. So my suggestions for a home windows box are as follows.

1) AVG Ant-virus free
2) AVG Anti-spyware free
3) PCTools Firewall Plus
4) Windows Defender (this requires a wga check)

You won't run into many problems other than ActiveX threats and
Browser Helper Objects with the above protection. As alway be careful
whith applications and processes. When your firewall pops up asking if
you want to allow access to a specific app/process then do a little
research on it via google to see if others have been haivng issues
with it.

So what do you say about the court case taken by one purveyor of
spyware against Microsoft to prevent them from identifying their
software as spyware? Microsoft quickly pulled this spyware from their
Windows Defender database and it can now happily reside on the user's
system, safe in the knowledge Microsoft will readily bow to pressure
from the spyware companies to avoid a court battle.

yes good thinking Moog.

You've really got your knickers in a twist.

Let's get down to the nitty gritty. My solution is free. Your
Kaspersky solution is paid for.

Guess what the windows "download illegal software" generation is going
to go for.

And yes. Kaspersky may well be *slightly* better, but I'd rather
people used my free solutions rather than go nowhere near your "paid
for" solution unless they can get a crack. Which is highly likely to
be modified and contain exactly the viruses, malware etc that they're
trying to protect themselves from.

Get off your high "it's got slightly more marks than your option,
so is ***" horse and see where I'm coming from you rotund ginger
Irish fruit.

Alternatively. Ditch windows completely and learn about Linux in
conjunction with IPTables and hosts files. As those that can read
headers will see, this is what I use quite successfully.

Or OpenBSD, which has even fewer holes than any Linux flavour.

Agreed. It doesn't run most of the worlds websites for nothing.

--
Moog

"Some mornings it just doesn't seem worth it to gnaw through the
leather straps."
.

Loading