I was curious what some of you longtime members and everyone else has to say about how many antivirus,antispam/trojan,firewalls that you can install without problems. On any OS (mainly xp sp1 or 2)

And I ask this becuase I have had problems in the past with some combo's on xp sp1. So come on all lets here it!! And we all know about keeping current and Im not so much interested about all the tricks and tips just what your running?

Greetings All:

Personally, I think installing a whole ton of crap will effect system performance more than the adware would to begin with.

If you're a home user, install 1 good AntiVirus App on your box, end of story.

I have ALWAYS felt that firewalls do NOT belong on the desktop. They belong on a hardware interface sitting on your gateway. Most DSL/Cable routers these days have built in firewalling that is more than enough for the needs of the average home user, and is more than comparable to anything you can install on the desktop anyway.

My vote? Make sure your cable/dsl router has its firewall configured. If it doesn't have one, spend the $100 or whatever to buy one that does. Set up windows update to auto download patches for you. Then, install Norton AntiVirus, and leave things the hell alone.

Obviously, the needs for computers on a Corporate or Governmental network are different, and my comments above do not apply to them. (except the part of installing only 1 antivirus app, and that firewalls should not be on desktops, well, i guess most of my comments DO apply after all).

In theory you can install as many as you like, so long as you don't have them running interactively.

1. A good AV program
2. A checksummer (Sentinel)
3. A script monitor (ScripTrap)
4. AdAware
5. Spybot S&D
6. A registry protector (RegistryProt)
7. Spyware Guard
8. Spyware Blaster
9. A firewall (for dial-up connections, for cable you should have a router)
10. A background process monitor (WinSonar)
11. MailControl (Verifies outgoing e-mails)

OK some of the more comprehensive protection suites contain several of these elements.

That lot run OK on my XP box (and others)

Run Trend Micro's "Housecall" and Panda's Online Scanner regularly.

:D

If you're a home user, install 1 good AntiVirus App on your box, end of story.

That was exactly what i used to think....... However, i recently upgraded a win ME box for a friend. He had been running ME for a couple of years and had had very few problems. So upgraded to xp, install AV (Norton Antivrus) Go on line, to win update.......Hit with msblaster.

So, had i put a fire wall up first, msblaster would not have been a problem. Although Nav spotted msblast it could not deal with it.

Personaly i think, a good AV, personal firewall, behind a router and some good antispyware is the minimum.


Jinxy

Most firewalls have a option to monitor programs accessing the internet.

Lets say you have a hardware firewall, but still want to be able to give program/internet privledge, w/o a software firewall. Is there any software that will just monitor for applications trying to connect to the internet, or is that so close to being a firewall that you can't have one without the other?

would you be able to use a packet sniffer to see what is accessing the net somthing like snort?
that would be short of a firewall and still let you know what is going on.

Wouldnt an easier solution be to just use something like Fport?It wouldnt block access fcourse

JP -
Frankly, I'm a bit surprised that you feel a desktop has no need for a firewall. But, in all honesty, it is not the first time I have heard a security expert express a similar viewpoint. I do agree that installing a lot of unneeded crap on a system will bog down performance but . . . configured correctly - a firewall and AV program can consume few system resources. I also believe the combination of firewall, AV and OS is important . . . what I mean is, I've found some AV's don't 'play well' with certain firewall programs or operating systems and the same goes for firewalls, etc. (Clear as mud - right?!)

Anywho, my vote is for: firewall, AV (with email scan), ad/mal/spyware cleaner with a reliable trojan cleaner/blocker . . . for a bare minimum.

That's my 2 cents . . . for all it's worth.

V.

My vote? Make sure your cable/dsl router has its firewall configured. If it doesn't have one, spend the $100 or whatever to buy one that does. Set up windows update to auto download patches for you. Then, install Norton AntiVirus, and leave things the hell alone.

For once, I must disagree with the Great One. This depends on the type of home user. If you keep sensitive information on your home computer (account info, business info, money info, etc.), then you need to be as secure as possible, and simply trusting your router firewall and Windows updates is far from being sufficient security.

If you have decent memory, a firewall/AV/spyware-adware scanner/temp&cache cleaner combo will hardly hurt system performance enough to ruin your day, as long as you don't go paranoia-crazy with it.

A really good configuration:

Physical Firewall(router): Keeps 90% of intrusion attemps outside the network. Never had an issue with it.
Norton's Personal Firewall: If anything makes it through the router...blocks it dead on its steps. Also, does not allow anything to dial out without my permition. I.E. BargainBuddy tries to connect to the internet to download its buddies...Norton stops it from doing that.
Norton SystemWorks 2003: It comes with all you need, disk cleanup, checkup, Antivirus, Backup Util., and a bunch of other stuff.


That combo has been working very well for me...never gotten hit with any of the major viruses out there...just some silly things that come through Kazaa, which the AV picks up anyways.

My experience with software firewalls is that they chew performance. I recommend software firewalls for dial up users.....but as JP stated if you are on cable or dsl ...spend the 100 bucks.
I have heard too many horror stories of fresh installs getting infected...trying to get the updates from ms and av companies


As for 2 anti virus...that will cause problems....

I use an online scanner as a backup to the AV I have installed on the ws...if a machine is infected with a virus...I clean using it a local av ( as some viruses are easy to clean in safe mode)...then I use an online scanner to be sure I got it all.

just disable the local av til the online scan is done.

mlf

The ultimate factor is, how important is what's on your computer, and how much damage can it do you if in the wrong hands? If the answer is none, then relying on Win updates and your router is enough. If the answer is "a lot", then you need to consider additional steps. In some cases, a hardware firewall doubled with a software firewall may seem overkill, but it wouldn't hurt, if you know what you're doing.

A lot of it depends on how much memory you have to spread among processes too. If all the security measures bog down your performance to a crawl, then you have a problem. But if your machine can handle it in stride, then do what you feel is necessary.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post747470) by AngelicKnight
In some cases, a hardware firewall doubled with a software firewall may seem overkill, but it wouldn't hurt, if you know what you're doing.

If you "know what you're doing", you realize installing both is stupid, and you don't do it in the first place. You don't just install security mechanisms because "it wouldn't hurt" if it "doesn't help" either.

I'm not sure where people are getting confused as to what exactly a firewall does, and why so many people are saying install both.

For example, someone said they installed a desktop firewall to take care of things that "slip through" their hardware firewall?

Firewalls are set up with a set of rules. Things don't just "slip through" them. It's not like the rules only work "some of the time". If that were the case, we'd call them Firewall Suggestions, and not Firewall Rules.

Even the largest of corporations and governmental agencies rely on border firewalls, and certainly don't expect each desktop to act as a firewall as well. Why not? Because that's not the role of a desktop computer, and for good reason!

Firewalls are intended to be a border access control device, plain and simple. Desktop software versions of them were invented during the "dial up" era as a gimp version of a firewall, because individuals didn't have control over border access at all. (The earliest versions of these were freeware programs written by users on IRC to block things like winnuke. Software companies figured hey, might as well add a bit more functionality and make a commercial product out of them). They have long since outlived their usefulness, and exist solely to satisfy a consumer demand driven by a clear lack of understanding of what a firewall is and does, and the role one plays in information security.

I stand by my earlier recommendation.

:duh:

I think you're 99.9% correct, but I'm always thinking about that unlikely .1% when something wierd goes wrong. To trust even your hardware firewall 100% isn't wise, for if everything worked that well we'd all be out of jobs.

But that's all just theoretical thinking from someone still quite a bit fresh in the infosec world. But like I said in another thread, we can never afford to become too confident in either ourselves or what we use. Always consider the unlikely, even the extremely unlikely.

So that's why I say when you have the resources to spare, why not?

(The great JP argued one of my points! I've been noticed! Yay, I feel special now!) ;)

JP,
I have a small wireless LAN on my home setup and I don't nessisarily trust the other 2 computers on it. I have WEP installed and am using it on the wireless portion, but as we all know that is not a real good protection.
The D-Link router I use has a firewall in it, but would you consider that enough for this arragement.
Note -- I do also use a software firewall on my system, at present.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post747507) by moxnix
JP,
I have a small wireless LAN on my home setup and I don't nessisarily trust the other 2 computers on it.

I really don't think that home users should set up wireless lans (especially when you allow 3rd parties connecting to it, but regardless of that), unless they're willing to go the extra step of setting up what amounts to a DMZ (or, Demilitarized Zone).

border firewall + WAP (wireless access point) =>> wireless lan =>> internal firewall =>> protected internal lan

This way, users that you're allowing to connect to you wirelessly (to share bandwidth I assume?) do not have access to your personal lan. If all of the computers are yours, then I would strongly recommend against keeping anything "important" on the "wireless lan" segment.

The worry isn't that something will make its way through your border firewall, but that a rogue node could connect to your access point device and make itself part of your lan. You've taken steps to protect against such an occurrence, but you're right in not relying on it as a certainty.

In the above configuration, you are taking this possibility into account by having your important data located on a secondary segment of your network that is protected from the segment containing the wireless nodes. You can then set up MAC Address control on your border router, that would prevent any potential rogue node from connecting to the internet, even if it did manage to connect to your DMZ.

Also keep in mind, that some mid sized firewall appliances will allow you to do all of this virtually, without the need for 2 seperate firewalls. We call them "vlans" (or, virtual lans). You can then configure what access each vlan has to each other, and what access each has to the internet.

This setup may or may not need adjusted depending on what the precise purpose of your wireless nodes are in the first place.

*taking notes frantically*

I'm with angelic, Notes,notes,and more notes. This is what I was looking for great experience being passed on it doesn't get better!!!! thanks all who answered this thread!!!! You people rock.. :D

quote:

Desktop software versions of them were invented during the "dial up" era as a gimp version of a firewall, because individuals didn't have control over border access at all.

It may have escaped your attention JP, but a great number of people throughout the world are STILL in the dial-up era. I am talking about private individuals here. People who wouldn't know how to configure a firewalled router if their very lives depended on it, and who probably couldn't afford one anyway?

Why has Microsoft persisted with "home" and "professional" versions of their OSes if this "divide" does not in fact exist?

I feel that we sometimes tend to be a little too elitist and geek, thus losing touch with the realities of the world beyond the ivory tower.

I feel that we sometimes tend to be a little too elitist and geek, thus losing touch with the realities of the world beyond the ivory tower.

No kidding! Just try being one of us new guys to the IT world. There's plenty of "What? You didn't know that?" and "What a stupid idea that is!" going around, as if we all come out of the womb quoting Linux code or something. "Noob" is pretty much a 4-letter word nowadays it seems.

Aaaahhh, just had to get that out of my system. ;)

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post747584) by nihil
quote:
I feel that we sometimes tend to be a little too elitist and geek, thus losing touch with the realities of the world beyond the ivory tower. ..... People who wouldn't know how to configure a firewalled router if their very lives depended on it, and who probably couldn't afford one anyway?

1. Broadband Internet Access is considered the "world of the ivory tower"?
2. If they can't manage to configure a hardware firewall, they won't be able to correctly configure a software firewall either.
3. If you can't afford to purchase the NECESSARY equipment/software (which is really relatively inexpensive compared to other technologies home users purchase and use on a regular basis) to keep your data safe when you're on the internet, you should either:

A. Not be on the internet at home until you can save up for such equipment/software
B. Not have anything on your computer that you'd worry about someone getting their hands on if you DO connect to the internet AND be willing to face the consequences if someone breaks into your unsecured computer and uses it to attack others (via jump point, ddos, spam gateway, etc).

As I said in my previous posts, obviously hardware firewalls really aren't a viable choice for dial-up users. But at the same time, dial-up really isn't a viable choice to provide connectivity to a home network either.

If you're on Dial-up, you should also be on an OS that is properly hardened, and that doesn't stay dialed-in when you're not actively using it. Most OSs these days have built in firewalling features that can be configured, which makes the need for a 3rd party software firewalling product unnecessary.

1. Broadband Internet Access is considered the "world of the ivory tower"?

No, I did not say that.............you merely imply it, but I would point out that only the other day you complained about people not reading others' posts............"ipse dixit"?

What I DID say, though was that there is a fair proportion of the World who just do not have access to broadband in any shape or form................my country (the UNited Kingdom) for example, only has around 60% physical coverage..............and that is for those who can afford it! There are many families, even in the OECD countries, who can afford a second hand computer and allow their children on the internet, only through their home telephone lines.



2. If they can't manage to configure a hardware firewall, they won't be able to correctly configure a software firewall either.

Absolute garbage old chap.............They install out of the bag............just set it to maximum, and away you go.................not as good as a professionally configured firewall, but one hell of a lot better than your suggestion of the other day that none was required.............you were pulled up on that......."Blaster"????????????? you would be infected in less than 20 minutes? Anyways, if they bring it to someone who has an idea, they can have it set up very easily.........no hardware, no wires......



3. If you can't afford to purchase the NECESSARY equipment/software (which is really relatively inexpensive compared to other technologies home users purchase and use on a regular basis) to keep your data safe when you're on the internet, you should either:


Neccessary in whose opinion might I ask?...............also, much of the World is NOT the United States of America............so "relatively inexpensive" is about the most redundant phrase I have heard in a long time................relative to what?


A. Not be on the internet at home until you can save up for such equipment/software

Who (of any conceivable importance) says.................don't you think that people in less well off families and countries don't have ambitions for their children............do you have any young relations?...........what do you want for them?



As I said in my previous posts, obviously hardware firewalls really aren't a viable choice for dial-up users. But at the same time, dial-up really isn't a viable choice to provide connectivity to a home network either.

I agree with the first part of that statement, as I said..................but "home network"................what planet are you living on eh?



If you're on Dial-up, you should also be on an OS that is properly hardened, and that doesn't stay dialed-in when you're not actively using it

The first part is correct, the second part shows that you live in America and are grossly ignorant of the rest of the World..............has it possibly occurred to you that in other DEMOCRATIC COUNTRIES, local calls are not free...... you might have to pay betweeen 1 and 25 cents (per minute) for that connection?............obviously not?



Most OSs these days have built in firewalling features that can be configured, which makes the need for a 3rd party software firewalling product unnecessary. ........and I wonder why Bill Gates has extended support for Win98/SE/ME/NT?................and HE should know.

I consider this to be an International forum, and I am not hearing any Internationalism from you old chap.

Please think about my comments..............

Like others said, don't install useless crap that claims that they have the "best" security unless they were tested. dont forget, too much installed prgm on ur computer slows your comp down.

I consider this to be an International forum, and I am not hearing any Internationalism from you old chap.

Nihil,

I do not think it so much a lack of internationalizm, as a disrespect for the home user.

Who now make up the vast majority of internet users.

Indeed, we can't act as if every home user should be so savvy, or wait until they have the funds to "properly" set themselves up. I think this is where we start to get too smart for our own good, and I'll definately be very weary of becoming such as I seek to develop myself as and become an IT professional.

Everyone has their own methods too. Some HW, some SW, some both, and you can't march around saying your method is superior. Obviously there's more than one way to go about things.

ok it seems that firewalls have been pretty much discussed.

antivirus software and trojan removers contain signiture files or definitions, that is pieces of the virus/trojan code to compare against files that are on or trying to get on the users computer. each anti-whatever program keeps it sigs in a folder that is excluded from its own search but not from the searches of other 'anti' programs. some do a fine job of protecting their definitions while other just depend on the user not using another program. in other words using more than one anti-virus/trojan program can be self defeating.

Hi, troops I thought I'd share our (the store I work at) game plan

first a good AV, Norton 2003
next, A second good AV, AVG free by grisoft.com

I know what some of you are thinking, but AVG catches stuff Norton misses and Norton catches stuff AVG misses. and they do work side by side

Ad-Aware, SpyBot.

No Software firewalls, use the router and it's software.

If the router is not enough then a Brick from Symantec (just short of $1000), But only for businesses with Sesitive data on a lan that is visable to the cloud

Now for the big brag, Me dons the asbestos underware, this is how my home lan (with a wireless access point is set up) and I have not had a sick machine exept for stupidity by my children for more than a year

just my two cents

CRING FROM THE FLAMES

Interesting...double AVed, so it can be reasonably done...

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post747849) by oldguy
Hi, troops I thought I'd share our (the store I work at) game plan

first a good AV, Norton 2003
next, A second good AV, AVG free by grisoft.com

I know what some of you are thinking, but AVG catches stuff Norton misses and Norton catches stuff AVG misses. and they do work side by side

CRING FROM THE FLAMES

Are they really catching the others' misses? Or are they catching the others' quaranteed files?

I had an experience similar to this. After running one program, I would run the other, only to discover that another virus was till present! After the quarantee, I would run the other program, and loop myself in an endless cycle of depression and hunger, fighting against all odds to track the suckers down. Only after looking at the LOCATIONS of the virus did it dawn on me that they were detecting each others file, changing the "quaranteen" status (not sure on the proper termino-lingo-gy) and set itself up for another...set...up.

I would suggest ONE good antivirus program, or a suite of programs that are meant to be used together. As long as the definitions are up-to-date, and the antivirus software itself has not been hit by an antivirus-virus, then you should be good to go on the software side. (Anti-virusly speaking)

As far as the other crap - SpyBot, Ad-Aware, hardware router. No use with doubly double redunant reduncies of having a "hardware" AND "software" router. It's like putting paper plate under a ceramic one in case the food goes through the clay...

I knew I'd catch some with this ,but it works and work well.

Our store has a bunch -hundreds- of boxes setup this way and

I forgot to mention the most important part, keep them up to date.

We have had instances where the two AV's would fight each other resulting in very poor performance from the system, if this shows up just uninstall the AVG, I trust Norton more.

If you can get the customer to keep the virus scanner up to date then the only time you hear from them is when they need ink for their printers

If that were the case, we'd call them Firewall Suggestions, and not Firewall Rules.


Precisely. Computers & related hardware do what we tell them to do. Now, there is a difference between doing what we tell it and doing what we want. Bottom line, unless there is a bug in the product, or you are a dumbass and misconfigure the device, the rule will work. This is another reason why you lab test equipment before deploying it.

Having more than one AV *could* cause issues. I had a user with NAV and MacAfee installed on his laptop. The combonation of the two caused the machine to crawl. In effect, the damn thing was being DoSed by its own software. In addition, like another user posted, each saw the other's quaranteen folder and a vicious circle of false positive infections were being logged.

Dialup users should use a software firewall. Sure, this is perfectly sound advice. Telling a dialup user to add 10 other things is *not* sound advice - it's stupidity. Some may argue that it is layered protection but if you add a ton of crap, you'll have to be technically savvy in order to make everything work togther (if possible). If you have this level of skill to begin with, you clearly wont need all the additional crap clogging up the works.

Any decent mid range Cisco switch has VLAN capabilities. I happen to deploy Cisco gear but other manufacturers also have VLAN capabilities. You wont find this feature on a device made for home users.

Configuration of a software firewall is not easier than a cable/dsl router. All you do is plug in the wires and *maybe* add auth credentials (based on your ISP) and off you go. The Linksys router is ready to go out of the box. NATing by itself, will take care of 90% of the crap that will bang against your home network.

Though I respect many of the people who posted content to this thread, I have to go with JP on most if not all counts. Anyone who has been in this business for more than a decade can tell you that there are many folks out there spitting out advice without truly understanding the implications. I run into this each and every day.

One last thing, AngelicKnight , when someone like JP disagrees with your position and more or less calls you a butthead on a public forum, I'm not exactly sure that you should feel honored that he responded. Just a thought.

:)

Dialup users should use a software firewall. Sure, this is perfectly sound advice. Telling a dialup user to add 10 other things is *not* sound advice - it's stupidity. Some may argue that it is layered protection but if you add a ton of crap, you'll have to be technically savvy in order to make everything work togther (if possible). If you have this level of skill to begin with, you clearly wont need all the additional crap clogging up the works.


The fundamental principle here is those items that are INTERACTIVE and those that are ON DEMAND.

Basically, you should avoid running two interactive applications that are doing the same thing. Similarly, you should close an interactive application before running an on demand one that does the same thing. It is a question of that which is running concurrently and that which runs consecutively?

It does not matter how many on demand applications you have so long as they are run consecutively and do not clash with any interactive applications you might have running. That is why (amongst other reasons) I prefer to run them in "safe mode" where possible.

Whilst it is true that modern computers are very powerful and capable of multi tasking, it must be borne in mind that if you decide to run multiple applications from different sources you are responsible for the integration and compatibility..........forever......... In a commercial environment, this is tested in the laboratory on "reference machines", as Hoss mentioned.

There is other software such as some of those that I mentioned in an earlier post, that do not actually "run" until a specified event occurs, or an application is launched. These I would generally consider "safe", but if they are plug-ins, remember that you are responsible for the integration when upgrades come along. The rules regarding not running two applications doing the same task concurrently, also apply.

I happen to believe in layered protection, within the guidelines I have just mentioned.

Cheers

One last thing, AngelicKnight , when someone like JP disagrees with your position and more or less calls you a butthead on a public forum, I'm not exactly sure that you should feel honored that he responded. Just a thought.

I was trying to be in good humor and show a little resect to the vets. I'm beginning to wonder if that was a mistake on my part, assuming professionals would prevail in a place like this.

Not being able to counter a point without playing "holier than thou" is far from being professional. I don't get why some people here can't simply say "I disagree with you because of X" without adding "you idiot!" What's the point in even setting up this community as an educational resource when you patronize everyone who isn't as all-knowing as you? If we knew everything, we wouldn't even need to be here, and there be no reason for AO to even exist.

The newbie thread starter here asked everyone's opinion on a concept, and some of you, instead of just offering your input, have made it your mission to exhibit how superior you are in your knowledge. This is doing nothing to aid him in his understanding of the concept at hand, other than teaching him who NOT to talk to about it.

I definately find this behavior highly disappointing out of so-called "professionals". I may not know much of what I'm talking about yet, but I'm taking everyone's input very seriously and striving hard to learn more. And at least I REALIZE I don't know much. So let's get off the high horses and stick to making our cases.

That said, I think that in the world of security, you don't assume food will never pass through the ceramic plate. You're prepared for even what you think can't happen. Is that such a stupid newbie thought? Am I not always hearing from you guys that we are the paranoid folks for good reason? That's the underlying reason I say "why not?" in certain situations where erring on the side of caution is far better an outcome.

That said, I think that in the world of security, you don't assume food will never pass through the ceramic plate. You're prepared for even what you think can't happen. Is that such a stupid newbie thought? Am I not always hearing from you guys that we are the paranoid folks for good reason? That's the underlying reason I say "why not?" in certain situations where erring on the side of caution is far better an outcome.

I never said not to expect food to pass through the plate, but what good would having a paper one do? I may not entirely know what I'm talking about (I'm not exactly the hardware guru) but if something can get past the hardware that easily, what's to say that a thin firewall would be any more effective?

Fill me in here, so I can sound learn-ed in the future. :D

I never said not to expect food to pass through the plate, but what good would having a paper one do?

Now that's a good point. Indeed, in all likelihood not much. But the way I look at it, if theyr'e going to get through, then by golly, I'm going to make it as annoying for them as possible all along the way, so that they'll get sick of sifting through paper plates. :) But yes, I concur that in all likelihood, you're probably screwed at that point.

This is exactly what I did for a nonprofit I volunteered for (my first real hands-on network experience). They have a firewalled router in place, but I configured ZoneAlarm on each box on the network. ZA didn't consume enough resources to slow anyone down, and didn't interefere with the hardware firewall or anything else for that matter, ran seemlessly.

Trying in my limited newbie thought (especially at that time) to think as an intruder, I knew if it was me, after working to get through the hardware firewall only to run into a software firewall on each machine, I'd think, "Gee, what an a-hole!" Also hopefully, at this point they'd get frustrated enough to decide working more to infiltrate just isn't worth it (I know, wishful thinking, but hey).

And yes, ZA isn't the gold medal of firewalls, but it's the best I had to work with at the time.

And yes, I do admit this may be an idiot idea, but from where I see it so far, it seems reasonable in theory...Certainly isn't hurting anything. And for new blood like myself, the major way to learn is by experimenting, and since I set all that up they haven't had a single problem, not so much as an e-mail virus slip through, whereas before I started working there they were hurting pretty bad.

I just want to say . . . nihil . . . . you're my hero!! As one who cannot afford the 'latest and greatest' in software or hardware but makes due with what is at hand - I applaud your comments. One of the reasons I joined AntiOnline was to learn of alternative ways to secure systems, even when they are now considered 'outdated' by most. Whenever I build a new system, I spend hours working out the bugs and making sure it is as secure as possible. Most of the knowledge I've acquired has been through these forums and the helpful insights from its members. Thanks to everyone who continues to contribute.

V.

whats with all the kiss-asses lately? Is that the new way to earn APs?

Ah, Cybr1d's jealous. ;) Need some worshipping?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post748406) by Cybr1d
whats with all the kiss-asses lately? Is that the new way to earn APs?

Would you rather have a few kiss-asses or just a bunch of asses?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post747490) by JP
If you "know what you're doing", you realize installing both is stupid, and you don't do it in the first place. You don't just install security mechanisms because "it wouldn't hurt" if it "doesn't help" either.

I'm not sure where people are getting confused as to what exactly a firewall does, and why so many people are saying install both.

For example, someone said they installed a desktop firewall to take care of things that "slip through" their hardware firewall?

Firewalls are set up with a set of rules. Things don't just "slip through" them. It's not like the rules only work "some of the time". If that were the case, we'd call them Firewall Suggestions, and not Firewall Rules.

Even the largest of corporations and governmental agencies rely on border firewalls, and certainly don't expect each desktop to act as a firewall as well. Why not? Because that's not the role of a desktop computer, and for good reason!

Firewalls are intended to be a border access control device, plain and simple. Desktop software versions of them were invented during the "dial up" era as a gimp version of a firewall, because individuals didn't have control over border access at all. (The earliest versions of these were freeware programs written by users on IRC to block things like winnuke. Software companies figured hey, might as well add a bit more functionality and make a commercial product out of them). They have long since outlived their usefulness, and exist solely to satisfy a consumer demand driven by a clear lack of understanding of what a firewall is and does, and the role one plays in information security.

I stand by my earlier recommendation.

:duh:

I have to totally disagree with this.. I have never read in any security documentation that a firewall is solely intended as a border protection device(as in only on the outer most edge of your network)... I think you will find that more and more companies are enabling the software firewall built into XP so that they have less of an internal impact when a virus begins to run wild inside of their environment. The whole idea of only putting security at your broders was a bad one, and one that should have died several years ago... The concept of a border on a network doesn't exist anymore with the size of many corporate networks.. My personal take on it is that almost all computers will run a software based firewall regardless of what other network security is in place specifically to prevent "insider" attacks.

My company has 50k+ desktops, every single new desktop that has XP has the firewall enabled in our custom install. I've also attended an MS security conference as well as a hands on training session of theirs and they are 100% pushing the idea of software firewalls on all systems. ISA on the perimeter and Windows Firewall on the desktop is the new MS mantra.. I have also been involved with several outsourcing projects that my company is running for other fortune500 companies and they are taking the same software firewall on the desktop approach. The main reason is that it is just about impossible to prevent somebody from plugging a non-trusted computer into your trusted network(yes there is new cisco equipment that is better at doing this, but it is easier and less expensive to deploy a software based firewall than a whole new network topology). So you get that one computer that has the new gaobot on it, and all of the sudden it is running wild on your corporate network. A software based firewall gives you almost 100% protection from unknown exploits that seek to infect a machine through an OS vulnerability. You can't infect the machine if the packet can't get to high up the TCP/IP stack...

How does this train of thought apply to an individual user and not just a corporation? Very easy question to answer.. Let's say you have three windows based machines on your home network. Machine A gets infected with the 0day netsky.abcxyz variant because one of your kids accidentally hit yes instead of no when prompted to install something(you have after all told them not to every accept installs if they don't know what it is)... So you now have a virus that is running totally unchecked on your local network. Now none of your AV software can pick up this new variant because they haven't had time to develop and deploy a new dat file. So all of your machines are now infected with this new virii as they all had the same vulnerability exposed that MS has yet to patch... But, if you would have had a software based firewall on each machine, only that first machine would be infected as that stateful packet inspection on your software based firewall doesn't allow the new netsky packets into your other machines as no data was ever requested from that machine on that port.

So again I say, network borders(the outermost edge) as your only place of protection is just a bad idea..

Completely agree with mohaughn and nihil on this.
And I completely disagree with JP as well.

Regardless of whether you are using dial up or a broadband connection, there is absolutely no harm in running a software firewall and AV scanner on your desktops.
IMHO running more than one software firewall or AV scanner is not a good idea, however.

For a start this will detect unusual outbound activity from the desktop, due to something that snuck through earlier, and infected the PC.
And JP is completely wrong in suggesting that these use significant resources (CPU, memory etc.) nowadays, given the hardware specs of most PCs.

As another point, for home users here in the UK, I always recommend they install a software firewall & an AV scanner.
The vast majority are using Win98 over a dial up connection - no JP, most people here, like the rest of the world do not have broadband or a router ....

With a router it do serves as an firewall protecting the workstation but a software firewall enables a user to know what program accessing the internet by monitoring the outgoing connection, if any suspicious programs(trojan horse, etc) fail to be detected by the antivirus, it will alert the user of all outgoing connections make by the program.

Exactly the point I was trying to make.

Any software firewall would pick up on most of the recent worms, if they had got past whatever other defences you had in place.
Always best to have more than one layer of security, in case your main layer fails.
Some AV scanners also include some of the items mentioned by nihil, such as scanning for suspicious scripts, and alerting you to strange outgoing email activity from a PC.

The combination of these two makes it extremely difficult for a PC to be hijacked without you being aware of it.

Neither Antivirus's or Firewall's are for client side operation. ALL filtering and protection should be done on the server side or on another dedicated box. There should not be software firewalls on every computer in the network and antivirus engines should not be on every local computer. There should be two hardware firewalls, one for the dmz one for the lan, and one antivirus web proxy box. That's it. That is all that you need and you will be plenty secure enough with that running. You will not lose years of cpu cycles to worthless 'home-user' firewalls such as zone alarm and black ice, and to worthless antivirus engines such as norton and mcafee.

So to answer your question, on my work network of three domains and ~400 computers, I run a total of 1 antivirus program on 1 machine and another two firewall boxes that just use iptables.

On my home network of ~10 computers I run 1 iptables firewall machine and 0 antivirus engines.

I can't believe people are still posting replys to this thread!!! :cool:

On my home network of ~10 computers I run 1 iptables firewall machine and 0 antivirus engines.
Thats great for a network, but primarily we were discussing a standalone desktop or at the most 2-3 computers sharing an internet connection, and not networked together.
In my understanding anyway.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post748636) by darkes
I completely disagree with JP as well.

You can disagree with me all that you want, but I'm right. :booty:

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post748636) by darkes
For a start this will detect unusual outbound activity from the desktop

Hardware firewalls do this too. We call them "reverse reflexive access lists". If you're like "most of the people" in the UK as you mention below, and don't have a router or a hardware firewall, or have never used one, and are running windows 98, you would, of course, not know this. Which is a perfect reason why you shouldn't be giving people advice.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post748636) by darkes
And JP is completely wrong in suggesting that these use significant resources (CPU, memory etc.) nowadays, given the hardware specs of most PCs.

No, sorry, I'm right on this one too. I love when people state opinions like they're facts, especially when they have no clue wtf they're talking about. :thumbsup:

Actually benchmarking of systems by those in the industry that do that sort of thing tells the true story. (What's this, benchmarks? You mean JP doesn't just pull all of the advice that he gives out of his ass, and actually bases them on knowledge he garners from keeping track of the industry?) Yes, BENCHMARKS.

Fact!: AntiVirus Software can use from 3% - 19% of your system resources while "auto-protecting" your computer from viruses. (and some of the people in this thread advised installing 2 of them, haha)

Fact!: Software Firewalls for the desktop pc (such as Norton or Mcafee or Zonelabs), can use from 5% - 17% of your system resources, and effect download speeds by over 10%.

Total hit to your system? Between 8% and 36% of your system resources.
[/B][/QUOTE]


Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post748636) by darkes

no JP, most people here, like the rest of the world do not have broadband or a router ....

Just because the UK is behind the 8 ball when it comes to broadband, don't use that as a yard stick to measure people "in the rest of the world". As a matter of fact, the UK is WAY behind most of the developed world in this regard. Percentage of growth of new broadband lines in the UK for 2003 was behind countries like China, Italy, and even Venezuela for cripe sake! You did managed to beat out Lithuania though. Congrats!

Does everyone have broadband yet? No. Did I give advice in this thread for those that don't have it? Yes. Is the "age of the dial-up" dying, and VERY QUICKLY being replaced by broadband? Yes.

As for most people in the UK still using windows 98. I have no idea how true that is, and I suspect that you don't either.

mohaughn:

I have no gripes with ICF, and it really wasn't what people were bringing up in this thread, which is why I never really addressed it specifically. It's built into the architecture of the OS, and not layered into it, so it doesn't hold true to most of the issues that I've been discussing about "software firewalls".

Another thing that no one has brought up, which kind of surprised me, is a very fundamental of security: The more software you install, the more vulnerability you're opening yourself up to. Each application brings with it baggage, including those designed to bolster security. A perfect example: http://www.enterpriseitplanet.com/security/news/article.php/3354091

I'm loving this argument. People learn a lot more if they start an argument (peaceful one for that matter)

Here are some numbers:

.Broadband Penetration in Select Countries.
Country or Region
Broadband Subscribers
Data Source
and Date

Australia
1,000,000
N/NR - May/2003

Austria
540,000
ITU - Dec/2002

Belgium
869,000
ITU - Dec/2002

Canada
3,600,000
ITU - Dec/2002

China
17,400,000
CNNIC - Dec/2003

Denmark
462,000
ITU - Dec/2002

Finland
274,000
ITU - Dec/2002

Hong Kong
989,000
ITU - Dec/2002

Hungary
260,000
KSH - Dec/2003

Iceland
25,000
ITU - Dec/2002

Japan
7,806,000
ITU - Dec/2002

Korea
10,128,000
ITU - Dec/2002

Netherlands
1,060,000
ITU - Dec/2002

Singapore
392,000
IWS - Dec/2003

Sweden
693,000
ITU - Dec/2002

Switzerland
455,000
ITU - Dec/2002

Taiwan
3,000,000
T.T. - Dec/2003

United Kingdom
3,200,000
Oftel - Jan/2004

U.S.A.
26,200,000
Y.G. - Aug/2003

Sources: (1) International Telecommunications Union (ITU),
(2) CNNIC, (3) Taipei Times, (4) Ofcom, (5) Yankee Group,
(6) Nielsen//NetRatings, (6) KSH .




Some 63.8 million people around the world are now connected to the Internet via DSL, reports DSL Forum, based in Fremont, Calif., a consortium of companies promoting use of the standard. The figures show that DSL attracted 28 million new subscribers during 2003.



Here u go gentlemen: http://www.internetworldstats.com/articles/art030.htm

From the college student perspective-

When I fixed blaster and sasser, people asked me how they got them. I said it's because they didn't update windows. So I would turn on auto-update for their AV(if they had it) and windows. Problem is, I'm not willing to keep track of all the software they use to make sure its updated and configured to update. In this case, a firewall is necessary to protect what could possibly exploit unupdated software. I'm not going to tell them they need to pay 100 bucks for a hardware firewall when I can have them install a free software firewall and configure it to update itself and work in the background. If I worked for Best Buy, hell yeah I'd try and sell them some stuff. But people don't like spend money on things they don't understand. Besides, we can't have routers in our dorms because we are only supposed to have 1 box per student. The school doesn't offer any firewall beyond our rooms (otherwise we wouldn't have been effected by sasser). Software is the only option for me.

As for resources, I like to keep things running smooth, but I only notice a difference when I'm rendering. Most people don't render, but most people don't run 2.0+ ghz either.

btw-
Hardware firewalls get exploited too.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257855#post748811) by JP

Hardware firewalls do this too. We call them "reverse reflexive access lists". If you're like "most of the people" in the UK as you mention below, and don't have a router or a hardware firewall, or have never used one, and are running windows 98, you would, of course, not know this. Which is a perfect reason why you shouldn't be giving people advice.

No, sorry, I'm right on this one too. I love when people state opinions like they're facts, especially when they have no clue wtf they're talking about. :thumbsup:

Actually benchmarking of systems by those in the industry that do that sort of thing tells the true story. (What's this, benchmarks? You mean JP doesn't just pull all of the advice that he gives out of his ass, and actually bases them on knowledge he garners from keeping track of the industry?) Yes, BENCHMARKS.

Fact!: AntiVirus Software can use from 3% - 19% of your system resources while "auto-protecting" your computer from viruses. (and some of the people in this thread advised installing 2 of them, haha)

Fact!: Software Firewalls for the desktop pc (such as Norton or Mcafee or Zonelabs), can use from 5% - 17% of your system resources, and effect download speeds by over 10%.

Total hit to your system? Between 8% and 36% of your system resources.
Just because the UK is behind the 8 ball when it comes to broadband, don't use that as a yard stick to measure people "in the rest of the world". As a matter of fact, the UK is WAY behind most of the developed world in this regard. Percentage of growth of new broadband lines in the UK for 2003 was behind countries like China, Italy, and even Venezuela for cripe sake! You did managed to beat out Lithuania though. Congrats!

As for most people in the UK still using windows 98. I have no idea how true that is, and I suspect that you don't either.



To reply to some of your points.
wtf is a DMZ hardware firewall worth when someone has just connected an infected portable PC to your internal network?

And, I have worked in this industry for more than 20 years, so I do have some idea what I am talking about ...

I haven't a clue what benchmarks you are using, but the ones I have run show the performance hit at less than 1%, and no affect on download times.

Win98 for home users is a bit of a red herring, as I agree that is a different matter.
btw, perhaps you haven't looked at the MS figures that show Win98 is the most widely used version of Windows across the world.

And, no I don't use Win98 in either a work or home environment ...

I must say, I find your attitude very condescending & insulting, as you are making one hell of a lot of assumptions - like I don't understand the difference between Win98 & the WinNT/XP line and what you should do to harden the system in a work environment - which, yes, does include software firewalls.

I was expecting more from you .....

In return can I say that IMHO you don't know wtf you are talking about either.
Expecting loads of negs for this comment ...

Well, let's put this into context a little?

Just because the UK is behind the 8 ball when it comes to broadband, don't use that as a yard stick to measure people "in the rest of the world". As a matter of fact, the UK is WAY behind most of the developed world in this regard. Percentage of growth of new broadband lines in the UK for 2003 was behind countries like China, Italy, and even Venezuela for cripe sake! You did managed to beat out Lithuania though. Congrats!

1. There are problems in Europe because of the infamous "dot com" bandwagon or "bubble"..........a lot of providers put a massive amount of their venture capital into these worthless shells, and lost the lot...........this is money that should, by rights, have gone into expanding the infrastructure and obtaining more customers. We are suffering for that!

2. Italy is easily explained, their telcos/ISPs were very greedy on prices so people did not use dial up very much. Most people used the net when they got to work, it was a sort of tax free benefit?....not good for security IMHO :rolleyes: Now that competition has increased, the price has fallen........and that is first hand information from the chief statistician of a northern Italian province. Having these discussions with other European contacts I do not see the infrastructure investment..............just a shower of vultures squabbling over a roadkill........every month I get solicitations to change my telco, gas and electricity suppliers..........still the same providers, just different people billing me?

3. Percentage growth? has anyone heard the phrase "there are lies, damned lies and statistics"? So I have a country with 10 broadband users, next year I have 20............hey that's a 100% increase?

4. At the end of the day, and before the setting of the sun, the rules of the Electronisphere (my word) will be obeyed. With good luck and a following wind, the maximum range of copper wire ADSL/SDSL is 5,500 yards from the telephone exchange. If there has been little usage, the growth statistics will seem very large, but then you will hit the major capital investment barrier? Also, if you have been upgrading your exchanges to fibre optics, but your land lines are copper wire...............DSL won't work..(I guess we like to find these things out the hard way over here:))

I think that more relevant and interesting statistics are number of internet accounts per head of population, and type of connection?

As for WIN98, I do some spare time helping for charitable & non-profit organisations where we provide refurbished computers for old, infirm, educationally challenged and low income people. These are generally donated ex-corporate boxes and we tend to use Win98SE, as that is about the best the hardware can support. So, YES, it is a common operating system in the UK still, as my groups are replicated throughout the Country.

Just a few thoughts

For thoes of you that have more than one antivirus or firewall installed and disagree with jp May seem like alot of work but, Goto www.pcpitstop.com test your box. than uninstall one them and retest, see if your speeds in any area change?

And then let us know. I believe that facts that you can prove are allways best. I can only agree with people like " JP " and most if not all of the senior members becuase they have been doing this for a living and or most of there lives. Me on the other hand can only give people advice for what I know "car audio/video , Electronics - 12volt" becuase thats what I have done most of my adult life, and am now going for my ccna(testing is 6 weeks from now :confused: this is the most I have ever had to study.). Thanks everyone you have definitely made more things clearer for me and I hope others!!!!

sounds like a good way to find out

With avg, norton 2003 AV, and zone alarm 4.5.594

Processor (CPU)
Millions of instructions per second (MIPS) 6067 6122 0.100 612
Memory (RAM)
Megabytes per second (MB/sec) 5155 5240 0.100 524
Video 2D
Megapixels per second (MP/sec) 123 137 1.000 137
Disk I/O
Megabytes per second (MB/sec) 3 2 1.000 2
Tips
Deduction for red/yellow flags 2 -10 -20
Total Weighted Score 1249 1255


same with out zone alarm


Processor (CPU)
Millions of instructions per second (MIPS) 6067 6124 0.100 612
Memory (RAM)
Megabytes per second (MB/sec) 5155 5242 0.100 524
Video 2D
Megapixels per second (MP/sec) 123 137 1.000 137
Disk I/O
Megabytes per second (MB/sec) 3 2 1.000 2
Tips
Deduction for red/yellow flags 2 -10 -20
Total Weighted Score 1249 1255


hum not much different IS THIS IS A PROPER BENCHMARK TEST?

now no zone alarm and no avg

Processor (CPU)
Millions of instructions per second (MIPS) 6067 6124 0.100 612
Memory (RAM)
Megabytes per second (MB/sec) 5155 5245 0.100 525
Video 2D
Megapixels per second (MP/sec) 123 138 1.000 138
Disk I/O
Megabytes per second (MB/sec) 3 2 1.000 2
Tips
Deduction for red/yellow flags 2 -10 -20
Total Weighted Score 1249 1257

Well now i see a difference, about .00159% is that a significant change ?

went to msconfig and turned every thing off

Processor (CPU)
Millions of instructions per second (MIPS) 6067 6124 0.100 612
Memory (RAM)
Megabytes per second (MB/sec) 5155 5249 0.100 525
Video 2D
Megapixels per second (MP/sec) 123 137 1.000 137
Disk I/O
Megabytes per second (MB/sec) 3 2 1.000 2
Tips
Deduction for red/yellow flags 2 -10 -20
Total Weighted Score 1249 1256

my oh my I seem to have lost some thing well it may have been the asus software that runs the fans because they all went to full speed and I seem to have lost one point in speed, oh I see it, it looks like killing the nvidia stuff may have slowed down my vid card some.

system is as follows,

Brand/Model System Manufacturer System Name
Type Desktop
Serial Number XXXXXXXXXXXXXXXX
BIOS Award Software, Inc. ASUS A7V8X ACPI BIOS Revision 1013 08/18/2003
System Board ASUSTeK Computer INC. A7V8X REV 1.xx
Brand/Model AMD Athlon
Nominal Clock Speed 2000 MHz
Measured Clock Speed 2000 MHz
External Clock Speed 133 MHz
CPU Load 0%
Speed Rating 6124 (101% of 10292 similar)
RAM installed 1024 MB
Windows RAM 1024 MB
Total RAM slots 3
Available RAM slots 1
Max RAM module size 1024 MB
Memory Type 512+512+0;DIMM,DRAM,|Synchronous;T16
Speed Rating 5249 MB/s (102% of 10292 similar)
Partition format NTFS
Cluster size 4 KB
Drive label No Label
Size 76308 MB
Free space 68368 MB (90%)
Junk files 45 MB (0%)
Data fragmentation 20%
File fragmentation 12%
Uncached speed 2 MB/s (61%)
Brand/Model NVIDIA GeForce FX 5200
Resolution 1152x864 pixels
Colors 16 million
DirectX version 5.3.0000000.900 built by: DIRECTX
OpenGL version 5.1.2600.1106 (xpsp1.020828-1920)
Acceleration options Enabled
Performance 137.45 MP/s (112% of 805 similar)
Bandwidth Down 1273 Kbits/sec
Bandwidth Up 211 Kbits/sec
Average Ping 52 ms
Ping Loss 0%
TCP Receive Window (default)
External IP Address 0.0.0.0(really didnt think i would did you)
Internal IP Address 0.0.0.0
Browser MSIE 6.0
IE current cache 10 MB
IE max cache 2385 MB
Windows XP SP1
Full Version Windows XP 5.1.2600 Service Pack 1
First Install Sat Dec 20 2003
Free Resources 90%
Fonts Installed 183
Windows Scripting Version 5.6.0.6626
CPU Load 0%
ActiveX Security Issues None
IE Restricted Zone Permissions None
System AMD Athlon, 2000MHz 87% 1000 MHz
Memory 1024 MB 99% 256 MB
Disk 74.52 GB 74% 20 GB

Ok what did this tell me, first I will keep running avg and norton side by side, second I have enough machine to run a bunch of stuff at startup{but I dont, I do a lot of video editing and need my machine to run fast}, third even JP's opinion can be just that; an opinion.
I only have three degrees in comp sci two AS's and a BS but even more importantly I work in the real world, I administer several commercial accounts and two web servers (ick ms2003 boxes), and see dozens of home boxes a week for many years now.

the most important thing, is to keep what ever you run UPDATED

PS if anybody has a better benchmark test let me know I am open to change.

AS the big boss said. install 1 on the box, end of story. I know symantec software has issues running in parallel with other similar objected software like, mcafee. Going ahead and installing loads of this stuff is just asking for bloated up registry!!!

OK YOU ALL ARE THE PROS AND I AM JUST A SCUMBAG, SO SEE YOU ALL SOME OTHER SITE

If one software firewall and one AV is going to slow your computer down enough to have a significant impact on you, it's time for a computer upgrade anyway. As long as you don't get too crazy with the idea and throw a ton of crap on there, you should perform fine, as the performance drop won't be enough to notice. Or so my experience has so far demonstrated, anyway.

So what's up with the egos folks?

I have NIS (anti virus disabled) and Mcafee antivirus on a P233MMX box and it is running fine. No performance problems. By the way, you cant enable both because they both want to hook file system calls. When enabling both (i tried) macfee abends.

Altough i got attacked and infected with that configuration, i think this is one will fit most of the home nets around