In need of armor

Ok well I just had to give my comp to a friend for about a week so he could track down and repair it due to some nasty virus. Now that my comp is back up and running again i really really really want to avoid a repeat. After asking my friend what the best virus blocking program was, I learned how different ones protect in different ways. He also told me that while more is generally better, some of these programs tend to conflict with each other and to go here to find out the best combo.

SO I'm here and this is my question:

What wold be the best, in your guys opinion, combination of firewall, pop-up blocker, virus scanner etc. that i can get on my computer without them conflicting with each other? I would prefer at this point to have as many as i can. Thanks in advance.

One of each will be fine.....as long as you keep them updated

What operating system.??

How do you connect to the internet??

MLF

im running windows xp home with service pack one. only reason i dont have service pack two yet is because i want to get all of these programs on my computer before i connect to the internet. as for my isp i use sbc yahoo dsl with the 2wire connection that converts from my phone jack in the wall into a usb port.

Well patching your machine is a must!!

Any antivirus will do...as long as you keep it updated....I tend to stick with known companies.

Google bar has a pop up blocker as does the newest version of IE

There are several Antispyware programs...you can get an all-in-one from symantec.

Put a router (hardware firewall) in front of your internet connection...which will block worms and malicious scans from accessing your computer...unless you open up ports.

Search and read info on this site\google.

Watch your surfing\download habits..and opening attachments or email.

There....

As for multiple programs doing the same thing...all it does is chew resources, cause conflicts and is not nessecary...IMHO ..of course.

Patching and updates is your best starting point.

MLF

I use (on my home PC!) zone alarm 5.5 security suite, this is my firewall and (not so fast) anti-virus.
As for pop-up blocker using a properly configured Firefox instead of IE tends to stop pop-ups.

Zona alarm as it is easy for a beginer to use and configure and does not take up a lot of system resources like other F/W's & A/V's do!

Quote:

---

programs on my computer before i connect to the internet

---

Good thinking batman :)

Try searching around the forums and the tutorials. There have been quite a few posts about what to put on a pc to keep it safer.

Post back with your choices.

Definitely run Ad-aware, Spybot and one antivirus program. More than one antivirus programs running at the same time can cause problems. See (http://service1.symantec.com/SUPPORT...00031316555206).

Ad-Aware (www.lavasoftusa.com/software/adaware/)
Spybot Search & Destroy (http://www.safer-networking.org/en/download/)

For antivirus My choice is Symantec
http://www.symantec.com/product/index_homecomp.html

But there are many to choose from (Free and $$$) in no particular order:
McAfee (http://www.mcafee.com/), AVG (http://www.grisoft.com/doc/1), ClamWin (http://www.clamwin.com/) ... Just to name a few.

You can (and probably should) run a personal firewall if for nothing else than seeing what on your box is trying to make outgoing connections. ;-)

I like Kerio Personal Firewall
http://www.kerio.com/kerio.html

If you have a high-speed connection you can (and probably should) install a firewall/router. Like something from LinkSys (http://www.linksys.com).

-ts

I did some looking around and am thinking about going with firefox instead of ie, well come on why wouldn't I, and useing zone alarm, ad subtract, and that google bar. One of the it guys here at work just suggested a program called Black Ice, and said it was pretty much all i would need. What do you all think of black ice?

Quote:

---

Originally posted here by JewishIntent

What wold be the best, in your guys opinion, combination of firewall, pop-up blocker, virus scanner etc. that i can get on my computer without them conflicting with each other? I would prefer at this point to have as many as i can. Thanks in advance.

---

My answer would be , whatever works best for the individual user. Having used various combinations / mixes over the years , my advice would be to experiment and use what you find easiest and most suitable for your individual set-up, and of course one that works. The advice you are looking for at this level means ****, unless you are comparing like for like, so you will get lots of different personal opinions. Go do some work on your problem and make your own decision

as to adding a firewall/router i ask this, my computer is not the main computer in the house as far as our isp is concerned. the actuall router is directly connected to my mother's computer and then into the wall which is how the other computers are able to connect with it. would adding a physical router/firewall on my computers end give me any problems?

It would not give you any problems but it's not needed (since your mom already has one in place).

I would say go with a software firewall (again, just to see what is trying to make outbound connections). When your computer got infected, did any other computers on your home network get infected?

-ts

actually my computer was the last to get problems because i did have the most protection, althought obviously not enough. im not even going to go into the problems my moms computer is having. my older brother is useing my old computer and its only problem is its windows me, and the other comp had some program that kept downloading spyware that i was able to track down and nuke.

Here's my personal recommendation:
Kerio Personal Firewall (free)
AVG 7.0 Free Edition
Spybot: Search and Destroy. (Enable both Hosts File Protection, and Immunization.)
Put this malicious site blocking list in your HOSTS file: http://www.mvps.org/winhelp2002/hosts.htm
For instructions on finding/editing the HOSTs file, please see my tutorial:
http://www.antionline.com/showthread...hreadid=266592

Turn off File and Printer sharing. (Properties of your LAN.)
If you must use Internet Explorer, configure the Security Settings to prompt you for just about anything ActiveX related. This will eliminate one hole through which Spyware/Adware/Malware can get through.
I prefer Firefox, however, because if a vulnerability does manage to get exploited on your system through Firefox, because Firefox isn't directly tied into the Windows Kernel (like I.E. is) I believe that it would be harder for the exploit to do an extreme amount of damage to your system easily.


- X

Quote:

---

Originally posted here by xierox
Here's my personal recommendation:

---

My point exactly. Personal, what works for you will not suit everybody. My personal set up has been tried and tested by me for over 6 years with no problems, but that is not to say it will suit anybody and be effective

Quote:

---

Put a router (hardware firewall)

---

MLF *slap* We just discussed this in the other thread about firewalls that you were involved in. Don't you pay attention at all?

Quote:

---

As for pop-up blocker using a properly configured Firefox instead of IE tends to stop pop-ups.

---

Both browsers offer this functionality. There is no security advantage to Firefox or any other full featured browser.

Quote:

---

You can (and probably should) run a personal firewall if for nothing else than seeing what on your box is trying to make outgoing connections. ;-)

---

netstat offers the same functionality and is included with his system already.

Quote:

---

I did some looking around and am thinking about going with firefox instead of ie, well come on why wouldn't I

---

Because you gain nothing and you can't really remove IE so now you have two browsers on your system for no gain.

Quote:

---

I would say go with a software firewall

---

What kind of software firewall? All firewalls are software! This advice says nothing more than you think it should be local. Nothing about the functionality provided.

Quote:

---

actually my computer was the last to get problems because i did have the most protection, althought obviously not enough.

---

If the trusted network (the network segment on your side of the router) has been compromised, it is not practical to secure any given system on that segment. You need to clean the entire network first.

Quote:

---

Firefox isn't directly tied into the Windows Kernel (like I.E. is)

---

No, IE is not "directly tied into the Windows Kernel" it runs in user space just like every other application.

Quote:

---

I believe that it would be harder for the exploit to do an extreme amount of damage to your system easily.

---

The amount of damage that can be done is directly related to the amount of access afforded to the offending application and has nothing to do with the application itself. If Firefox and IE are run under the same rights, exploits of each will be capable of the same amount of damage. Applications do not and cannot control their level of access, this can only be done by the OS.

Knowing this....
Create a very limited account for yourself, no installation capabilities. Use this account for all your normal functions. Minimize your use of unneeded services. Use your computer's IP filtering system to restrict incoming access to only services you plan on sharing. Use your web browser's security settings to restrict the functionality of untrusted websites and use an on the spot virus scanner like trenmicro's online scan to verify software packages before installing them.

cheers,

catch

Quote:

---

Originally posted here by catch
No, IE is not "directly tied into the Windows Kernel" it runs in user space just like every other application.

The amount of damage that can be done is directly related to the amount of access afforded to the offending application and has nothing to do with the application itself. If Firefox and IE are run under the same rights, exploits of each will be capable of the same amount of damage. Applications do not and cannot control their level of access, this can only be done by the OS.

---

Learn something new every day. Thanks!

Quote:

---

You must spread your AntiPoints around before giving it to catch again.

---

:(

- Xierox

xierox,

http://www.antionline.com/showthread...hreadid=270607 section 8.3

you even gave it greens. :P

cheers,

catch

Quote:

---

MLF *slap*

---

Ouch :(

Your right..

I usually refer to a hardware firewall as an external..firewall \appliance\device...or what ever that thingy magigy is ;)

Not something that runs on the computer..per se

I will get the terminalogy correct...

Forgive me :hearts:

I have learned so much from this site.....and continue to

It isn't so much a terminology issue... but "hardware firewall" doesn't tell you what type of firewall it is... just what kind of system it is running on. :P Which, really isn't very informative.

cheers,

catch

Quote:

---

8.3q. Between application X and Y, which is more secure?
8.3a. Since applications are not capable of enforcing the level and type of system resources they can access the idea of relying on applications for security is a foolish one.
That said, you want to seek applications that require minimal access to system resources, this ensures that it can be locked up in the smallest compartment by the operating system, which is ultimately responsible for all system security functionality.

---

Yes. And I believed that Internet Explorer required more access to system resources than Firefox did.

- Xierox

Just read the TFM the lot of you. There are no shortcuts in learning.

Quote:

---

If the trusted network (the network segment on your side of the router) has been compromised, it is not practical to secure any given system on that segment. You need to clean the entire network first.

---

So do you mean that if one of my brothers computers is infected mine can get infected too? Our computers, as far as i knew, had/have no direct contact with each other.

Quote:

---

Originally posted here by JewishIntent
as to adding a firewall/router i ask this, my computer is not the main computer in the house as far as our isp is concerned. the actuall router is directly connected to my mother's computer and then into the wall which is how the other computers are able to connect with it. would adding a physical router/firewall on my computers end give me any problems?

---

from here we get to here

Quote:

---

Our computers, as far as i knew, had/have no direct contact with each other.

---

Your telling us you have ONE connection to the net via your Mom's PC, this means that all of the PC's that are using this connection ARE in [potential] contact with each other.

You have a LOT of learning to do :)
which is after all, the reason that you are HERE :D

take the advice given by !mitationRust :

Quote:

---

Just read the TFM the lot of you. There are no shortcuts in learning.

---

it really IS that simple ...................

So : in essence we are advising you to tread carefully, THEN when you are more capable in your ability, THEN you can screw your setup down TIGHT[ish]

In MY system I have the net coming in off the telephone point > ADSL Router > [NIC1] Clark Connect box [NIC2] > 8 way 100Mbps switch > cat5 to the various boxes running here at Chez Fox. Server+Win2KServer / XP-2K dual boot / Ubuntu / Fedora core 3 / couple of other items on repair status .............

What I THINK you have is a peer to peer set up, with your Mom's PC at the sharp end ........ ??

I'm sure I've missed something, but I'm also sure that someone will tell us ..........:)

I prefer symantec products and has been using it for years. The spyware detection feature is also good. The latest with internet security anti spyare will provide you antivirus, firewall, antispyware in a single package.

Also as everyone say keeping your system updated is the key. This will include patches, antivirus/firewall/spyware signatures and such.

-Joseph

Quote:

---

Your telling us you have ONE connection to the net via your Mom's PC, this means that all of the PC's that are using this connection ARE in [potential] contact with each other.

---

Hmmmm ok im pretty sure i understand how i got mixed up but just so i know for sure what you guys mean let me just explain how all of the computers connect to the internet. Mom's comp has an ethernet cable from the router to her comp. the router has a phoneline into the wall. the rest of the comps in the house all just plug into the phone jack in thier respected rooms. I, of course not knowing much at all, assumed that since my brothers computers and mine only connect into the phone jack, that they talk directly to the router and not with each other or my mom's computer.

It doesn't matter, if a system on a trusted network is compromised, they whole network must be considered untrusted.

A compromised system may have its trust relationship with the router leveraged, etc.

cheers,

catch

i see, so then is there a way to change security settings to dissalow any and all, or as much as is possible, contact between the different systems beyond what it takes to go online and play my game? i know i could just get the other comp fixed but i specifically told my brother not to do what he did because i knew it would get infected, and since he did it anyway i refuse to help him at all, unles i will have to in order to assure my computer's safety

Quote:

---

anyway i refuse to help him at all, unles i will have to in order to assure my computer's safety

---

well I'm afraid that you WILL have to help him, as the chain is only as strong as its weakest link, and for you, your brother is the MISSING link :)

you have a home network setup, wherein each PC is able to access the net via a single point, so it follows that each PC COULD get to every other PC.

as a quickie, you could start by making sure that you are NOT sharing anything

in explorer > Rclick C: > properties > sharing tab [uncheck the share if there is one, do it to all.

someone needs to post all details of what else to switch off
like messenger ...................

you REALLY need to get Mom on your side, THEN beat the crap out of kid bro :D

I use:

~Symantic Anti-Virus
~ISS BlackICE firewall (called RealSecure now...I believe)
~Spybot S & D for spyware detection and removal
~FireFox w/ pop-up blocker just because

Also use secure applications just to be safe, like SSH for any FTPing or ThunderBird over Outlook for email.

Give "kaspersky internet security" a try, you can try the beta for free until this year is ending.... it also has an IDS.

http://www.winplanet.com/download/22695.htm

F**k Symantec with its online reg. an Software so big, you wont have some space and cpu time left.
KIS (Kaspersky Internet Security) has it all: a good Firewall, one of the best Virus Scanners, anti spyware tools, mailscanner, ids etc.

Quote:

---

Originally posted here by foxyloxley
someone needs to post all details of what else to switch off
like messenger ...................

---

C:\windows\system32\services.msc

If you're lazy, you can just copy and paste this into your internet explorer window and Services will popup ;)

When in services, go to messenger and right click. Go to properties, click the stop button, and in the startup type dropdown menu, click disabled.

This should stop those messages that popup blockers won't. :D