New Computer, What security would you use

[breadman]

I am getting a new computer and was wondering can you run a computer on free security software alone, or would you buy something like Norton or McAfee and then download some free stuff as added protection. Is it also true that you cannot have two firewalls at the same time.

Thanks,

breadman

 

[rossored]

imo, you really dont need to pay for stuff.

If you have a decent firewall and you use your brains, that ought to avoid a lot of stuff like viruses, but it wont avoid spyware if you use IE as your browser.

I'd recommend the following:

Mozilla Firefox browser (but keep IE because not all sites are Mozilla-friendly yet)
Mozilla Thunderbird email client.
AVG7 or Avast! anti-virus (both free)
Spybot S&D
Ad-Aware
Javacool Spyware Blocker

and a decent firewall (one that manages outbound as well as inbound connections, which the XP firewall doesnt do) - something like ZoneAlarm (also free) or (before Oatman jumps in) Sygate.

I wouldnt use Norton myself because I feel its too resource-hungry - but someone will probably disagree with me on that (where are you, JonnyT ?)

All the links for the above can be found in the Techies Corner sticky thread.

 

[roguetrader]

If you had to choose between a software computer based firewall such as Sygate or Zone Alarm, and a firewall provided and incorporated into your router, which one would be the best choice?

 

[oatman]

Kerio firewall http://www.kerio.com/kpf_download.html
AntiVir http://www.free-av.com/
Spybot including TeaTimer http://www.safer-networking.org/en/download/index.html
Ad-Aware http://www.lavasoftusa.com/
WinPatrol http://www.winpatrol.com/winpatrol.html
SpywareBlaster and SpywareGuard http://www.javacoolsoftware.com/downloads.html
along with regular updating and online scans, you will remain clean

 

[theknifemac]

Also on the email client I like Pegasus, it won't display nasty HTML unless you ask it nicely and is not vulnerable to most Outlook exploits.

Roguetrader - I have a firewall on my router but am still running Zonealarm on my main PC - I like to see when things are accessing the network etc. But haven't had any major issues of inbound traffic as they are all blocked by the router firewall.

Stew

 

[Roberto]

I use Norton myself (probably just because I know no better, or no different, anyway) but recently people have increasingly been telling me that something called Grisoft AVG is every bit as good, and free. Would someone who knows about both like to give an opinion on this?

 

[roguetrader]

Thanx Stew I have been running Sygate for the same reasons as the router seems to let anything connect to the net However there seems to be some sort of conflict when accessing e-mail sites. Have just changed one of my machines to Kerio Firewall and exactly the same thing happens.

 

[theknifemac]

I use Norton myself (probably just because I know no better, or no different, anyway) but recently people have increasingly been telling me that something called Grisoft AVG is every bit as good, and free. Would someone who knows about both like to give an opinion on this?

Hi Roberto

I use AVG the paid for version on my main PC and on the family one and am very happy with it. I recommend the free one to people not wanting to pay. I found it was a lot lighter and less intrusive than Norton tho am running Norton on my laptop at the moment and it is fine. I would also recommend running another AV package as a backup but make sure you don't activate its active protection.

Stew

 

[theknifemac]

Thanx Stew I have been running Sygate for the same reasons as the router seems to let anything connect to the net However there seems to be some sort of conflict when accessing e-mail sites. Have just changed one of my machines to Kerio Firewall and exactly the same thing happens.

Hi Rogue, what problems do you experience exactly and do you have an example site ? I've not had any problems with my setup.

Stew

 

[pb]

I have Win XP on my laptop and installed Microsoft anti-spyware (beta) and WinXP firewall (part of SP2).

Both free of course. The anti-spyware is better than Spybot in my opinion. I also have free AVG.

 

[roguetrader]

Wen I go to either Hotmail or another e-mail client I use called Outgun.com, as soon as I try to logon the connection appears to slow right down and the page times out. If I disable my software firewall, (the one on the computer) I am able to logon no problems. Alternatively connecting to the net with a different modem ie no router firewall only the pc based one there is no problems with the e-mail, so it is definitely the result of the combination of both firewalls. Thats why I was wondering if I disabled my router firewall, and just run the pc based software ones would there be any great risk, since I like their ability to control outgoing traffic as well.

 

[theknifemac]

Wen I go to either Hotmail or another e-mail client I use called Outgun.com, as soon as I try to logon the connection appears to slow right down and the page times out.

Thats very strange, I don't access hotmail or gmail a lot but have never had any problems with them, apart from loads of spam on the hotmail one of course. Also very strange that you don't have the problem when either of your firewalls is taken out of the loop. As you say it must be some sort of interaction between the two. You could turn off the software one, but its not something I have done or needed to do and like you I like the additional confirmation when something on my box is trying to get out there, I like to know about it.

Are you able to adjust settings for specific sites ? I can do that in ZA, perhaps you can switch the firewall off for hotmail.com but leave it running as normal for everything else ?

Stew

 

[roguetrader]

Thanx Stew, the big problem is that eSignal will not work with bothe firewalls running. It connects to the server ok and indeed will feed me data but the only data I will have is from the moment I connect, no back data from before the connection. Gonna sit down this weekend and message all the relevant forums, Sygate, eSignal and Kerio and see if I can figure out the cause and a cure if there is one. For now I've just had to disable the onboard firewalls when I connect to anything that won't play. If I get any answers will post them back on here.

 

[theknifemac]

OK good luck. I guess the data is coming back on a different port and the hardware firewall is stopping the new connection, but if it works with the software firewall disabled then that screws up my point. If you find the ports that ESignal is using you could maybe open them up on both firewalls. I don't have ESignal installed anymore so can't check for you now. The guys on the ESignal boards are normally pretty helpful.

Stew

 

[JonnyT]

A standard Broadband Router will simply use NAT as its security.

This will allow any connection to made from your home network to the Internet. It will not allow any inbound connections to be made unless you configure Port Forwarding.

Some Applications require a host on the Internet being allowed to create an incoming connection which might be the issue with Esignal. All the P2P applications do for example.

What should be remembed is that once a connection has been established data can flow freely in both directions. This means if you connect to a dodgy site, potentially it could load a trojan etc and exploit NAT by making outbound connections from your home network.

There are several ways to prevent this problem:

1) Use a Firewall configured to filter outgoing traffic as well as blocking incoming connection attempts
2) Use a Firewall that inspects the data flows.
3) Always have an Anti-Virus client running and upto date. AVG is a good free choice, but I would recommend Symantec Corporate Edition
4) Run regular Adaware scans. Spy-Bot and Adaware are good choices
5) Where possible use a Hardware Firewall
6) Keep your PCs fully critically updated

I have to admit that for my Home network I rely solely on a NAT Broadband Router with Symantec Corporate Edition AV.

The only issues I ever have are with adaware which I routinely remove with Spy-Bot and Adaware.

I do run IE and the full version of Outlook and have never had a Virus infection. Symantec picks up any potential threats through its Outlook integration.

JonnyT

 

[roguetrader]

Hmmn someting appears to have killed my spybot, it refuses to launch. I have read somewhere that spybot and Ad-aware don't always play nice together

 

[rossored]

For anyone with ZoneAlarm configuration problems, ZoneAlarm do run a technical forum themselves, where you will normally find people very willing to help.

You can find it here:

http://forum.zonelabs.org/zonelabs

 

[oatman]

I've always run Ad-aware and Spybot together and never had problems. Try uninstall and get fresh copy.

 

[roguetrader]

Thanks oatman, have reformatted the offending computer now as it is an old laptop running win98se, am thinking of upgrading it to win2k, and figure there is less likely to be a problem if it has only windows on it at the time of upgrade, have heard it's a pretty hit or miss operation.

 

[Directional]

if you want to check the security of your firewall, you can do so at http://www.grc.com - take a look at their "shields up" function which will initiate a scan of your ports and provide a report on which ports are open, plus any other windows vulnerabilities or microsoft exploits that your system has left open or unpatched.

I am using ZoneAlarm and my system shows as completely stealthed, meaning my PC does not even respond to pings from potential intruders. XP firewall does not protect you against trojans.

Antivirus am using Grisofts AVG - even the free version includes very regular updates.

Spyware and Malware - MS's anti-spyware beta is very good, I also use SpySweeper and occasionally run Lavasoft's AdAware just to make sure I'm clear of cookies.