Main Area and Open Discussion > General Software Discussion

windows security - what's really necessary?

(1/10) > >>

Target:
there is an ongoing thread at https://www.donationcoder.com/forum/index.php?topic=6059.0 about the best free windows firewall

that thread got me thinking about what it is that is really necessary to make the virtual world a safe place to visit.

a lot of people have espoused various firewalls, while others have been given a big thumbs down - some even eschew any sort of software firewalling

on top of a firewall most use a range of AV and antimalware utilities. 

Some users install and maintain a sometimes bewildering array of these tools and swear by the results

I'm no expert, but I can't help but wonder whether this in an effective strategy - OK, let's assume it's 'effective', but at what cost?.  does the extra overhead justify the results

I guess the question I'm actually asking here is what is it we really need, ie


* firewalls - which features or functionality should we consider mandatory, which are nice to have, and which ones are useless fluff/bloat.
* AV - as above
* Anti-Malware - I've separated this as I consider things like ad-aware etc perform a different function to 'normal' AV applications
and just how can we, as end users, determine the effectiveness of any or all of these tools, individually or in concert, in meeting our particular needs?

Target

J-Mac:
I used to be almost religious about PC online security. Probably to the point of being very annoying, such a proselytizer I was.  I always had what I researched to be the best AV, AS, and FW available installed and setup carefully.  Built a regular cocoon around my PC, I thought!  But my stance on this has definitely weakened considerably over the past year, year and a half.  And I'm still not certain if I am OK with this, or if I am just being overly sloppy about it.

Currently I am using NOD32 V2.7, though I might upgrade to 3 shortly. (V 3 was released to much woe over at Wilders Security forums; seems it was fairly buggy and also quite a bit more restrictive than 2.7 - which I find to be too restrictive myself at times. I cannot keep most Nirsoft applications on my machine because, even with them listed under "Exclusions", NOD32 eats them up. Three years I have been imploring them to stop quarantining Nir's programs to no avail.   :(  )

My most recent Anti-Spyware and Firewall respectively were Sunbelt's Counterspy 2 and their update of the Kerio Personal Firewall. Counterspy, while receiving rave reviews, can act up annoyingly much too often. I corresponded with Eric Howe many times about this, and he even agreed with some of my points, but alas it remains that way!  It often goes "red" in my systray, meaning that it is no longer actively scanning in the background. Not supposed to do that, of course, and it was an early issue with C-Spy 2, but they claim to have that fixed - for the most part!  Still does it with me. I had three paid licenses for it, and I let all lapse. Other bugs that drove me crazy - and it eats programs without me setting it up to so so.  This is my main problem with many security apps today: Even if not configured to be overly aggressive, they have code in them which seems to be designed to secure my PC against all potential items the developers deem to be dangerous - even against my own wishes. It is "hurting me for my own good"!!  Or at least that is how the developers seem to see it. If I cannot configure annoying behavior - protection I feel is too extreme - to not occur, then I do not want it on my machine. Simple as that!

The Sunbelt Personal Firewall - which still carried the "Kerio" name at first; I purchased three licenses for that, also - was a real mess when they first acquired it and performed their first "upgrade". It completely hosed my Hosts file, would change settings affecting my home network on its own, and would occasionally seem to not be there at all, and then suddenly wake up and start grabbing files all over my PC, labeling them potentially dangerous.  Me? I just want a firewall to prevent port traffic and alert me so I can make a decision as to whether or not I wish to allow the program or process to have access to that port. I do not want it to start grabbing files and playing keep-away with them!!

When that first upgrade was admitted (by Sunbelt Support) to be thoroughly borked, they allowed me to place my licenses in "suspension" until they released their much-ballyhooed V. 2 of the firewall.  This was going to happen "soon", and would be a true Sunbelt design, rather than a worked-over "amateurish program" that they inherited from Kerio. (Their words, not mine!).  Turned out to be eight months!! When released I said I would give it a good ride and see how I liked it. My licenses were finally activated again. Lo and behold, this version was buggier than any PC security product I had ever tried! Caused full BSOD crashes regularly - and I had never seen a firewall do that!!  After quite a bit of testing and corresponding - with log files mostly - with Sunbelt engineers, I gave up.  After a good old, Howard Dean-ish primal scream, I told Sunbelt that a year and four months was too much time for me to agonize over a firewall. I removed all from my PC's. And I have not replaced it - nor C-Spy 2 - yet.

I do have SpywareBlaster setup on my PCs, and I run good old Spybot S&D, but not actively scanning. I just run scans weekly with it. no firewall at all; I am running behind a Linksys router, though, with SPI, so I am using a firewall of sorts. And I am running NOD32, which updates definitions hourly, believe it or not.

As for how I have fared, security/malware-wise, I had what I suspect was an infection - regular virus - in 1998 or 1999.  I was (blush) running AOL for a very short time - I was really low on funds and I used one of the 800 bazillion free disks that gave me - I think - two or three months of free AOL! And I had a sudden slowdown that eventually was reported to all AOL users - it was actually introduced to users, accidentally, by AOL themselves. Norton did find it and after much angst, removed it.  (Remember way back then when NAV was actually a highly respected AV product?!) And last year Counterspy insisted I was infected with the Grozodon trojan. After three days of pure hell trying to catch and remove it, it was finally announced as a big "Oops" by Sunbelt - false positive which they denied vehemently at first. Other than that one AOL job and a Couterspy false positive, I have never been infected with any malware. Part caution, part luck I'm sure.

But until I see a more pressing need, I will stay as I am and not install anymore AS or FW products.  (BTW, I DO run a rootkit detector every two weeks as a precaution, because they can infect like no other malware - and come from a seemingly reputable company - and not give any indication of infection till waaay after the fact!).

Jim

Darwin:
Well... I think an AV package is absolutely essential and while I personally feel more comfortable with AntiSpyware/AntiMalware installed, I often suspect that the threat is more "marketed" than real.

I'm struggling with the software firewall. I surf behind a hardware firewall at home and only feel the need for a software firewall when I'm away (ie on someone else's network). This most often is at work, which is a college and means that I do feel that I need the extra layer of security afforded by a s/w f/w. I'm still looking for the right one...

NB If my computer was a desktop that stayed at home I definitely wouldn't run more than XP Sp-2's firewall.

lanux128:
NB If my computer was a desktop that stayed at home I definitely wouldn't run more than XP Sp-2's firewall.-Darwin (January 28, 2008, 11:41 PM)
--- End quote ---

i'd true that as that is the only setup for me being behind a router-based firewall. the firewall software by Windows provides merely a placebo effect. ;)

f0dder:
NB If my computer was a desktop that stayed at home I definitely wouldn't run more than XP Sp-2's firewall.-Darwin (January 28, 2008, 11:41 PM)
--- End quote ---

i'd true that as that is the only setup for me being behind a router-based firewall. the firewall software by Windows provides merely a placebo effect. ;)
-lanux128 (January 29, 2008, 01:58 AM)
--- End quote ---
It does what it's supposed to do, and that's mostly blocking incoming traffic. Which is all you really need, also if you're "on the run" with a laptop. Especially if you're not very very cautious about the rules you set up with a more "advanced" software firewall, you could easily end up with a less secure system if you're the slightest bit careless.

Personally I believe a behavioral blocking system would be more effective than a typical signature+heuristics based antivirus package. But alas, with the direction Microsoft has taken with PatchGuard, it's hard to write a really effective system.

Currently I don't run anything but XPSP2 firewall myself... XP64 is a bit less exploitable, and since the majority of people are still on 32bit windows, that's also what exploits tend to be written for. I do still use 32bit firefox and TheBat though, so it's not like I'm immune... but with AdBlock, at least I'm not getting infected by drive-by banner exploits :)

Navigation

[0] Message Index

[#] Next page