AV choice?

mehmeh12

Hi im running Comodo firewall along with avast free at the moment but am thinking of switching to Kasperksy antivirus. But Kaspersky antivirus is not compatible with Comodo Firewall. Therefore my question is whether or nor the firewall in Kaspersky internet security any good? Ive read around on mascutec and cnet download that comodo firewall is quite good but i not sure if my laptop is infected by any viruses... ta for any help

Verres

What OS are you running. If you're on any x86 flavour of windows, then run Zonealarm as a firewall. It's quite rock solid (egress filtering, the lot) and it's free for home use. Win!

mehmeh12

x86? im using windows vista 32 bit version. Tried zone alarm..ok but i thinks comodo is better. What av do you use?

Verres

Yep - x86 is 32-bit.

I use Avast Home (free) for AV and since I'm running 64-bit "Windows 7", I use the built in Windows Firewall that comes with Vista and Windows7 (not too shabby) and a hardware firewall that is part of my home router. Even if I didn't still have a hardware firewall, I'd probably still stick with Windows firewall. I tried Comodo (as they do support x64 OS's) but I really didn't like it.

I thought it was quite "empty" straight out of the box and needed too much hand-holding. Bear in mind that I work in IT and tinkering around with my PC is one of my favorite pastimes - and still it was too much hassle.

All that said, if you don't mind specifiying dozens and dozens of rules for your firewall Comodo can (by all accounts) be a really good piece of software.

mehmeh12

You work in IT and you use windows firewall? even with outbound packet filtering i thought windows firewall let some spyware through? see these results

http://www.matousec.com/projects/proactive-security-challenge/results.php

Verres

Sure. (BTW, I don't see Windows Firewall on that list - Windows Live Onecare is a different product AFAIK).

I also use a hardware firewall in my router, and I have Spybot S&D installed and run regularly. I also have my host file locked (through Spybot) and I keep an eye on what's running my PC at all times.

I also keep all my software, music, movies and personal files on a separate NAS, so if I get infected, it's a format and rebuild. Total time to rebuild on Win7 is ~ 2 hours.

I never bother running Windows Restore, as any virus I have could have been picked up in the past, and I'd just be restoring and guessing that my machine was clean. I do a lot of business from my PC so I like to keep it clean. If all comes to all I can always boot into Damn Small Linux from a USB key, do my online business and then just reboot. Safe as houses.

mehmeh12

At the moment i'm using a windows pc. Im on a dsl connection, have a external back up device and save my current documents/files regularly. Though to be honest i've only had to do a full reinstall once in the last year.

If i used a mac instead would i be more virus free?

Verres

Actually (probably) yes.

For a few reasons.
i) Mac penetration is less than windows, hence the VXers don't target OSX has much as they do Windows. This however is changing slowly, but for the moment yeah, you're statistically less likely to be hit by a Mac virus.
ii) OSX doesn't run with root permissions by default, so any infection that you get can only do limited damage to the system.

BTW, I also run a Macbook Pro at home, but (just to be awkward) I've installed Windows 7 on it and it's working alright. That said, I'll probably wipe and rebuild it at the weekend, and put OSX back on it. The main reason for changing it was issues reading / writing to NTFS external drives, but since I moved everything from my 300 gig external drive to my NAS, I don't need to worry about that as the NAS is formatted in EXT3.

Verres

Finally - I like a nice clean re-install. Feels like spring cleaning to me!

mehmeh12

Your said you worked in IT? do people you know have a better experience with pc's or mac's ? Ive read online than even under bootcamp mac's can't use all the programs that pc's can use. PC Games being one.

Verres

It's really a case of horses for courses. Mac's are not for gaming.

Mac's are the machine of choice for graphic designers, publishers and architects etc. It's not that you can't run graphic design software on PCs, it's just that these arty types seem to gravitate towards Macs.

PCs are more the workhorse type of machine. You can open them up and add / remove / upgrade components (you can't with a Mac - or at least not willy-nilly like with a PC). There is a much wider range of software available for PCs than for Macs, as more people use them. Unfortunately this includes viruses.

What you read about bootcamp is wrong. Bootcamp allows you to run a Windows OS on Mac hardware - it's not emulation software like "Wine", so anything you can run on XP on generic hardware, you can run on XP on Mac hardware. The issue you were reading about (I'd have to read the article to be sure) sounds like people having issues with RAM and graphics cards. Some new games require serious amounts of kit to get them running properly, and on anything short of a 5 grand Mac you won't be able to get them to run at decent resolutions.

In short, it's not a question of having a better experience on one or the other. I have both, and I like them both in different ways.

If you're going to be playing games, get a PC. If you just want to surf the web and send emails, then you could get a Mac, but that's and expensive solution for a simple problem.

I haven't ever looked into this, but I'm sure you can get OSX running on VMware on windows and see if you like it. Short of splashing out for a Mac this is your only option if you want to give it a whirl.

BTW, I work in a bank, so there are no Macs in here - it's all windows boxes.

Black Swan

mehmeh12 wrote: »

but am thinking of switching to Kasperksy antivirus. But Kaspersky antivirus is not compatible with Comodo Firewall. Therefore my question is whether or nor the firewall in Kaspersky internet security any good?

I've been running Kaspersky Internet Security Suite for about 3 years now, and have no complaints. Currently using KIS2009 that includes their firewall, and I find that it runs smoother, faster, and uses less capacity running in the background than the earlier versions.

Only problem with KIS2009 is that for the first 2 or 3 days, while it's learning your online behavior (for heuristics, etc.), it is a bit sluggish. But after those first couple of days, it's quite fast.

To enhance online stealth, I did have to block ICMP, which is easy to do by accessing the KIS firewall where they are clearly labeled.

Matt22

You should stick with Comodo Firewall. Its the best free firewall out there. As for Antivirus, you could either have Nod32, Norton, Prevx, Avira or a-squared antimalware if you want fast, zippy but effective antiviruses.

Gavin

Firewalls ? Waste of effort. If you're not on a local network, just disable any services and you don't need a firewall.

Any decent virus will disable firewalls once it infects a machine, so egress filtering don't be much use.

mehmeh12

Gavin wrote: »

Firewalls ? Waste of effort. If you're not on a local network, just disable any services and you don't need a firewall.

Any decent virus will disable firewalls once it infects a machine, so egress filtering don't be much use.

But a firewall will still block out hackers and some viruses yes?

Gavin

mehmeh12 wrote: »

But a firewall will still block out hackers and some viruses yes?

If you have no services running, then there's nothing to block. Nothing for a virus/hacker to connect to.

If one avoids downloading dubious files and usb keys, it's pretty hard to get infected, apart from a 0-day browser exploit. And in that instance, the exploit will probably use some sort of heap spraying technique, which means outbound connections will be coming from your browser, which already has permission to egress through the firewall, rendering the firewall redundant.

On machines I use connecting to the internet, with no network file sharing, I don't use a firewall or virus scanner. I keep up to date with patches and don't download crap.

mehmeh12

Gavin wrote: »

On machines I use connecting to the internet, with no network file sharing, I don't use a firewall or virus scanner. I keep up to date with patches and don't download crap.

How can you connect to the internet with no firewall and not get hacked into? i don't understand.

Verres

mehmeh12 wrote: »

How can you connect to the internet with no firewall and not get hacked into? i don't understand.

Well, as Gavin said, you can get pwned by a zero-day browser exploit, but that's about it.

Browsers only communicate over port:80 so you can basically turn off every other service on your PC (which is in effect what a firewall does if you configure it to allow ONLY browser access) and still use a browser. Then, any attack that comes to your PC comes over port:80 which only reaches the browser. Thus, unless there is an unpatched flaw in the browser you'll be safe.

mehmeh12

Interesting..but what if i want to use other ports...for updating av, playing games, skpye etc... using a computer for just a browser is very limiting

Gavin

Verres wrote: »

Well, as Gavin said, you can get pwned by a zero-day browser exploit, but that's about it.

Browsers only communicate over port:80 so you can basically turn off every other service on your PC (which is in effect what a firewall does if you configure it to allow ONLY browser access) and still use a browser. Then, any attack that comes to your PC comes over port:80 which only reaches the browser. Thus, unless there is an unpatched flaw in the browser you'll be safe.

This isn't exactly correct. Any TCP service can run on any port, the standard for HTTP is 80. That is the port a HTTP server typically listens on. A client connecting to port 80 can use any outgoing port, typically above 1024, as these are unpriveleged ports.

Allowing browser access in an egress filtering firewall allows outbound connections to port 80 and nothing inbound. Modern firewalls are typically stateful, that means they recognise when incoming data is part of a session which was initiated by the client. e.g. When the browser connects to a HTTP server, the firewall records the details of the outgoing connection and when the response from the server arrives, knows it can pass it through.

Egress filtering is a combination of controlling what external ports one wishes to allow client applications to connect to, and/or allowing any outgoing connection from a particular application, probably identified by the md5sum of the exe.

It's more complicated than a post here will explain, so if you are really interested, read up on TCP/IP.

Capt'n Midnight

Verres wrote: »

I never bother running Windows Restore, as any virus I have could have been picked up in the past, and I'd just be restoring and guessing that my machine was clean. I do a lot of business from my PC so I like to keep it clean. If all comes to all I can always boot into Damn Small Linux from a USB key, do my online business and then just reboot. Safe as houses.

cacls "\system volume information" /c /e /t /g administrators:f
and then scan it for malware