I want to try to cut through the techno-speak about firewalls. I have XP Home with SP2 and it has Personal Firewall in it. I also run Trend's PC-Cillin AV software. This program ALSO has a Personal Firewall in it. Should I not use ONLY one or the other? Does it do any good to run them both simultaneously? I have a LAN running through a router using DSL. I do a lot of Internet surfing so I worry about viruses and attacks. So, am I correct? Use only one Personal Firewall at a time?
Yes, you're correct, only one personal firewall at a time. Use the built-in XP firewall plus your anti-virus. If you wanted more protection (and peace of mind) download Microsoft's Anti-spyware product and run it as well - it's free.
It does if you go to websites that may try to download malicious software or malware. Give it a go, see what it finds. You could also try Spybot or other similar applications.
You should only implement one personal firewall at a time. You should never implement two firewalls at the same time as they may conflict with each other. The same philosophy should be applied to the use of AV software which implements real-time scanning/detection.
MS's Anti-Spyware product now known as 'Windows Defender' was originally acquired from Giant AntiSpyware, a provider of top-rated anti-spyware and Internet security products. MS's incarnation works extremely well, though it's been dumbed down by removing many of the advanced features its predecessor offered.
One better should not offer network services at all instead of filtering access to them away. Second best, you could use a host based packet filter. A "Personal Firewall" product is not a good idea, I think.
I don't think so. If you mean scanning what already is on your hard disk, then this is the wrong concept anyways. If you mean scanning what actually comes in before it is used or stored, then why should two scanners, one behind the other, interfere?
Of course preventing malware, spyware, lameware (pick your term) from initially being installed is ALWAYS the first and best approach. Unfortunately there are many persons who are simply not aware of good computer habits and blindly do things without any recourse. It is in these instances that AntiSpyware, AV software, and personal firewalls have their place. Of course they too can be misconfigured, but that is a different story.
I am not against having multiple installations of AV software installed upon the same system, subsequently used to perform scanning upon files downloaded. In fact I utilize several AV solutions and perform periodic scans of my systems, utilizing each solution one at a time.
However what I am inferring to is having multiple AV solutions installed upon the same system, with each configured to perform real-time scanning. Such is not a good idea as it can lead to conflicts, system degradation and instability. As for configuring multiple AV solutions at the desktop to perform real-time scanning sequentially, I'd like to know what desktop AV solutions offer that feature. As far as I know, each wants to be the primary scanner and therein lies the problem I've referred to.
On the other hand, gateway AV solutions can be implemented to provide real-time scanning sequentially. Of this I am aware as I use Sophos, McAfee and trend at the gateway for all content retrieved from the 'net. Unfortunately this is not a viable solution the vast majority of home-users will be able to afford and/or implement.
I agree totally! The good thing about MS Antispyware is that it *prevents* malware from being installed; it pops up a huge red box warning you and also allows you to see any browser "helpers" that have been or are trying to be installed. As I said, try it, you can't really comment until you've seen the product.
Did I already mention, that I'm not using Internet Explorer for not having such threats at all?
The concept to detect Spyware does not differ from the concept to detect other malware, say: viruses. After all, I don't need even a virus scanner (while one could help to filter away what's coming from outside). I'm using a spam filter, and that's all.
These are the same claims I'm reading here constantly. As a matter of fact, nearly the opposite is true. With "utilizing TCP/IP for communication" usually TCP based protocols for receiving updates are implemented. And this does usually not "open a conduit for entry", far from it it usually helps with security by getting fixes for exploits for application software like i.e. Adobe Reader or your favorite music or video playing software.
"Personal Firewalls" entrap their users by opening popups with confusing messages about an "application phoning home which must be prevented", and so the user does not get the newest fix and gets into the risk of becoming infected.
The rest from the features of common "Personal Firewalls" are even worse; because I explained all these arguments in detail here already, please read at least the discussion of the last weeks here before arguing again.
The best approach is to make an unwanted event impossible to happen. Only if there is no way to do so, other provisions should be considered. Defense in depth does not mean the thing usually is called "a tiered approach". Unfortunately, with the latter many people mean "I don't understand the provisions, and I have the feeling that each of them is not secure, but then I'm implementing many of them, so maybe this will help". If you're secure, then you don't need such hope. You're secure already, you have certainty already.
"Real-time scanning" is nonsense anyways. One should scan at the gates, all what's coming in, but what reason should there be to scan what already could not be detected while coming in? Then the malware is running already, and it's too late.
A virus scanner, which periodically scans the hard disk, being part of an IDS implementation can help to detect if a system is infected already. But it can only do so in a reliable way, if users are not working as administrators while the virus scanner does, or if the virus scanner is booted from a second system, which cannot be written into from the working system.
Fair enough mate, I respect your stance. The way I teach and work is to use, as much as possible, products and applications that are native to the operating system. To that end, I use XP sp2 with the Windows Firewall, Internet Explorer and Windows Defender. My pc (and my family's pcs) have never been compromised; nor has my web/mail/firewall server. I have, and will, run other operating systems, browsers and firewalls to fully understand the advantages and disadvantages of each. That's all I'm asking you to do, try IE with Windows Defender so you see what is available to the average, home user :)
No, it's not. At least not until the unnecessary bells and whistles have been disabled from use. Once properly configured IE can be made secure. If you want to make your claim that it isn't, then fine. At least clarify that you're referring to one that's been misconfigured, or not configured at all.
In closing all browsers have insecurities. Granted some more than others, but proper configuration is an important step towards securing it.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.