Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: Spatula on April 16, 2008, 10:41:38 PM
-
Ive been running Commodo Firewall Pro for a while now, but recently its become a bit more bloaty with some extra stuff, and it takes ages to boot up, and i cant turn the damned thing off by FSAutostart anymore. So, with the other thread running about network wireless routers etc, i thought i might ask some Qs. I run a Linksys WAG200 ADSL 2 wireless router at home, and im wired into it via cable (the missus is on the wireless). I also run firefox with noscript (never use IE), thunderbird, Avira AntiVir, and Windoze Defender, and regularly update PC, defs, yadeyadeyadee...
I was wondering if i could do without the Commodo Firewall Pro, since i got a hardware firewall on the router.
http://www-nz.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=NZ%2FLayout&cid=1172712873708&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=7370869952B02
Opinions??
-
Your hardware firewall, doesn't protect you against outgoing connects, which Comodo will. If you get infected in some way, and your anti-malware software doesn't catch it, then your last line of defense is Comodo,(software firewall), alerting you when the malware tries to call home.
If you feel comfortable, that your anit-malware software and hardware firewall can protect you, then you can take the risk, but either way, it's a risk.
I use Comodo, and yeah it's usually the last startup program to load, however I disable the 'Defense' portion as it's too annoying and I'm comfortable that my anti-malware software can protect me just as well. I only run the firewall portion to give me alerts when something tries to connect.
Wabbit
-
Ditto. I run a SW firewall for the same reasons Wabbit stated.
I've got an older version of McAfee firewall that I run because it allows me to set permissions from full access to filtered to deny access for programs individually. Very few applications on my systems have even filtered access much less full.
While I often turn off anti-virus, etc. to reduce background programs, my SW firewall is never turned off.
-
Use sandboxie for all your web browsing and e-mail and comodo is unnecessary for all goods and purposes. But you need to be 100% sure never to browse or read email without it - otherwise you might get infected and spread crap around the world for years never knowing it. Like reportedly 30% of the whole worlds computers are doing right now as we speak.
-
Your hardware firewall, doesn't protect you against outgoing connects, which Comodo will. If you get infected in some way, and your anti-malware software doesn't catch it, then your last line of defense is Comodo,(software firewall), alerting you when the malware tries to call home.
Thats the theory. The reality is personal firewalls only really do well at locking down legit apps. Comodo is by far the best choice - but if you're behind an NAT/SPI box I'd ditch it.
BaldEagl, turning your AV off and leaving your SW FW on is, well, just... dumb (sorry, see comment above).
The reality is a good AV setup is going to stop it before the SW FW gets a chance to act, and most modern malware targets SW FW's and bypasses them (or tries too) anyway.
I've not used a SW FW for about 3, maybe 4 years now.
-
Thats the theory. The reality is personal firewalls only really do well at locking down legit apps. Comodo is by far the best choice - but if you're behind an NAT/SPI box I'd ditch it.
BaldEagl, turning your AV off and leaving your SW FW on is, well, just... dumb (sorry, see comment above).
The reality is a good AV setup is going to stop it before the SW FW gets a chance to act, and most modern malware targets SW FW's and bypasses them (or tries too) anyway.
I've not used a SW FW for about 3, maybe 4 years now.
And you might be another bot of the few million. Have you checked your outgoing traffic flow lately?
-
I once picked up some adware/spyware. The only reason I ever knew it was there was my SW firewall caught it communicating outbound. As soon as it did, I ran virus and spyware scans and sure enough.
I do know exactly where and when I picked it up. It's the one and only time I've ever been infected.
-
I disagree with vulcan's reality. Software firewalls, do an excellent job of alerting a user that their system is infected in some way. They work well with not just legit programs, but the non-legit ones also.
I've seen many a client whose only alert to a malware infection was his software firewall letting him know when the malware tried to call home. As a result of this experience I advise my clients to be aware of this and report it when they see such an alert.
Wabbit
-
Frankly, running an outbound software firewall is like closing the barn door after the horse got out.
It's like having an alarm on your house that only goes off AFTER a burglar has taken your stuff and closes the front door on his way out.
Sure, it tells you your running a bot, but then what? You're still owned and the firewall didn't prevent it from happening.
In that sense, it makes a good diagnostic tool that's handy to check on the status of a system, but the overhead of running it constantly is hardly worth it, not to speak of the contstant annoyance of a firewall always asking you if you want your legitimate apps talking to the Internet. Sometimes when cleaning out a screwed up system (and trust me, there's BIG MONEY in doing it), I'll install Commodo just to see if it blocks anything, and then uninstall it after it doesn't see anything.
Generally, you SHOULD have been running good AV (and not halfassed AV) all the time and probably good antispyware monitoring typical hidey-holes, browsing with an alternative browser, and been getting Windows Updates automatically to keep this problem from happening in the first place.
In other words, I agree with Vulcan here.
-Llama
-
Frankly, running an outbound software firewall is like closing the barn door after the horse got out.
It's like having an alarm on your house that only goes off AFTER a burglar has taken your stuff and closes the front door on his way out.
Sure, it tells you your running a bot, but then what? You're still owned and the firewall didn't prevent it from happening.
In that sense, it makes a good diagnostic tool that's handy to check on the status of a system, but the overhead of running it constantly is hardly worth it, not to speak of the contstant annoyance of a firewall always asking you if you want your legitimate apps talking to the Internet. Sometimes when cleaning out a screwed up system (and trust me, there's BIG MONEY in doing it), I'll install Commodo just to see if it blocks anything, and then uninstall it after it doesn't see anything.
Generally, you SHOULD have been running good AV (and not halfassed AV) all the time and probably good antispyware monitoring typical hidey-holes, browsing with an alternative browser, and been getting Windows Updates automatically to keep this problem from happening in the first place.
In other words, I agree with Vulcan here.
-Llama
The point is that most of the times Comodo is needed is when the AV splipped through adware or a zero-day exploit. In that case without a software wall you are TRULY pwned - at least with it you can contain the situation and disconnect from the net + reformat if necessary.
-
The router i have claims to have SPI on it. Does this 'inspect' packets both in and out? Surely if i screw down the outbound ports to the bare minimum any malware etc will not be able to get out - or do they tunnel over say port 80 to avoid detection?
Im in two minds about SW firewalls. Just thought that if my particular device did a good enough job, it may make my SW firewall redundant. That being said is there any hardware firewalls which i can run alongside my router, or ADSL router & firewall in place of my router.
Are they're any light-wieght lean and mean SW firewalls worth a damn anymore?
And is Windows Defender all that good? I know AntiVir scores pretty well for a freebie, but how much better is the non-free NOD32?
-
I disagree with vulcan's reality. Software firewalls, do an excellent job of alerting a user that their system is infected in some way. They work well with not just legit programs, but the non-legit ones also.
I've seen many a client whose only alert to a malware infection was his software firewall letting him know when the malware tried to call home. As a result of this experience I advise my clients to be aware of this and report it when they see such an alert.
Wabbit
google "firewall leak tests". If you're giving advice on a professional basis I suggest you do some more research of SW FW's. If you're clients are getting malware in the first place you're doing something wrong.
mrripley, my hardware firewall would alert me to any outbound malware activity, and no I've never had any problems (and yes it has full historical logging).
Spatula, yes most malware will attempt to tunnel, only a l7 device is going to have a decent chance at spotting it. Oh and just buy Nod32 mate, it is worth it.
-
Vulc, couple more Qs, mate. The NOD32 AV, it says it covers all internet threats like virus' , trojans, malware etc. Does this mean i can ditch windows defender and just run NOD32?? And, do you have any thoughts on the ESET SmartSecurity SOHO product??
Might do some trialling.
-
google "firewall leak tests". If you're giving advice on a professional basis I suggest you do some more research of SW FW's. If you're clients are getting malware in the first place you're doing something wrong.
mrripley, my hardware firewall would alert me to any outbound malware activity, and no I've never had any problems (and yes it has full historical logging).
Spatula, yes most malware will attempt to tunnel, only a l7 device is going to have a decent chance at spotting it. Oh and just buy Nod32 mate, it is worth it.
Umm.. wrong. Your hardware firewall will only detect known malware which have been coded in the firmware. Every other packet goes freely out of your box since your hardware firewall has no way of knowing who/what initiated the connection. With a good soft fw every connection attempt has to be approved by you and approved again if a dll version or md5 changes. That's astronomically higher level of detection than a hardware wall can ever give - simply because you the user will verify the legitiness of the traffic.
And if something so bad gets on the machine that it can actually pass comodo detection AND slip through your antivirus of choice .. then you're pwned. At least untill you manually sniff your packets and analyze them.
-
Vulc, couple more Qs, mate. The NOD32 AV, it says it covers all internet threats like virus' , trojans, malware etc. Does this mean i can ditch windows defender and just run NOD32?? And, do you have any thoughts on the ESET SmartSecurity SOHO product??
Might do some trialling.
NOD32 is easily the best IMO...but none of them are bulletproof. I run NOD32 with threatfire on my business machine and AVG with with threatfire and defender on my gaming rig (which has a seperate OS install for AH with nothing else on it). Going back to your original question a SW firewall is mostely redundant. As either vulcan or llama pointed out above its biggest value is confirming you've got a problem after the fact by detecting outbound traffic.
The actual difference between NOD32 and AVG is actually pretty minimal statistically, more problems come from not havng security updates or things like Iframe attacks where a user bypasses/circumvents his own system warnings etc. NOD does a very good job on the zeroday threats and broader malware (which AVG {free or otherwise} doesnt handle well). Threatfire is a suprisingly good product and fills this gap pretty nicely so your dealing with a "percentage of protection" issue of maybe 98.8% for the "freebee suite" and 99.5% for NOD or something similiar....but nobodys going to get you to 100% coverage...
-
I do agree that NOD32 does a great job. I could see paying if it was 10%, 20% better, but for such a small difference in protection, I just don't think it's worth it. I can think of better things to spend my money on.
And if you were infected, wouldn't you want to have a way to know that you let malware in instead of going along merrily thinking you're ok? I'd rather know I was owned as soon as possible, so I could fix the problem as soon as possible. I agree with MrRipley on that.
And most people know a user can ignore a warning from their protection software, thinking it's a false positive or whatever the reason, and let a virus in.
Using a software firewall on top of a hardware firewall is just added protection. It doesn't use up system resources,(hardly so), or not play well with other programs, and if you use a free one, it doesn't cost you anything.
It really boils down to how much of a risk do you want to take. If you feel comfortable with your ability to stop or fix a malware problem, then don't run a software firewall on top of your hardware firewall. If you like to have a handle on what's trying to connect to the internet, and have the ability to say yes or no instead of blindly allowing a program to connect without knowing why, then you'll want to run one.
Wabbit
-
Umm.. wrong. Your hardware firewall will only detect known malware which have been coded in the firmware. Every other packet goes freely out of your box since your hardware firewall has no way of knowing who/what initiated the connection. With a good soft fw every connection attempt has to be approved by you and approved again if a dll version or md5 changes. That's astronomically higher level of detection than a hardware wall can ever give - simply because you the user will verify the legitiness of the traffic.
And if something so bad gets on the machine that it can actually pass comodo detection AND slip through your antivirus of choice .. then you're pwned. At least untill you manually sniff your packets and analyze them.
Err my hardware firewall has around 3000 malware signatures plus heuristics (not to mention its virus signatures). It checks for updates hourly. It also detects tunneling apps and performs realtime web filtering (blocks adverts, the most common malware vector, and anything that might phone home).
Malware would have to get past my firewalls Content filter, AV/AS, my desktop AV/AS, and then try and get out again.
FYI on sites were Content Filtering is enabled (and stuff like advertising is blocked) malware hits drop to almost zero. On most its zero, though on the bigger sites (>500 users) I see 1 or 2 hits a month at most.
-
Try down loading SPY BOT search & destroy. Works for me.
:noid :aok
-
Err my hardware firewall has around 3000 malware signatures plus heuristics (not to mention its virus signatures). It checks for updates hourly. It also detects tunneling apps and performs realtime web filtering (blocks adverts, the most common malware vector, and anything that might phone home).
Malware would have to get past my firewalls Content filter, AV/AS, my desktop AV/AS, and then try and get out again.
FYI on sites were Content Filtering is enabled (and stuff like advertising is blocked) malware hits drop to almost zero. On most its zero, though on the bigger sites (>500 users) I see 1 or 2 hits a month at most.
Yes but it's still limited to analyzing the traffic. The software wall will alert you of any new connection attempt which in itself is invaluable tool. If you know you didn't start any software that should call out, it's better off blocked and investigated.
The difference is like being next to the guy who throws the rock to see where it's aimed instead of observing only the rock that's flying and trying to determine if it's thrown to hurt you or not.
-
Yes but it's still limited to analyzing the traffic. The software wall will alert you of any new connection attempt which in itself is invaluable tool. If you know you didn't start any software that should call out, it's better off blocked and investigated.
google "personal firewall leak tests"
-
google "personal firewall leak tests"
Ive tested them all and comodo passed with flying colors. One such site reports:
(http://xs226.xs.to/xs226/08166/kuva_2135.png)
-
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
Note that even comodo missed some stuff in it's default config. Then later the product scored a 100% because it was 'updated'. So PW FW's can be beaten, and there is a gap between them detecting stuff and their updates. New malware is going to be able to drill through for a while.
And lets be really honest, most users tune down PW FW to let apps do stuff to the point they become leaky again.
-
FYI: I'm trialling NOD32 anti virus, after seeing that their whole security 'suite' scores very low on FW leak tests. Im also trialling online armour for a bit too.
Have ditched windows defender altogether as it seems NOD32 will replace that. Is that a good assumption?
-
I was using Sygate's Free FW until two days ago. Went to Comodo's free one. I like it alot more.
-
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
Note that even comodo missed some stuff in it's default config. Then later the product scored a 100% because it was 'updated'. So PW FW's can be beaten, and there is a gap between them detecting stuff and their updates. New malware is going to be able to drill through for a while.
And lets be really honest, most users tune down PW FW to let apps do stuff to the point they become leaky again.
But what's the point? Your hardware wall leaks worse than that 100% garanteed. You know statistically a condom will give you only 99.9% protection. You're still way better off using it, on your person. :devil
-
But what's the point? Your hardware wall leaks worse than that 100% garanteed. You know statistically a condom will give you only 99.9% protection. You're still way better off using it, on your person. :devil
I have two layers of AV and AS running, content filtering also eliminates the most common vectors. My hardware firewall also detects and blocks outbound spyware communication (including tunneled), as well as blocking access to known malware sites.
Not forgeting my hardware firewall also presents a nice pretty automated weekly report on traffic patterns. I can tell at a glance if something is bad. So you're software firewall is not 100% guaranteed, neither is my hardware firewall, but if something unusual is going on I have historical data I can look at to identify potential problems. On top of that (for me) any malware would have to penetrate two layers of heuristic AV/AS.
If one of you're clients were infected last month by malware that tunnels out under SW FW's (or HW FW's) I doubt you could tell them exactly what kind of traffic went out of their system and where too... whereas I can. Plus my hardware firewall will alert me to things like excessive bandwidth utilization over a given period of time.
-
The actual difference between NOD32 and AVG is actually pretty minimal statistically, more problems come from not havng security updates or things like Iframe attacks where a user bypasses/circumvents his own system warnings etc. NOD does a very good job on the zeroday threats and broader malware (which AVG {free or otherwise} doesnt handle well). Threatfire is a suprisingly good product and fills this gap pretty nicely so your dealing with a "percentage of protection" issue of maybe 98.8% for the "freebee suite" and 99.5% for NOD or something similiar....but nobodys going to get you to 100% coverage...
I just noticed this. While AVG did ok in recent tests it's historical performance is, well, crap. Look at the historical tests and you see nod32 does well. If in a years time AVG remains consistant at the level it's hitting now maybe you're right, but until then I think AVG has a lot to prove before it is recommendable.
-
I have two layers of AV and AS running, content filtering also eliminates the most common vectors. My hardware firewall also detects and blocks outbound spyware communication (including tunneled), as well as blocking access to known malware sites.
Not forgeting my hardware firewall also presents a nice pretty automated weekly report on traffic patterns. I can tell at a glance if something is bad. So you're software firewall is not 100% guaranteed, neither is my hardware firewall, but if something unusual is going on I have historical data I can look at to identify potential problems. On top of that (for me) any malware would have to penetrate two layers of heuristic AV/AS.
If one of you're clients were infected last month by malware that tunnels out under SW FW's (or HW FW's) I doubt you could tell them exactly what kind of traffic went out of their system and where too... whereas I can. Plus my hardware firewall will alert me to things like excessive bandwidth utilization over a given period of time.
One question: At which point, when your hardware firewall detects previously unknown connection attempt, it asks for your confirmation for the connection? It doesn't. Which means that by the time you get your weekly traffic report you could have been leaking out your banking information, keystrokes and whatnot for days. The hardware wall can only prevent _known_ threats as long as it doesn't confirm the legitiness of the traffic directly from the user.
-
One question: At which point, when your hardware firewall detects previously unknown connection attempt, it asks for your confirmation for the connection? It doesn't. Which means that by the time you get your weekly traffic report you could have been leaking out your banking information, keystrokes and whatnot for days. The hardware wall can only prevent _known_ threats as long as it doesn't confirm the legitiness of the traffic directly from the user.
Same can be said for the sw fw but you have no idea anything has been going on. Because the hardware firewall also blocks connection attempts to websites/servers pre-classifed as threats it also goes it bit further than your SW FW.
At the end of the day I've had this setup for near on 5 years now and no issues. And I can point to valid historical data that confirms no leakage.
-
Well I run both a HW and SW firewall. It can't hurt to run both. The SW firewalls in general aren't too resource intensive and once you have them set-up the way you want they aren't much of a bother.
-
I just noticed this. While AVG did ok in recent tests it's historical performance is, well, crap. Look at the historical tests and you see nod32 does well. If in a years time AVG remains consistant at the level it's hitting now maybe you're right, but until then I think AVG has a lot to prove before it is recommendable.
This isnt 100% accurate IMO based on what I've seen (feel free to correct me). AVG has always done fine on the definition based test segments, where it historically falls short is in the behavior based components. The free and paid version use the same basic definitions and its been a pretty consistant VB100 award winner in that area. No question that historically its inferior in the other areas where NOD32 (among others shines). I wouldnt rely on anything but the definition driven component of AVG (free or otherwise). That is the vast majority of the risk for most "normal" users...
As for the core of this arguement I think that a good HW firewall is far superior to a SW firewall. There is no value at all to paying for a SW firewall, as vulcan or llama (or both) pointed out elsewhere the free SFW's are every bit as good as the "pro" versions for 99%+ of users. As for AV programs I tend to lean toward the free camp for normal use and favor NOD32 where the little bit of extra protection may just avoid a catostrophic event. The problem is when someone relies on an AV product as absolute protection....which its not.
At this time I'd say AVG+threatfire+defender+Comodo is probably almost (within a fraction of a %) as good as NOD32 or any other paid suite....but its not as good. And the reality is that the .02% difference may be just that. So if the reality of a hosed system is potentially catostrophic then its a small price to pay for that little bit extra edge...otherwise go with the free stuff.
-
Outpost Firewall Pro was rated top for having the least leaks out of a bunch of popular firewalls, including commodo. I use that in conjunction with Avast 7 AV and Lavasoft Adware Pro and never have any problems. I would recommend trashing Internet Explorer and using Firefox as well.
-
humble I was referring to the av comparitives retrospective tests. Basically they take a snapshot of the AV product 3 months ago and test it over the newly released malware at that time. I think the most recent test is the ONLY time AVG has actually passed the test.
NOD32 always did well at this test, in the May 07 test for example nod32 scored 68% with few false positives and fast scanning speed. Whereas AVG scored a meagre 8% with high false positives and slow scanning speed. Hence nod32 provided 9x the protection against new threats at that time than AVG was. Too me that is a significant difference and certainly not a 'fraction of a percent' in protection!
In the most recent test (where AVG actually passed for the first time) there is still a 25% vs 71% difference with NOD32, 3x the protection, yet again not a "fraction of a percent" picture that you paint.
-
Nod32 is light, that alone is reason enough to pay for it.
-
humble I was referring to the av comparitives retrospective tests. Basically they take a snapshot of the AV product 3 months ago and test it over the newly released malware at that time. I think the most recent test is the ONLY time AVG has actually passed the test.
NOD32 always did well at this test, in the May 07 test for example nod32 scored 68% with few false positives and fast scanning speed. Whereas AVG scored a meagre 8% with high false positives and slow scanning speed. Hence nod32 provided 9x the protection against new threats at that time than AVG was. Too me that is a significant difference and certainly not a 'fraction of a percent' in protection!
In the most recent test (where AVG actually passed for the first time) there is still a 25% vs 71% difference with NOD32, 3x the protection, yet again not a "fraction of a percent" picture that you paint.
I dont think we're saying anything different here. AVG is not going to provide significant protection from anything not in the definition database IMO. The AVG definitions are pretty comparable to anyone elses....so the window isnt 90 days...but certainly 24-48 hours. Thats were something like threatfire makes such a big difference with a program like AVG...
-
Frankly, running an outbound software firewall is like closing the barn door after the horse got out.
It's like having an alarm on your house that only goes off AFTER a burglar has taken your stuff and closes the front door on his way out.
Sure, it tells you your running a bot, but then what? You're still owned and the firewall didn't prevent it from happening.
In that sense, it makes a good diagnostic tool that's handy to check on the status of a system, but the overhead of running it constantly is hardly worth it, not to speak of the contstant annoyance of a firewall always asking you if you want your legitimate apps talking to the Internet. Sometimes when cleaning out a screwed up system (and trust me, there's BIG MONEY in doing it), I'll install Commodo just to see if it blocks anything, and then uninstall it after it doesn't see anything.
Generally, you SHOULD have been running good AV (and not halfassed AV) all the time and probably good antispyware monitoring typical hidey-holes, browsing with an alternative browser, and been getting Windows Updates automatically to keep this problem from happening in the first place.
In other words, I agree with Vulcan here.
-Llama
Llama,
I wonder if you, or Vulcan have any comments on BLINK Blink Personal: Provides home PC protection plus Internet Security. Including all-in-one antivirus, antispyware, antiphishing, identity theft protection, plus personal firewalls?.
Thanks,
CHECKERS
-
Llama,
I wonder if you, or Vulcan have any comments on BLINK Blink Personal: Provides home PC protection plus Internet Security. Including all-in-one antivirus, antispyware, antiphishing, identity theft protection, plus personal firewalls?.
Thanks,
CHECKERS
It appears to be based on the Norman AV engine, not bad, but not stunning, just average on the av-comparitives tests. You'll find a lot of those all-in-ones are just bundles of OEM'd commercial stuff, sometimes with a sprinkling of freeware.
-
It appears to be based on the Norman AV engine, not bad, but not stunning, just average on the av-comparitives tests. You'll find a lot of those all-in-ones are just bundles of OEM'd commercial stuff, sometimes with a sprinkling of freeware.
Thanks for the information.
Bob/CHECKERS
-
I had recently went from Zonealarm Pro and Nod32 to using OutPost Pro and Nod32
I then stumbled onto the following:
Sun-belt Software's Personal Firewall ( previously known as Kerio )
http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/
and here is a comparison test of the more poplar anti-virus / anti-malware programs out there:
http://www.vipreenterprise.com/Why-VIPRE-Enterprise/VIPRE-Stats.htm
this is leading me toward switching from NOD32 to VIPRE......
I hate the fact that OutPost has made 2 files / and sometimes folders....and when I went to uninstall it left the damn files, and I have no way of deleting them outside of reformatting..... ( is like cache files etc ) they were hidden, and checked the box to where it showes them.....but still get access denied when trying to get rid of them, even when Outpost is installed, uninstalled or whatever......
anyhow......anyone using SPF and VIPRE? if so what do you think of it?
-
Old PC = www.ipcop.org
But, I only recommend it to people who need more than your average setup.
-
I've been running Threatfire ever since one of you guru's recommended it for anyone running AVG over a year ago.
Since install it has caught 3 or 4 infections, stopped the process, told me about it. Then deleted and killed it before it could do any damage. In short, it catches it early, before it can disable your AV protection.
One time 3 seconds after I closed Threatfire, AVG came up and said HEY you have a virus but by the time it had finished scanning it couldn't find the file. Because it was already deleted and gone.
I do get a warning now and then, usually when I'm installing new software. Normally that the program is changing registry etc. I did upgrade to AVG8 and after 2 weeks of battling with it over a false positive ended up dumping it.
Just running Threatfire now, although I have used the online housecall scan just to make sure I'm still clean.
Was thinking I might end up taking a look at Avast, but haven't done it yet. Just haven't felt the need.
My opinion, lose the firewall, get Threatfire. Put your AV on the back burner.
-
I've been running Threatfire ever since one of you guru's recommended it for anyone running AVG over a year ago.
Since install it has caught 3 or 4 infections, stopped the process, told me about it. Then deleted and killed it before it could do any damage. In short, it catches it early, before it can disable your AV protection.
One time 3 seconds after I closed Threatfire, AVG came up and said HEY you have a virus but by the time it had finished scanning it couldn't find the file. Because it was already deleted and gone.
I do get a warning now and then, usually when I'm installing new software. Normally that the program is changing registry etc. I did upgrade to AVG8 and after 2 weeks of battling with it over a false positive ended up dumping it.
Just running Threatfire now, although I have used the online housecall scan just to make sure I'm still clean.
Was thinking I might end up taking a look at Avast, but haven't done it yet. Just haven't felt the need.
My opinion, lose the firewall, get Threatfire. Put your AV on the back burner.
I agree!!
since i first read the name of threat fire in a AH BBS post i have been running threatfire on both of my computers (laptop and desktop).
i have been going out of my way to visit spam and ad-ware sights with my laptop to test threatfire. I have bounced through the worst porn sights i have heard of to try to pick something up. (kinda like visiting crack hoe's to test out a new brand of condom).
threatfire has prevented any changes to my register (keep a back up copy of it and do line item comparison) or adding any form of unwanted or unapproved programing to my computer)
i have gone to multiple Internet firewall leak test sights to try to check my firewall security. i have to turn threat fire off to do any kind of testing. if i leave it on then as soon as i try to run the test i get a warning and the downloaded program is immediately stopped and deleted. it gets no chance to get to my AV program, its dead before it gets that far.
So i am beginning to come to the realization that running threat fire by itself may just be the best way to go.
Ghosth once again i think this is a program that i first heard of in a responce you posted to someone else in an earlier thread.
Thanx for all your great advice on user friendly programs!!!
<SALUTE>
FLOTSOM
-
I removed antiviruses and firewalls from all my computers. I only rely on the nat translation now.
No viruses, no trouble so far (many months).
I do online scans now and then and check the network stats for unauthorized traffic regularly. So far so good.
-
Frankly, running an outbound software firewall is like closing the barn door after the horse got out.
It's like having an alarm on your house that only goes off AFTER a burglar has taken your stuff and closes the front door on his way out.
That's silly statement. Most of the households have LANs with multiple PCs and Laptops.
What if your kid plugs his/her infected laptop into your LAN switch? Imagine the possibilities...
You'd be pretty dumb to rely on low cost consumer router/firewall as your single point of defense on just one of many points of entry.
Sure, it tells you your running a bot, but then what? You're still owned and the firewall didn't prevent it from happening.
Do you really have to be told, or you'll figure it out?
-
I hate the fact that OutPost has made 2 files / and sometimes folders....and when I went to uninstall it left the damn files, and I have no way of deleting them outside of reformatting..... ( is like cache files etc ) they were hidden, and checked the box to where it showes them.....but still get access denied when trying to get rid of them, even when Outpost is installed, uninstalled or whatever......
Those are smartscan cache files. Uninstall ask about those. The best (quickest) way to remove them is to re-install outpost, then when uninstall ask about removing smartscan files, select yes.
anyhow......anyone using SPF and VIPRE? if so what do you think of it?
If you can afford Vipre, go for it. (min 5 copies per $38.75 each = $193.75 total)
SPF is nice lightweight firewall though.
-
That's silly statement. Most of the households have LANs with multiple PCs and Laptops.
What if your kid plugs his/her infected laptop into your LAN switch? Imagine the possibilities...
You'd be pretty dumb to rely on low cost consumer router/firewall as your single point of defense on just one of many points of entry.
Do you really have to be told, or you'll figure it out?
Told what by whom? If only you had an inkling of how silly your advice is.
Good AV software takes care of that, overflow attacks through common ports are already protected. Most users end up opening their Personal Firewalls anyway to enable file/print sharing and other LAN/WAN activities anyway.
The only time a Personal Firewall may be of use is if your AV software completely sucks or dates from the 90's.
-
I've been running Threatfire ever since one of you guru's recommended it for anyone running AVG over a year ago.
Since install it has caught 3 or 4 infections, stopped the process, told me about it. Then deleted and killed it before it could do any damage. In short, it catches it early, before it can disable your AV protection.
One time 3 seconds after I closed Threatfire, AVG came up and said HEY you have a virus but by the time it had finished scanning it couldn't find the file. Because it was already deleted and gone.
I do get a warning now and then, usually when I'm installing new software. Normally that the program is changing registry etc. I did upgrade to AVG8 and after 2 weeks of battling with it over a false positive ended up dumping it.
Just running Threatfire now, although I have used the online housecall scan just to make sure I'm still clean.
Was thinking I might end up taking a look at Avast, but haven't done it yet. Just haven't felt the need.
My opinion, lose the firewall, get Threatfire. Put your AV on the back burner.
I download Threatfire and PC Tools Free AV. I like them both and will use them for a while.
-
I have a firewall and an antivirus running only on my wifes computer, she sucks sh.. from ladies ring e-mail every day. Women and their idiotic chain emails are probably the number one threat to network safety. We get videos in mail sent from government offices for example.
I gave my mother only my spam-dump account on hotmail. She has sent me about a hundred messages I never bothered to read as I'm one of the 100 recipients. Gee how d'ya think spammers get e-mail addresses so easy?
-
My Wife is the same way. I solved my own headaches by subnetting our LAN so she is own her own subnet behind her own router. Allows me to keep my box free of anti-this and anti-that programs.
Her computer is constantly being wrecked. There are probably 4 or 5 viruses on it right now and untold amounts of spyware/malware. Even though she runs anti-virus (McAfee,..OY!), anti-spyware (Adaware, Spybot, and something else) and some other file security something or another.
I just look at when she boots it up and shke my head. Once every 6 months, or so, it gets so bad I have to re-install the operating system.