Ditching the software firewall?

[humble]

I just noticed this. While AVG did ok in recent tests it's historical performance is, well, crap. Look at the historical tests and you see nod32 does well. If in a years time AVG remains consistant at the level it's hitting now maybe you're right, but until then I think AVG has a lot to prove before it is recommendable.

This isnt 100% accurate IMO based on what I've seen (feel free to correct me). AVG has always done fine on the definition based test segments, where it historically falls short is in the behavior based components. The free and paid version use the same basic definitions and its been a pretty consistant VB100 award winner in that area. No question that historically its inferior in the other areas where NOD32 (among others shines). I wouldnt rely on anything but the definition driven component of AVG (free or otherwise). That is the vast majority of the risk for most "normal" users...

As for the core of this arguement I think that a good HW firewall is far superior to a SW firewall. There is no value at all to paying for a SW firewall, as vulcan or llama (or both) pointed out elsewhere the free SFW's are every bit as good as the "pro" versions for 99%+ of users. As for AV programs I tend to lean toward the free camp for normal use and favor NOD32 where the little bit of extra protection may just avoid a catostrophic event. The problem is when someone relies on an AV product as absolute protection....which its not.

At this time I'd say AVG+threatfire+defender+Comodo is probably almost (within a fraction of a %) as good as NOD32 or any other paid suite....but its not as good. And the reality is that the .02% difference may be just that. So if the reality of a hosed system is potentially catostrophic then its a small price to pay for that little bit extra edge...otherwise go with the free stuff.

[Messiah]

Outpost Firewall Pro was rated top for having the least leaks out of a bunch of popular firewalls, including commodo.  I use that in conjunction with Avast 7 AV and Lavasoft Adware Pro and never have any problems.  I would recommend trashing Internet Explorer and using Firefox as well. 

[Vulcan]

humble I was referring to the av comparitives retrospective tests. Basically they take a snapshot of the AV product 3 months ago and test it over the newly released malware at that time. I think the most recent test is the ONLY time AVG has actually passed the test.

NOD32 always did well at this test, in the May 07 test for example nod32 scored 68% with few false positives and fast scanning speed. Whereas AVG scored a meagre 8% with high false positives and slow scanning speed. Hence nod32 provided 9x the protection against new threats at that time than AVG was. Too me that is a significant difference and certainly not a 'fraction of a percent' in protection!

In the most recent test (where AVG actually passed for the first time) there is still a 25% vs 71% difference with NOD32, 3x the protection, yet again not a "fraction of a percent" picture that you paint.

[MrRiplEy[H]]

Nod32 is light, that alone is reason enough to pay for it.

[humble]

humble I was referring to the av comparitives retrospective tests. Basically they take a snapshot of the AV product 3 months ago and test it over the newly released malware at that time. I think the most recent test is the ONLY time AVG has actually passed the test.

NOD32 always did well at this test, in the May 07 test for example nod32 scored 68% with few false positives and fast scanning speed. Whereas AVG scored a meagre 8% with high false positives and slow scanning speed. Hence nod32 provided 9x the protection against new threats at that time than AVG was. Too me that is a significant difference and certainly not a 'fraction of a percent' in protection!

In the most recent test (where AVG actually passed for the first time) there is still a 25% vs 71% difference with NOD32, 3x the protection, yet again not a "fraction of a percent" picture that you paint.

I dont think we're saying anything different here. AVG is not going to provide significant protection from anything not in the definition database IMO. The AVG definitions are pretty comparable to anyone elses....so the window isnt 90 days...but certainly 24-48 hours. Thats were something like threatfire makes such a big difference with a program like AVG...

[CHECKERS]

Frankly, running an outbound software firewall is like closing the barn door after the horse got out.

It's like having an alarm on your house that only goes off AFTER a burglar has taken your stuff and closes the front door on his way out.

Sure, it tells you your running a bot, but then what? You're still owned and the firewall didn't prevent it from happening.

In that sense, it makes a good diagnostic tool that's handy to check on the status of a system, but the overhead of running it constantly is hardly worth it, not to speak of the contstant annoyance of a firewall always asking you if you want your legitimate apps talking to the Internet. Sometimes when cleaning out a screwed up system (and trust me, there's BIG MONEY in doing it), I'll install Commodo just to see if it blocks anything, and then uninstall it after it doesn't see anything.

Generally, you SHOULD have been running good AV (and not halfassed AV) all the time and probably good antispyware monitoring typical hidey-holes, browsing with an alternative browser, and been getting Windows Updates automatically to keep this problem from happening in the first place.

In other words, I agree with Vulcan here.

-Llama

 Llama,

 I wonder if you, or Vulcan have any comments on BLINK Blink Personal: Provides home PC protection plus Internet Security. Including all-in-one antivirus, antispyware, antiphishing, identity theft protection, plus personal firewalls?.
 Thanks,
 CHECKERS

[Vulcan]

Llama,

 I wonder if you, or Vulcan have any comments on BLINK Blink Personal: Provides home PC protection plus Internet Security. Including all-in-one antivirus, antispyware, antiphishing, identity theft protection, plus personal firewalls?.
 Thanks,
 CHECKERS

It appears to be based on the Norman AV engine, not bad, but not stunning, just average on the av-comparitives tests. You'll find a lot of those all-in-ones are just bundles of OEM'd commercial stuff, sometimes with a sprinkling of freeware.

[CHECKERS]

It appears to be based on the Norman AV engine, not bad, but not stunning, just average on the av-comparitives tests. You'll find a lot of those all-in-ones are just bundles of OEM'd commercial stuff, sometimes with a sprinkling of freeware.

 Thanks for the information.

 Bob/CHECKERS

[TequilaChaser]

I had recently went from Zonealarm Pro and Nod32 to using OutPost Pro and Nod32

I then stumbled onto the following:
Sun-belt Software's Personal Firewall ( previously known as Kerio )
http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/

and here is a comparison test of the more poplar anti-virus / anti-malware programs out there:
http://www.vipreenterprise.com/Why-VIPRE-Enterprise/VIPRE-Stats.htm

this is leading me toward switching from NOD32 to VIPRE......

I hate the fact that OutPost has made 2 files / and sometimes folders....and when I went to uninstall it left the damn files, and I have no way of deleting them outside of reformatting..... ( is like cache files etc ) they were hidden, and checked the box to where it showes them.....but still get access denied when trying to get rid of them, even when Outpost is installed, uninstalled or whatever......

anyhow......anyone using SPF and VIPRE?   if so what do you think of it?

[Fulmar]

Old PC = www.ipcop.org

But, I only recommend it to people who need more than your average setup.

[Ghosth]

I've been running Threatfire ever since one of you guru's recommended it for anyone running AVG over a year ago.

Since install it has caught 3 or 4 infections, stopped the process, told me about it. Then deleted and killed it before it could do any damage. In short, it catches it early, before it can disable your AV protection.

One time 3 seconds after I closed Threatfire, AVG came up and said HEY you have a virus but by the time it had finished scanning it couldn't find the file. Because it was already deleted and gone.

I do get a warning now and then, usually when I'm installing new software. Normally that the program is changing registry etc. I did upgrade to AVG8 and after 2 weeks of battling with it over a false positive ended up dumping it.

Just running Threatfire now, although I have used the online housecall scan just to make sure I'm still clean.
Was thinking I might end up taking a look at Avast, but haven't done it yet. Just haven't felt the need.

My opinion, lose the firewall, get Threatfire. Put your AV on the back burner.

[FLOTSOM]

I've been running Threatfire ever since one of you guru's recommended it for anyone running AVG over a year ago.

Since install it has caught 3 or 4 infections, stopped the process, told me about it. Then deleted and killed it before it could do any damage. In short, it catches it early, before it can disable your AV protection.

One time 3 seconds after I closed Threatfire, AVG came up and said HEY you have a virus but by the time it had finished scanning it couldn't find the file. Because it was already deleted and gone.

I do get a warning now and then, usually when I'm installing new software. Normally that the program is changing registry etc. I did upgrade to AVG8 and after 2 weeks of battling with it over a false positive ended up dumping it.

Just running Threatfire now, although I have used the online housecall scan just to make sure I'm still clean.
Was thinking I might end up taking a look at Avast, but haven't done it yet. Just haven't felt the need.

My opinion, lose the firewall, get Threatfire. Put your AV on the back burner.

I agree!!

since i first read the name of threat fire in a AH BBS post i have been running threatfire on both of my computers (laptop and desktop).

i have been going out of my way to visit spam and ad-ware sights with my laptop to test threatfire. I have bounced through the worst porn sights i have heard of to try to pick something up. (kinda like visiting crack hoe's to test out a new brand of condom).

threatfire has prevented any changes to my register (keep a back up copy of it and do line item comparison) or adding any form of unwanted or unapproved programing to my computer)

i have gone to multiple Internet firewall leak test sights to try to check my firewall security. i have to turn threat fire off to do any kind of testing. if i leave it on then as soon as i try to run the test i get a warning and the downloaded program is immediately stopped and deleted. it gets no chance to get to my AV program, its dead before it gets that far.

So i am beginning to come to the realization that running threat fire by itself may just be the best way to go.

Ghosth once again i think this is a program that i first heard of in a responce you posted to someone else in an earlier thread.

Thanx for all your great advice on user friendly programs!!!

<SALUTE>

FLOTSOM

[MrRiplEy[H]]

I removed antiviruses and firewalls from all my computers. I only rely on the nat translation now.

No viruses, no trouble so far (many months).

I do online scans now and then and check the network stats for unauthorized traffic regularly. So far so good.

[2bighorn]

Frankly, running an outbound software firewall is like closing the barn door after the horse got out.

It's like having an alarm on your house that only goes off AFTER a burglar has taken your stuff and closes the front door on his way out.

That's silly statement. Most of the households have LANs with multiple PCs and Laptops.
What if your kid plugs his/her infected laptop into your LAN switch? Imagine the possibilities...

You'd be pretty dumb to rely on low cost consumer router/firewall as your single point of defense on just one of many points of entry.

Sure, it tells you your running a bot, but then what? You're still owned and the firewall didn't prevent it from happening.

Do you really have to be told, or you'll figure it out?

 

[2bighorn]

I hate the fact that OutPost has made 2 files / and sometimes folders....and when I went to uninstall it left the damn files, and I have no way of deleting them outside of reformatting..... ( is like cache files etc ) they were hidden, and checked the box to where it showes them.....but still get access denied when trying to get rid of them, even when Outpost is installed, uninstalled or whatever......

Those are smartscan cache files. Uninstall ask about those. The best (quickest) way to remove them is to re-install outpost, then when uninstall ask about removing smartscan files, select yes.

anyhow......anyone using SPF and VIPRE?   if so what do you think of it?

If you can afford Vipre, go for it. (min 5 copies per $38.75 each = $193.75 total)

SPF is nice lightweight firewall though.