What are you using now? I ask, because I just changed over my setup after getting hit with a worm a little while ago during a time when I was dumping AVG and moving to something new.

Right now I've gone with standalone apps instead of suites (which is where AVG was taking me). I'm running AntiVir for anti-virus, Malwarebytes for malware, Panda for Anti-Rootkit and AdsSpy for alternate data streams. Oh yes, my firewall was Kerio 2.1.5, but it missed that worm probably because I'm not as good as writing or adapting rules for it as I should, so I went for Comodo instead.

What are you using now?

N, I use a hardwire firewall (in my ADSL portal) and AVG Free...plus a style of surfing and processing that is VERY conservative.

N, I use a hardwire firewall (in my ADSL portal) and AVG Free...plus a style of surfing and processing that is VERY conservative.

Peter,

The hardware firewall has its supporters. As I use laptops, I'm on the move a lot, so software there instead and AVG free is what I used when it was standalone not suite. Haven't run suites for quite some time now, although I do see the allure.

What are you using now?

1) The NAT feature of my router

2) Avira (free edition)

3) The MS malware finder each month or so when it appears

I run SpyBot Search & Destroy once in a while, but all it finds are harmless cookies and a password descrambler I keep around as a utility for when one of my clients forgets.

1) The NAT feature of my router

2) Avira (free edition)

3) The MS malware finder each month or so when it appears

I run SpyBot Search & Destroy once in a while, but all it finds are harmless cookies and a password descrambler I keep around as a utility for when one of my clients forgets.

Dan,

I found Malwarebytes when S&D failed to kill off a problem. Duane and others in CIS brought it to my attention.

What password descrambler do you recommend?

What are you using now? I ask, because I just changed over my setup after getting hit with a worm a little while ago during a time when I was dumping AVG and moving to something new.

Right now I've gone with standalone apps instead of suites (which is where AVG was taking me). I'm running AntiVir for anti-virus, Malwarebytes for malware, Panda for Anti-Rootkit and AdsSpy for alternate data streams. Oh yes, my firewall was Kerio 2.1.5, but it missed that worm probably because I'm not as good as writing or adapting rules for it as I should, so I went for Comodo instead.

Router hardware firewall, the free Sygate software firewall (since bought and killed off by Symantec), F-Prot AV in real time, and once a month the free Panda, AdAware and Spybot S&D. Sygate may be "out of date" but it works on the principle that a vampire must be *invited* into your home, so I'm not sure what "out of date" means. The original free edition is probably on a public server or two somewhere. Or email me.

- Jeff

1) The NAT feature of my router

2) Avira (free edition)

3) The MS malware finder each month or so when it appears
Aha! Because it is so transparent, I forgot:

4) WinXP firewall

[Internet Storm Center] Presentations and Papers
...
Older Presentations

* DNS Poisoning Summary
* Microsoft October Patches for Managers (Power Point), (PDF)
* First Things First. An Introduction to Network Security
* Windows XP: Surviving the First Day

[link to list of presentations]
http://isc.sans.org/presentations/index.html

[link to Surviving the First Day ]
http://www.sans.org/rr/papers/index.php?id=1298

SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site.
Windows Vista: First Steps
The target audience for this guide are home users and small businesses without a [hardware?] firewall, who rely on
downloading patches from Microsoft directly.
DH

I quote the following from an earlier post of mine
"security suites fail miserably"
http://tapcis.com/forums/showthread.php?t=6745

Even though it blocked only 64 out of 300 exploits, Symantec's Norton Internet Security 2009 came out best from the test, detecting almost ten times more exploits than its nearest competitor. Security suites from the likes of Kaspersky, Check Point, Microsoft, AVG and McAfee all flopped.

Security product bundles are marketed as comprehensive Internet Security Suites, leaving the impression that the user is fully protected against internet threats. Secunia's tests suggest the products fail to do what they say on the tin. Symantec has recently begun introducing behaviour-based detection, which helps to explain why its software did the best of a bad bunch.
http://www.theregister.co.uk/2008/10/13/secunia_security_suite_tests/

Mea culpa :o
I'll admit that I'm too cheap to buy some Symantec suite. Instead I use Avast! free on 98 and AVG 8 anti virus anti spy on XP. Knowing what I know now, if I did not have Firefox with NoScript extension, I probably WOULD buy some Symantec suite.

I do not know which security products of TODAY actually DO report vulnerabilities which exist on your PC. I don't want to bother with doing the research. Because Secunia Personal Software Inspector (PSI) does that reporting for me on Win XP FOR FREE. AFAIK the main way TODAY to be infected by malware is by unpatched 3rd party (mainly browser plug ins) vulnerabilities. Anybody who is aware of this claim and believes it and does NOT use a vulnerability reporting tool such as Secunia PSI would seem foolhardy to me.

It seems to me that NoScript on Firefox reduces your exposure to unpatched 3rd party vulnerabilities TREMENDOUSLY, because it allows you to block plug-ins both on trusted and un-trusted sites. So you only play/display plug-in docs/media/applets you actually initiate yourself from your trusted sites. Obviously, if a script or a plug in is NOT permitted to run (e.g. by NoScript) then any and all unknown or unpatched vulnerabilities (i.e. security bugs/security flaws) in it CANNOT BE TAKEN ADVANTAGE OF by the bad guys.

In other words, NoScript and Secunia PSI don't really identify and catch malware, they merely permit you to perform DUE DILIGENCE in an automated way.

As far as "behavior based detection" goes, I've been considering adding Threatfire to my Win XP system.
ThreatFire AntiVirus - Behavioral Virus and Spyware Protection
ThreatFire features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, ...
www.threatfire.com I don't really know much about it but there is a good probability IMO that ThreatFire might be BOTH more effective than signature based detection AND with less of a hit on system performance. The traditional signature based detection of malware is now essentially obsolete and provides a misleading sense of security. Cyber crime is so profitable that the bad guys can now afford the services of real professional software and security experts. e.g. they can make every instance of a security exploit file have a different "signature" every time it gets downloaded (unintentionally downloaded, of course), making the most common AV strategy of "signature based detection" nearly worthless.

I also have not tried browser sandboxing, e.g. SandboxIE.
http://en.wikipedia.org/wiki/Sandboxie

Router hardware firewall, the free Sygate software firewall (since bought and killed off by Symantec), F-Prot AV in real time, and once a month the free Panda, AdAware and Spybot S&D. Sygate may be "out of date" but it works on the principle that a vampire must be *invited* into your home, so I'm not sure what "out of date" means. The original free edition is probably on a public server or two somewhere. Or email me.

- Jeff


Jeff,

Paid for F-Prot once, had problems but no longer remember what they were as this is years ago now. Really like Panda Rootkit, no longer use Adaware or Spybot (Malwarebytes replaces both). As for Sygate, my wife uses it on her computer, but as it is deadware now, the nag screen to register does not make her happy when she has to click on it to make it go away.

Jeff,

Paid for F-Prot once, had problems but no longer remember what they were as this is years ago now. Really like Panda Rootkit, no longer use Adaware or Spybot (Malwarebytes replaces both). As for Sygate, my wife uses it on her computer, but as it is deadware now, the nag screen to register does not make her happy when she has to click on it to make it go away.

Nick, the current F-Prot seems quite good, although I do vaguely remember some problems years ago. My Sygate version 5.6 build 2808 has no nag screen and never did as it is the free version and simply loads at bootup. There seem to be some options that were only available on the "pro" version, but I've never missed them. I'll look for malwarebytes.

- Jeff

Nick, the current F-Prot seems quite good, although I do vaguely remember some problems years ago. My Sygate version 5.6 build 2808 has no nag screen and never did as it is the free version and simply loads at bootup. There seem to be some options that were only available on the "pro" version, but I've never missed them. I'll look for malwarebytes.

- Jeff

Jeff,

Haven't revisited F-Prot since they dumped the old DOS version (which was my backup anti-virus). Did like that one and one of the older windows versions. As Anti-Vir does what I need now, I'm less inclined to change, although people have been talking a lot about NAV finally ditching the bloatware and becoming a good product once again and way back when, that is what I used all the time.

What are you using now? I ask, because I just changed over my setup after getting hit with a worm a little while ago during a time when I was dumping AVG and moving to something new.

The free version of ZoneAlarm (which I keep telling myself I'm going to replace, because it takes so darned long to load, but never have) and NOD32 (http://www.eset.com/products/nod32.php) (not free, but not all that expensive) for virus protection.

The free version of ZoneAlarm (which I keep telling myself I'm going to replace, because it takes so darned long to load, but never have) and NOD32 (http://www.eset.com/products/nod32.php) (not free, but not all that expensive) for virus protection.Me too on both of those. I love NOD32 -- best, simplest, least intrusive antivirus program I've ever come across.

The free version of ZoneAlarm (which I keep telling myself I'm going to replace, because it takes so darned long to load, but never have) and NOD32 (http://www.eset.com/products/nod32.php) (not free, but not all that expensive) for virus protection.

Lindsey,

I used the free version of ZoneAlarm too once upon a time. I switched to NAV until it got bloated and even Duane (its biggest fan) said to say bye bye to it then went on to Trend Micro (got a coupon and it was cheap) and ran a suite for a few years. Then Kerio 2.1.5 and AVG Free which ended after they dumped 7.5 and went to the suite 8.xx whcih ran slow and took up a lot of resources and had some features removed... in effect a not wanted form of crippleware, though not as bad as some others out there in that regard. AntiVir is now what I use after playing with several others which didn't work out for one reason or another. Never tried nod32, though you among several others have highly recommended it.

Comodo is pretty good right now, although I am using the last of the 3.xx versions because they too moved on to a suite (5.xx) and I don't like the suite they came up with... bloatware imo and the comments by comodo fans have been mixed.

Then Kerio 2.1.5 and AVG Free which ended after they dumped 7.5 and went to the suite 8.xx whcih ran slow and took up a lot of resources and had some features removed...

Comodo is pretty good right now, although I am using the last of the 3.xx versions because they too moved on to a suite (5.xx) and I don't like the suite they came up with... bloatware imo and the comments by comodo fans have been mixed. I used Sunbelt Personal Firewall (used to be Kerio) for a while. But it reset my workgroup name to the default on Win XP a number of times and I had to reconfigure my home network back to the same name as what I had on my Win 98 other PC, so I gave up and went back to Zone Alarm for a while. For some other reason that I now forget, I dropped ZA and now am using just Windows firewall alone, although I think I may go back to ZA to have outgoing control.

I tried Comodo but I may have taken an "expert" or "advanced" mode and possibly because of that I had to keep permitting changes in the registry whenever I installed a new application that used the network and it became a bother.

So far I have stayed with AVG free on XP because the version 8 had the additional features of anti-spy and link checking (for malware sites) in the browser. I wasn't sure how much good the link checking was doing so now I have it turned off. I have Finjan Secure Browsing in IE and FF and FireKeeper FF IDS in the browser AND NoScript in FF so I don't think dropping the AVG link checking was much of a loss of security. DH

I used Sunbelt Personal Firewall (used to be Kerio) for a while. But it reset my workgroup name to the default on Win XP a number of times and I had to reconfigure my home network back to the same name as what I had on my Win 98 other PC, so I gave up and went back to Zone Alarm for a while. For some other reason that I now forget, I dropped ZA and now am using just Windows firewall alone, although I think I may go back to ZA to have outgoing control.

I tried Comodo but I may have taken an "expert" or "advanced" mode and possibly because of that I had to keep permitting changes in the registry whenever I installed a new application that used the network and it became a bother.

So far I have stayed with AVG free on XP because the version 8 had the additional features of anti-spy and link checking (for malware sites) in the browser. I wasn't sure how much good the link checking was doing so now I have it turned off. I have Finjan Secure Browsing in IE and FF and FireKeeper FF IDS in the browser AND NoScript in FF so I don't think dropping the AVG link checking was much of a loss of security. DH

David,

Only Tiny FireWall and Kerio 2.1.5 were good. Sunbelt bloated up Kerio and nobody I talked to online liked it. Comodo if run in the default (kind of medium ) setting is less talkative and has done a better job for me. I did not like AVG Free 8 as it slowed down my older T40 Thinkpad and took up a lot of resources and they managed to make it less likeable too boot. I use KM (K-Meleon) instead of FF most of the time. KM has AdBlock and NoScript which I use some of the time, but most of the time I just use KM's Privacy Toolbar which allows me to toggle a variety of stuff on or off. I generally surf with Java and JavaScript turned off and sometimes even images too. CookieMonster solves the problem of bad cookies and KillFlash gets rid of those annoying distractions on a case by case basis.

I forgot about Stinger which I keep around and sometimes run on bootup.