Yes, I'm asking for advice :)

I've disinfected an XP Home computer for a non-techie friend and have set it up with various free protections so this doesn't happen again. I've chosen Avira AntiVir for the antivirus, considering that the occasional pop-up offering to sell the Pro version is a reasonable trade off for it being free and working well, SpamBot Search & Destroy for the other malware and immunization, set Firefox with Adblock Plus (but not NoScript) as the default browser, and for a free personal firewall installed Online-Armor.

It's that last one that I'm not really happy about. It gets great reviews for security, it's free, and it doesn't seem to be a big system resource hog. But I can't get it to stop popping up notices about programs accessing the Internet no matter how thorough I try to be at initializing it to recognize existing programs, or how much I try to run everything once and click the don't ask about this again boxes. It seems that there are just too many times that programs get updated when you want to keep a system properly up to date, and each time that happens the next time it accesses the Internet such as to check for updates Online-Armor helpfully warns the user that a program has changed and is no longer trusted.

If I were using Windows I might accept that as the cost of maintaining security, but the popups do not provide useful information for a non-techie user. When the popup appears asking them what to do, they would have to be able to distinguish between 1) a program being run for the first time since it was upgraded to a point release version running the online update for the first time; and 2) some malware running for the first time trying to phone home. I don't want to subject a non-techie to that.

I used to hear good things about Zone Alarm, but more recently people talk about how bloated it has become.

So any suggestions? Or do I just leave the system running the XP Service Pack 3 firewall?

So any suggestions? Or do I just leave the system running the XP Service Pack 3 firewall?
ZoneAlarm has indeed been the subject of many trouble reports in the CompuServe Windows forum. Almost as many as Norton<G>!

The consensus in that forum is that if the computer is also behind a router that implements NAT, the Windows firewall is plenty of protection from invaders.

Avira (http://www.free-av.com/) antivirus is usually near the top of the tests at AV-Comparatives (http://www.av-comparatives.org/). Follow the "Comparatives" link from the left margin. Secunia PSI (http://download.cnet.com/Secunia-Personal-Software-Inspector/3000-2162_4-10717855.html?part=dl-6297691&subj=dl&tag=button) seems to be pretty good about notifying us of program patches available, but probably errs on the side of caution because I can't believe all the security holes they detail are really being exploited by bad guys.

Old favorites like AdAware and SpyBot Search-and-Destroy are still useful in their own way, I guess, but mostly they seem to be proud about how many browser cookies they have counted. I have seen recommendations in this forum for Malwarebytes (http://www.malwarebytes.org/mbam.php), but have no independent knowledge of its value.

I have seen recommendations in this forum for Malwarebytes (http://www.malwarebytes.org/mbam.php), but have no independent knowledge of its value.

I used Malwarebytes for the cleaning, but its realtime scanning function is only in the paid version, and without that it didn't seem like it provided enough extra value to keep installed on the user's system.

SpyBot S&D is easy to use and to update, and seems to complement the antivirus software.

I don't remember what I found annoying about later versions of Adaware, but it was something and I never saw it find anything meaninful that Spybot S&D missed, so I've stopped putting it on people's machines.

This user is behind NAT, so I think I'll just go with the XP firewall.

Thanks.

Sidney

So any suggestions? Or do I just leave the system running the XP Service Pack 3 firewall?Hardware firewall with a router and then the XP firewall.

Hardware firewall with a router and then the XP firewall.

That seems to be the consensus so that's what I'll go with.

Thanks.

The only thing a software firewall brings to the party is its ability to block outgoing data, in case the computer has been turned into a bot or is sending personal data to bernie madoff.
(Now that bernie is ensconced in luxurious accomodations in downtown nyc, so he will only have to walk through a tunnel on june 16th to learn how long his sentence will be. I doubt that he was able bring a computer with him, so there is probably no danger of his getting your personal information.)

In fact, that unless you are sloppy enough to allow a bot to be installed or another call home nasty, there isn't much use in using a software firewall if you have a nat already, i.e. a hardware firewall.

Finally, why didn't you install noscript for firefox?

Sidney, ZoneAlarm is terribly intrusive and VERY difficult to get rid of if you decide to.

With a hardware firewall, you shouldn't need a software firewall. It will only tell you what is going out which should not be a concern, especially if you are properly protected against what is coming in.

I've had good luck with just a hardware firewall and an anti-virus package.

Sidney, ZoneAlarm is terribly intrusive and VERY difficult to get rid of if you decide to.I have installed and uninstalled Zone Alarm more times that I can remember on Win XP and don't remember any problems.

Zone Alarm did give me a problem when MS fixed the DNS security hole thingy last year, such that I had to lower the Internet security slider from high to medium.

I also have to turn off Zone Alarm when I want transfer files on my home LAN. That would probably not be the case in the pay-for version.

Personally I don't mind the pop ups asking permission for new or changed programs to access the Internet. I sort of like the idea of being able to look at a list of all programs that I've allowed to access the internet or to act as servers (the latter feature is built in to the Windows Firewall for XP now I think, but I've only glanced at it once with the Windows Firewall).

I don't doubt that some people may have had problems with ZA, just saying that I like it pretty well over the years I've used it, been a long time now.

This user is behind NAT, so I think I'll just go with the XP firewall.

Sidney,

I just read the Wikipedia article on NAT, and have become suspicious of something. I have been fighting with WiFi failure since it suddenly started last December. It will be fine, and then it will quit completely like a switch has been thrown, which does not happen with an ethernet cable in play. Seriously extensive analysis by the cable ISP of its local system and Linksys router and by IBM of this machine has turned up nothing. But I notice mention of possible odd address failure behind NAT in the Wiki article. Is it possible that the router could drop addresses using WiFi but not using a cable? I know that seems a serious stretch, but...

- Jeff

unless you are sloppy enough to allow a bot to be installed or another call home nasty, there isn't much use in using a software firewall if you have a nat already, i.e. a hardware firewall.

Finally, why didn't you install noscript for firefox?

I agree about the firewall, which is why I am not willing to install any firewall for her that acts confusing or intrusive in any way. But enabling the XP firewall seems like a reasonable compromise for a non-techie.

As for noscript, I didn't install it because this is a system owned and used by a non-techie and I am not in a position to teach her how to use noscript, how to recognize when it has to be disabled or paritally disabled for a site that doesn't work because of it, how to tell if an alert is malware being blocked vs a site that really does need expanded permissions, etc.

Is it possible that the router could drop addresses using WiFi but not using a cable? I know that seems a serious stretch, but...
May not be related, but may...

I have had trouble with a couple of LinkSys WiFi routers whose DHCP apparently went nuts when WEP encryption was used. WPA seemed to work fine! Go figure...

I notice mention of possible odd address failure behind NAT in the Wiki article. Is it possible that the router could drop addresses using WiFi but not using a cable? I know that seems a serious stretch, but...

Are you talking about the need to use frequent keepalive packets to avoid dropping a connection? I wasn't aware of that, but that is because it is something that you never have to think about -- Obviously it is properly built in to WiFi systems, but if something about that is failing it would have the symptoms you are seeing. Is it possible that a router has a problem with that aspect of its WiFi without having the same problem in its hardwired ethernet? I suppose it is possible, but that doesn't give me any useful clues about what you can do other than try another router and see if it behaves better.

Personally I don't mind the pop ups asking permission for new or changed programs to access the Internet.

Personally, I could handle it if I chose to use Windows and that was the price of making it somewhat safe. But this system if for someone who is not in a position to decide what the popup means each time it pops up, and for whom it would be just an annoyance.

Sidney,

I just read the Wikipedia article on NAT, and have become suspicious of something. I have been fighting with WiFi failure since it suddenly started last December. It will be fine, and then it will quit completely like a switch has been thrown, which does not happen with an ethernet cable in play. Seriously extensive analysis by the cable ISP of its local system and Linksys router and by IBM of this machine has turned up nothing. But I notice mention of possible odd address failure behind NAT in the Wiki article. Is it possible that the router could drop addresses using WiFi but not using a cable? I know that seems a serious stretch, but...

- JeffMaybe an outside chance that the problem is temperature related. Any correlation between occurrence of problem and length of time after turning on computer and turning on router ?

Yes, I'm asking for advice :)

I've disinfected an XP Home computer for a non-techie friend and have set it up with various free protections so this doesn't happen again. I've chosen Avira AntiVir for the antivirus, considering that the occasional pop-up offering to sell the Pro version is a reasonable trade off for it being free and working well, SpamBot Search & Destroy for the other malware and immunization, set Firefox with Adblock Plus (but not NoScript) as the default browser, and for a free personal firewall installed Online-Armor.

It's that last one that I'm not really happy about. It gets great reviews for security, it's free, and it doesn't seem to be a big system resource hog. But I can't get it to stop popping up notices about programs accessing the Internet no matter how thorough I try to be at initializing it to recognize existing programs, or how much I try to run everything once and click the don't ask about this again boxes. It seems that there are just too many times that programs get updated when you want to keep a system properly up to date, and each time that happens the next time it accesses the Internet such as to check for updates Online-Armor helpfully warns the user that a program has changed and is no longer trusted.

If I were using Windows I might accept that as the cost of maintaining security, but the popups do not provide useful information for a non-techie user. When the popup appears asking them what to do, they would have to be able to distinguish between 1) a program being run for the first time since it was upgraded to a point release version running the online update for the first time; and 2) some malware running for the first time trying to phone home. I don't want to subject a non-techie to that.

I used to hear good things about Zone Alarm, but more recently people talk about how bloated it has become.

So any suggestions? Or do I just leave the system running the XP Service Pack 3 firewall?

Sidney,

Duane likes Comodo, or rather liked it. The latest versions are bloatware and suites with kitchen sink properties. I use it, but in an earlier version 3.xxx.

P.S. CFP_Setup_3.0.24.368_XP_Vista_x32.exe

May not be related, but may...

I have had trouble with a couple of LinkSys WiFi routers whose DHCP apparently went nuts when WEP encryption was used. WPA seemed to work fine! Go figure...

This Linksys router has been on 128 WEP from day one, but only started to do the WiFi on/off dance last December. And that's literally what happens, just like a light switch. So I just looked and it does seem to also have WPA available. During this entire saga no one has ever mentioned that. Changing over now.

- Jeff

Just a minute. I have occasionally looked and have never before seen WPA, just 64 and 128 WEP. This is Comcast's router, which they can send a hard reset which I have watched happen when all of the green lights turn red. I wonder if they added WPA to it at some fairly recent point, possibly without the knowledge of anything except their system servers.

Are you talking about the need to use frequent keepalive packets to avoid dropping a connection?

Well now, I wasn't before aware of what kind of discussion may be going on between this machine and the router, but my port monitor does occasionally report a lot of regularly spaced chatter when both should be at a dead idle. But only with WiFi, not using the cable. Per Dan's idea I'm changing to WPA and will watch for the chatter.

- Jeff

Maybe an outside chance that the problem is temperature related. Any correlation between occurrence of problem and length of time after turning on computer and turning on router ?

Thanks for the idea, but the router is never turned off and the computer has power even when it's sleeping.

- Jeff

Linksys router ... Comcast's router
So this is a cable modem + WiFi router all in one box? Can you find the model number?

So this is a cable modem + WiFi router all in one box? Can you find the model number?

Yup, the cable is plugged into a box with two antennas. The router's report of itself:

Vendor Name: The Linksys Group, Inc.

Hardware Version: 1.2b

Serial Number: KBG5137447

Firmware Version: 2.0.3.9.31-1022

Operating Mode: CableHome 1.1

"CableHome" is Comcast's 'home networking', which even has its own support 800 number. Which is a good thing because yesterday when I changed it from WEP 128 to WPA the router lost its mind, and the outside world. TG I had an ethernet cable running across the floor because that is apparently the only way to change WiFi security; the WiFi router has to be hardwired. Stupid, or what? Unfortunately for about an hour it was mostly the blind leading the blind, until some maneuver finally accomplished something and it started to report WPA was in play. What that means I'm not certain, except the godawful long WEP key is gone, replaced with a WPA "passphrase". Am I having fun yet? Oh yeah, apparently on and off during that fun filled hour NAT was disabled because my software firewall kept lighting up telling me it had blocked a port scan. I'd never seen that before.

- Jeff

It's a nice box. Two antennas, four RJ45's, and a USB port. And front indicator lights for activity at any and all of them when active.