TechSpot

To Antivirus/Firewall or not

By mercjoe
Apr 26, 2008
  1. Please, dont get this post like Im trying to teach anything to anyone, im just questioning myself and would like some opinions.

    Its no news that at the very first moment you plug your computer to the internet you're at risk of being infected with any sort of malware.

    Anyhow, Im reluctant about installing Antivirus and "software firewalls" on my PC.
    Im I wrong or there's been episodes with mayor antivirus providers where their products were screwed and ended up giving more troubles than avoiding them to their users ?

    Why installing "software firewalls" if windows XP and beyond already have a really good one built in ?
    Why having processes running on our backs, eating up resources ( and giving us just a relative sense of security), if thats what we are looking to get rid off at the first place ?

    Small home Firewalls/routers are so cheap nowadays and properly configured can give you more peace of mind than just software (Thats what AVs and FWs are...., bits of programs which can screw you just like any other programs).

    I have my broadband cable connected to a linux box which I use just as a firewall and my other computers behind it. No one ever broke into my machines.

    I do have my PCs infected, specially the one I use for testing software and downloading any kind of crap (Thanks Kritius for your help !!!). But I think that a conscious user would do just fine by knowing what "not" to do and scanning/cleaning its machines as often as possible.

    Just my two cents.
    Please, I would really like some good constructive feedback.

    Thanks for reading
    Diego
     
  2. kritius

    kritius TS Guru Posts: 2,084

    After cleaning many many machines, its my opinion that even if you are a "conscious user" needs antivirus, you never know where the infection will come from.
     
  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi Diego,

    Why risk it.

    Some AV products are not worth the hassle (ie Norton or Mcafee) or rogue programs which you can check at www.spywarewarrior.com

    I think Avast! is the lightest on resources of all the free AV's

    ----------------------------------------------------------

    As for Firewalls, windows firewall is useless, it is better than nothing, but it fails horrible on leak tests. For XP there are lots of options here, For Vista Zone Alarm and Comodo are really it as far as free ones that work good. Comodo is a little more of hassle but it has defense+ which is its HIPS program, basically it doesn't depend on definitions to catch malicious activity, it watches the actions of programs versus watching for definition matches. Either way you need a software firewall, a router is good but it is like comparing apples to oranges.

    ----------------------------------------------------------

    Anti-spyware programs are excellent because they don't eat up much resources and some of the free ones are just as good as the paid versions.

    I recently installed WinPatrol and can't say enough good things about it, you wont know its there except for the little icon in the tray.

    Superantispyware, MalwarebytesAntiMalware, Spyware Blaster, and Spybot are all excellent.

    --------------------------------------------------------------

    Here is my saved standard speech. I am sure kritius gave/will give you something similar

    • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

      See this link for a listing of some online & their stand-alone antivirus programs:

      Virus, Spyware, and Malware Protection and Removal Resources

    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

      For a tutorial on Firewalls and a listing of some available ones see the link below:

      Understanding and Using Firewalls

    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

      A tutorial on installing & using this product can be found here:

      Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

    • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

      A tutorial on installing & using this product can be found here:

      Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

    • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
     
  4. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Absolutely excellent stuff there Blind Dragon. This is "sticky" material.
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    It is great stuff, credit also goes to the following for putting together all of this info.

    Grinler and PGPhantom at Bleeping computer.

    It is really impressive the time these guys put in making the tutorials
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Are you really questioning the wisdom of having these or just throwing out how inefficient some of them are? If it is the former, I would say to you, the reason is because the one malware program you keep out may be the one that brings your entire system down and takes your information.

    Worth it? Yes. Some better than others? Yes. Is that reason not to use either? No.

    Thanks you Blind Dragon, et al.
     
  7. kritius

    kritius TS Guru Posts: 2,084

    I will give almost the exact same thing because I think we got it at the same place.

    Please download the OTMoveIt2 by OldTimer.

    • Double-click OTMoveIt2.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

    • Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

      You can find instructions on how to enable and re-enable system restore here:

      Windows XP System Restore Guide

      or

      Windows Vista System Restore Guide

    Re-enable system restore with instructions from tutorial above

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

      This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

      Instructions for Spybot S & D

    • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    Here are some additional utilities that will enhance your safety

    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software

    Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

    Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
     
  8. mercjoe

    mercjoe TS Rookie Topic Starter Posts: 20

    Hey Bobbye,

    Im not questioning using AV software for scanning and cleaning your machine, I have doubts about the advantages of having a resident AV looking for what comes into or goes out from your PC. I mean, thats ideal, it would be great to have a neat piece of software doing that. My question is how much secure that really is ?

    The last resident AV I used was Norton years ago and I never used one again ever since.Instead I started scanning my machines once a week or so and cleaning accordingly.

    What about firewalling ? Isnt it better to get a cheap linksys or whatever known brand instead ?
    What about XPs and Vista firewalling capabilities ?

    Diego




     
  9. kritius

    kritius TS Guru Posts: 2,084

    taken from
    Slighty edited

    6.) Firewall

    • It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions.

     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I personally went to a router for additional protection even before I went wireless or set up a network.

    As for an AV program running- yes, If it's kept updated, if it's configured correctly and if it's a good, reliable program, yes, it should be active all the time. There is some serious 'stuff' out there. While nothing can protect absolutely, there are two things to remember:

    1. You the user are the first line of defense. It you are careless, clicking on pop-ups, opening eail from unknown senders or opening attachments indiscriminately, if you visit sites that are known to be threats or even unknown sites in general, then no matter what protection you have, your system is at risk.

    2. Use good, known, recommended security programs. Scan with them regularly, updating right before the scan.

    3. Each user has the responsibility for their own system. One reason they "must" protect it is because intrusions can take over their machine and in turn, spread the malware, whatever the nature.

    Diego, I think you have a somewhat 'jaded' view of security programs. Realistically no combination of security programs gives anyone absolute protection. But there ARE good programs available and used in the layer way, they can offer maximum protection.

    Consider this analogy: we are all going to die. Does that mean we should stop living?
     
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Read the additional resources from kritius or my speech above

    *Most important*
    3rd party software Firewall - Notifies me, the user, that a program is trying to connect inbound and outbound, I then have the option to allow or deny this request. The firewall is not going to let it happen without permission.

    I obviously have lots of other security as I play with all of the programs before suggesting them, but my point is that it is hard to infect a computer with a good firewall and a user that understands what the firewall is doing.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That's the bottom line!
     
  13. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    I'm an advocate of the proactive (preventative) approach rather than the reactive (fix it after the fact) approach.
    1- it's cleaner (less to do)
    2- it's leaner (less resources)
    3- and far more effective (saves time and effort)​
    A router and properly configured firewall can preempt (ie obviate) the need for AV,
    but having said that, I too still use one, especially to scan email (not the hd).

    P.S: Blind Dragon's outline is excellent :)
     
  14. mercjoe

    mercjoe TS Rookie Topic Starter Posts: 20

    Ok guys, good enough.

    Which is the best, lighter and free resident AV (http, mail, etc) you're using ?

    D.
     
  15. kritius

    kritius TS Guru Posts: 2,084

    Take your pick, I use AVG and dont have any issues with it, but I also use Avast on another computer and its fine too.

    Once installed, Update it, run full system scan with it and allow it to fix up what it wants.
    Reboot if it fixed anything.

    You should get a firewall as well, either,

    Im quite partial to Comodo.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What do you mean by " lighter". I still don't think you have a real understanding of security programs. An antivirus program is an antivirus program. Like everything else in computer software, some are better than others. But "lighter"? What do you mean?

    I have AVG paid and am very pleased The use of layered protection including a router, Windows firewall, antivirus program and at least 2 spyware/adware programs on 2 systems has kept my systems clean for years.
     
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Avast seems to be the lightest of the 3 in reference to its use of system resources.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...