Firewall

[Brynn]

I got cablenet installed yesterday (at last ), and the first thing I recieved was, guess what, a virus warning

So I quickly set up ZoneAlarm, but thought I'd ask you (who else? ) if you could recommend a better or more reliable firewall? (Not Keiro, please, I don't like that one).

Thanks!

[CM]

Outpost. I like it alot and is fairly easy to use. As for an anti-virus, i use Anti-vir.

[Xandax]

I run personally use with Nortons Internet Secuirty:
I'd never myself use ZoneAlarm myself, because I've simply heard to much about it from friends/people I know. It might be an excellent program, but the bad image will forever be stuck in my mind

[Silur]

Personally I prefer hardware. There's nothing like some good old Network Address Translation to stop bad guys from reaching your computer directly and it also allows you to have more than one computer connected. Sure you can solve that with Windooze also, but that's like putting hens to watch the doghouse instead of the other way around.

There are quite cheap little boxes from Dlink or Netgear that do the trick, and they are fairly secure in their basic setup. What does become a bit more complicated is when you actually need to allow inbound traffic, in which case you find yourself needing some technical knowledge on how IP works. The more common cases are network games that don't have a centralised server (like using kali with old DoomII for those who remember), but most modern games have servers on the net (DiabloII, Nwn, WoW, etc). If you want to play any of these in peer to peer mode, they have excellent information in their FAQs.

[VonDondu]

Quote:

Originally Posted by Silur There are quite cheap little boxes from Dlink or Netgear that do the trick, and they are fairly secure in their basic setup...

I just bought a D-Link DI-604 Broadband Router from Fry's Electronics for $17.88 after rebate. (The out-the-door price was $37.88, and it came with a $20 mail-in rebate. It was available for the same price plus shipping at Outpost.com last week.) It has a built-in firewall that has a lot of configuration options. You are correct when you say that opening ports is more difficult than keeping them closed. The only thing the firewall seems to lack is the ability to address browser "privacy" issues. I use a free online testing service to see whether my computer is "safe".

I've been using AtGuard for a long time (it's the predecessor to Norton Personal Firewall), but I feel like it's time to get something newer and better. I don't enjoy configuring a firewall, and my knowledge about them is pretty limited.

[Silur]

Browser privacy issues are not well solved by external software. My suggestion on that is to get Firefox and turn of cookies and referer. Those two are the key means of tracking, while the later is pretty unpredictable. Personally, I dont care much if sites can see what I look at when visiting their sites (turning off cookies only makes this slightly more difficult - there are perfectly usable tools for extracting the information from logs over which a browser has no control whatsoever) and I don't hide anything from my wife should she ever decide to venture on to my obscure Apple computer to look at my surfing trail. Referer logs are the result of the design of http. Whenever you go to a site, the information on where you came from is passed along with the request. Most peoples referer-logs these days are filled up with google, and thats mostly where I come from as well.

Also, I find it convenient to get logged in automatically at Gamebanshee and other places. Since I never run stuff like IE or Outlook, nothing really bad can happen anyway.

[Brynn]

Well, I don't care if I'm being watched, but I do if I'm being hacked Information like what sites I visit are useless (who cares?), but I wouldn't like my emails being scanned by anybody (though those may be just as useless to someone who doesn't know me...)

My main problem is: how do I make sure that a firewall or an email client is secure?

[VonDondu]

Quote:

Originally Posted by Brynn I got cablenet installed yesterday (at last ), and the first thing I received was, guess what, a virus warning

It's a good thing that you installed anti-virus software before you connected to the internet, and I'm glad that it caught the "virus" for you. Two years ago, I didn't worry much about viruses because all of the infections I heard about were very rare; but ever since the Blaster Worm hit the internet, it seems like our computers are constantly under attack. Worms and trojans are a little bit different than viruses per se, but you can lump them together with viruses without hurting anything.

But having said all that, a virus scanner should never be used as a first defense. Ideally, you don't want viruses getting on your computer in the first place.

I've been using the following defenses:
IE-SpyAd (it's free, and it's updated about once a month)
an extensive HOST file
AtGuard
Norton Anti-Virus 2001 for Windows NT/2000 (I don't like any Norton Product made after 2001 because they all want to take over my computer)
Ad-Aware Personal SE (it's free, and it's updated about once a month)

IE-SpyAd does something that you could do yourself manually if you had the time and energy: it adds web addresses to the "Restricted" list inside Internet Explorer. Essentially, whenever you visit a site on the "Restricted" list, your browser security settings are set to maximum, which prevents those sites from installing software on your computer and running ActiveX controls and so forth. If you get tricked into visiting a malicious site, it won't be able to do much if any harm.

The Windows HOST file was intended to make websurfing faster by making it easier for your computer to look up typed URLs. It does this by matching domain names to their corresponding IP addresses. For example, if you tell your computer to go to gamebanshee.com, your computer has to look up the IP address before it goes there. If you store a list of IP addresses in your HOST file, the search is much faster. But here's how you can use a HOST file to make your computer more secure: if there's a website you don't want your computer to visit, just give it the wrong IP address. The IP address 127.0.0.1 is your own computer, so it's a good address to use for that purpose. For example, if you want to block banner ads from the ubiquitous ad.doubleclick.net and all of its variants, just tell your computer to look at 127.0.0.1 every time a webpage wants to display one of their ads, and it won't be displayed.

The link I gave you above provides a ready-made HOST file that blocks (or rather, misdirects) tons of banner ad sites. It also keeps your computer from accessing a lot of malicious websites. There are people with a lot of free time on their hands who keep lists of such sites, and that's where the guy who wrote that HOST file got his information. I also add entires of my own and remove some of the entries that interfere with my browsing (specifically, on MSN.net and eBay).

There are several different ways to become infected by a virus. Preventing your computer from accessing malicious websites will eliminate most threats. (Not connecting to the internet at all works best.) But for worms like Blaster which scan open ports and sneak their way in, you need a firewall (or a router that has a built-in firewall). I use AtGuard, but it's old and possibly not as effective or feature-rich as newer firewalls. For all of the other sources of infection, such as floppy disks, email attachments, etc., you need a virus scanner to catch the ones that slip past your other defenses. Even though Norton Anti-Virus 2001 is old, you can update the scanning engine and the virus definitions for free, and as far as I can tell, it works as well as all of the newer versions.

Spyware is not the same thing as a virus, but you want to get rid of it. That's what Ad-aware does. I use it about once a week. It keeps my Registry and my Cookie collection clean. Incidentally, it references some of the same lists that the author of the HOST files uses.

Quote:

Originally Posted by Brynn My main problem is: how do I make sure that a firewall or an email client is secure?

Try the link I gave you above:
http://www.pcflank.com/test.htm

[Silur]

Dont run Outlook. Turn off fancy bells and whistles, especially the javascript / ActiveX kind of auto execution you might find. Dont run executables that you receive by email even from friends. If you want to be really safe, dont auto-load images received in emails either. There is a second very good reason for this, and that is that many spammers use linked images to verify that their addresses work. So if your email client automatically loads an image, you have told the #%&! spammers your address is valid and you are likely to receive even further important information on the usefulness of viagra and hair renewal cream.

A firewall that protects you from yourself has not yet been invented. Don't let the snake-oil salesmen fool you. I scan stuff I download from untrusted places before installing, but other than that I find anti-virus and firewall software to be a waste of cpu cycles. I haven't had a virus infect my system since the time they moved around on floppy disks. I only recently installed a virus scanner on my mailserver, but only because I was getting tired of downloading the stuff before throwing it away.

Edit: Just to clarify, I would never, ever, EVER, connect a Windows system directly to the internet. The average time it takes for a newly installed system to be located and infected is shorter than the time it takes to download the service packs from M$. Another good reason for a hardware firewall...

[VonDondu]

Quote:

Originally Posted by Silur I scan stuff I download from untrusted places before installing, but other than that I find anti-virus and firewall software to be a waste of cpu cycles. I haven't had a virus infect my system since the time they moved around on floppy disks...

I used to feel that way, but I think the attacks are becoming more sophisticated and more persistent, so you might get hit eventually if don't use a firewall or a virus scanner.

[Vicsun]

Quote:

Originally Posted by Silur Browser privacy issues are not well solved by external software. My suggestion on that is to get Firefox and turn of cookies and referer.

Seconded Even if security/privacy issues are ignored, Firefox is a superior browser, and this isn't coming from an 'I support open source applications because of ideological beliefs" person. Here is a thread praising it and outlining most basic features, lacking in IE

[Silur]

Quote:

Originally Posted by VonDondu I used to feel that way, but I think the attacks are becoming more sophistocated and more persistent, so you might get hit eventually if don't use a firewall or a virus scanner.

Persistent? Definitely. Sophisticated? Well, only if you look at direct attack vector ones such as Slammer, Code Red, etc that infect the system through holes reachable remotely. Those are all readily taken care of by a hardware firewall, since it doesn't allow *any* traffic originating from the net to reach your system unless you specifically tell it to. This is not necessarily true for the firewalls installed on the system itself, since it uses the network abstraction layer provided by Windows. If that turns out to be broken, well, tough luck. Besides, it takes effort to reject all the stuff coming in and I would rather have my computer use that for better framerate :-)

I would be more worried if I used a Windows system on a laptop. Portable systems tend to visit environments that aren't completely suitable for M$-based computers. But since all my M$ systems are in a protective environment reminiscent of that of overprotective parents, it is quite unlikely that anything will happen soon.

[VonDondu]

Quote:

Originally Posted by Vicsun ...this isn't coming from an 'I support open source applications because of ideological beliefs" person.

You mean you don't support open source applications because of ideological beliefs?

Quote:

Originally Posted by Vicsun Seconded Even if security/privacy issues are ignored, Firefox is a superior browser... Here is a thread praising it and outlining most basic features, lacking in IE

Last week I read about a test that showed that IE handles bad HTML code better than all of the other browsers, so it does have at least one good thing going for it. Do you think that's a significant issue?

Quote:

Originally Posted by Silur Browser privacy issues are not well solved by external software. My suggestion on that is to get Firefox and turn of cookies and referer...

I see how to turn off cookies, but how do I turn off referrer?

(Sorry about all of the editing, but I didn't want to add two more new messages to this thread.)

[Silur]

Quote:

Originally Posted by VonDondu Last week I read about a test that showed that IE handles bad HTML code better than all of the other browsers, so it does have at least one good thing going for it. Do you think that's a significant issue?

Yes, interestingly IE solves the problem it originated quite well

The only browser in history to have lax syntax checking is IE, which resulted in coders writing badly formatted html and of late even xml...

I see it as another reason why IE and it's developers should be burried in a deep hole covered with a few tonnes of rotten fish.

[Vicsun]

Quote:

Originally Posted by VonDondu You mean you don't support open source applications because of ideological beliefs?

Yes. I won't use an OS application for the sake of it being OS. That's why I use MS Office instead of Open Office and Photoshop instead of GIMP The open-source alternatives are Good Enough(tm), but aren't in any way better than what MS offers, so I have no reason to switch.
The only reason I (occasionally) run Linux on a small partition on my hard drive is for the sake of the learning experience.

Quote:

Originally Posted by VonDondu Last week I read about a test that showed that IE handles bad HTML code better than all of the other browsers, so it does have at least one good thing going for it. Do you think that's a significant issue?

Silur beat me to it, but I'll say it again: handling bad HTML code is in general not a good thing as it encourages web-developers to write non standard compliant code which then renders wrongly on all other browsers. Being a Windows user myself, that doesn't present a big problem because all I have to do is open the page in IE, but for anyone with no access to IE (read: Mac and Linux users) this is a large pain in the ass.