PC security/firewall

LEDBE
BUZ

BUZ

Enlightened
Joined
Jun 11, 2006
Messages
639
Ok I have been using norton for a while now and I recently purchased their 2007 version and man does it really suck a big one! My PC is really slow now on boot up (around five minutes) as to where it use to be a minute and a half or so and also I'm getting an error message @ the end of shut down (after googleing the error message) I found out it was related to the new nortor software! :rant:

I'm using windows XP home edition service pack 2, I'm on comcast and have access to the free mcafee but have read many horror stories regarding this software so I am hesitating on using it!

What do you use to protect your PC?



Anyone used: ZoneAlarm Internet Security Suite

 
Norton sucks the big one - funny as they used to be fair with utilities but it seems they really try to do way too much. I hardly use any of their stuff anymore. Zonealarm is the way to go for your Firewall. Best thing there is. Also visit www.grc.com (Steve Gibson's web site) for more security info. Steve's one of the true geniuses of the computer world since way back. He writes stuff in pure assembly language - the author of Spinrite - which is the program that could actually revive physically damaged hard drives (back in the '80's) and while the program still revives hard drives the nature of newer hard drives makes it not quite a useful as it was back then. He has shifted his focus to Internet security and has worked with the FBI on things related to that.
 
OK, your brain will be back online soon.

Then depending on your security needs you might consider the following 'solution':

Buy some NAT device. This is a router that is
(a) connected to your pc
(b) connected to your dialup/dsl/whatever line (you will need a router that supports your specific kind of i-net line)

Looks like this:

Code: 
[font=Courier New]I-NET <---> NAT DEVICE <------------> YOUR PC
public   public	 private	   private
net      address  address	 address[/font]
[font=Courier New] 	   P	    A1		   A2[/font]
Now in this setup your pc usually gets an RFC 1918 ip address. Packages destined for / coming from such an address will not be routed by internet routers (i.e. dropped). Therefore - and because no router on the internet will ever know your pc is assigned such an address - your pc initially cannot be reached by packages coming from the internet. Only your NAT router can be reached as it is assigned a public ip address whenever it connects to the internet.

Now to be able to use services offered on the internet from your pc the following takes place:
(a) Your NAT router, connected to the internet on one side (P) and connected to you pc on the other (A1), gets an address in the same RFC 1918 net as your pc.
(b) Your pc learns that the internet can be reached via your NAT router (A1).
(c) Your pc now doesn't try to reach internet servers directly anymore but sends all these packages to the nat router (A1).
(d) The nat router now exchanges the packages' sender address from the pc's private ip address (A2) to the nat device's public ip address (P) and then sends the package out to the internet. The package is now routable on the internet.
(e) The nat device remembers where which package, sent from your pc and destined for the internet, went.
(f) If there are replies to your pc's package it reverses the process of exchanging the sender address and now exchanges the destination address (P) of the package to your pc's private address (A2).

This is the process of network address translation (nat, masquerading).

This protects you from external attacks on your pc - as long as you didn't try to establish connections to the internet from your pc. Once your pc sent packages out via your nat device it can be reached from the outside, albeit on predefined ports from predefined sources. This is an Allow-All-Deny-Nothing security strategy from your computer's point of vies. A trojan that somehow got on your computer will have no trouble talking to the outside world. It will also have no problem making your pc accessible from the internet. Therefore this advice only protects you against worms and script kiddies scanning networks for vulnerable computers. The only thing they will ever see is your router with it's (hopefully) secure operating system.

Now if you want more network security you will have to employ a Deny-All-Allow-Some security policy. This means the nat device now blocks all traffic from the internet to your pc and vice versa. Then you will have to selectively allow communication for specific services. However this still is no complete protection against trojans as they might try to disguise themselves as requests for just these services. Then you'd need an inline intrusion detection system that is capacle of (a) detecting malicious traffic and (b) shutting off that traffic in realtime... I could go on for hours...

Well, let's solve your problem. I say:

(a) Get a nat device and put it between your pc and the internet. I cannot recommend any specific vendor, others hopefully chime in there.
(b) Never, ever do daily work on your computer (if it is running win nt, 2k, xp or vista) with administrative rights. Configure a limited account instead.
(c) This is worth reading and complying with.
(d) Be aware that you will not be 100% safe. Once a program has gained administrative rights on your machine, your machine is enemy territory. No software firewall or antivirus software can protect it then.

My suggestion only protects you from
(a) Worms and script kiddies scanning the internet.
(b) Malware that does not gain enough privileges on your computer to deactivate the antivirus software.
(c) malware that does not know how to circumvent a nat device.

It does not protect you from
(a) crackers who find exploitable security holes in your nat device's operating system.
(b) user mistakes - i.e. executing malware on your computer with administrative privileges.
(c) Unwanted transfer of data via allowed channels.
(d) malware capable of practically deactivating your pc's protection from the nat device.
(e) social engineering attacks.

Hope I don't get a tl;dr :)
 
Last edited:
XP's firewall is all I have on my dial-up connection. I have 4 XP machines and have never had any trouble. I used the free ZoneAlarm for several years back when NT didn't have a firewall, but now I don't bother with the hassle.

I've been using McAfee for around 9 years and so far I haven't been irritated enough to get rid of it. Every year it does more things and so it is harder to control. I suppose I could shut of some things. I don't even know all the things it does on my various XP installations. It definitely slows up booting, but only a couple of minutes, I think. I can run some programs before everything is up and running.

It sniffs around at everything that's going on, but usually it's not much trouble. One thing I've noticed is when SpywareBlaster activates the things it downloads. It used to take only a couple of seconds. Now it can take a couple of minutes. I suppose that's due to McAfee checking it out.

I do most of my web browsing as a non-admin, but I don't necessarily recommend it. It can be a hassle too.
 
Last edited:
eluminator said:
I have 4 XP machines and have never had any trouble.
Click to expand...
How would you notice trouble? Sophisticated malware will be able to easily hide from the XP 'firewall'. This holds for every other software security measure running on the host you are trying to protect.
 
i use kaspersky along w/ spysweeper
 
I've been using ZoneAlarm Pro for several years quite happily, but there's no way that anyone's "Security Suite" is getting onto my machine. They just have too may compromises for my taste. But then, I've been writing software for a couple of decades and have been focusing on security for the last year or so. For folks who don't want to dig into the details, the suites may be a good choice.

I finally got sick of McAfee's poor support, slow performance, and annoying updates/reboots. I've been running Kaspersky AV for a couple of months and it seems to be a very good match for ZoneAlarm.

I also use CCleaner on a regular basis to keep my registry, cookies, and other essentials cleaned out.

There is a new approach called whitelisting, that may hold a lot of promise as it matures. If it does develop, it will offer a proactive approach, rather than the reactive approach that most computer security software has taken. Just thinking about having a secure environment without constant signature updates is enough to get me interested.
 
I have used zone alarm for years. Just the firewall not the suite. It fits in real well with the other security/safety measures I use. It is simple to use and a whole lot better than norton's firewall, and windows annoying crap.
 
Well I skipped what chrwe said about a 'NAT' firewall of sorts since I just assumed most users here are on DSL, cable or something faster than a modem (I've even got a 56K modem that has NAT). So having your typical DSL modem you'll already have a firewall that blocks a lot BUT if you don't then get a Router for sure that has NAT and have someone set it up for you if you're not too tech savvy. And there are servera little programs (tiny actually like around 25 kilobyte range) you can get from www.grc.com that will help you check your system to be sure it is secure.
 
As far as free firewalls, Comodo is great. Gives alot of information of processes going on and originating from wherever in a simple interface.

I far prefer it to zone alarm which I've also used.
 
Eset's NOD32, decent router and a brain are all you need for PC security.
 
I've been using the Zonealarm suite for a couple of years now. Previously I've tried McAfee and Norton, but both of them have been resouce hogs, especially NcAfee. Zonealarm seems much lighter on it's feet and only produces a noticeable slowdown when it wakes up and does a scan of the hard drive. I have yet to have a problem with ZA.
 
chrwe said:
How would you notice trouble? Sophisticated malware will be able to easily hide from the XP 'firewall'. This holds for every other software security measure running on the host you are trying to protect.
Click to expand...

Does a hardware firewall help? If so, how.
 
chrwe said:
How would you notice trouble? Sophisticated malware will be able to easily hide from the XP 'firewall'. This holds for every other software security measure running on the host you are trying to protect.
Click to expand...

Does a hardware firewall help? If so, how. It wouldn't take much sophistication for software to hide from a hardware firewall.
 
I use several things but one site that I trust is Grisoft.

The home page is : GRC

It has a testing 'thing' that will show you how exposed you are.
It's HERE
Unless that was my personal identifier.:ohgeez:
Clicking that link will show you exactly how much a website can gather about you. ( or at least me )
There are several tests on that site and I recommend them all.

All the tests run show me as "stealth" or invisible . I can't be seen online And I'm on cable.

I think it's just a matter of setting things up carefully and not installing programs that open when and for what you don't want.

That said, I have been infected by viruses before (nothing malicious just annoying) and I could not belive the hassle and time it took to clean them.

XP Firewall is not on for me btw... still invisible.
 
eluminator said:
Does a hardware firewall help? If so, how. It wouldn't take much sophistication for software to hide from a hardware firewall.
Click to expand...

Logging. Without the possibily of the logs being compromised, because the log generating software resides on a seperate system (the hardware firewall). Of course the logs will have to be constantly monitored or reviewed.

Intrusion Detection: Log reviewing automated. Allows for active response to bad traffic detection.

Traffic analysis done by the system whose traffice shall be analysed cannot be trusted, as software being able to generate malicious network traffic also will be in the position to manipulate logging. Therefore you need software residing on seperate hardware to do the analysis.

Also a software firewall residing on the to be protected system may be configured correctly, however the malware on that system will be able to override that configuration. It will not be able to override the configuration of an external, appropriately hardened dedicated firewall box.
 
A nice little router is the way to go. Even on default firmware, check out Buffalo's. There is always more and always something new and advanced, but that little piece of periphery protection can and does make a world of difference.

Sarrat: the ports being 'stealth' doesn't mean you can't be seen, just that they can't get in through that port. Big difference.
 
Last edited:
You must log in or register to reply here.

Similar threads

3_gun
Security Check?
2
Replies
21
Views
814
PhotonWrangler
PhotonWrangler
Kestrel
Any physical home security / lock system experts here?
Replies
14
Views
4K
scout24
scout24
C
LED Modeling Bulbs for PCB White Lightnings?
Replies
1
Views
4K
jeff51
J
Monocrom
World Trade center security system = Fail
Replies
19
Views
3K
Monocrom
Monocrom
ledmitter_nli
So what are you mostly using to browse the forum with? Tablet? Notebook? PC?
Replies
19
Views
2K
8steve88
8steve88

Latest posts

Top