Spyware Warrior

[Jerolexus]

Good morning all,

I have recently been helped by TeMerc and blender to clean my pc and my parents' respectively. Outstanding work done by both.

From Amazon I purchased NIS2005. It arrived this week. After rebates it is $25 for one year of protection/subscription. I have not opened the box and am considering returning it because so far I like the Free ZoneAlarm firewall.

At this time my NAV 2003 subscription is expired so I want to have some real-time automatically updating anti-virus software. I am willing to pay but am no longer sure Norton is the way to go (if you look at my thread with TeMerc from several weeks ago you will see that I had thousands of firewall rules with NPF which I have since uninstalled and replaced with the free ZA).

So - I am seeking opinions regarding which antivirus/firewall security programs are: (1) best, (2) easiest to use, and (3) is it better to pay for this or use the free versions?

Thanks,
Jerolexus

[TeMerc]

OK, first off, thanks for the good words, we appreciate it.

Now, my opinions on Norton. I use System Works 2002 and Personal Firewall 2003. Love em both.

Firewall has options to let me control who gets access to the internet, it also gives me options to block specific personal info, which, btw, puzzled me the other week, when trying to send some info to Suzi, the owner of these boards. I had completely forgotten I had set the firewall up to block what I was sending!!!

The AV has worked fine for me, catching a few f/p's occasionlly, but I have not been compromised ever. Updates are done automatically or if I happen to see them first on Calendar of Updates, then I go and get them.

I'm not sure what sort of options ZA offers, but many people use it and like it too. Depends on what your priorities are I guess.

Yes, its a pay for service app,(Norton) but I have no complaints with it.

Hope that helps some.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[wawadave]

i use norton system works pro 2002 it works just fine for me i use zone alarm for fire wall.

i beleave you can choose not to install the norton fire wall when your installing nis and just keep the av or add at a latter date. you can only remove it by totally uninstall in all.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[Harry Letterman]

Here are some good resources for antivirus reviews:

AV-Comparatives - http://www.av-comparatives.org/

AV-Test.org - http://www.av-test.org/

Virus Bulletin - http://www.virusbtn.com/ (a very nice site but they seem to be a bit corporate/large scale-biased)

Virus.gr - http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

Norton's AV scanners seem to consistently rate very high, as does Kaspersky. I currently have NAV 2004 Pro and was considering getting NIS2005 when the subscription expired but I am now leaning towards Kaspersky.

As for a firewall, I use the free Sygate Personal F/W.
_________________
“He saw reality too clearly. Faulty denial mechanism.
Failed to block out the terrible truths of existence. In the end, his inability to push away the awful facts of being in the world rendered his life meaningless.”

- from the film "Stardust Memories"

[fusion22]

Kaspersky is good but the lastest conflicts with my Windows XP instlalation, somehow it affect the XP search feature and Help and Support feature. And I'lll have to disagree with you about nortion antivirus. WHile their other programs are probably good, I'd use other firewalls other than Norton Personal Firewall and try other anti-virus than NAV. 2004 and I read alot of virus program reviews isn't not good, it misses alot of stuff and I talk to people every day about how they like nav and it misses some viruses. Maybe 2005 is better.

Before Service Pack 2, Kaspersky was real good, The two I think are good are NOD32, Kaspersky, AVG. The worst of the bunch is probably Mcafee Antivurs. Takes up alot of resouce with poor results.

[herbalist]

I haven't used NIS since the 2002 version, but after using it for 6 months, I replaced it. The only time I've had a virus was then, and it was completely up to date. I also had something get in then that decided to dial out at 3am, grant itself internet access and send out several mb of unknown data. NIS kept a perfect log of the incident, but did nothing to stop it. Between that and the completely sub-standard support I got from them, that was all the reason I needed to dump it. I replaced it with AntiVir and Kerio 2.1.5, and have never looked back.
Rick

[herbalist]

Had one more thought on this. Brand names aside, I prefer and recommend single purpose stand-alone programs as opposed to security packages or suites. With a package setup like NIS, one badly written update or newly found exploit can effectively cause the whole package to crash, leaving you with all your defenses down. Having separate AV and firewall programs makes this much less likely. Generally speaking, a well written, single purpose program will do it's job more effectively and efficiently that the equivalent program in a security package, and be easier on your systems resources in the process.
I also don't agree with the concept of a firewall needing to be updated, especially on an automatic basis. While the internet may be a lot busier and be crawling with new pests and hacker wannabe's, it still runs the same way. The programs we use still use the same protocols and in spite of new bells and whistles, still basically function the same as before. A firewalls job is to control what applications and system components are allowed to access the internet and to control which places on the internet are allowed to connect to parts of your system. This doesn't need updating. The rules that govern this don't change every time a new exploit is found or a new trojan appears. The application that controls it, if well designed in the first place doesn't need to change. It's the extra functions and features that are being included in newer firewalls that get most of the updating, features like controlling cookies or quarantining e-mail attachments, etc. These are not what a firewall was intended to do. Your mail-handler and AV can worry about the e-mail. The cookie manager and/or browser can handle the cookies. If they can't they need to be replaced, not the firewall changed. IMO, the firewall has the single most important task to do on your system, controlling connections to the internet, and that's all it needs to do. Making it part of a multiple task setup opens it up to new potential exploits, poorly written updates or definitions, etc, and could potentially be crashed while performing a task that something else should be doing. While the possibility of any one of these happening isn't that bad, combined I consider this an unnecessary risk that can be completely avoided.
Rick

[Harry Letterman]

I just want to say how much I agree and love Rick's (herbalist) last post. All of his thoughts were floating about in my head but I would have never been able to express them as concisely as he has.

Question for Rick: What is your opinion of the free Sygate Firewall (I am using this)? Which firewall do you recommend for someone on a budget? If you recommend a paid f/w(s), are they on a subscription basis (I have to renew annually)?
_________________
“He saw reality too clearly. Faulty denial mechanism.
Failed to block out the terrible truths of existence. In the end, his inability to push away the awful facts of being in the world rendered his life meaningless.”

- from the film "Stardust Memories"

[herbalist]

Harry,
I haven't tried Sygate, but I've heard nothing negative about it. Everyone I know that's using it is quite happy with it. If I can get another unit running and enough time, I'm going to try it out.
As for which one I like, I'm partial to Kerio 2.1.5. Don't like the new version. It's too bloated and is becoming the multi-function program type I try to avoid. It's a free download and has what I consider to be the right combination of features:
MD5 signature checking of all internet-able programs and their paths.
Password protection for the ruleset, also required to disable it.
The ability to configure alerts on a rule by rule basis. You don't have to know about every port scan it blocks unless you want to.
The ability to make a custom address group for which separate rules can be made
It can block all traffic with 2 clicks at the tray icon.
The ability to import and export rulesets, enabling you to have as many rulesets as desired. Very handy for system backups.
It has DNS resolving on the status screen which can be set to filter administrative and local connections
It's configurable as to what is logged, or set for no log.
3 basic levels of security. I use the middle "ask me first" setting to accomodate IM programs and blocking rules to deny the rest I don't want to be alerted to.
An excellent help file.
The rule interface and edit menus are well designed, especially the ICMP settings.
Here's a couple screenshots of it.
http://mercury.walagata.com/w/herbalist-rick/8049292.gif
http://mercury.walagata.com/w/herbalist-rick/Edit_menus_for_my_incoming_ICMP_rule.gif
http://mercury.walagata.com/w/herbalist-rick/main_rules_screen_from_advanced_button.gif
http://mercury.walagata.com/w/herbalist-rick/yahoo_rule.gif
It doesn't expire or need to be registered. The whole download is just a bit over 2mb. It's never crashed on me, or dumped its ruleset, something ZA did to me twice. On my 98 unit, it's using a bit over 5mb of memory, a very light load when compared to a package like NIS. All my resident security programs combined don't use near what NIS does.
If you're interested, it's available at:
http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe
Rick