|
It keeps deleting software i use on occasion to do my job... for instance Angry IP Scanner (it has legitimate uses!!) I'd like to get rid of it soon.
|
|
|
|
|
I tried a few solutions for my home PC, including the laughable Norton, and AVG (which is quite good for what it is). For reasons of minimum impact to my system's performance, and regular VDB updates, I settled on Avast for virus scanning and Comodo for my firewall. Honourable mention must also go to ZoneAlarm, but I prefer the Comodo interface and I think it's a touch less heavy on CPU.
Like most defensive-minded people who make a living in IT, I'm pretty paranoid about this stuff, and although I realise that no AV program is gonna catch an unknown virus, that's not what it's for. Every so often you will open something that somebody has ssent you in good faith that contains a worm or trojan, and Avast has picked it up every time, I'm glad to say, allowing me to not only live with a bit more peace of mind, but email my mate back to tell him to check his system for viruses. Having a decent firewall adds to this by restricting what can and cannot access the outside world from my PC. I also run a complete scan about every fortnight, and use a rootkit detector. Maybe it's overkill, but I see it as the digital equivalent of checking the smoke alarm or going for a check-up; it may be a small outlay of time and effor5t for no immediate gain, but I want no nasty surprises.
Smokie, this is not 'Nam. This is bowling. There are rules.
|
|
|
|
|
melchizidech wrote: no AV program is gonna catch an unknown virus
They have something called 'Heuristic Analysis' in some Antivirus engines which could detect a possible virus. Isn't it?
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
I'm using "ZoneAlarm Security Suite version 7"
It has very cool features but has some bugs and issues.
SmartDefense works terrible. It slows down my PC always. So i have disabled it.
ZoneAlarm update is easy and fast but some time after update ZoneAlarm slows down.
|
|
|
|
|
If you like pop-ups, then try Kerio
C#, ASPX, SQL, novice to NHibernate
|
|
|
|
|
|
Hey, I am wondering about it. Hehe...
|
|
|
|
|
only if you're running MVS/TSO
|
|
|
|
|
Common sense is the best protection there is!
It's protected my computer since 2003.
ROFLOLMFAO
|
|
|
|
|
Unfortunately, that is not available to most users
|
|
|
|
|
Common sense is actually not very common in people.
|
|
|
|
|
A misnomer eh?
Maybe that's what the term "spider sense" is for.
ROFLOLMFAO
|
|
|
|
|
True. Common Sense is indeed an uncommon sense in people. Rather, it was a derivative of the word 'Come On Sense' quote that was used by people on need.
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
I haven't had any kind of virus checker installed for years.
I'm running Comodo firewall (have also used zone alarm free in the past), and I'm behind a NAT router. I use firefox + the noscripts plugin (which basiclly blocks everything more fancy than plain html until you whitelist each site), and besides that I just don't visit dubious or illegal sites.
About six months ago I relalised that although I often promoted this 'no virus scanner' approach, I actually had no proof I was really virus free, so I've taken to periodically installing a virus scanner and running a full scan just to prove my common sense is more than a match for would be virus writers. (As expected, I am)
I read some test results of various virus scanner packages (http://www.av-comparatives.org/[^]) and while it seems many are good at finding known viruses, most are pretty awful at finding unknown viruses. (see the retrospective tests where they run an old virus scanner on todays known viruses). So if they can only find known viruses anyway, that just makes them even more useless in my eyes. I'd rather save my CPU cycles for something usful.
Simon
|
|
|
|
|
I agree with you. I've been w/o any anti virus for about 5 years, and only been infected by 1 worm (it's because my curiosity at all). I often visit "some other sites which you know what I'm talking right?" with IE7 or FF 2.X, and still safe until now. Anti viruses, anti spyware are resource eater, and IMO, I'd prefer use my resource into something else.
What are you read at ?
|
|
|
|
|
Simon Stevens wrote: I haven't had any kind of virus checker installed for years.
Wouldn't it be simply dangerous peril lurking at the doors and similar to having a majestic house without a secure door?
Even little operations like inserting a Floppy/CD from an untrusted source might throw open invitations from the underworld attack.
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
Simple solution. Don't insert floppys/cds from untrusted sources. I rarely, if ever, have a need to anyway. Oh and I've got auto insert notifcation turned off, so even if there are any nasties, they won't be run.
Simon
|
|
|
|
|
Well! That convinces regarding the physical media issue. How would you deal about lurking perils from the Internet?
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
Vasudevan Deepak Kumar wrote: How would you deal about lurking perils from the Internet?
Noscripts[^]
and a decent firewall: comodo[^]
(Have also liked zonealarm in the past)
Simon
|
|
|
|
|
Common sense and an external firewall has kept me clean for I don't know how long. I do have AVG, but I only keep it for emails, suspect files and for a worst case scenario (I don't have it turned on).
|
|
|
|
|
Hi Simon,
Are you running Windows? IIRC, most attacks are web based against Microsoft Windows.
Simon Stevens wrote: I'm running Comodo firewall ... and I'm behind a NAT router.
Are DNS and HTTP ports open? Ouch. Take a look at source port routing to get past the firewall.
Simon Stevens wrote: I'd rather save my CPU cycles for something usful.
I'm playing devil's advocate: Such As? The System Idle Thread could share some of it's cycles.
Jeff
|
|
|
|
|
Jeffrey Walton wrote: Are you running Windows?
Normally. I think the firefox + noscripts really keeps the worst stuff out. I've tried various linux distros and never really got into them. Although I've got into open office recently, so thats another tie to MS dropped. I think I'd miss visual studio too much though. the alternatives just aren't as good, and .net on linux just wasn't up to a good enough standard last time i tried.
Jeffrey Walton wrote: Are DNS and HTTP ports open?
Not normally. I occasionally open up a few ports if I fancy a bit of multiplayer gaming, but thats what the firewall's for, and where possible i use port triggering instead of just opening the ports.
Jeffrey Walton wrote: Such As? The System Idle Thread could share some of it's cycles.
Unfortunatly it's not that simple. Yes, if the virus scanner could just use up idle cycles that would be fine, but it's also going to take up memory, which means my apps page fault more. and as it scans files it will have to throw the hard disk around to scan each file, which means pages will take longer to be retrieved as the disk is always busy. Even if you turn off the background scanner and just use the scan on access ability, it still going to kick in and do extra stuff every time you read a file, which could be 30-40 source files, half a dozen binaries, same again in symbol files, the compiler binaries, and goodness knows what else, everytime you hit build.
Maybe one day I'll get burned and change my tune, but it's all worked so far. (my pc runs far smoother than my parents pc (newer) which has a virus scanner and is clearly virus/spyware infested. I've wiped it an reinstalled everything so many times I've actually done an image of the hard disk now to save time )
The real solution to the spyware/virus problem is proper education not software that scans anything and everything you do.
Simon
|
|
|
|
|
Hi Simon,
Simon Stevens wrote: Jeffrey Walton wrote:
Are DNS and HTTP ports open?
Not normally.
They must be if you cruise the web.
Simon Stevens wrote: The real solution to the spyware/virus problem is proper education not software that scans anything and everything you do.
Many viruses and worms do not require user interaction. When I contracted a SSA, it took Blaster and Welchia less than 4 hours to infect about 100,000 hosts.
I'm not aware of any Enterprise which does not use Antivirus software (except for two small ones). The first which does not has about 400 hosts, the xecond is a little larger - about two thousand hosts. Both had managers who did not appreciate (perhaps 'understand' is a better word) the security aspects of Networking. Their argument was similar - we don't want our 'File Server' (or other server) bogged down.
I'm a Security Engineer/System Administrator (I program for fun). I believe it is bad karma. I cannot think of one colleague who would agree with you.
Jeff
|
|
|
|
|
Jeffrey Walton wrote: Simon Stevens wrote:
Jeffrey Walton wrote:
Are DNS and HTTP ports open?
Not normally.
They must be if you cruise the web.
Maybe I misunderstand how my router works then. (That is totally a possibility, I'm no networking expert) But i thought that by using NAT, any incoming data for a specific port at my ip address, would just hit a wall at the router, unless the data was in response to outgoing data from my pc. theres 3 pcs behind my router, how will the router know which computer to forward a random packet too? surely it won't and the packet will just be ignored. I don't have any port forwarding set up under normal circumstances, and web browsing works fine. Am I making a critical misunderstanding? Besides, I don't just leave all my trust in the NAT, I have a firewall. It's only av I don't like.
Jeffrey Walton wrote: Many viruses and worms do not require user interaction.
How do they get on then? I use a script blocker in a 'whitelist' mode for blocking all sites javascript/java/flash/silverlight/etc except those i authorise, I read email in plain text format, and i have autorun disabled for all drives. And my firewall should block any genuine "attacks".
Jeffrey Walton wrote: I'm not aware of any Enterprise which does not use Antivirus software
I'd never advocate that a business/enterprise turn off all their av software. the average pc use just isn't knowlegable enough to avoid viruses. And business have different needs. For example, as a home user, I recive all my email in plain text format, don't automatically download attachments (in fact generally just ignore them totally), but this is probably too restrictive for a business.
Simon
|
|
|
|
|
Hi Simon,
Simon Stevens wrote: How do they get on then?
Vulnerabilities in applications and the Operating System. For example, Sasser[^] was a worm which exploited a vulnerability in LSASS. To propogate, the worm simply needed to find other Windows machines. No interaction required.
Welcjia[^] and Blaster[^] were two others. They were participants in the Worm Wars. Each would exploit a different vulnerability. Once a host was infected, the one worm would remove the other worm, and then patch the vulnerability which the other worm used for penetration. Some deemed them 'White Worms' because of the removal/patching behavior - I do not.
Simon Stevens wrote: I use a script blocker in a 'whitelist' mode for blocking all sites javascript/java/flash/silverlight/etc except those i authorise
The script blocker is good. Better would be a hardened browser, but most people do not like using it. Basically, you classify the Internet Zone as 'Low'.
If the site uses JavaScript or Macromedia extensions, it must be added to the Trusted zone so that the script/ActiveX/etc can execute. If you want to download content from a site (such as a ZIP file from CodeProject), it too should be a Trusted site.
Jeff
|
|
|
|
|