Is this enough protection?

dwhadwha Union City, TN
edited April 2010 in Science & Tech
I am running XP Pro sp3 and all the current updates. I am running Avast antivirus, Comodo firewall, and Superantispyware on my machine. I have symantic corp edition but have it disabled so as not to conflict with Avast. I have spybotS&D but have the teatimer disabled. AdAware is disabled also. My question, is this enough protection and does anyone recommend a different or more protection...thanks for your comments, dwha.

Comments

  • ThraxThrax 🐌 Austin, TX Icrontian
    edited April 2010
    If your computer is connected to a router, I would abandon Comodo firewall. A router is the most effective intrusion protection a home user can have.

    Next, I would drop anti-spyware protection completely. It seems insane, yes, but spyware "protection" is a myth. The spyware industry changes so fast and is so large that it is impossible for these companies to stay ahead of the game with legitimate proactive protection. The only effective spyware prevention is a good browsing ethic and thorough knowledge of how to clean up the mess if you get spyware.

    Finally, Avira Antivir is a shade better than Avast for AV.
  • dwhadwha Union City, TN
    edited April 2010
    So I am on a router, so I should just turn on windows firewall again and uninstall or disable comodo and superantispyware? oh and is the Avira free?
    thanks
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited April 2010
    Yep, just turn Comodo and the Windows firewall off, and you'll be golden. Ditto uninstalling superantispyware. :)

    Avira is free.
  • chiazchiaz
    edited April 2010
    Why turn Windows Firewall off?

    I can understand why someone would suggest uninstalling Comodo or any other commercial firewall for that matter, because they can compromise system performance and require troublesome configuration time.

    But essentially, I would recommend having both your router and Windows Firewall enabled. The router monitors and blocks inbound communications at the network level. By comparison, a PC firewall can monitor and block both inbound and outbound communications at the PC level. For the most complete protection, a PC firewall should be installed on every computer on a network. Combined, a router's firewall and a PC firewall provide multiple layers of protection that a router firewall couldn't provide by itself. And unlike your home network router, a PC firewall can easily go where your computer goes.

    Furthermore, I haven't seen any significant decrease in system performance when running Windows Firewall.

    Stumbled upon this thread, just my 0.2 cents.
  • chiazchiaz
    edited April 2010
    Also, I don't understand why you would remove the spyware protection programs, especially if the real-time protection is not activated, i.e. they don't use up your resources.

    Is hard disk space really that hard up? If I were you, I would keep a few of your programs like SAS, Ad-Aware (and also MalwareBytes Anti-Malware) on your PC as an on-demand scanner. The spyware field is constantly evolving, yes, but anti-spyware programs are still important in our fight against them.

    Finally, I fully agree that common sense is key. You can have an entire arsenal of protection programs but if you use P2P or surf dangerously, then the chances of getting infected is still very high.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited April 2010
    Block illicit outbound connections is merely a bandaid on the problem. If your computer is making harmful outbound connections, you already have a vastly bigger problem at work.
  • RichDRichD Essex, UK
    edited April 2010
    unless it has changed windows firewall doesn't monitor outgoing traffic anyway.
  • ardichokeardichoke Icrontian
    edited April 2010
    By default, you are correct, it doesn't do anything for outbound traffic. Of course you can alter the rules to monitor outbound traffic but that is beyond the scope of most home users.
  • siruspernotsiruspernot TN
    edited April 2010
    Everyone has been correct for the most part. A router firewall can be used just like a firewall on the pc in the respect you can block incoming and outgoing connections if you configure it correctly. The most secure approach would be to allow incoming or outgoing connections on ports you specify only. A local third party firewall can provide per program access however (some malware communicates on common ports). Also, no malware can modify your routers firewall as some virii can disable security locally. Local protection as mentioned can eat some resources.

    With good browsing habits and a little experience in spotting malware techniques you can get by without any protection whatsoever depending how your pc is used (you the only user? been browsing since the 90's?) Before I recently installed norton I ran for about 15 months without any protection other than my router.

    I personally use Norton, they've done much over the last few releases to improve its reputation as a resource hog. Also my ISP provides it for free (my biggest reason for using it)

    You should keep some of your malware removal programs for those times when you wind up getting something inadvertently. The best ones I can think of are:
    Combofix
    Malwarebytes Antimalware
    Superantispyware (ive heard good things)

    The firewall is dual redundancy these days, most anything that would be hijacking your internet connection shows up to virus/malware scanners anyway. It's rare to have an unknown trojan acting in the background.
  • chiazchiaz
    edited April 2010
    No, please do not keep ComboFix! It is a tool that is constantly updated and should only be re-downloaded always. And it should be used under the guidance of someone familiar with the tool.
  • siruspernotsiruspernot TN
    edited April 2010
    by keeping it i mean keep a current copy.

    PS- the newer copies of combofix recently started alerting the user a new version is available (if internet connection is present). Once a week i check to see if it's been updated, I keep a copy of it and some other essentials on a USB drive on my keychain. If I'm using combofix however its because the system is beyond the point of simply running one of the other malware checkers. I forgot to mention it is an advanced program that can ruin a system if you don't know what you're doing. thanks chiaz for reminding me to mention it.
  • chiazchiaz
    edited April 2010
    No problems mate, I just wanted to make it clearer - since this is a open board - that ComboFix should not be taken as a mere toy or general software that the public can use liberally.
  • chiazchiaz
    edited April 2010
    Also, no malware can modify your routers firewall
    This was true in the past.

    There's an infection called Zlob/DNSChanger that attacked routers which still have out of the box user name/password combinations, and subsequently took over the router's DNS settings. This was the first 'in-the-wild' infection targeting hardware routers.

    Part of the solution included having to remove any machines you have on a network and then perform a hard reset of the router.


    Just adding in some new perspectives for everyone. :)
  • siruspernotsiruspernot TN
    edited April 2010
    you're absolutely right i remember hearing about that. That falls under the certain circumstances category though. I assume a person concerned with their security wouldn't have default login credentials on anything. Do you remember which routers were affected?
  • chiazchiaz
    edited April 2010
    I dug out this article:
    http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
    ... Sunbelt was able to confirm that the malware successfully changed the DNS settings on a Linksys router (model BEFSX41), pulled straight out of the factory box (with the default username and password). Another test showed that the Zlob variant successfully changed the DNS settings on a Buffalo router running the DD-WRT open source firmware.
Sign In or Register to comment.