AV/Firewall: What do you use/like

[Kyllian]

Been using ZoneAlarm lately and about a month ago it stopped updating

So I'm just going to scrap it and get something else but I'm curious what you guys use or like



In before "Use AVG Free!"
No, do not want

 

[Hadmar]

Built-in Windows XP SP2 firewall on my gaming machine.

 

[ZenPirate]

Vista x64 built in firewall
Avast! Home 4.8 ( soon to be Microsoft Security Essentials)

Mac OS X built in firewall set to "allow only essential services"
ClamXAV for on demand scans if I download any...trialware.

 

[KillerSkaarj]

Definitely Avast! for AV, and for firewall, Windows XP/Vista Firewall.

 

[hyrulian]

None.

If you're careful (and you're behind NAT (such as a router) like I am), you don't really need one.

 

[Phopojijo]

None.

If you're careful (and you're behind NAT (such as a router) like I am), you don't really need one.

DING DING DING DING

-Keep Windows up to date
-Keep a properly configured router (No DMZ, uPNP off, etc.)
-Keep a decent Windows Logon password (Vista only... XP you're screwed even with a decent password because the virus doesn't need to guess it to get in to your network... Windows 7 generates a fairly lengthy pseudo-random password instead of your logon password)
-Don't click on anything stupid or do anything that's obviously bad. "Oh look, this program wants admin access... it's not supposed to install anything... hmmmm"

 

[SkaarjMaster]

Free AntiVir for anti-virus on all machines (XP) except Win98SE (I use Avast but never surf on this one). I have router and use old version of Zone Alarm on all but my newest machine (decided not to use a software firewall on this one). It's probably a good idea to have an anti-virus program anyway no matter what your surf habits.

 

[Randori]

Windows XP Pro Firewall, Avast and House Call, Spybot, SuperAntiSpyware, AntiMalware, and Registry Mechanic. Encrypted non-broadcasting Wireless. I've never had an issue where a virus got through that.

 

[GreatEmerald]

Comodo Internet Security. The only downside of it that I can see is that it sometimes thinks that good programs are viruses, but it's a simple matter of pressing Ignore Permanently.

 

[Hadmar]

-Keep a decent Windows Logon password (Vista only... XP you're screwed even with a decent password because the virus doesn't need to guess it to get in to your network

What do you mean by "get in to your network"?

 

[Phopojijo]

What do you mean by "get in to your network"?

In Windows XP -- if a program exploits a remote desktop, file/printer sharing, whatever exploit... it is allowed.

In Windows Vista -- it is asked for your logon name and password.

In Windows 7 -- it is asked for a fairly lengthy pseudo-random password.

((Or if you wish to legitimately share a file or printer... obviously... since the computer cannot distinguish the difference otherwise it'd be REALLY easy to defend against))

 

[Hadmar]

I still don't get what you mean to say. Your seem to say that in Vista and above, a real exploit that e.g. utilizes a buffer overflow, still has to get around some kind of password prompt. And that simply can't be what you mean because it's so totally off it's not even funny.

 

[shoptroll]

Windows Firewall and AVG, although I might switch off to Avast once I rebuild my rig. AV is AV when your risk of infection is minimal.

 

[Phopojijo]

I still don't get what you mean to say. Your seem to say that in Vista and above, a real exploit that e.g. utilizes a buffer overflow, still has to get around some kind of password prompt. And that simply can't be what you mean because it's so totally off it's not even funny.

No you're wrong from my experience, and this Technet blog, and I believe I heard this first on Security Now with Steve Gibson but I couldn't figure out which episode it was.

http://blogs.technet.com/srd/archive/2008/10/23/More-detail-about-MS08-067.aspx

As mentioned above, Windows Vista and Windows Server 2008 by default require authentication. But the security callback on the RPC interface has not been changed on the more recent platforms. Instead, the UAC and integrity level hardening work introduced with Vista is forcing the authentication requirement. The anonymous user connects with integrity level "Untrusted" while the named pipe requires at least a "Low" integrity level. Since "Untrusted" is lower than "Low" integrity level, the access check fails. Note that disabling the UAC prompt does not disable the integrity level access check. In other words, regardless of whether the UAC prompt is enabled or disabled, the integrity level check will be performed. The integrity level check will fail on Vista and Windows Server 2008 if the user connects anonymously. See http://msdn.microsoft.com/en-us/library/bb625963.aspx for more information.

There is a non-default scenario where a non-domain-joined Windows Vista and Windows Server 2008 can be exploited anonymously. If the feature “Password Protected Sharing” is disabled, anonymous connections come in at “Medium” integrity level. Because "Medium" integrity level is a higher integrity level than "Low", the integrity level check will succeed. This would allow Windows Vista and Windows Server 2008 to be exploited anonymously. This feature could be disabled through Vista’s Network Sharing Center in the “Sharing and Discovery” section.

You'd need to disable password protected sharing (or a couple of other things that implicitly disable it... or of course it came from a computer that was already authenticated)

(See the chart in the blog above the quote)

Now I could be wrong <shrugs> But I had quite a bit of evidence to support myself. If I am wrong, then sorry -- but yeah, I'm pretty sure I'm right on this one.

(This is the conficker exploit for RPC btw)

 

[Shadow]

I use to use AVG, But now I use Avast and I strongly recommend it over AVG. Light weight and more effective then AVG at catching things.

 

[Phopojijo]

Actually I think I know what Hadmar means now, and he's correct (but wasn't what I was talking about) -- I'll be more concise:

Of course a data stack overflow bug will not ask for a password prompt.

If a data stack overflow exploit is used -- it will grant whatever permissions to the exploiter that the exploited code had.

What a password prompt can do to help you is block access to core Windows services that have REALLY HIGH permissions such as file/print sharing to eliminate that ability to exploit it.

Once you have the ability TO exploit it, it's game over... no password will help you. But in Vista and up... to get the ability to exploit it, you need the password.

Which is also why all these remote code exploits are "Important" not "Critical" in Windows Update for Vista.

 

[Hadmar]

Ok, I now see what you mean. Vista is better protected than XP, I agree with that.

I have to disagree with your very last sentence though. (It's hard to slap an authentication layer in front of this one)
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx

 

[Phopojijo]

Ah -- thought Vista never had a "critical" remote code exploit -- guess I missed one.

At least it's not an overflow in the password field... again.

 

[Kyllian]

Tried Avast and this is the end result:

F*** it
Offered no option to close the program, actively refused to be removed from startup and denied me from ending it's processes or changing it's services

When I want a program to close, it had better damn well close. If it won't, it's gone

 

[Phoenix_Wing]

Every time i've used a paid AV its sucked. These are the only ones i've ever found useful:

• Malware Bytes Anti-Malware
• Spybot S&D
• Yahoo's Toolbar AV (not fantastic, but gets some un-smart viruses off)

Or you could do the thing I did and migrate to the wonderful world of Linux