By Jack Schofield / Security/ Software/ Windows 01:12am
My Norton subscription has now finished and I was very unhappy with the speed of my PC after installing it. I am therefore looking for a new security package that includes anti-spyware, anti-virus, a firewall etc. How many different defences are needed these days?
Kevin O'Donnell
The first line of defence with a broadband connection should be a NAT Ethernet router with a built-in firewall, and not a USB modem. For several years I have also recommended using Firefox and Thunderbird for web browsing and email, rather than Microsoft's Internet Explorer 6 and Outlook Express. However, if you are running Windows XP SP2 or Vista, IE7 seems to be much more secure, and I recommend the upgrade. Those are the basics.
You should also use a software firewall, and Windows now has an adequate one built in. However, it's worth running something better, and at the moment I recommend and use the free Kerio Personal firewall, rescued by Sunbelt Software (sunbelt-software.com). Of the commercial firewalls, I like McAfee. As an experiment, I ran a Windows XP SP2 PC like this on the net 24/7 with no other protection, and only picked up one minor bit of malware in 15 months. (This is not a recommendation.)
When it comes to installing extra software, my current preference is for Grisoft's AVG Anti-Virus and its separate anti-spyware program, which used to be called Ewido. The best alternatives seem to be Avast! and AOL's Active Virus Shield. This is a version of Kaspersky Lab's program that is free to everyone courtesy of AOL (activevirusshield.com). Both SpyBot Search & Destroy and Microsoft's Windows Defender are worth a look, but neither seems to be as good as Ewido. Also, Webroot's SpySweeper is well recommended and reasonably priced, although I have not tried it for some years (webroot.com).
Otherwise, rather than installing more software, you can run periodic checks using scanners from websites such as Trend's Housecall, Symantec and Webroot.
The problem is that many rogue companies are now building serious businesses on Windows malware and other deceptive programs, and it's hard for the good guys to keep up. The latest buzzword is therefore Hips (host intrusion prevention system). The idea is to keep a constant watch on potentially malicious types of behaviour inside your PC, and give you the option to stop it. Hips can detect new malware and prevent so-called "zero day exploits" for which there is no other defence. It's not clear how effective this is going to be, but at the moment I'm trying Novatix's Cyberhawk Threat Hunter (novatix.com/cyberhawk). Cyberhawk Basic is free to home users.
Backchat: Re Cyberhawk, Steve Stannard says: "I have been using the free version of Prevx (http://free.prevx.com/) from its earliest beta stages. As far as Cyberhawk Basic is concerned, I have had pretty poor experience with it freezing the whole operating system. I never had anything like that problem with Prevx."
Comments
I've become a big fan of NOD32, particularly after - despite me tying up my computer with Norton - trojans managed to send out emails from my address. I ran NOD32 and discovered two trojans had got by.
It's also inexpensive, both financially and in terms of computer resources, and has the best detection rate of all the software out there.
Other problemn with Norton is it doesn't go easily. It leave a lot of junk on the computer.
Posted by delaynomore on March 29, 2007 10:17 AM.
Offensive? Unsuitable? Report this comment.
For those interested in looking more closely at HIPS there is a good article at techsupportalert.com, testing out 6 competitors in the field (including Cyberhawk). The full link is:
www.techsupportalert.com/security_HIPS.htm
You'll also find, at the beginning of this article, links to previous tests on signature scanners and sandboxes, all of which compete in the same security arena.
The site is most famous for maintaining a list of recommended computer freeware at:
www.techsupportalert.com/best_46_free_utilities.htm
There's a pretty good newsletter, which I have subscribed to since 2004, but you don't necessarily need to sign up as the archives are all available on line at:
www.techsupportalert.com/issues/back_issues.htm
Alan
Posted by ajw1 on March 29, 2007 12:56 PM.
Offensive? Unsuitable? Report this comment.
You can't do it as an end user. So advice like this is basically misplaced. It is simply beyond the capabilities of the person getting it.
At least, you may be able to do it. But you cannot be sure to acceptable levels that you have done it. The answer is, do nothing on your Windows computer where its being compromised will have a serious effect on your well being. This means don't bank from it, don't have any personal info on it, particularly regarding children, don't shop from it. Don't keep any confidential correspondence on it. No address lists. Don't visit sites you don't want people to know you visit. Don't send confidential emails from it.
By all means continue to use it. But for things where confidentiality affects your welfare, use a machine running either Linux, BSD or MacOS.
Hard advice. But you will be safe, and more important, you can know you are safe.
Posted by Alcib on March 30, 2007 8:25 AM.
Offensive? Unsuitable? Report this comment.
As a failsafe against a Trojan keylogger there is a free add-on to firefox (& IE) which encrypts keystrokes in the kernel driver which I understand is before any keylogger can get to them. http://www.qfxsoftware.com/
Posted by jopet on March 30, 2007 5:25 PM.
Offensive? Unsuitable? Report this comment.
I am always interested in what other folk use to protect themselves when online.Jack what do you use on your own computer ? This is my line up. ZoneAlarm ,A.V.G. free,WinPatrol ,Spywareblaster ,Windows Defender, I also use Firefox and Opera as my main browsers and I.E.7 on occasions when the others fail. Please tell me that I have all the exits covered I am getting weary of all this security.
Posted by sturgess on March 30, 2007 7:57 PM.
Offensive? Unsuitable? Report this comment.
I got so fed up with all this virus, trojan and malware stuff that 14 months ago I made the difficult switch to Mac. It is great to be able to use the computer without constantly worrying about maintenance and as I don't play games I have found no real downside. It is a hell of a lot less stressful for a non techie user like me.
Posted by browndog on March 30, 2007 8:20 PM.
Offensive? Unsuitable? Report this comment.
sturgess, you ask is it enough?
It probably is, assuming you are using all these tools correctly and you started out clean. There is no way as an end user you can be sure.
The question is not, what else you should be using, because it will still be no better than probably enough.
The question is whether 'probably' is enough for you? If not, you need to get your sensitive stuff onto a different OS. It will be not much more trouble than all these tools you are using.
Posted by Alcib on March 31, 2007 7:52 AM.
Offensive? Unsuitable? Report this comment.
If you subscribe to N.T.L. that used to be, which is now
Virgin Media all the requirements that are needed for a VERY safe computer are there with NO extra COST
That includes:- Firewall,anti-virus.Anti Spyware.and Pop ups
I have been with them for years and I am well satisfied
Good luck
Posted by Worriedlad on April 2, 2007 8:42 AM.
Offensive? Unsuitable? Report this comment.
Very interesting comment from Jack re his experiment - makes me wonder how much hype is out there about malware. However, it does very much exist and Jack might just have been lucky (and very careful). The AVG anti-virus is the best known of the free versions but possibly not the best available at the price - have a look at Comparatives tests at http://www.av-comparatives.org/
AVG AntiSpyware is probably the best freebie for adware and spyware but I'd also add SpywareBlaster - it stops a lot of crap getting on the pc. Retrospective (inc. online) scans are useful but won't prevent malware installing. Also have a look at the techsupportalert article on HIPS, as suggested by ajw1. HIPS can be wonderful but can also be dangerous if you don't understand them. If you're happy paying for protection and want a single-solution suite, try Kaspersky as it's very highly rated. If you go for AOL's offering read the T&C first, then decide. The free Comodo firewall is very highly rated. Maybe Jack isn't allowed to mention it but I'd definitely suggest getting a (free) HOSTS file, e.g from http://www.mvps.org/winhelp2002/hosts.htm
If you need it, there's a Norton Removal Tool available here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 CCleaner may help clean some of the remaining crap off.
Posted by BillBlagger on April 2, 2007 11:38 AM.
Offensive? Unsuitable? Report this comment.
I'm not sure Alcib's advice is the most helpful I've read on these blogs: it seems akin to avoiding being mugged by staying inside and locking the doors and windows rather than, say, putting your ipod in a pocket. Strictly speaking it's correct but bearing in mind what is practical for the average user it sounds more like g33k points scoring on teh interweb.
I use AVG on my XP machine, my router has a firewall and I've left the windows firewall enabled. SP2 really is a lot more secure than earlier releases. I use Firefox and periodically delete all local information, including passwords and saved form info.
Spybot search and destroy is handy as well for a periodical sweep.
I have only had any mal/spyware problems whilst using Norton AV and firewall. Touch wood with the above progs I've had no issues.
Posted by ElliotSmith on April 3, 2007 1:35 PM.
Offensive? Unsuitable? Report this comment.
Jack,
Apologies for the blatent plug, but I in the light of your boring web pages story I simply couldn't resist.
Wibble Wibble is definitely not BORING.
Check it out..
www.WibbleWibble.com
Posted by MrsCrabtree on April 3, 2007 2:15 PM.
Offensive? Unsuitable? Report this comment.
I run a bunch of websites, hosted from different hosting companies, and one of those hosting companies is having a DDoS attack as we speak. It's a safe bet that most of the attacking bots reside on various PC's around the net whose owners have lax security practices and are unaware that their PC is even being used for anything malicious.
The problem is that good security requires WAY more geeky, propellor-headed IT skills than the average person can hope to possess. I'm a computer professional and I've done plenty of installs of major security software on PC's in recent years where I then had to spend hours or days tweaking and tuning the security settings so the PC could just function properly again, because the default values on lots of this sw brings the PC to its knees. Most people would have just un-installed the security sw when problems happened.
Suggesting people go to other OSes like Linux or BSD is no good either because they also require too much geekiness for ordinary people and have too many sw incompatibilities with Windows.
Posted by plnelson on April 3, 2007 10:37 PM.
Offensive? Unsuitable? Report this comment.
Many of these comments are completely illogical. For instance: "The problem is that good security requires WAY more geeky, propellor-headed IT skills than the average person can hope to possess".
So the conclusion is, these same people should use good security and not go to another OS for their needs that require security? Other comments detail a set of procedures that are indeed beyond the average user, and still suggest they follow them.
You have to accept that if ordinary people cannot do what it takes to secure a Windows OS, it is pointless to tell them to try.
They have two choices. Choice one is to risk it. Choice two is to keep anything that really needs security off Windows. There is no third option. If they cannot secure Windows, they cannot secure it. Accept the consequences of what you are saying.
Maybe the only place we differ is that my advice is not to risk it. But it depends what you are doing. If its shopping for a few pounds on a card with a 500 limit, maybe its fine. If its online trading with thousands, don't risk it.
Posted by Alcib on April 4, 2007 11:38 AM.
Offensive? Unsuitable? Report this comment.