Norton vs Zone Alarm firewalls
in [Firewalls]
|
From: Gerald Vogt on 26 Nov 2007 17:55 Poprivet` wrote: > ChronJob wrote: >> "Luis Ortega" <lortega(a)ntlworld.com> wrote in >> news:rKX1j.43682$T8.871(a)newsfe5-win.ntli.net: >> >>> Thanks. My understanding of router firewalls is that they only block >>> incoming traffic and if there is some malware on the system then >>> outgoing stuff is not blocked. Is that correct? >>> >>> >> If you've got malware on your system you're already done, cooked, >> finished, hacked, and compomised. The ONLY serious remedy at that >> point is to flatten your system and rebuild it. > > There are very few good reasons to "rebuild" a system. Much better to start > with AV and an arsenal of spyware tools to clean things up as much as > possible. Results might be faster obtained, too. I would not want to run a computer cleaned up "as much as possible" leaving some malware undetected behind because that malware so well hidden is the really dangerous one. A trojan, key logger, similar. If you use the computer to send a single password, credit card number, or any thing else personal I would never use a computer which is cleaned up "as much as possible". Either reinstall the computer or restore a 100% sure clean system image. IMHO anything else is bad advice. Gerald
From: Lars-Erik �sterud on 26 Nov 2007 18:44 > There are very few good reasons to "rebuild" a system. Much better to start Haven't rebuild my system since I installed Win98se. When I upgraded to XP I cloned the Win98se partition. Still stable as ****. OK, I do some reg cleaning, but. -- Lars-Erik - http://www.osterud.name - ICQ 7297605 WinXP, Asus P4PE, 2.53GHz, 1GB, MSI 7600GS, SB-Live
From: HEMI-Powered on 26 Nov 2007 21:53 Gerald Vogt added these comments in the current discussion du jour ... >>> If you've got malware on your system you're already done, >>> cooked, finished, hacked, and compomised. The ONLY serious >>> remedy at that point is to flatten your system and rebuild >>> it. >> >> There are very few good reasons to "rebuild" a system. Much >> better to start with AV and an arsenal of spyware tools to >> clean things up as much as possible. Results might be faster >> obtained, too. > > I would not want to run a computer cleaned up "as much as > possible" leaving some malware undetected behind because that > malware so well hidden is the really dangerous one. A trojan, > key logger, similar. > > If you use the computer to send a single password, credit card > number, or any thing else personal I would never use a > computer which is cleaned up "as much as possible". > > Either reinstall the computer or restore a 100% sure clean > system image. IMHO anything else is bad advice. > Nice name, Gerald, same as mine! I completely agree with you here. Before I run a periodic image backup with Acronis True Image 9.0, about once every 6-8 weeks, I first do as exhaustive a malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the latter 2 running all the time) because it makes no sense to image an infected HD. Still, I am never completely sure it is clean, probably I never will be but at least I don't notice any obvious or even subtle signs of an infection. -- HP, aka Jerry "Never complain, never explain" - Henry Ford II
From: Kayman on 27 Nov 2007 00:51 On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote: > Nice name, Gerald, same as mine! I completely agree with you > here. Before I run a periodic image backup with Acronis True > Image 9.0, about once every 6-8 weeks, I first do as exhaustive a > malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest > Patrol, and NAV 2006 (in addition to the latter 2 running all the > time)... Is security software becoming a security risk? http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html "People think that putting one AV engine after another is somehow defense in depth. They think that if one engine doesn't catch the worm, the other will catch it," he said. "You haven't decreased your attack surface; you've increased it because every AV engine has bugs" Although attackers have exploited parsing bugs in browsers for years now with some success, Zoller believes that because antivirus software runs everywhere and often with greater administrative rights than the browser, these flaws could lead to even greater problems in the future. The bottom line, he says, is that antivirus software is broken. "One e-mail and boom, you're gone," he said. Zoller says he has been criticized by his peers in the security industry for "questioning the very glue that holds IT security all together," but he believes that by bringing this issue to the forefront, the industry will be forced to address a very real security problem. --- Interesting report: (Though Russ Cooper, a senior scientist with Verizon Business, had some criticism for the work of n.runs) The Death of Anti-Virus Defense. http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf -- Security is a process not a product. (Bruce Schneier)
From: HEMI-Powered on 27 Nov 2007 01:43
Kayman added these comments in the current discussion du jour .... > On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote: > >> Nice name, Gerald, same as mine! I completely agree with you >> here. Before I run a periodic image backup with Acronis True >> Image 9.0, about once every 6-8 weeks, I first do as >> exhaustive a malware scan as I can including Ad-Aware, Spy >> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the >> latter 2 running all the time)... > > Is security software becoming a security risk? > > http://www.infoworld.com/article/07/11/21/Is-security-software- > becoming-a-security-risk_1.html > > "People think that putting one AV engine after another is > somehow defense in depth. They think that if one engine > doesn't catch the worm, the other will catch it," he said. > "You haven't decreased your attack surface; you've increased > it because every AV engine has bugs" I don't think anyone thinks that having more than one true AV utility running at a time is a good idea. But, what I listed running all the time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all intended to do different things in different ways. And, running Ad-Aware and Spy Bot Search & Destroy as separate utilities periodically do yet another security-related purpose. So, I see no conflicts here. Now, as to one malware scanner finding things another misses, I don't think this is uncommon or unexpected behavior as the creation of definitions to detect new threats is not done in tandem with other developers and different specific utilities perform in entirely different ways. > Although attackers have exploited parsing bugs in browsers for > years now with some success, Zoller believes that because > antivirus software runs everywhere and often with greater > administrative rights than the browser, these flaws could lead > to even greater problems in the future. > > The bottom line, he says, is that antivirus software is > broken. "One e-mail and boom, you're gone," he said. > > Zoller says he has been criticized by his peers in the > security industry for "questioning the very glue that holds IT > security all together," but he believes that by bringing this > issue to the forefront, the industry will be forced to address > a very real security problem. --- > Interesting report: > (Though Russ Cooper, a senior scientist with Verizon Business, > had some criticism for the work of n.runs) > > The Death of Anti-Virus Defense. > > http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisi > ting_Anti-Virus_Software.pdf Interesting. What there's a "death" of, IMO, is people who're aware enough to pay attention to safe computing and have at least a modicum of defenses against the bad guys. The popular malware utilities will catch the vast majority of common threats but if one's PC is attacked by a sophisticated enough hacker or whatever, it is doubtful that any software will catch it. -- HP, aka Jerry "Never complain, never explain" - Henry Ford II |