Norton vs Zone Alarm firewalls
in [Firewalls]
|
From: Gerald Vogt on 27 Nov 2007 03:48 On Nov 27, 3:43 pm, "HEMI-Powered" <n...(a)none.en> wrote: > I don't think anyone thinks that having more than one true AV > utility running at a time is a good idea. But, what I listed > running all the time, eTrust Pest Patrol, commercial Zone Alarm, > and NAV 2006 are all intended to do different things in different > ways. And, running Ad-Aware and Spy Bot Search & Destroy as > separate utilities periodically do yet another security-related > purpose. So, I see no conflicts here. The problem is only that you are running the security software on the infected machine. If you have got malware which runs with Administrator privileges you cannot rely on anything in your system anymore. It may have installed a good root kit which goes undetected. It may patch the signatures of your security software to go undetected. It can effectively disable your firewall even though the firewall and Windows still think it is running Thus, if you have an infected machine you simply cannot tell how bad it is. Once you have a trojan on your computer which allows remote access to your computer you are well off the standard malware which you'll find in the wild and which security software may detect. And as some people are more then happy to clean the computer "as good as possible" (or until none of the security software finds more) you can never tell what goes undetected on a computer if you check it on the same system. You should never trust a security check which is running on the infected system. If you want to scan you should use a clean boot disk and scan the file system from there or run a full comparison of the compromised file system with a clean backup to see what has been modified. That would give you more trustworthy results although even then I would rather recommend to restore a clean system image. > Now, as to one malware scanner finding things another misses, I > don't think this is uncommon or unexpected behavior as the > creation of definitions to detect new threats is not done in > tandem with other developers and different specific utilities > perform in entirely different ways. There is a lot out there which no malware scanner finds or will ever find. They find what you can find very often. A malware which only appears a few hundred or thousand times, for instance for a little bot net, is unlikely to be found ever. And even if eventually the code is sent to a security company for analysis and is added to their signatures, you can as well just recompile the malware with some code obfuscation and it goes undetected again. > Interesting. What there's a "death" of, IMO, is people who're > aware enough to pay attention to safe computing and have at least > a modicum of defenses against the bad guys. The popular malware > utilities will catch the vast majority of common threats but if > one's PC is attacked by a sophisticated enough hacker or > whatever, it is doubtful that any software will catch it. Exactly that's why you cannot trust a infected system with whatever security scanner you may scan it. I will never understand why some people still use the same computer with the same system after 20 different scanners found a dozen different trojans, worms, viruses, etc. They use various removal tools and continue to use the computer after the next scan does not report anything anymore... But that is what people do when they think a malware infection is simply inevitable eventually if you connect your computer to the internet. Gerald
From: raylopez99 on 27 Nov 2007 05:24 On Nov 24, 9:50 am, "Poprivet" <popri...(a)devnull.spamcop.net> wrote: > Hi Luis, > The XP firewall is "decent" but only checks incoming traffic, not outgoing, > so if you had something that was calling home with your account passwords, > it would miss it. It's real use is so that you CAN have a firewall when you > first hit the internet and until you get all of your updates and other > protection apps into place and updated. I seldom have to rebuild my system > so I've only used it once or twice, but it does give basic protection but > that's about all. > I keep hearing this 'fact' about outgoing messages having to be checked by a firewall, but, though I see the logic behind it, I'm not entirely convinced. After all, if a virus is smart enough to penetrate the incoming firewall, don't you think it will be smart enough to penetrate the outgoing firewall? Say by pretending it is a legitimate windows process (like MSFT Update) and then tricking the user into approving of it? I think so. > You're also correct in that having two software firewalls working at the > same time is a no-no. They will step on each other's resources even if they > seem to work together. Many firewalls won't even install until you disable > any other one you have working. Some even make you actually Remove the > other firewall before they'll install and XP also has a firewall monitor > that'll complain to you. Two software firewalls may be a no-no, but I have three antivirus and spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot) and they all happily play nicely together, with the most obnoxious of the three programs being Kaspersky (the "heuristics" is a pain), followed by Webroot (has given false positives in the past, though the company is good at correcting these mistakes) and AVG (works so nice, with no problems, that I sometimes wonder if it's doing anything at all, since I've seen ads saying that of all the vendors AVG products miss the most viruses, but when scanning your system AVG finds tracking cookies that the other two programs miss). Also Blacklight's free online Windows Explorer ActiveX product has found tracking cookies that all three of the above programs have missed. RL
From: Kayman on 27 Nov 2007 05:54 On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote: > Kayman added these comments in the current discussion du jour > ... > >> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote: >> >>> Nice name, Gerald, same as mine! I completely agree with you >>> here. Before I run a periodic image backup with Acronis True >>> Image 9.0, about once every 6-8 weeks, I first do as >>> exhaustive a malware scan as I can including Ad-Aware, Spy >>> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the >>> latter 2 running all the time)... >> >> Is security software becoming a security risk? >> >> http://www.infoworld.com/article/07/11/21/Is-security-software- >> becoming-a-security-risk_1.html >> >> "People think that putting one AV engine after another is >> somehow defense in depth. They think that if one engine >> doesn't catch the worm, the other will catch it," he said. >> "You haven't decreased your attack surface; you've increased >> it because every AV engine has bugs" > > I don't think anyone thinks that having more than one true AV > utility running at a time is a good idea. But, what I listed > running all the time, eTrust Pest Patrol, commercial Zone Alarm, > and NAV 2006 are all intended to do different things in different > ways. And, running Ad-Aware and Spy Bot Search & Destroy as > separate utilities periodically do yet another security-related > purpose. So, I see no conflicts here. Conflict(s) is/are not the issue; The OS may appear working smoothly. But installing anti-whatever applications has made your OS more vulnerable to attacks. > Now, as to one malware scanner finding things another misses, I > don't think this is uncommon or unexpected behavior as the > creation of definitions to detect new threats is not done in > tandem with other developers and different specific utilities > perform in entirely different ways. > >> Although attackers have exploited parsing bugs in browsers for >> years now with some success, Zoller believes that because >> antivirus software runs everywhere and often with greater >> administrative rights than the browser, these flaws could lead >> to even greater problems in the future. >> >> The bottom line, he says, is that antivirus software is >> broken. "One e-mail and boom, you're gone," he said. >> >> Zoller says he has been criticized by his peers in the >> security industry for "questioning the very glue that holds IT >> security all together," but he believes that by bringing this >> issue to the forefront, the industry will be forced to address >> a very real security problem. --- >> Interesting report: >> (Though Russ Cooper, a senior scientist with Verizon Business, >> had some criticism for the work of n.runs) >> >> The Death of Anti-Virus Defense. >> >> http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisi >> ting_Anti-Virus_Software.pdf > > Interesting. What there's a "death" of, IMO, is people who're > aware enough to pay attention to safe computing and have at least > a modicum of defenses against the bad guys. It is important that administrators follow the rule of least privilege. This means that users should operate their computer with only the minimum set of privileges that they need to do their job The best denfenses are: 1. Do not work as administrator, use limtited user account (LUA) for day-to-day work. 2. Keep your system (and all software on it) patched. 3. Review usage of IE and OE; Look for good alternatives. 4. Don't expose services to public networks. 5. Routinely practice safe-hex. 6. Backup, backup, backup. > The popular malware utilities will catch the vast majority of common > threats but if one's PC is attacked by a sophisticated enough hacker or > whatever, it is doubtful that any software will catch it. The least preferred defenses are: Most popular anti-whatever applications. -- Security is a process not a product. (Bruce Schneier)
From: Robert on 27 Nov 2007 06:43 On Nov 24, 3:31 am, "Luis Ortega" <lort...(a)ntlworld.com> wrote: > My Zone Alarm Pro firewall subscription expires in a few days and I recently > bought a Norton Internet Security 2008 package that contains a firewall. > I currently have the Norton firewall turned off and just use the Zone Alarm > Pro firewall. > I don't use the Win XP firewall because I heard that it's not a good idea to > have several firewall on at the same time. > We get internet through a Belkin pre-N wireless router that is supposed to > have some sort of firewall built in and that one is turned on. > My computer connects to the router with an ethernet cable and my son's > computer uses a Belkin N usb wireless adapter. They both have the same > current setup I describe regarding firewalls. > Can anyone please advise on whether the Zone Alarm Pro firewall is any > better than the Norton firewall in my situation? > Should I renew the Zone Alarm Pro subscription or uninstall it when it > expires and turn on the Norton firewall? > Thanks for any advice. I use to have Norton anti-virus and firewall and it caused nothing but problems and is a resource hog. I eventually removed it, and glad I did. I now use AVG for my anti-virus along with A-Squared and Spybot for malware removable, and Comodo for my firewall, all of which are free and I haven't had a problem since. Robert
From: Robert on 27 Nov 2007 07:10
On Nov 24, 3:31 am, "Luis Ortega" <lort...(a)ntlworld.com> wrote: > My Zone Alarm Pro firewall subscription expires in a few days and I recently > bought a Norton Internet Security 2008 package that contains a firewall. > I currently have the Norton firewall turned off and just use the Zone Alarm > Pro firewall. > I don't use the Win XP firewall because I heard that it's not a good idea to > have several firewall on at the same time. > We get internet through a Belkin pre-N wireless router that is supposed to > have some sort of firewall built in and that one is turned on. > My computer connects to the router with an ethernet cable and my son's > computer uses a Belkin N usb wireless adapter. They both have the same > current setup I describe regarding firewalls. > Can anyone please advise on whether the Zone Alarm Pro firewall is any > better than the Norton firewall in my situation? > Should I renew the Zone Alarm Pro subscription or uninstall it when it > expires and turn on the Norton firewall? > Thanks for any advice. I forgot to mention that if you decide to remove Norton remember to uninstall Live Update and you also need to go to Norton's site (Symantec) for their removal utility. Your computer should run alot faster without it. Robert |