Firewall, Anti-Virus, Spyware FAQs

[Kalah]

Firewalls, antivirus & Spyware FAQs

What is a firewall? Do I need one?

A firewall is the first line of defence against intrusion; a logical barrier designed to prevent unauthorized or unwanted communications between computers. Yes, you need one. When browsing the web, you should always keep your firewall up and running.

How do I know if I have a firewall?

Enter the Control Panel and check out the Security section. If you have a recent edition of Windows installed, a firewall is already built in.

Where can I get a firewall?

You can download one for free over the web. Check out these links:
- ZoneAlarm
- Comodo.

What is an antivirus program?

It is a program installed on your PC, actively searching for and dealing with viruses and other malicious programs trying to mess with your computer and/or programs. It does this in two ways:
- Scanning files to look for known viruses matching definitions in its virus dictionary. This is why you need to update the program regularly, to make sure it will recognize new threats.
- Identifying suspicious behaviour from any computer program which might indicate infection. The anti-virus program runs passively all the time, and you should never shut that function off.

Do I really need antivirus?

Oh God, yes. Most of the bad stuff should be blocked by your firewall, but there are lots of really clever dysfunctional people out there, working on ways to bypass that. You definitely need some kind of antivirus program.

Where can I get one?

That's a good question. Let me reiterate: If you have a recent edition of Windows installed, a firewall is already built in. It's called "Windows Defender" and it's good enough for most people's needs.

Lots of companies try to get you to buy their programs nowadays, either via e-mail (spam), the telephone or even face-to-face. You should listen to none of them; expensive Anti-Virus programs are not necessary; they are no better than other, cheaper/free alternatives. The one I recommend is Bitdefender.

You could also browse the websites of the excellent testing institute AV-TEST to find thorough tests of the best antivirus programs for various platforms.

If you want to configure your firewall under Windows XP - read this:

The main thing is the svchost.exe process, this is the process under which most system services are run. And most of users go for "allow all in/out for svchost.exe" rule, which is a bad decision.

Here is what needs to be allowed for svchost.exe:

- DNS Requests:
Outgoing TCP and UDP on port 53 to your DNS provider

- DHCP Requests: (skip this if you have static IP)
Both UDP on ports 67,68 to your DHCP provider.

- Help Web Access: (skip if are not using Windows help)
Outgoing TCP on ports 80, 443

- Time Synchronization:
Outgoing UDP on port 123 to time.windows.com, time.nist.gov

All other attempts can mostly be blocked.

NB! Make sure that the process' executable name is svchost.exe, not scvhost.exe, schost.exe etc.. Also make sure that this executable is located in windows/system32, and not in windows/system or windows/ and so on.

[Pol]

Appendix A

From my own experience I can recommend Kaspersky AV or Suite (payware), Avira Antivir Personal (Free), Agnitum Outpost Firewall Free (Free of course ).

These do passed in my own (short and relatively simple) testing, where I considered security, resource consumption and ease of control.

Currently using Avira Antivir Personal and Agnitum Outpost Pro 7 - which is a splendid thing (Full control of process and theirs activity, you instantly see what is doing I/O and how much ram is used, can log writing into registry, act like spyware and advertisement content blocker plus usual firewall functions & lifetime license in my case).

Another good, although not the first are Avast and MacAffee. They provide a good job in protecting your system. Especially Avast impressed me with Web Protection - it's close to awesome.

I'm leaving AVG, NOD and Norton out. Simply some people like them, some not - if you want to know it on your own skin, try the trial version first! (But I don't like them.)

If you want to see real pro reviews and test, you may go for here (matousec.com)

If you want to test your own security, then go there 1 or 2. It's a pretty much base stuff, however it will never try to infect your PC so the most important aspect, from the reason of your safety, was of course omitted.

! Note:
Every new version is different, so what was once up may be now down and conversely.

Microsoft Security Essentials (Free) is also worthy to be mentioned. This product is in rapid development and already competed 'slower' AV/FW vendors.

[Ojcar]

My hint:

I use AVG antivirus.

Plus A-squared free if you have any problems with trojans and similar. For free they get banished as far as my experience tells if Avg didn´t worked.

All perfect since (5 years and counting), (unless you don´t have any intuition on suspecting what could infect you hehe). Be careful and analize any file downloaded bfore opening.

Use CCleaner for shit cleansing, it´s good.

[Pol]

When you mentioned it, MBAM is also superb like antispyware, to remove the pest. :)

[Kalah]

Since the security bureaus of several countries now warn users against Java, so will we:

Java is run by millions of computers, but lately, several dangerous security holes have been discovered. As Oracle have worked hard to fix the problems, but failed, the official recommendation is now to simply disable Java in web browsers until the security issues have been fixed.

Problem: several web pages won't run without Java, so what do you do? Well, if you need to go to a page (like your web bank) using Java, make sure the page is a safe place to go. Enter the URL yourself, don't follow links. Then activate Java.

[GreatEmerald]

There is no information there on what the exploits can do. Isn't Java and all supposed to be run in a sandbox? Also, it shouldn't be able to access any of the protected OS files without root permissions.

[Pol]

Try to search more back in time. If it's the same problem, then it was reported about two months back. And left by Oracle like we will fix it later (in standard java edition)

[Kalah]

No, this is new, that's the problem. Java say they've fixed it, but experts are still unsure.

attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java.

... an attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems.

They said developers of several popular tools, known as exploit kits, which criminal hackers use to attack PCs, have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.

More on Reuters:

Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.

[GreatEmerald]

No, this is new, that's the problem. Java say they've fixed it, but experts are still unsure.

If that page is correct, all they did was to ask for confirmation about running applets more often. Hardly a fix.

[Pol]

This is the desired result. Run Java only when needed, otherwise let it switched off.

From Control panel > Programs

[Bloax]

If you're running Firefox you shouldn't forget to have the holy grail of plugins installed - that being NoScript.
Although it will certainly stress your patience.

[GreatEmerald]

Speaking of spyware, Windows 10 apparently is spyware: https://www.reddit.com/r/conspiracy/com ... _settings/ https://www.reddit.com/r/Windows10/comm ... indows_10/ (also, keyloggers were pushed into Win7 and friends as well, so that's not really a solution either).

I'm glad I only use Linux for the important stuff

[Pol]

That can be one time rectifited with some utility, like DoNotSpy10, Windows Tracking Disable Tool or O&O ShutUp 10.

One time. Because with any update, Microsoft can re-enable them back.

[GreatEmerald]

Handy. Makes me wonder if there's something of the sort for previous Windows versions too.

[markkur]

Hopefully this is on topic m/l. I detest the way Windows has gone. Damnit how I long for 98 when I was the only one that controlled what the heck happened in MY pc.

I have a Win7 question for you gurus. Since the start of the year (at times) I'm getting large dumps of temp-files into my "owners profile" I have webroot and am always optimizing and keep my system clean but is there any way of stopping all this freakin' activity into my personal files? I have to do this several times a day. Today's net-users are soooo accustomed to this stuff and I never will be. Shoot when I "reluctantly" installed glorious Steam to play a gift-game and saw where they parked themselves?..."my Docs!" Good grief. So bold, so obvious.

Nevermind but about the temp-dumps? How can I block that crapola and not affect normal browsing needs? Btw, I do have delete temp-files ticked in internet-settings but it seems they're bypassing that bit now. Some of my programs are very slow to open and I know its tracking at work some way or another.

[GreatEmerald]

Yea, it seems there's a rule that started at about Win98 where in each Windows release you need to spend more and more time tweaking things after install to get it to work the way you want.

But anyway, I don't really get the question. The reason why things are being stored in Documents and Application Data is due to the security model that was introduced in Vista and copied from UNIX, that says: a user has no permission to write anything outside of the user's directory. If you need to do that, you need to use the administrator account. This helps, because malware can no longer mess the system up, unless you give it the administrator password.

Another reason is multi-user support. If the same PC is used by different people, you don't want each user to have (write) access to each other's game save files and whatnot. Hence save and config files have to go somewhere into the user's directory. Where exactly is up to each program, though, hence you get a bit of a mess.

Both of these are actually good things, you just need to change your mindset about it. (It helps to come from a UNIX background, where this was the case from the get-go ) If you're bothered by things going into Documents, just stop using Documents for personal files and make a new directory in your user directory for it.

As for clearing history and whatnot, well, you can switch browsers, or always use incognito mode where it's not saved to begin with.

[markkur]

Both of these are actually good things, you just need to change your mindset about it. (It helps to come from a UNIX background, where this was the case from the get-go ) If you're bothered by things going into Documents, just stop using Documents for personal files and make a new directory in your user directory for it.

That's certainly true. It's not really a security issue is just the amount of temp files. 2,000 files in a single session, at minimum and now I'm seeing jpgs etc. Idk, it seems a bit overmuch to have all these files dropped in and multiplying. One of the dumps is lots of language files...I guess related to IE....which I detest but don't know what's better.

What's the best browser these days? (for the consumer) I used firefox for years but I've heard it's not what is was.

[Pol]

Re-read your question and it's probably ok. Nowaday you have thousands of temp files. But also many ways how to clean them after use. In what exact folder do you see them?

Nah, I'm still using Firefox as my main. Less inquisitive than Chrome, pretty speedy with many addons. Also Opera is again growing, after fall of Opera12.

[GreatEmerald]

Same, I'm using Firefox. Certainly beats using proprietary browsers (IE) and semi-proprietary browsers (Chrome).

[markkur]

In what exact folder do you see them?

under..."user-name"/temp

Nah, I'm still using Firefox as my main. Less inquisitive than Chrome, pretty speedy with many addons. Also Opera is again growing, after fall of Opera12.

With two of you still using Firefox...guess I'll go back...home. And get rid of IE.

Maybe you guys would care to share your Firefox "must-have" add-ons?

Pol & GE, thanks for the help.

ps, I know this is OT but this morning I made an odd connection; you guys ever heard of the "FoxFire" books? (you can see why I made the link ) Anyway, not wanting to start a discussion since it is way off-topic but if you like "how-to" at all you might track one or all of them down and keep them in a personal physical library.