ok so antivirus software has been done and it turns out Norton AV is rubbish. So im changing, but what about Norton internet security? should i keep that or is there a better alternative to that too?

I got 'Snortin Norton' for free with this laptop and the first thing i did was uninstall it :wink:

The best free Firewall out there is Sygate Personal Firewall (http://www.sygate.com/firewall). It's low on system resources and stops everything in it's tracks :)

Don't let anyone tell you otherwise :wink:

*waits for the Zonealarm fans to attack* :hihi:

i second that view as well i have sygate on all my computers and not a problem installing or running

dave

Originally posted by vidster
*waits for the Zonealarm fans to attack* :hihi:

Sorry dude, 2 replies & no bite, Sygate kicks Zone Alarm's scrawny butt.

But Smoothwall (http://www.smoothwall.org/) & IP Cop (http://www.ipcop.org/) both rule if you have a spare old (486 onwards) PC & a geek to hand...

just throwing my sygate hat into the ring, also use protowall using bluetack's blocklist manager.

Originally posted by vidster
I got 'Snortin Norton' for free with this laptop and the first thing i did was uninstall it :wink:

The best free Firewall out there is Sygate Personal Firewall (http://www.sygate.com/firewall). It's low on system resources and stops everything in it's tracks :)

Don't let anyone tell you otherwise :wink:

*waits for the Zonealarm fans to attack* :hihi:

Oh god, not Zone Alarm... no ....please.... not that..... aggggggghhhh

Another vote for SyGate

Joel

Agnitum Outpost Pro firewall..
Its just the best.

ALSO: I use a wireless router with inbuilt firewall + the above so we are protected to the hilt.

Has anyone heard of any actual problems with XP SP2 Firewall when used in conjunction with hardware firewall (is a port blocking device a full firewall?) as well. I am happy that everything is getting blocked on the way in by the hardware and Xp firewall warns me before anything goes out. The hardware firewall picks up anything XP might miss. Everyone says XP firewall is rubbish but I haven't had any problems *touches wood* so far.

Well sygate seems to have won.. i'v got rid of norton and my pc is acing like when i first got it. After all this time it was nortons fault my pc was struggling to do.. well anything. :clap:

Zonealarm's ok but i've a hardware firewall on my router so i usually disable ZA.

If you want to test your firewall by the way go to www.grc.com and follow the link to test my sheilds. It does various port scan's of your computer and tells you of any open ports.

Originally posted by march
...Everyone says XP firewall is rubbish but I haven't had any problems *touches wood* so far.

You can configure XP SP2 firewall like a proper hardware firewall if you know where to look (found it accidentally last week, can't remember where & I'm on 2000 at the mo'). It has setting options which are the same as most hardware/Linux firewalls' port blocking options.

Originally posted by AaronD
Zonealarm's ok but i've a hardware firewall on my router so i usually disable ZA.


A hardware firewall should be used in conjuction with a software firewall, not instead of. A hardware firewall will prevent incoming attacks but does little to stop anything getting out that's got onto your machine.

I've got IPCop and still use software firewalls on all my machines, (a mixture of Panda, not bad-ish, and Kerio, much better, going to change all my AV and firewalls soon).

And I may as well, ZoneAlarm, aaaaarrrrrrggggggggghhhhh, nooooooooooo....................... Sorted! :thumbsup:

True a hardware firewall won't stop much going out of my machine but i'm not too worried about that. Admitedly though most people should be especially if they download lots of programs from the net or use unpatched microsoft products.

I still leave zonalarm running when i boot up until i want to do something it doesn't like such as enabling IIS or Apache at which point i just disable it and make sure my HW firewall block's incoming traffic on those ports.

The other firewall software you mension, are they free for personal use? Might give em a go sometime.

Originally posted by steev
You can configure XP SP2 firewall like a proper hardware firewall if you know where to look (found it accidentally last week, can't remember where & I'm on 2000 at the mo'). It has setting options which are the same as most hardware/Linux firewalls' port blocking options.

Sounds interesting.

I had ZA at home, but started using XP SP2 firewall instead, as it is much improved over previous versions, even if does lack the bells and whistles of ZA.

Another vote for Outpost :) I tried a few including Tiny, Sygate and various other common ones and hated them all! The SP2 one is pretty reasonable for most people, although I had a few weird local networking issues with it...

so what makes outpost better than sygate?

Originally posted by march
Has anyone heard of any actual problems with XP SP2 Firewall when used in conjunction with hardware firewall (is a port blocking device a full firewall?) as well. I am happy that everything is getting blocked on the way in by the hardware and Xp firewall warns me before anything goes out. The hardware firewall picks up anything XP might miss. Everyone says XP firewall is rubbish but I haven't had any problems *touches wood* so far.

The only flaw with that is the fact that the Windows XP sp2 Firewall doesn't monitor outbound traffic. So if you inadvertently install a Trojan/Virus, it can send out whatever it wants and the Firewall won't do a thing.
I didn't know about this until one of our members at CbtTechs ran various advanced programs on a few Firewalls. The XP Firewall didn't do too well in other departments as well :(
It's a pity really because it hardly uses any resources.

Originally posted by vidster
The only flaw with that is the fact that the Windows XP sp2 Firewall doesn't monitor outbound traffic. So if you inadvertently install a Trojan/Virus, it can send out whatever it wants and the Firewall won't do a thing.
I didn't know about this until one of our members at CbtTechs ran various advanced programs on a few Firewalls. The XP Firewall didn't do too well in other departments as well :(
It's a pity really because it hardly uses any resources.

What exactly do you mean when you say doesn't monitor outgoing traffic? It is forever popping up telling my applications tried to make an outgoing connection and do I want to allow it? That is what I understood by monitoring outbound traffic.

If i tried to explain i would probably end up confusing both you me march :hihi:
So i went and found the article below. Does a much better job than i could :wink:
Hope it helps!
http://netsecurity.about.com/od/firewalls/a/aa081804b.htm

Originally posted by Craigy
so what makes outpost better than sygate?

I had lots and lots of recommendations about Outpost from loads of people at work + our customers.

It does not take up much memory on your PC like Nortons and McAfee do and it just sits there quietly making your PC invisible to people on the internet.

Its fantastic.. try it.. you'll be glad you did.

It also comes with a link to a site to check for you if outpost is doing what it says on the tin as well.

Originally posted by vidster
If i tried to explain i would probably end up confusing both you me march :hihi:
So i went and found the article below. Does a much better job than i could :wink:
Hope it helps!
http://netsecurity.about.com/od/firewalls/a/aa081804b.htm

Interesting, that was written just after it came out. I don't know if they have updated it with later patches. Didn't think they had though! How come mine blocks everything until I let it? Unless it means once an application has been granted access it doesn't check packets. So as long as I don't grand access to "Jims Key Loger.exe" I'll be just fine! :D

I'm not an expert on Firewalls but i would guess that your XP Firewall is only asking when an installed program file requests permission to access the internet.
I would have thought that many Viruses, Trojans, Keyloggers etc would just 'piggyback' their packets on other packets being sent out by legitimate programs.
This is just a guess though.

I would link to know myself now. If anyone can explain how malware can bypass the XP Firewall, please do tell :?

It might be able to tunnel its packets through the http port, or one of the ports that are open (email etc). Port tunnelling has be used before in malware (and in ligitimate pieces of software), which is why its best to have spyware removers, and virus scanners to pick them up.

Joel

Originally posted by Joelc
It might be able to tunnel its packets through the http port, or one of the ports that are open (email etc). Port tunnelling has be used before in malware (and in legitimate pieces of software), which is why its best to have spyware removers, and virus scanners to pick them up.

Joel

Thanks Joel :thumbsup:
So a legitimate program tries to access the net. Firewall pop's up asking whether to grant permission. Permission is granted and the port is opened.
Malware detects the open port and uses it until it's little heart is content and Firewall never mentions it because the port has already been granted permission to be opened.

I should have known this already :suspect:

That must be it. Although it would also have appear to be the application that was originally granted access. Everytime a new ap wants to use port 80 I get a message. It is already open for IE, Firefox etc. I guess trojans can appear to actually be Firefox or IE and this would then confuse the firewall. I think I might need to read up on this a bit, don't want to be funding some hacker.

Originally posted by march
That must be it. Although it would also have appear to be the application that was originally granted access. Everytime a new ap wants to use port 80 I get a message. It is already open for IE, Firefox etc. I guess trojans can appear to actually be Firefox or IE and this would then confuse the firewall. I think I might need to read up on this a bit, don't want to be funding some hacker.

Well if a hacker assumes that port 80 will always be open, they he just programs it so the packets look like they come from either FF or IE, and blockers let them through, its very simple to do. Plus, some malware can interfear with the firewall setting and cause it not to behave as it should.

Joel

Don't make things more complicated than they are... If your code is running as an admin user (which it almost always will be), you can use a "netsh firewall set" command to simply add new firewall rules allowing you to do whatever you want! :)

(I've never actually tried this, but "netsh firewall /?" suggests it's pretty simple)

i found black ice the best firewall to use.

what about McAffee Firewall?
Good or bad?

AVG was recommended to me as an anti-virus software. Norton is the worst. :gag:

when i get home i'm gonna try Sygate. ;)

I dont like McAfee neither to be honest.

If you want summat that wont let you down.

Virus Killer: Nod32
Firewall: Agnitum Outpost Pro

You cant do better than these two at the moment.

newbie to the forums i is Hi all,

Zone alarm secruity suite is very good never had anything get in.
Outpost Good aswell.
Norton NAFF who ever uses norton get rid of it ASAP.
panda ok

Registry mechanic pro with Kaspersky anti virus and fire wall thats good aswell

AVG is good and free

Bitdefender online scan very good i use as a back up as a just in case scanner..
everything is FREEly available from the net.

Hi drut, well i used to use ZoneAlarm back in me day and cant say i liked it.. No matter how hard I tried it would not let me play Counter-strike, uninstalled it and never given it a second thought.
I think mine was a duff tho lol lots of ppl seem to like it

Another Vote for Agnitum Outpost Firewall. Easy to use doesn't hog system resources plus dead easy to update and occasionally Agnitum do a lifetime offer of free upgrades which is always nice :)

Originally posted by torin8
Another Vote for Agnitum Outpost Firewall. Easy to use doesn't hog system resources plus dead easy to update and occasionally Agnitum do a lifetime offer of free upgrades which is always nice :)

It is fantastic though aint it!!

I used to use Nortons and Zone Alarm also- nortons I just now detest because of all the bad stuff I've heard from people as well as myself using the software and it knackering my system and pilfering a lot of background memory too.

Zone Alarm was ok until they released the newer versions and then it seemed to go off the rails slightly and got ever so buggy with XP SP2... so now I've found the best there is in Agnitum Outpost.

Originally posted by vidster
The best free Firewall out there is Sygate Personal Firewall (http://www.sygate.com/firewall). It's low on system resources and stops everything in it's tracks :)

Don't let anyone tell you otherwise :wink:

*waits for the Zonealarm fans to attack* :hihi: [/B]

Does Sygate come with antivirus option vidster?

I currently run Zonealarm (free) with Zonealarm antivirus (costs £12)
and the subscription is up for renewal....

Originally posted by Craigy
Best firewall softwareYou're problem is stated in your question 'Firewall Software'.
anything that is software based, that runs on the target computer rather than filtering from an intermediate device will have fondamental flaws.
It's like, woppee, that spyware IS on my computer but doesn't do anything coz that clockalarm thing has stopped it.
Best remedy is prevention (See boring gutter advert), don't let ahnything on your computer !

Spend 20 on router/switch, anything hardware based that can be hacked into as much as it can be and will receive all general cr*p of Tinternet instead of your beloved machine.
IF infected, press the reset button at the back.

Originally posted by Draggletail
Does Sygate come with antivirus option vidster?

I currently run Zonealarm (free) with Zonealarm antivirus (costs £12)
and the subscription is up for renewal....
Just install AVG7 free version with Sygate Draggletail. They work very well together. I've never herd of them getting in each others way :)

Thanks vidster :thumbsup:

Originally posted by vidster
Just install AVG7 free version with Sygate Draggletail. They work very well together. I've never herd of them getting in each others way :)
One last question :)
- Do you get automatic updates with these, or do you have to check for them periodically?

Originally posted by Captain_Scarlet
You're problem is stated in your question 'Firewall Software'.
anything that is software based, that runs on the target computer rather than filtering from an intermediate device will have fondamental flaws.
It's like, woppee, that spyware IS on my computer but doesn't do anything coz that clockalarm thing has stopped it.
Best remedy is prevention (See boring gutter advert), don't let ahnything on your computer !

Spend 20 on router/switch, anything hardware based that can be hacked into as much as it can be and will receive all general cr*p of Tinternet instead of your beloved machine.
IF infected, press the reset button at the back.
The problem with using a router as your main defence is that often it's just using NAT with stateful inspection. This is pretty good against stopping generic incoming attacks, but does absolutely nothing against anything on your pc "phoning home". If your router has a firewall then fine, switch that on, but how does it know to distinguish between your legitimate web browsing and a trojan connecting on the same port with your credit card details? That's where software firewalls are handy, so that you get some sort of popup message querying every program's right to internet access - it's actually quite scary how many of them want to contact their company site, but that's another matter!

Remember that spyware (as opposed to worms) is usually acquired by you visiting a malicious website (and if you're daft enough to use IE, you don't even have to do anything to get infected) or installing something that comes with malware hidden away. How does a hardware router stop this?

If you want real security, set up hardware *and* software firewalling! ;)

Originally posted by Draggletail
One last question :)
- Do you get automatic updates with these, or do you have to check for them periodically?


Either:thumbsup:.

Originally posted by rich951
it's actually quite scary how many of them want to contact their company site, but that's another matter!

ZAP does this:o.

Unless you edit the hosts file;).

Used Zone Alarm Pro for several years - never had any problems with it as the PC is also behind a NAT device (broadband router)

ZAP has intercepted outgoing emails from worms (received before the AVG update kicked in and stopped it from spreading).

Never had any problems configuring it for online games, never had any increased latency isssues.

Not only does it exert program control but also component control, so new applications requesting internet access through previously cleared components will be flagged.

You can pretty much change everything in Zone Alarm, including auto update features (i.e no need to hack lmhosts)

I've not tried any other SW Firewalls so I can't comment on them, but Zone Alarm has served me well enough for years.

But you do want antivirus and some form of NAT as well.

A hardware firewall will set you back a few quid.

Keep getting plagued by pop-ups and 'messenger' alerts telling my registry is damaged go to regfix.com etc over and over again!

Used to use McAfee - ha ha ha ha ha - chocolate teapot and all that.

Followed Vidsters advice on another thread I downloaded spybot, Ad-aware, AVG and spywareblaster and sygate personal firewall. Running the antivirus etc still hasn't removed them - even from safe mode also clean install of windows hasn't solved it. Where do these little gremlins live on the system? Is it possible to trace and delete manually?

Sygate seems to prevent them reappearing but it also appears to be using 80 to 90% of the processor (AMD1800)! On task manager comes up as: drwtsn32.exe - is this correct?

Sygate also keeps telling me it has blocked the following:
NT kernal system ntoskm/.exe
svchost.exe
mousecm.exe
The messages keep reappearing even when I tick the box.
Are these the source of the problems and should be blocked or are they involved in the functioning of windows/explorer?

Any help gratefully received.

The simple way to stop the messenger popups is to turn messenger off in services. It's the first thing i do when re-installing XP (unless snortin Norton is installed. Then i uninstall the 'Hog' 1st)
Start>Control Panel>Administrative Tools>Services>Scroll down to messenger. Right click on it and select Properties. Change the way messenger starts to 'Disabled'. Click apply and OK and reboot. messenger popups gone :wink:
drwtsn32.exe is an application called Dr Watson. It's perfectly safe but as you noticed, it hogs loads of the processor power.1. Click Start, click Run, type regedit.exe in the Open box, and then click OK.
2. Locate and click the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
NOTE: Steps three and four are optional, but they necessary if you want to restore the default use of Dr. Watson.
3. Click the AeDebug key, and then click Export Registry File on the Registry menu.
4. Enter a name and location for the saved registry file, and then click Save.
5. Delete the AeDebug key.

Most of the things that Sygate is blocking will be computer services 'talking' to each other. As far as Sygate is concerned these services could be Viruses or Trojans trying communicate. It's only doing it's job really :?
You can check the services on This site (http://www.answersthatwork.com/Tasklist_pages/tasklist.htm).

Hope this helps :wink:

Thanks for the help Vidster.

Checked out answersthatwork.com and worked down the list identifying what should and should not be there (couldn't find mousecm.exe - but has gone now - see below)

Reinstalled windows and downloaded Zonealarm, MicrosoftAntispyware, AVG7, Spybot, Adaware, and spyblaster. All from majorgeeks.com (seemed like a good site)

Repeated starting in safe mode and then running them. Fingers crossed seems to have sorted all the nasties that shouldn't be there.

Zonealarm seems to do a good job at keeping everything out.

Cheers

Originally posted by cakeway
Thanks for the help Vidster.

(couldn't find mousecm.exe - but has gone now - see below)

Reinstalled windows and downloaded Zonealarm, MicrosoftAntispyware, AVG7, Spybot, Adaware, and spyblaster. All from majorgeeks.com (seemed like a good site)

Repeated starting in safe mode and then running them. Fingers crossed seems to have sorted all the nasties that shouldn't be there.

Zonealarm seems to do a good job at keeping everything out.

Cheers

You should be clean as a whistle after doing all that cakeway :thumbsup:
There is a full review of Zonealarm in the next issue of Computer Active magazine :wink: majorgeeks is an awesome download site as well, if a little slow at times. Also try www.download.com .
mousecm.exe: This is a nasty little Trojan that logs each and every mouse click you do. There is more info about it Here (http://www.bleepingcomputer.com/startups/mousecm.exe-10808.html).
Your well rid of it :wink:

I use the windows xp firewall along side a free verison of grisofts antivirus.



website is putitbacktogether.co.uk

Originally posted by castlerigg
I use the windows xp firewall along side a free verison of grisofts antivirus.



website is putitbacktogether.co.uk

As has been mentioned time & time again on here Windows built in firewall does not offer outbound protection, of any description. Which means, if you have any spy/mal/scumware on your system, that makes outbound requests, they will be allowed to do so by XP's firewall (not good:().

Try Steve Gibson's Leak Test (http://www.grc.com/lt/leaktest.htm) using just XP's firewall;).

youre not wrong. windows firewall isnt good at all. smoothwall seems to be what you may need

I usually find ZA is aimed at beginners, and Sygate for those who progress on from ZA.

The Windows' FW is poor, so best to grab a decent one. I use McAfee, although I did pay out for that.

Plus my router has a hardware FW

:)

Originally posted by kentboy119
I usually find ZA is aimed at beginners

When did you last use a Pro copy?

Another vote for sygate :thumbsup: