Firewall/anti-virus software for a T42

[Esteban]

I have a T42 2373 M3U. I need a software firewall and anti-virus software to have a layered defense beyond Windows XP firewall and Norton Anti-Virus that came with my M3U.

Products I am considering include Zone Alarm Internet Security Suite http://www.ZoneLabs.com and Trend Micro PC Cillin Internet Security 2006 http://www.TrendMicro.com

On my previous Delll notebook I used Norton Internet Security Profesional 2002. It seemed to work fine. I've read here and elsewhere that new versions of Symantec products are resource hogs so I'll probably not use one for the T42.

I'd appreciate suggestions and user feedback on firewall/anti-virus software suites to use on my notebook.

BTW, I use SBC DSL and have a 2Wire 1800 HG Gateway (that I have not yet installed).

Thanks, Steve

[Kyocera]

You will be getting a firewall with your gateway, if you have SP2 there is another firewall, if you want to use zone alarm that is another firewall. I would use the first two and forget the zone alarm, even though it is a great product and free. Most networks I go to use only the router firewall, sometimes multiple firewalls can produce connectivity problems between pc's on a local network and accessing various programs on the network. The reason I'd use SP2 firewall is because it very seldom requires any user intervention. Kind of a convienience issue. Don't have any experience with PCillin other than what I have read and that is all good. A recent PCworld article rated it in the top 5 for ability to find bad guys and then get rid of them.

[w0qj]

Recommend you get firewall/antivirus on your own computer; sometimes you take your notebook computer back home or work in a hotel with broadband connection...


free antivirus:

AVAST
www.avast.com/eng/down_home.html

AVG
http://free.grisoft.com/doc/1

free firewall

ZoneAlarm
www.zonelabs.com

[fschwep]

AFAIK the Windows SP2 firewall only looks at what tries to get into your computer, not at what is trying to get out (possibly because so much MS stuff often want to get out and do automatic updates etc.). ZoneAlarm checks both in- and outgoing traffic and is easy to configure. I'd just switch off the MS firewall in msconfig once you have downloaded ZoneAlarm. Similarly, you can delete and/or switch off everything from Symantec once you have another decent AV program installed. Multiple firewalls and AV software running at the same time is a recipe for disaster.
SP2 firewall is known to cause hickups with some non-MS applications, particularly some less recent ones which you may still want to use if they work fine for you.

[T41mbi]

Security is my specialty

Without a doubt the most effective and efficient AV presently available is Eset's NOD32... It's also very light on resources

Firewalls are a bit tricky

Among the experts, you will find most arguing between Look N Stop and Outpost

I chose LNS simply because it is a resource light effective rule based firewall

If you do decide to go with the NOD32 and LNS setup visit www.wilderssecurity.com and view "blackspears" posts in the respective products forum (they are stickies) - he has a great detailed tutorial on how you can harden each product for maximum effectiveness

[Esteban]

I'm the original poster. Thanks to each of you for your help. I have follow up questions.

Use an integrated suite or separate anti-viruse & firewall software? I asked for suggestions about anti-virus/firewall software suites thinking that a suite from one source would be more efficient to use and easier to keep updated. True or not? Why?

Free vs. paid software? My thinking:While I like "free." The prices of the ones in my original post are a reasonable business expense for increased security. I'm fearful about downloading "free" software that might include spyware or adware which, in my mind, favors buying.

I'm a real estate broker, not a computer professional. I'll most often use my ThinkPad at my office with a DSL router/firewall. Sometimes I'll use it at a clients home or office on their phone line. In the future I'll probably use WIFI hotspots and/or cellular ( i.e. Verizon, TMobile) internet access.

edit: thanks T41mbi for the link to www.wilderssecurity.com

[zeroknowledge]

Before I start, I should state this fact, I am researcher (security) and do consulting in the area of security.

Use an integrated suite or separate anti-viruse & firewall software? I asked for suggestions about anti-virus/firewall software suites thinking that a suite from one source would be more efficient to use and easier to keep updated. True or not? Why?

Using both the anti-virus and firewall software from same vendor might not be a good idea. The reason being the following, any vulnerability in one of the common component would compromise protection offered by both.
Second, given the Sony DRM instance I would think twice before trusting a single source for both antivirus and firewall. ( the rest of the argument is how about collusion...)

Free vs. paid software? My thinking:While I like "free." The prices of the ones in my original post are a reasonable business expense for increased security. I'm fearful about downloading "free" software that might include spyware or adware which, in my mind, favors buying.

As for the argument of free vs paid. Most of this free packages has more powerful version which is "pro". e.g AVAST .

Though this is not always true you might find free ( sometimes opensource) tools and utilties which are very good. e.g sysinternals

[a31pguy]

Just did a 30-page writeup on this.

Use the integrated suite. I'd try Zone alarm's new Internet Security Suite , Symantec Systemworks 2005 with antispyware, or Trend.

I gave the Zone Alarm Internet Security Suite the a31pguy's choice award! With Symantec a close second. Trend has the best pricing model but Zone Alarm has better detection rates.

Also Zone Labs has been bought recently by Checkpoint Technologies - which will certainly bolster their long term standing in the industry IMHO.

Also did a writeup on anti-spyware as well.

[Kyocera]

Also Zone Labs has been bought recently by Checkpoint Technologies

Hope they keep at least one freeware version of Zone, I used to frequent the MS newsgroups a lot and everything was always so positive about ZoneAlarm. Adaware was another highly praised, have used them both and never been attacked.

Did you include any of the freeware AV software in your writeup? Specifically AVG, been using it a long time now and love the simplicity and updates are faster than a speeding bullet.

[carbon_unit]

Are your writeups posted anywhere so we can read them?

[a31pguy]

unfortunately - I cannot post the writeup. It was done for a client and has since become their property. I did ask for permission to post it - but the paperwork is lengthy.

I didn't do the freeware antivirus - primarily because commecial clients want someone to yell at if there is a problem.

[a31pguy]

The reason being the following, any vulnerability in one of the common component would compromise protection offered by both.

While this is true of problems with buffer overflows (most notably in Symantec's suite and some of Mcafee's). There are other threats to consider - which IMHO offset this point. Especially, when considering the threat models of large organizations. Mobile and remote users consititue most of the risks for large organizations. I mean beyond physical access, wireless, and social engineering. Use of an integrated suite allows for multiple risks to be mitigated. Further it streamlines desktop performance engineering. No one single vendor offers what I would consider a magic bullet - but using an integrated approach reduces the risks of one vendor interferring with anothers binaries. A good engineer or consultant can take multiple pieces of seperate security software and craft a secure system. However, for your average user, this constitutes a burdensome administrative overhead that most organizations do no wish to shoulder. Further, as the software loads and network environment changes - so do the threats and risks - so it would have to be maintained.

In addition, malware (however it's defined these days) is now more common than tradition viruses/worms. I confirmed this at several organizations in which I installed and monitored IDS systems and antivirus solutions. Most e-mail systems will catch viruses quickly at the SMTP MTA/Gateway. However, the surfing habits of untrained users will allow them to catch adware or spyware quickly. Most organizations still have not deployed SP2 or the needed security patches. Use of buffer overflow protection (either in hardware or software or OS level) reduces the number of vulnerabilities dramtically. There were a few trade articles on buffer overflow protection (I think there were a few on SANS as well). Integrating buffer overflow protection, anti-virus, anti-phishing, anti-spam, anti-"malware", and a firewall - should be a better solution to the risks involved witih mobile and remote users.

Note - I use BlackIce with VisualICE as a reporting tool - I back this up by using TCPview from sysinternals and ethereal when I see suspicious traffic. All email traffic is encyrpted either with TLS, IPSEC, or wrapped in SSH. I have used my laptop at DEFCON, RSA, and Blackhat and have never been on the "wall of shame".