Micro Mart Forum / Magazine/Website Feedback & Suggestions / The Micro Mart Magazine / Micro Mart Forums / Jason's Column #1000 / Latest Posts

RE: Jason's Column #1000

FreakShow! — Wed, 30 Apr 2008 23:15:12 GMT

Advice from long haired men isn't usually something I follow ;) :P

I don't find said performance hit, but maybe it's with specific things. Each to their own :)

RE: Jason's Column #1000

Jason — Wed, 30 Apr 2008 18:38:13 GMT

I got rid of mine because it slowed my system down horribly (especially at start-up). But I wouldn't trust a word that Jason guy says. ;)

RE: Jason's Column #1000

FreakShow! — Wed, 30 Apr 2008 18:05:29 GMT

Just to add my 2 cents.

I have my faithful programs that protect me. I don't find it slows my PC down at all, and while being careful is good, there are always things that get past. Running Spybot, Avira and ZA and still there are things that get by. I like to think I am careful, but having a bit of software to help out with the job and run a check to see that it didn't miss anything with more updated definitions is not like a performance killer.

As has been said above, each to their own, but with free programs that do a great job, I don't understand why putting that extra bit of precaution is shied away from.

RE: Jason's Column #1000

Bruce R — Wed, 30 Apr 2008 17:18:59 GMT

I really envy folk who haven't seen or experienced, or can just afford to write off malware.
All the measures discussed provide some degree of protection, but sooner or later (hopefully never) something gets through. I even had one client whose PC had so much spyware and trojans etc, that he was seeing regular small deductions from his bank account, that being wealthy he just wrote off. As to eventual PC slow down with so much 'phoning home' going on, he just bought a new system and used that ! :)

However, if you ever have to struggle with 'clean' source discs and do a re-install, and laboriously re-instate preferences etc, it can then be a good idea to create image snapshots on safely locked away discs. (Business Crisis Planning recommends remote, sealed storage to avoid those images becoming infected through later, over-hasty use or simple disasters.) (That's how some 9/11 companies survived) :w00t:

RE: Jason's Column #1000

Jacksprat — Wed, 30 Apr 2008 16:01:14 GMT

I suppose the best firewall to use is a mini computer within your computer, in the form of a USB dongle or PCI card with some Linux stuffed on it guarding the gates to the world?

at least this is no hog on your resources

RE: Jason's Column #1000

ricedg — Wed, 30 Apr 2008 15:07:29 GMT

No firewall ever stopped SpyFalcon from installing itself after the user has clicked OK.
Neither have the firewalls you have installed in schools, by what you say.
But then how could they?
An inbound firewall does however stop the likes of sasser.

I use anti-virus and anti-spyware, but only install a third party firewall on a PC I know is not going to be used behind a hardware firewall.
Anti-spyware is forever picking up little things, but I've not had anything major, nor any virsuses, for years now.

RE: Jason's Column #1000

-Wiz!- — Wed, 30 Apr 2008 14:36:11 GMT

I agree. Although for many the PC is just a tool. They do not have nor want to spend the time to work out it's potential. They view it like you would any other house hold appliance and want it to do as they ask. :)

Many people are not net savy and will happily click on any pop-up that appears offering who knows what without realising the consequences.

RE: Jason's Column #1000

CaptainCAD — Wed, 30 Apr 2008 14:30:32 GMT

I know it's slightly off topic, but since it's been mentioned, I use my PC's for different purposes, the controlled environment allows me to use all of the current seven hundred and twenty freeware applications completely. If I put something on my machine, I use it to the best of my/it's ability. I'll guarantee that the vast majority of people here upgrade or uninstall a piece of software without ever really finding out what it does. I know nobody who actually use their wordprocessor to its full potential, or use it for tasks which would better suit something else they already have installed. The Operating System is one such piece of software too, I simply learn to use and understand them.

My friends and family use their PCs for different purposes, but also do not suffer from these malware problems of which you speak, perhaps they're boring, too controlled or short-sighted, but why act carelessly or recklessly and make yourself a target.

At the end of the day it's a Personal Computer, anything which is Personal to me is looked after and shown respect, not upholding those beliefs is a failing, especially if you have to then rely on something else to help you.

Why leave all your windows and doors open to the world all night, then trust an alarm system and CCTV, to hopefully warn you about an attempted intrusion. Change behaviour and close the bloody things as a matter of routine and only allow trusted people to enter in the first place.

RE: Jason's Column #1000

MartenReed — Wed, 30 Apr 2008 13:54:52 GMT

I think CaptainCAD must just sit and look at his PC.... :P

RE: Jason's Column #1000

Dangerous Dave — Wed, 30 Apr 2008 13:48:06 GMT

I doff my cap to you, CC, and I'm impressed by the regimen you've developed for using and installing software on computers. :cool: (no I'm *not* being funny).

Unfortunately I have a wife and 6 year-old son with stubborn streaks who aren't quite as fastidious with the family PC as I would like them to be.

I am aware that a lot of malware makes use of generic services (such as svchost32.dll) to access the internet, but I hope that AVG, Spybot and ZA that I use at home tries to sort it out. Oh, and I too don't install cracked, hacked or pirated software (having little patience for games helps there) - the software I don't pay for is freeware and I always pay for shareware once the nag screens come up. Of course, being married to a Yorkshire lass means that I'm often investigating new freeware/bargainware (old versions of commercial software), but I try to at least Google about it first to see if there are any well known exploits . . .

Never tried Jetico's product, but we use ISA 2000/2003/2007 at our schools, so I think I have an inkling of what you're talking about.

Lastly, I knew I'd regret the "pessimist" crack. I apologise, I tacked it on at the end of the post because most of the replies to my original post seemed to be along the lines of "software firewalls are a waste of time - when you're infected you have to do a complete system rebuild". Please correct me if I misunderstood - maybe fatalistic was a better word?.

[quote][b]CaptainCAD (30/04/2008)[/b][hr]Responsible PC users do not get this influx of malware onto their machines in the first instance. I have not installed any anti-virus, firewall, or anti-malware product onto my OS's for years now, and I'm as certain as any software product could inform me that they're clean.

I never install software, without fully testing it first, I do not download software, browser addons, toolbars, music or video etc. except in a controlled environment and I do not visit sites which are often responsible for dropping their payload onto peoples PCs. I also don't use instant messaging or play games on my PC therefore I don't have a slew of constantly open ports.

Also I hope you realise that much software will actually still contact home through another allowed service, usually svchost, and bypass your Firewall anyhow.

If you really have got the time, money and patience to see exactly this type of behaviour, try using Jetico Personal Firewall v.2, it's one of the best Firewalls you'll ever use. It'll also make you see how much work, and resources these programs need in order to effectively `protect` you. You'll also probably not use it for very long due too… but you'll see why for yourself.

Incidentally, it's you who's being pessimistic, you believe that your'e infected and your software's out to get you. I, on the other hand, am optimistic that my approach is tried tested and worry free and my PC as a result is more responsive too![/quote]

RE: Jason's Column #1000

-Wiz!- — Wed, 30 Apr 2008 13:30:57 GMT

Ah but you do not seem to use your PC for what the majority of people do (Especially a family orientated PC). In fact I struggle to imagine what you do use it for except CAD work and forum posting. :hehe: :)

RE: Jason's Column #1000

CaptainCAD — Wed, 30 Apr 2008 12:56:54 GMT

Responsible PC users do not get this influx of malware onto their machines in the first instance. I have not installed any anti-virus, firewall, or anti-malware product onto my OS's for years now, and I'm as certain as any software product could inform me that they're clean.

I never install software, without fully testing it first, I do not download software, browser addons, toolbars, music or video etc. except in a controlled environment and I do not visit sites which are often responsible for dropping their payload onto peoples PCs. I also don't use instant messaging or play games on my PC therefore I don't have a slew of constantly open ports.

Also I hope you realise that much software will actually still contact home through another allowed service, usually svchost, and bypass your Firewall anyhow.

If you really have got the time, money and patience to see exactly this type of behaviour, try using Jetico Personal Firewall v.2, it's one of the best Firewalls you'll ever use. It'll also make you see how much work, and resources these programs need in order to effectively `protect` you. You'll also probably not use it for very long due too… but you'll see why for yourself.

Incidentally, it's you who's being pessimistic, you believe that your'e infected and your software's out to get you. I, on the other hand, am optimistic that my approach is tried tested and worry free and my PC as a result is more responsive too!

RE: Jason's Column #1000

wyliecoyoteuk — Wed, 30 Apr 2008 12:42:32 GMT

I have installed AV and Firewalls on Pcs I have sold to friends.
Only to find, next time that I see them they are turned off!

I use Linux at home, and at work, my IDS system is far more effective than individual firewalls on PCs.
(Together with tight user controls).

I have been using the intrenet for over 10 years, and the only time so far (cross fingers) I have lost CC details was in a french "hole in the wall" machine.

RE: Jason's Column #1000

-Wiz!- — Wed, 30 Apr 2008 12:28:14 GMT

I'm not a pirate (Arrgh!) but reason two is precisley why I use a software firewall. I don't see why every piece of software needs to have access to the net. :)

RE: Jason's Column #1000

Dangerous Dave — Wed, 30 Apr 2008 12:02:48 GMT

Wowsers! And to think I had a feeling I'd need asbestos underwear after that post :crazy: !

I have to agree with most posters that the reason for a software firewall is to stop already installed malware (and adware, and monitoring software and Microsoft et. al.) from sending messages out from your PC once infected. I'm glad I wasn't flamed in that respect.

But, I find the attitude of most posters such as Jason, Wylie, CaptainCAD etc. a bit puzzling . . . not that I want to get into an "I'm right and your wrong" discussion - your points are valid; if your PC has been infected, then it may well be time to reach for the Windows Install Disc and last set of backups.

The thing is, without a software firewall telling you about malware "phoning home", how would you know? Back in the dial-up days it was blindingly obvious when you were being 0wn3d in such a way, your bandwidth would get sucked dry. But if you've got 8Mbit on tap? Also, what about the social responsibility of ensuring that your PC isn't infecting others, or contributing to a spambot network? Not to speak of the fact that, if haxx0red, the first few packets out of your PC are possibly going to be passwords and your online banking details?

Am I being too paranoid? Too prissy? Too optimistic of my skills in wiping out the Malware/virus? Or maybe too optimistic in general, everyone on this thread seems a little cynical and pessimistic?

As an ICT officer for North Yorkshire Schools, I see more than my fair share of virus infections on PCs (kids do looove their IM and webgames:( ) and we use an enterprise version of Sophos here. I have found that it detects and clears infections, PUA's and malware very well. But then I tell it to delete anything it finds (no messing with "quarantine" here), even system files. My reasoning has always been that if a PC is so infected that the system files have been compromised, deleting them is as good an excuse as any for a reinstall!! If anything, my only complaint is that Sophos is *too* enthusiastic, as installing software from compressed folders on network shares seems to set off the on demand spyware checker, resulting in dll's not being copied to the PC and failed installs, ahem :ermm:

If you want to see what effect on network performance an infected PC has, run Wireshark when you've got an infected PC - you'll see network traffic blossom to incredible levels as the infected PC constantly sends packets to the other PC's which get rejected from closed ports or the AV - reducing valid network access to a crawl. Which brings me back round to software firewalls, with one of those on the infected PC at least you can keep all the "electronic pus" off the network (LAN or interweb) until you can fix it in your own inimitable style! :cool:

RE: Jason's Column #1000

CaptainCAD — Wed, 30 Apr 2008 09:45:46 GMT

Well I've got to go along with Dave, Jason and even 'the wylie one' on this, the Software Firewall is generally of no use.

The best uses are for:

Helping further lock down a system whereby the usual methods cannot fully prevent local users from accessing the network with specific programs or protocols.
rare
Stopping software from calling home.
common

The reason for the latter is that commonly PC users are running pirated software and need the Firewall to prevent them from being found out.

Please understand that this is not an accusation that all those using Software Firewalls are breaking the law, however in the last fifteen years of PC repair, I'd say that less than 5% of all machines I've had in contain no illegal software.

It is therefore my general opinion that using a hardware firewall and not allowing things on your PC which shouldn't be there is the only option required.

RE: Jason's Column #1000

wyliecoyoteuk — Tue, 29 Apr 2008 22:04:05 GMT

The only reason for an outgoing firewall is to track software that has been installed on your PC and is phoning home.
If that happens, your inbound firewall has failed, malware is installed, and your machine has already been compromised.
By that time it is usually too late, often even AV software will not completely remove the problem.
That is when a proper IDS system starts complaining.
I run firewall, IDS, AV and proxy on my company's (smoothwall) firewall, between the router and the network.
Windows firewall is disabled on most PCs, but all run AV, and user permissions are restricted.
I check the logs regularly.

RE: Jason's Column #1000

martintfs — Tue, 29 Apr 2008 20:46:42 GMT

I stopped using a software firewall on an old laptop that was struggling to run XP (not much memory) and turned the Windows firewall back on. This helped performance and there have been no security problems.

Im thinking of removing the AV to free up a little more memory and running scans via my LAN from another computer. Can anyone recommend an AV program that will do it ?

RE: Jason's Column #1000

Jason — Tue, 29 Apr 2008 15:11:36 GMT

As with Dave (above), I stopped using a software firewall some time ago and it's made not the slightest difference. The router's firewall is enough.

If I've made a mistake (it wouldn't be the first!), I apologise. I freely admit that networking isn't my strongest subject. I maintain that the general advice was correct, but maybe my way of getting there wasn't! :-(

RE: Jason's Column #1000

columbo77 — Tue, 29 Apr 2008 13:39:58 GMT

I haev a router with Hardware firewall in it and ZA on all pc's on the network. AV on all as well.

RE: Jason's Column #1000

Bruce R — Tue, 29 Apr 2008 13:08:08 GMT

Some folk are luckily protected by the software, firmware and hardware of their chosen ISP. I used to be so protected, on a business community server, until the numpties who ran it cut the IT budget and protection, quickly making them a lucrative target. Lucky to have my own decent AV suite and firewall, that protected my PC and warned me, I quickly got re-homed on to a protected server. ;) (It's probably just a coincidence that the business community later went bust.)

RE: Jason's Column #1000

ricedg — Tue, 29 Apr 2008 12:48:35 GMT

I have not used a third party software firewall for years and my machine is neither spyware nor virus ridden.

Jason's Column #1000

Dangerous Dave — Tue, 29 Apr 2008 11:00:34 GMT

Hi all,

I've just read issue 1000, and found it to be great from cover to cover. Well, except for a bit of a blunder from Jason D'Allison in his column.

The first question referred to software firewalls, and the merits (not) of the Microsoft Firewall in XP. I agree with Jason that the XP Firewall is . . . erm . . . "poor" to put it politely, and the fact that it doesn't Filter outgoing network traffic is indeed the main reason.

But on the next paragraph Jason admits to only using a hardware firewall on his Router! Does he not realise that these, too, do not block outgoing IP/UDP traffic from the local network? So, he decries the XP firewall for one reason, but advocates a hardware solution, which has exactly the same fault! Sorry Jason, "classic schoolboy error" there, old son!

In fact, the reason (as I'm sure many here know), that hardware routers don't block outgoing traffic is that only the originating computer (or more likely the computer operator) can intelligently filter outgoing requests by software - the hardware firewall *has* to assume that any requests from other devices on the network are valid (it could ask them I suppose, but I'm not aware of any manufacturer that actually implements such a scheme).

This is why all PC's on a LAN should have a good, up to date software firewall, to prevent them from sending *out* unwanted packets from software on the PC.

I wouldn't mind so much, but MicroMart itself has discussed the merits of hardware and software firewalls in the "What's the Worst That Could Happen . . ." series, iirc.

Tut, tut Mr D'Allison - hang your head in shame! :P