Secure Yourself

Whether or not you need a firewall for outbound protection is debatable, but many people like using it. Also using a good software firewall allows for strict rules to be setup for all internet facing applications and services, which again some like to have (and it is in fact a safer setup, but still strictly speaking not absolutely needed).

You are referring to outbound traffic, right ? I ask because the part about the rules confuses me. You do not need any rules for outbound traffic as it is not blocked by routers. All traffic like browsing a web page is initialized by the client, and is using a outbound connection.

For inbound traffic it is in fact not simple to send data from the outside through a router if the data is not bound for a client. That is what NAT does, the router will simpely drop ALL unsolicited traffic, it can't do anything else. It is a happy side effect of NAT, it is not something the router "thinks" about, it simpely can not send traffic to any of the clients because it's not destined for any client, so it just drops it.

NAT Router Security Solutions

As for having a software firewall and a router, again it depends. But having a firewall on (like Windows own) is not a bad idea on a LAN where you can't 100% trust the other clients on the LAN. So if another PC on the LAN is infected with a worm hopefully the firewall will block it. But it depends on the firewall, windows firewall has been known to let some get through if the worm is using a vulnerable service which the firewall by default is set to let through.

 

Yes, I'm mainly referring to outbound traffic but routers can still be compromised and allow inbound traffic in a number of scenarios. Also if an infected Laptop or PC is plugged into a LAN every client can become infected very quickly. That is reason enough to run a decent firewall and antivirus solution. It only takes one dopey friend who never uses antivirus and downloads from dubious places to unleash a whole bag of hurt.

It is simply astounding how many businesses run absolutely no security software and even more of a pain to clean up the mess and recover files. If one or more clients uses an operating system with a different language it gets even worse as some security software can not remove malware in situations with non default languages, without using a custom removal tool anyway.

Even with good security policies in place business managers still insist on knowing the Administrator's password and then quietly hand it out to employees so they can create their own internet connections. It doesn't take too much imagination to work out what could happen if the Admin has a remote login setup and then if you add the ever increasing number of exploits it begins to get really scary.

If you keep regular backups it may not be such a problem, but the number of people who do is surprisingly low.

 

Compromised from the outside, without ever being on the inside ? I would be interested if you can give some examples.

As for strictly speaking NAT. I don't think i know of any magic way to get unsolicited traffic routed to a host, because the router simply can't do the routing. The router is not being smart about it, it's more like it's deaf dumb and blind. You can't really trick it because it is simply not capable of doing the routing (it can't find you). As such (as far as i know) you can't trick it because it just doesn't know what to do with the unsolicited traffic.

Now however if something on the host/client is actively seeking to bypass the NAT, then yes, but that is another thing altogether. That is comparable to having malware on the system which can make a tunnel through the router. Like it has been suggested with the Teredo Protocol. It's not the routers fault, and if you look past the fact that the Teredo Protocol is a OS service, it would again be somewhat comparable to having malware on the system which can make a tunnel through the router. Which is not a failing of NAT.

But i can think of a few ways to compromise a router. However pretty much all fall under the category of being either the users fault or a flaw in the router which would be the vendors fault, and as such it is not a failing of NAT. One way would be if the user has a weak password and it gets hacked, then the attacker can re-configure the router (e.g. put a host in the DMZ). Another is if the router's firmware is vulnerable, in which case it can possibly get compromised. Again both are not a failing of NAT.

That's what i said, for LAN protection having a software firewall is not a bad idea. But as for anti-malware software if your LAN gets compromised and it gets on your system nothing you install will necessarily save you, it's better then nothing but still not a silver bullet. To say anything for sure you would have to know the attack, and the capabilities of the software. Once on the system the malware can bypass both software firewalls and anti-virus detection. Some better then other, but all software can fail on a compromised system, which is one of the arguments against software firewalls, blocking malware from making outbound connections is often of dubious use as malware can install itself as something the firewall won't block.

Cleaning is damage control, the damage has already been done so in a business environment it is not advisable. The system should be wiped and reinstalled/imaged.

Yes and no. If the system is running as admin then yes you get what you asked for. However as for security policies you can use SRP (Software Restriction Policies) quite effectively, however most admins can't deal with the hassle of maintaining it. Or you can use something like Deep Freeze or Windows SteadyState.

Backups are vital, however it will not save you from getting your credentials compromised (passwords, banking, etc. personal information), which a lot of people forget about.

 

I totally agree with what you are saying. It all comes down to user fault most of the time. Basically every scenario you have pointed out I have seen people do. I also agree with completely restoring a compromised system which is how I handle any customers problems, remove drives from their systems and clean them then reinstall everything. Pretty much everyone I deal with except for a small number, run poor security and rarely backup their data, no matter how much encouragement and resources they are given. We have laws to protect customers data here in Australia but it seems very few people care unfortunately.

 

I have OS X in PC (Retail install, with boot-123) and a iAntivirus. I think it´s useless, but you never know...:nerd:

http://www.iantivirus.com/

 

It is better to take measures to secure yourself than just hoping you never get a virus. You are being proactive, while other users out there who take no action may unwittingly be helping the spread of some malware.

OS X will most likely become more of a target in the near future. Already devices such as Netbooks and other systems aimed at budget conscious consumers are gaining popularity in markets traditionally dominated by Windows based Laptops and PCs. Malicious individuals may begin to increasingly target different operating systems like those based on Unix and Linux as they become more widespread.

With fast internet services like DSL, Cable and Wireless, where users often leave there modems or routers continually switched on, there is an increasing need to understand how to secure these services. Understanding your model of modem\router should allow you to change the default password to something secure and implement any other security features available. Understanding the software firewall that may come as part of your operating system (or 3rd party firewall software) may help stop information from leaving your computer if something nasty like a Keylogger does happen to make it past your security defences.

There are some people who will tell you that a modern modem\router with NAT capabilities or perhaps SPI will stop anything. As people become more relaxed however, there is an increasing danger that common software behaviour and firewall rules can be taken advantage of to let malicious activity slip past undetected.

The best protection is always to assume nothing is 100% safe, to increase your knowledge of how, why and when your installed software accesses the internet, and the specifications of your particular net-capable hardware and any weaknesses it may have.

One simple step is to turn off any modems or routers when they are not going to be used for any length of time, instead of letting them run 24/7. There are many wireless capable modem\routers with default passwords that never get switched off, ever.

 

I think this sticky should be updated every year with the latest best recommended protection software out there now am wondering what is the best firewall av an spyware protection for 2009?

 

anti-viruses are for idiots. KNOW WHAT YOU'RE CLICKING ON! That's my anti-virus, and it uses 0 system resources. I bought my computer to do stuff I want, not use all my resources to give me a false sense of "security".

I have never used any anti-virus and I have never gotten a virus. The first thing I did when I got this computer home was uninstalled the anti-virus. WOW magically it boots 100x faster.

I do have a little brother who would constantly try to use my old computer, and yes he did get some viruses on there. But that boils down to what I said before, and that is know what you're clicking on. Don't get me wrong though, I have tried them. They never worked for me, no matter which one I tried. I tried every damn anti-virus there is on the virus he put on there. They did absolutely nothing except waste my time. The only real fix for a virus is the good old format + reinstall windows.

Bottom line, the end user determines whether you get a virus or not. Not your anti-virus.

idiots + computers = don't mix

I also uninstalled the anti-virus on my older bros new laptop. he complained because it was running slow. Once again magically his laptop is 100x faster. This was about 4 months ago, and he has had no problems. His wife and even his 6 year old daughter use it, and still no problems. Anti-viruses are useless. They are there to exploit your fears and get you to pay for a false sense of "security". Stop falling for these tricks and be SMART on the internet.

edit: forgot to mention, I DO use windows firewall, but that's as far as I go.
also, Windows Security Center = turned OFF

 

Oh god, another one. To any posters after this: Don't even try to dissuade him, he is indoctrinated.

 

HA! I'm the indoctrinated one?? LOL!

a little common sense goes a LONG way....


I am very active in the "warez" scene, and still nothing. I bet none of you would even dare go near any warez site because of your "fears" and the many many many false positives your precious AV's give you.

 

So you got a CISCO router?
Most home routers don't have much to offer concerning hardware firewall.
You will find that most products aimed for the home marked still don't include essentials like DDoS/DoS Attack Protection, Packet Inspection and so on.
As for the smart people saying that they know what to click and trust their Windows Firewall, you don't even need the user to interact to get into their system.
http://www.matousec.com/projects/proactive-security-challenge/results.php
96% of all leak-tests penetrated the Windows Firewall.

@r0llinlacs
Your statement "idiots + computers = don't mix" makes you the greatest idiot, since you are ignoring factors that you obviously don't have a clue about.

 

Somewhat Paranoid Stoner...

Q:
what is the best of the best for malicious AV & AS :biggun: protection.

 

common sense is the biggest form of protection.

 

Anyone who say's they don't run av cause it's a resource hog or it slows down their rig needs to upgrade from thier single core lol...

I have ran without av, WHEN I WAS FORMATING!!! A firewall and av doesn't slow down your average computer. Sure maybe your moms 5yr old laptop runnin vista with 1g ddr400...

 

so since the list in the first page is outdated...which AV are the good ones currently? i've been using kaspersky.. somehow I just don't believe the top 10, top AV list at certain websites so that is why i'm asking here? you can say what attracted you to use em too

Thanks!

 

Agree...

 

MSE is the BEST and it's FREE!
combo it Malware Bytes Anti Malware and you are set to go.

 

http://www.av-comparatives.org/en/comparativesreviews/detection-test Make your own mind up from here

 

This thread is a bit outdated....


BitDefender free solutions...
BitDefender Free AntiVirus
Bitdefender 60-Second Virus Scanner
BitDefender USB Immunizer
BitDefender Safego
BitDefender TrafficLight

Avast
Avast AntiVirus

Avira
Avira AntiVirus

AVG
AVG AntiVirus

Comodo
Comodo Antivirus
Comodo Firewall
Comodo Internet Security

 

I use Norton Internet Security. Is that good?