ChrisGamlin
|
posted on 16/2/07 at 07:18 PM |
|
|
Good to see that etrust didn't dissapoint me, today for the second time in 3 months I had to send Computer Associates a sample of a trojan worm
that their software was unable to detect.
After they told me what it was and I looked it up online, Sophos amongst others had definitions to detect it last AUGUST!!
|
|
|
jolson
|
posted on 18/2/07 at 08:53 PM |
|
|
Until yesterday I was running AVG. I ran a full system scan, no virus's (virii?)
Uninstalled AVG and installed Avast. Full system scan found 2 virus'.
I changed antivirus programs because I was looking for a full suite (don't mind paying for a good product) and Avast always seemed to score
better in the tests than AVG
Cheers
John
|
|
britishtrident
|
posted on 19/2/07 at 08:13 AM |
|
|
A few points that are getting missed:
Your first line of defence is your ISP, decent ISPs have excellent mail scanning.
ALL scanners give false positives but some are much more prone to it than others, Avast seems to be by far the worst in this respect, even AVG over
reports. So just because virus scanner A reports a virus that scanner B doesn't can't be taken at face value that A is doing a better job
than B. Even my favourite Avira which has proved 100% reliable at keeping viri out over a good few years classes some legitimate software tools as
malware.
The problem with Norton isn't that it doesn't do a good job of dealing with viri but that it slows down the computer to a unacceptable
degree, this problem seems to get worse the longer Norton has been installed on the PC. I have seen problems with Norton so often that I now actually
regard all Symmantec software as malware, when a client phones up for help with a PC that is running very slowly my first question is always "Do
you have Norton installed ?" the answer is invariably yes.
The other problem with Norton is that it doesn't uninstall cleanly, even after downloading a special Norton software removal tool from
Symmantecs website.
McAfee is pretty good but Avira http://www.free-av.com/ has it all.
Hijackthis should be run before and after installing any software.
|
|
martyn_16v
|
posted on 19/2/07 at 06:45 PM |
|
|
quote: Originally posted by britishtridentYour first line of defence is your ISP, decent ISPs have excellent mail scanning.
All very well but there are plenty of viruses (virii?) that don't spread via email and rely on you being stupid enough to open attachments in
spam, many will scan for open ports and insert themselves through any number of vulnerabilities (e.g. Blaster, that was a fun one). The increasing use
of firewall equipped routers will help here I suppose but there's still going to be plenty of targets about for these kinds of attacks.
At the end of the day it's all down to user awareness, if you're behind a firewall and don't click on anything you shouldn't
then you'll probably be fine, but there are plenty of fools looking for free pron on an unprotected machine.
|
|
britishtrident
|
posted on 19/2/07 at 07:35 PM |
|
|
Yes router firewalls are getting very clever, I recently installed a Be Box Speedtouch 780(WL)(i) at home and was very impressed by the wirewall
options and intrusion detection.
Be supplied the router fully configured for connection and security, only the Admin password needed to be changed.
Having said that if protecting a small business network I would use an IPCop or similar firewall between the network and the router.
[Edited on 19/2/07 by britishtrident]
|
|
ChrisGamlin
|
posted on 28/2/07 at 01:17 PM |
|
|
Astaro is the best incarnation of a Linux firewall that Ive seen, not the easiest to set up by any stretch of the imagination but thats not suprising
as its an enterprise class firewall that competes with Checkpoint and Cisco rather than simple home user orientated appliances/software, but for
limited home use as a basic firewall its free, or fully featured (but limited to 10 internal IP addresses) its £40 / year, giving pretty much every
type of protection you could want.
[Edited on 28/2/07 by ChrisGamlin]
|
|
britishtrident
|
posted on 28/2/07 at 08:53 PM |
|
|
But IPCop is GPL "100% free" -- 100% effective, 100% reliable with great community support.
The only limitations come if you try do do something really fancy like try to get it to use two ADSL lines on the WAN (red) side.
|
|
ChrisGamlin
|
posted on 28/2/07 at 09:53 PM |
|
|
LOL nice sales pitch
Dont get me wrong, Ive used IPCop and it's very good and certainly what Id recommend to the average home / small business user if they want
something simple and reliable to set up, but for the IT geeks amongst us, Astaro is a firewall and a little bit more.
As well as being a firewall / IPS, for £40 it also has (Kaspersky) virus/spam/phishing filtering on Email traffic, content filtering, virus and
spyware protection on all web traffic, and lots of other stuff like bandwith optimisation and SSL / IPSec VPNs etc.
Have a nosey though the online Front End / GUI demo and you'll see what I mean.
[Edited on 28/2/07 by ChrisGamlin]
|
|