...yeah, possible. Or maybe family may be paying for it, and just got him to find out which is the best. Who knows.Originally Posted by The Heretic Azazel
I've read somewhere that getting VB100 awards doesn't accurately reflect real-life performance and security. That's as far as I understood though. VB100 awards is what ESET boasts most about NOD32.
On the other hand, I've had a friend who lived at my place who had Kaspersky, and I never heard of him getting a false positive. AVG on the other hand, has give me several. One time it thought Zone Alarm was a worm
@Archie: I forgot if I answered your question before about wireless internet connection, so I'll address it again.
A) If you use a wireless internet connection, ie no phone cables, connection is on air, that's no different than a normal internet connection regarding security. As long as the modem/router's got a hardware firewall, you're covered from internet invaders. If you're unsure, check the model on the brand's website. You can always post the model number here if you're still lost.
B) If you use a wireless LAN connection, ie no cable connects your computer to the router/modem, you should still be fine as long as the router's firewalled, and you've got WPA or better as your wireless encryption (WEP does NOT count, you can download tools designed to hack WEP in no time).
What a software firewall would help you with is against other people on your LAN, or for example, if you frequent airports with unsecured Wi-Fi. However, if you plan to use a firewall for your home network as a a protection against hacking, hardware firewalls are all you'll need.
Hardware firewall
To qualify for sufficient hardware firewall protection, it should provide the following:
1) NAT (Network Address Translation) security - To the people on the internet, your router is the only computer that's accessing the internet. It's got an external IP that others can see. Every bit of data is sent to the router as if it's the computer that requested it. That's the case whether you have 1, 2 or 50 users at home sharing the internet.
What your router does is act as its own IP server (aka DCHP server), and gives out internal/LAN IPs to people in the house. All the information received from the internet is interpreted by the router. It figures out which computer sent or requested the data, and bounces it to the relevant local computer.
Basically, with a NAT firewall, others on the internet should not be able to see you directly, as your router rewrites all the packet headers of your computer before it lets them out. Your local IP only works for local computers, and from the outside, it seems like your router is the sole computer doing all the activity.
If you don't have NAT, or disabled it, people can see your computer directly. You should then get a software firewall.
2) SPI (stateful packet inspection) feature: SPI functions as a check for packets handled by the router. In short, it checks for packets to see if they belong to a valid session. For example, if you're browsing Gotwoot, it sees packets from associated with forums.gotwoot.net as legitimate, since the user accessed it. Meanwhile, if a hacker decided to have a go at you, his packets, originating from 203.197.X.X on someISP.com.jp, it would not be legitimate, since your session/activity has nothing to do with that address. Your router discards the packets. Note: SPI firewall checks for packets according to a valid session, not content.
You should have both SPI and NAT enabled, unless you've got a crap router, or you've got special circumstances. In that case you should know what you're doing
Additional info: DPI (Deep Packet Inspection) is another method used by firewalls. These firewalls don't check for where the packet came from, (that's what SPI firewall's for), but rather, scans the packets for content. In that sense, it's more for antivirus/antispyware protection, as it checks for malicious content.
DPI isn't required for anti-hacking functionality. SPI and NAT are what you should check for.
And since you use a wireless LAN (I'm assuming)
Wireless LAN security
Things you should be aware of:
1) Encryption: I've gone over this before. In short, use WPA or WPA2. Don't even bother with WEP, of any strength. I'll go through why after I've explained the rest.
2) hidden SSID: A hidden SSID means your wireless your wireless network doesn't show up when you (or other people) perform a "scan for local wireless networks" action. You need to know the name to get it. However, this feature is easily compromised with a packet sniffer. If you use WPA, this protection is insignificant. Use it simply for the sake of it, and so people don't know the wireless network exists (for non-hackers), so you've still got some sort of security left if you needed to disable WPA temporarily. However, some things don't like hidden SSIDs. From experience, Vista keeps disconnecting when I used it.
3) MAC address filtering: Router checks the MAC address of devices connected, and only allows connections from valid machines. Again, easily compromised with a packet sniffer. All it takes is to monitor the wireless activity, see which MAC address are "valid", then copy and paste it as your (hacker's) network card, and "tada", you're suddenly valid. Again, this shouldn't matter if you've got WPA.
Bottom line: If you've got WPA/2, that's all you'll need. Features 2 and 3 are insignificant, and are more an inconvenience than a protection.
If you've got old hardware, and can only use WEP (happens if you've only got 802.11b), then enable MAC address filtering, make your SSID invisible, and leave the network unencrypted.
MAC filtering and hidden SSID will be enough to ward off any curious neighbours and non-hackers. Anybody good/smart enough/pissed off enough to read up how to get past both these should know how to break WEP in under half an hour anyway, so just disabled WEP for added performance. (You'll need it if you've still got 802.11b)
You probably knew all that already Archie, but I was bored, so.....
To check your protection against hacking, go to Shields Up, and perform a test for "all service ports"
I second Xelbair's partitioning method. Lots of users who've had serious virus problems use that. I've heard of a slight variation though:
Partition 1: system files AND program files
Rational: virus tend to infect system files and C:\documents and settings\User files. However, programs install themselves into system subfolders too, and some won't work if you've restored a backup prior to your program install. Installing both into one partition and backing up both works around this problem.
Problem is, of course, it only works like this until you've filled up that partition. So if you've underestimated your max usage, or simply installed that much stuff, you'll have to install stuff to a second partition, and the problem arises again.
Partition 2: Data/Media and My Documents
A separate partition for your media files as well as a place to store all your documents. As the name suggests, users who use this method store all their personal files (my documents, my pictures etc) here instead of the default under C:\. This is so you can restore your Parition 1 without wiping out all your important stuff.
Reply With Quote