Which Internet Security suite is best?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am a home user with 2 networked computers.  I plan to buy a third
soon.  I use a linksys router to connect the machines to each other,
the internet, and for DHCP.

I currently use AVG Internet Security suite.  The license is about to
expire.  Basically I think it's a good product, but I find the
interface to be very awkward, and the firewall doesn't appear to do
full stealth mode since I haven't been able to stop it from responding
to a ping (I use the test available at grc.com).  One review said it
doesn't protect against scripting viruses either.

In the past I tried Trend Micro, Norton, and ZoneAlarm.  Norton seemed
to go deep into my system and mess things up real good.  I ended up
reinstalling the OS to remove all traces.  Apparently, being the most
popular software doesn't make it the best.  Trend Micro was OK, but it
also responded to a ping and their support really pissed me off so to
hell with them.  ZoneAlarm was the only one that would do total
stealth, but it really impacted system performance and had to be
disabled for quite a few websites to work.

Right now I'm looking at Kaspersky and NOD 32.  I would appreciate
comments about your preferred software (not necessarily limited to the
2 above).  Positive and/or negative comments would be appreciated.

Re: Which Internet Security suite is best?

On Wed, 27 Jun 2007 18:40:10 -0600, hacker@lonegunmen.org wrote:

Quoted text here. Click to load it

I thought the default Linksys configuration would prevent a response
to external pings. Did you change that behavior?

Quoted text here. Click to load it

I used AVG Free for over a year, (Norton Systemworks before that), and
recently (5-6 months ago) switched to NOD32, partly based on
recommendations I saw in this group and including links to other 3rd
party AV testing sites. So far, I like NOD32 and plan to use it
indefinitely.


Re: Which Internet Security suite is best?

wrote:

Quoted text here. Click to load it


No.  The only linksys changes I made were to update to the latest
firmware and change the default password.  In the software firewalls I
disabled anything having to do with ICMP echo as well.  I don't recall
having to do anything with ZoneAlarm.  I just did it without me having
to do anything.


Quoted text here. Click to load it

Thanks for the feedback.

Re: Which Internet Security suite is best?

Langly aka hacker@lonegunmen.org,after much thought,came up with this
jewel:

Quoted text here. Click to load it

Perhaps you should check the firewall settings on the router. My
netgear router got a perfect score on the grc test.
 
Quoted text here. Click to load it

NOD gets my vote.
max
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.

Re: Which Internet Security suite is best?

wrote:

Quoted text here. Click to load it

On my Linksys WRT54G running firmware 4.21.1, the web GUI includes a
Security tab. Clicking it defaults to the Firewall page. On that page
I have the following:

Firewall Protection:  [X] Enable   [ ] Disable

Block WAN Requests
[X]  Block Anonymous Internet Requests
[X]  Filter Multicast
[ ]  Filter Internet NAT Redirection
[X]  Filter IDENT(Port 113)

Those are the defaults, and here's what the Help says about the "Block
Anonymous Internet Requests" option:
   "By enabling the Block WAN Request feature, you can prevent
   your network from being "pinged," or detected, by other Internet
   users. The Block WAN Request feature also reinforces your network
   security by hiding your network ports. Both functions of the Block
   WAN Request feature make it more difficult for outside users to
   work their way into your network. This feature is enabled by
   default. Uncheck to disable this feature."

Note that it's enabled by default. If you're running a different model
Linksys, or different firmware, you may have to hunt around a little
to find the same or similar setting.


Quoted text here. Click to load it

One of the nice things about a NAT router is that it blocks that
garbage traffic coming from the Internet so that your software
firewall never sees it.

-Char

Re: Which Internet Security suite is best?


| wrote:
|
Quoted text here. Click to load it
|
| On my Linksys WRT54G running firmware 4.21.1, the web GUI includes a
| Security tab. Clicking it defaults to the Firewall page. On that page
| I have the following:
|
| Firewall Protection:  [X] Enable   [ ] Disable
|
| Block WAN Requests
| [X]  Block Anonymous Internet Requests
| [X]  Filter Multicast
| [ ]  Filter Internet NAT Redirection
| [X]  Filter IDENT(Port 113)
|
| Those are the defaults, and here's what the Help says about the "Block
| Anonymous Internet Requests" option:
|    "By enabling the Block WAN Request feature, you can prevent
|    your network from being "pinged," or detected, by other Internet
|    users. The Block WAN Request feature also reinforces your network
|    security by hiding your network ports. Both functions of the Block
|    WAN Request feature make it more difficult for outside users to
|    work their way into your network. This feature is enabled by
|    default. Uncheck to disable this feature."
|
| Note that it's enabled by default. If you're running a different model
| Linksys, or different firmware, you may have to hunt around a little
| to find the same or similar setting.
|
Quoted text here. Click to load it
|
| One of the nice things about a NAT router is that it blocks that
| garbage traffic coming from the Internet so that your software
| firewall never sees it.
|
| -Char

As always...
I suggest to specifically block both UDP and TCP ports 135 ~ 139 and 445 on
*any* SOHO
Router.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Which Internet Security suite is best?

On Thu, 28 Jun 2007 02:46:41 GMT, "David H. Lipman"

Quoted text here. Click to load it

Thanks for the feedback.

My router is a linksys BEFSR41 V2, with firmware:  1.46.02, Aug 03
2004.  Here are the current relevant setting values I have:

Block WAN Request:          Enable
Multicast Pass Through:        Enable
IPSec Pass Through:         Enable
PPTP Pass Through:         Enable
Remote Management:         Disable   Port: 8080
Remote Upgrade:        Disable
MTU:                                   Disable   Size: 1500
Filter Internet NAT Redirection:       Disable  
Filter IDENT(port 113):         Disable  
     
I'll try changing the last one (port 113 filtering), and the suggested
port blocks too.  Right now none are filtered.

What has me puzzled is that ZoneAlarm seemed to get the job done with
these settings.  It's a pity it caused such a noticeable performance
hit with the antivirus, antispyware, etc. and had to be disabled for
several trusted websites to work.

So far NOD is getting best software feedback, unless others need more
time to respond.

I do appreciate the responses from everyone.

Re: Which Internet Security suite is best?

On Thu, 28 Jun 2007 02:46:41 GMT, "David H. Lipman"

Quoted text here. Click to load it

My understanding is that all inbound ports are blocked by default, as
confirmed by grc.com. By "block", do you mean specifically opening
those ports and perhaps forwarding them to a non-existent LAN IP? I
just prefer to let them be blocked along with everything else.

-Char

Re: Which Internet Security suite is best?



|
| My understanding is that all inbound ports are blocked by default, as
| confirmed by grc.com. By "block", do you mean specifically opening
| those ports and perhaps forwarding them to a non-existent LAN IP? I
| just prefer to let them be blocked along with everything else.
|
| -Char

Effectively they are not.  They are akin to doors that can be opened.
Specifically blocking the ports on the Router effectively locks those doors and
they can not
be opened.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Which Internet Security suite is best?

On Fri, 29 Jun 2007 01:31:32 GMT, "David H. Lipman"

Quoted text here. Click to load it

Please explain.


From the outside? I think not, but please correct me if I'm wrong.

Quoted text here. Click to load it

So let me ask again - what do you mean by "specifically blocking the
ports on the router"? I only have experience with Linksys and D-Link
routers, and neither of them offers that feature. I repeat, are you
talking about specifically OPENING those ports and forwarding them to
a non-existent LAN IP? Is opening those ports more secure than leaving
them closed?

-Char

Re: Which Internet Security suite is best?


wrote:

Quoted text here. Click to load it


Dave's been advocating this for a long time now. iirc it was after
some local lan netbios packets traversed his router outbound. Not
inbound, as you say, since they are dropped unless specifically
forwarded.

However, uPNP (often enabled by default) allows the router to be
configured automatically from the inside so if you think uPNP and
trojan at the same time, perhaps it's not a bad idea after all.


Quoted text here. Click to load it

He doesn't mean that. He means blocking them with the router's
firewall (if available) even though they are already blocked by the
general operation.

Just in case.


Jim.


Re: Which Internet Security suite is best?

wrote:

Quoted text here. Click to load it

Ahh, I see, once bitten, twice shy.

Quoted text here. Click to load it

I don't have a use for uPNP, so I have it disabled. Good point,
though.

Quoted text here. Click to load it

Got it, thanks!


Re: Which Internet Security suite is best?

Quoted text here. Click to load it

If you have a UPNP router and have not disabled that feature then you've
got more problems that wondering about security.

Additionally, if you have a cheap NAT Router (which is not a firewall)
and you've left it at the default subnet (192.168.0.x or 192.168.1.x)
then you need to change it to something else (192.168.32.x) so that the
known hacks can't find it at the default address - you should have
already changed the login password also.
 

--
Leythos - spam999free@rrohio.com (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.webservertalk.com/message1907860.html
3rd link shows what he's exposed to children (the link I've include does
not directly display his filth). You can find the same information by
googling for 'PCBUTTS1' and 'exposed to kids'.

Re: Which Internet Security suite is best?


| On Fri, 29 Jun 2007 01:31:32 GMT, "David H. Lipman"
|
Quoted text here. Click to load it
|
| Please explain.
|

I wish I could explain it better.


Quoted text here. Click to load it
|
| From the outside? I think not, but please correct me if I'm wrong.
|

They can be invited by the inside and it is possible a well crafted packet may
open the port
from the outside.


Quoted text here. Click to load it
|
| So let me ask again - what do you mean by "specifically blocking the
| ports on the router"? I only have experience with Linksys and D-Link
| routers, and neither of them offers that feature. I repeat, are you
| talking about specifically OPENING those ports and forwarding them to
| a non-existent LAN IP? Is opening those ports more secure than leaving
| them closed?
|
| -Char

I use a Linksys BEFSR81 and have used the BEFSR41.
http://192.168.1.1/Filters.htm

I have also setup other Routers such as Asante and D-Link.  Specifically
blocking ports is
there and it has NOTHING to do with uPnP.  It also has NO negative consequences,
only
benefits.

See the graphic posted in;  alt.binaries.comp.virus
Subject:  Re: Which Internet Security suite is best?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Which Internet Security suite is best?

On Fri, 29 Jun 2007 20:43:29 GMT, "David H. Lipman"

Quoted text here. Click to load it

I found the graphic, thanks. I don't think this is something I'm going
to worry about, but I see your point.

-Char


Re: Which Internet Security suite is best?


On Fri, 29 Jun 2007 20:43:29 GMT, "David H. Lipman"

Quoted text here. Click to load it

What's the benefit of blocking something that is already blocked,
then?


Jim.


Re: Which Internet Security suite is best?


On Fri, 29 Jun 2007 20:43:29 GMT, "David H. Lipman"

Quoted text here. Click to load it


I find that hard to believe. Can you post a link with a bit of detail.


Jim.


Re: Which Internet Security suite is best?

On Wed, 27 Jun 2007 19:37:30 -0600 Langly wrote:

Quoted text here. Click to load it
On my Linksys RT41-BU Security > Firewall tab "Block Anonymous Internet
Requests" is *not* checked by default, probably the same on your router.  Try
checking the box, disable your firewall and run the grc.com ShieldsUp test.  I
did this and came up with full stealth.

BTW I use Zonealarm free.  Zlclient.exe runs in the background, uses 6,240 K
of memory, and makes no noticeable impact on the system.
--
Ernie B.

Communication:  The art of moving an idea from one mind to another, hopefully
without distortion.

Re: Which Internet Security suite is best?

hacker@lonegunmen.org says...
Quoted text here. Click to load it
Responding to ping is nessacary for path MTU discovery to work.You may
find that blocking this will make some sites time out.Personally i would
not block this in the router ,however the choice is yours.I also use AVG
ISS ,though ive removed the firewall component and use another,so
basically you can use AVG iss and a different firewall if you wished.If
you want to try a different suite its best to just trial them as many
behave differently on different users systems.
me

Re: Which Internet Security suite is best?

On Fri, 29 Jun 2007 09:27:57 +0100, bassbag

Quoted text here. Click to load it

Fortunately, that's not the case.

Quoted text here. Click to load it

I block external pings unless I'm troubleshooting a problem that
requires enabling that capability.

-Char


Site Timeline