Re: Using Firewalls and Antivirus at the same time

From: N. Miller (2004MSFT09.nospam_at_aosake.net)
Date: 02/12/04 

Date: Wed, 11 Feb 2004 17:38:40 -0800

In article <e09301c3f0cb$07595c30$a101280a@phx.gbl>, esboella@yahoo.com
says...
> I am trying to fix my problem of getting my computer
> hijacked with Spam, virus and other programs and needed
> some help. As most of you know, I do not like the UI from
> AVG, but the thing does seem to work.
> This is how I have it set up now for what I think will
> stop any problems, let me now what I left out.
>
> Firewall: Zone Alarm Pro, McAfee Personal Firewall Plus,
> Norton NIS,

Pick just one. ZAP is the best of the lot you have.

> Anti-Ad's: Spybot, Lavasoft Ad-Adware, McAfee Privacy
> Sevice,

Replace McAfee Privacy with a hosts file; maybe, if you really need
something like that, Proxomitron.

This site is kind of unfortunate, but the guy does link other providers of
hosts files:

http://www.smartin-designs.com/

The nice thing about a hosts file is that you can edit the file yourself,
easily enough; customize it to your tastes.

> Virus, AVG 6, Sophos, Norman Antvirus, McAfee Virusscan
> Pro, Norton Antivirus, IPE antivirus.

Only one "on access" scanner at a time. More than one will cause problems. I
ran into such a problem, though it wasn't from multiple on access AV
scanners. I run a mail server, and I wanted to set up an AV policy to scan
email. NAV 2003, which I use for on access, wouldn't work smoothly with
Mercury Mail. NAV always throws up a window to announce what it is doing;
the command line /noreports switch only force the window to close after
opening. I wanted it to never open because it would steal the focus from
whatever task I was running.

I set up the Mercury Mail AV policy with F-Prot for DOS, instead. This was
acting in an on demand fashion. Unfortunately, Mercury Mail would write a
file with the incoming message to "scratch" folder, and the on access
scanner would nail it. This prevented the on demand scanner from finding the
virus, and passing the result to Mercury Mail; which did what mail servers
are supposed to do, in the absence of contrary instructions: delivered the
infected mail to the account.

In my case, the solution was to exempt the scratch folder from the on access
scan. Now NAV leaves the file alone when Mercury Mail writes it, F-Prot
scans that folder, passes a result code back to Mercury Mail, and the server
deletes the message undelivered.

The point is, having two AV programs active simultaneously can lead to
ambiguous, and dangerous conditions. As I think I mentioned before, know
your tools. Only run one AV program on access, reserve the rest for on
demand scans.

> Everything runs ok together, its a little slower on
> startup. What else do I need ? A hardware firewall ? I
> have looked for hardware firewalls and cannot find them. I
> use dial up. Might change to xp pro, is that firewall
> worth it ?

Last question first; WinXP Pro's FW won't stop outbound calls, ZAP will.
Stick with ZAP.

For a dial-up service, look at the SMC Barricade:

http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=67&site=c

Very nice router. NAT makes a respectable firewall, and some firmware
version of the Barricade have limited SPI blocking. You can hang your modem
off of the serial connection on the router. I used to use an SMC Barricade
7004 BR, but I think the last firmware upgrade killed it. It wasn't offered
to U.S. users, so I was really not supposed to install it.

Or look at D-Link:

http://www.dlink.com/products/?pid=64

Asante used to make a router with a serial port, too. 

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint