Computer Security revisited...

[SDS]

I have friends that rely on me for setting up their systems. After doing my usual thing and reading up on some other things - here is what I recommend for them:

 

1. Either AVG Free or NOD32 (commercial) anti-virus program

2. Adware free and Spybot Search and Destroy malware scanners

3. Unfortunately ewido is now a part of AVG paid, so I need a free anti-trojan horse scanner replacement

4. Linksys router (hardware firewall)

5. WPA encryption (with a 20+ character passphrase), plus other wireless stuff. I know WPA2 is better, but I'm not certain every machine they have supports it.

 

 

 

Does that sound reasonable? Is a software firewall necessary? What is included w/ Vista that needs ot be configured? Would ZoneAlarm be necessary w/ the hardware firewall? w/ Vista?

[DrDawkinstein]

the best way to secure Vista is to not install Vista on any machine ever.

[SDS]

please no responses like the one above. They are new machines and Vista is installed. That is what I am working with.

[DrDawkinstein]

hahaha, come on man, take a joke.

 

i like your list and i would almost say that with all those programs installed and a firewall on the router you could disable the annoying (and almost debilitating) "security" on vista.

 

have you ever used Avast Antivirus? i like it. waaaaaaay better than stuff like McAfee and Norton which you are obviously avoiding

[DrDawkinstein]

i would also configure the Router to NOT broadcast its SSID. so the users would have to know what they are looking for and it cant be seen/picked up by people lurking around that want to try to crack the WPA encryption (even though that is highly unlikely). but after your user registers to the router once, it will store the SSID in its "Trusted Wireless Networks" file

 

just a suggestion.

[SDS]

i would also configure the Router to NOT broadcast its SSID. so the users would have to know what they are looking for and it cant be seen/picked up by people lurking around that want to try to crack the WPA encryption (even though that is highly unlikely). but after your user registers to the router once, it will store the SSID in its "Trusted Wireless Networks" file

 

just a suggestion.

 

yep, already do that...

 

I'm a mac guy, so I don't kow the ins and outs of all the products but I know Vista changes a lot of things. I'm not even sure the free AV programs have been updated yet to support Vista.

[DrDawkinstein]

yeah im a mac/ubuntu guy myself. ive only had one Tech Support run in with Vista so far and im trying to keep as far away from it as possible for now. im not sure what else you would have to configure in it. but since its basically an OS X rip off you shouldnt have too much trouble getting around.

 

do you have the machines yet? have you been able to get in and play around in Vista yet?

 

edit: i do know for a fact that Avast is compatible with Vista, not sure about the free program though.

 

here's the site if you want to poke around

[Fezmid]

please no responses like the one above. They are new machines and Vista is installed. That is what I am working with.

 

Well just because it comes with Vista, doesn't mean you can't install XP instead if you have a license laying around (especially a corporate license that doesn't need to check-in with MS...). Seriously, there's going to be a lot of security issues popping up with Vista and many of them will be 0-day exploits.

 

I'd also recommend not doing wireless at all if possible -- but I realize some poeple like the convenience. I'd recommend changing the WPA key every 2-3 months though.

 

CW

[EC-Bills]

I have friends that rely on me for setting up their systems. After doing my usual thing and reading up on some other things - here is what I recommend for them:

 

1. Either AVG Free or NOD32 (commercial) anti-virus program

2. Adware free and Spybot Search and Destroy malware scanners

3. Unfortunately ewido is now a part of AVG paid, so I need a free anti-trojan horse scanner replacement

4. Linksys router (hardware firewall)

5. WPA encryption (with a 20+ character passphrase), plus other wireless stuff. I know WPA2 is better, but I'm not certain every machine they have supports it.

Does that sound reasonable? Is a software firewall necessary? What is included w/ Vista that needs ot be configured? Would ZoneAlarm be necessary w/ the hardware firewall? w/ Vista?

 

1. If those are your choices, go with NOD32. It has a much better track record of catching viruses than AVG Free. An alternative free AV is Avast. In terms of commercial products, I do *not* recommend mcafee or symantec. These two programs are bloated and will bring the machine to a crawl. I manage/use eTrust AV 8.x at work and at home. It uses low system resources and is fast.

2. Adaware will not support Vista until Adware 2007 is released (not sure when off the top of my head). SpyBot S&D will not be fully supported until 1.5.

3. Don't have a good answer sorry.

4. Personal preference is for belkin, but linksys definitley works.

5. Go with WPA2. It's backwards compatible for those devices that only support WPA.

[DrDawkinstein]

TWO VOTES FOR AVAST!!

 

[EC-Bills]

yeah im a mac/ubuntu guy myself. ive only had one Tech Support run in with Vista so far and im trying to keep as far away from it as possible for now. im not sure what else you would have to configure in it. but since its basically an OS X rip off you shouldnt have too much trouble getting around.

 

do you have the machines yet? have you been able to get in and play around in Vista yet?

 

edit: i do know for a fact that Avast is compatible with Vista, not sure about the free program though.

 

here's the site if you want to poke around

 

Not quite a complete rip off. Both companies take stuff from each other. MS has had quite a bit of stuff in development before Apple did. Apple simply did a better job of getting it to the market.

[DrDawkinstein]

Not quite a complete rip off. Both companies take stuff from each other. MS has had quite a bit of stuff in development before Apple did. Apple simply did a better job of getting it to the market.

 

oh, im well aware and really dont want to get into the history of the back-and-forth with those companies. but in this case, a lot of the little things MS is using to attract(or keep interested) basic users is stuff that has been in the Mac OS's for years. it doesnt matter who had it in development, this release is MS's attempt at "catching up" with what most users have been seeing. thats all im saying.

[EC-Bills]

oh, im well aware and really dont want to get into the history of the back-and-forth with those companies. but in this case, a lot of the little things MS is using to attract(or keep interested) basic users is stuff that has been in the Mac OS's for years. it doesnt matter who had it in development, this release is MS's attempt at "catching up" with what most users have been seeing. thats all im saying.

 

Yeah, I am with you. I am just saying if their projects hadn't been so mismanged, they wouldn't be playing catch up today.

[SDS]

1. If those are your choices, go with NOD32. It has a much better track record of catching viruses than AVG Free. An alternative free AV is Avast. In terms of commercial products, I do *not* recommend mcafee or symantec. These two programs are bloated and will bring the machine to a crawl. I manage/use eTrust AV 8.x at work and at home. It uses low system resources and is fast.

2. Adaware will not support Vista until Adware 2007 is released (not sure when off the top of my head). SpyBot S&D will not be fully supported until 1.5.

3. Don't have a good answer sorry.

4. Personal preference is for belkin, but linksys definitley works.

5. Go with WPA2. It's backwards compatible for those devices that only support WPA.

 

They downloaded and ran just fine. I assume the current versions still provide some level of protection. no? These aren't high risk users. No p2p here, just normal surfing and email.

 

So, your recommendation is eTrust AV? Are software firewalls necessary?

[Chilly]

1.) A vote for nod32 from me. Best antivirus out there on the market in my opinion. Extremely strong scanning engine and the lowest system resources I've seen out of any AV product.

 

2.) Ad-aware and Spybot are not fully supported until the new versions like EC said. However, there have been reports of them working well. Just expect bugs until the new versions come out.

 

3.) nod32 has an anti-trojan scanner built into it. No need for a seperate product.

 

4.) I'd have to suggest getting a router compatible with DD-WRT and flashing it using the open source linux firmware (www.dd-wrt.com). Rock solid and with plenty of features not found in most router manufacturer's firmware.

 

5.) Make sure its WPA2-Personal, as this is the protocol that is backwards compatible with WPA.

 

Also, as far as software firewalls go - just leave the built-in Windows Vista one enabled (which, unlike the one in XP, monitors both incoming and outgoing traffic).

[EC-Bills]

They downloaded and ran just fine. I assume the current versions still provide some level of protection. no? These aren't high risk users. No p2p here, just normal surfing and email.

 

So, your recommendation is eTrust AV? Are software firewalls necessary?

 

They may run, but there's no telling how well they will work with the underlying Vista architecture. Theoretically they should run better with the newer releases.

 

eTrust or NOD. It depends on which one you would think is the easiest to maintain and cost.

 

Regarding the firewalls, stick with the vista firewall.

[EC-Bills]

1.) A vote for nod32 from me. Best antivirus out there on the market in my opinion. Extremely strong scanning engine and the lowest system resources I've seen out of any AV product.

 

2.) Ad-aware and Spybot are not fully supported until the new versions like EC said. However, there have been reports of them working well. Just expect bugs until the new versions come out.

 

3.) nod32 has an anti-trojan scanner built into it. No need for a seperate product.

 

4.) I'd have to suggest getting a router compatible with DD-WRT and flashing it using the open source linux firmware (www.dd-wrt.com). Rock solid and with plenty of features not found in most router manufacturer's firmware.

 

5.) Make sure its WPA2-Personal, as this is the protocol that is backwards compatible with WPA.

 

Also, as far as software firewalls go - just leave the built-in Windows Vista one enabled (which, unlike the one in XP, monitors both incoming and outgoing traffic).

 

Hah. I go away and don't hit add reply and look what happens. You come in and steal my thunder

[Helmet_hair]

In their Sept. 2006 issue Consumer Reports did a real good job putting security software to the test. I have summed up the rating results for you as follows:

 

Antivirus and Firewall

1) BitDefender

2) ZoneAlarm

3) Kespersky Labs

8) Alwil Alvast-Free

 

Antispyware

1) F-Secure

2) Webroot

3) PC Tools

6) Spybot- Free

 

Antispam(add ons)

1) Trend Micro

2) Allume Systems

3) Cloudmark

 

I like System Mechanic 7, It comes with the Kespersky suite and a lot of other goodies, plus you can install it on 3 computers.

[SDS]

1.) A vote for nod32 from me. Best antivirus out there on the market in my opinion. Extremely strong scanning engine and the lowest system resources I've seen out of any AV product.

 

2.) Ad-aware and Spybot are not fully supported until the new versions like EC said. However, there have been reports of them working well. Just expect bugs until the new versions come out.

 

3.) nod32 has an anti-trojan scanner built into it. No need for a seperate product.

 

4.) I'd have to suggest getting a router compatible with DD-WRT and flashing it using the open source linux firmware (www.dd-wrt.com). Rock solid and with plenty of features not found in most router manufacturer's firmware.

 

5.) Make sure its WPA2-Personal, as this is the protocol that is backwards compatible with WPA.

 

Also, as far as software firewalls go - just leave the built-in Windows Vista one enabled (which, unlike the one in XP, monitors both incoming and outgoing traffic).

 

I was going by this series of articles:

 

http://www.techsupportalert.com/free-vs-paid-av.htm

 

I know it is a couple of years old. When he wrote them - the built-in trojan scanners were useless then. Have they been improved?

[Chilly]

Its not perfect, but it has improved immensely since those articles were written, on both detection and real-time prevention.