Firewalls, Anti-Virus & Spyware FAQs

[Kalah]

We've been getting a lot of questions lately concerning the safety of computers. I'm putting up a couple of points here if you have any questions or problems. If you have any suggestions for things that should be in here, just post them here and we'll incorporate them into this one.

What is a firewall? Do I need one?

A firewall is the first line of defence against intrusion; a logical barrier designed to prevent unauthorized or unwanted communications between computers. Yes, you need one. When browsing the web, you should always keep your firewall up and running.

How do I know if I have a firewall?

Enter the Control Panel and check out the Security section. If you have a recent edition of Windows installed, e.g. Windows XP, a firewall is already built in.

Where can I get a firewall?

You can download one for free over the web. Check out these links:
- Zone Labs.
- Agnitum (registration required).
- Comodo.

What is an Anti-Virus program?

It is a program installed on your PC, actively searching for and dealing with viruses and other malicious programs trying to mess with your computer and/or programs. It does this in two ways:
- Scanning files to look for known viruses matching definitions in its virus dictionary. This is why you need to update the program regularly, to make sure it will recognize new threats.
- Identifying suspicious behaviour from any computer program which might indicate infection. The anti-virus program runs passively all the time, and you should never shut that function off.

Do I really need Anti-Virus?

Oh God, yes. Most of the bad stuff should be blocked by your firewall, but there are lots of really clever dysfunctional people out there, working on ways to bypass that. You definitely need an Anti-Virus program.

Where can I get one?

That's a good question. Lots of companies try to get you to buy their programs nowadays, either via e-mail (spam), the telephone or even face-to-face. You should listen to none of them; expensive Anti-Virus programs are not necessary; they are no better than other, cheaper/free alternatives. If you do want to buy one, I can recommend Norman. But there are several great ones freely available out there; check out this list:
- AVG
- Clam Win
- Avast - free, but registration required after 60 days.

What is spyware/malware?

Spyware is a type of program that watches what users do with their computers and then send this information over the internet. More benign programs can track what types of websites a user visits and send this information to an ad agency. More malicious versions can try to record what a user types to try to intercept passwords or credit card numbers. Yet other versions simply launch popups with ads. The direct effects of spyware include slower internet- and computer processing; if your PC seems slow, spyware may be the cause.

How do I get rid of it?

A good program removing different spyware/malware is Ad-Aware. Another one is Spybot, but that runs continually and requires a bit of resources.

If there is anything you would like to see added to this list, post here and we'll incorporate it into this one.

[Caradoc]

Just curious -- what ever happened to the Tech Support message group?

[Gaidal Cain]

We decided to discontinue it, and encourage posting of such messages in the repective games subforum instead so that those threads would be more visible.

[gravyluvr]

This is not an advertisement but as a computer guy, I get asked a lot about different protection software for your computer.

A neat site that has a ton of different products is http://www.spychecker.com/

In addition, it also has a button so that you can only look at stuff that is freeware (check licenses since "free" may have rules like for personal use - not on a biz box). I've found that the user ratings are pretty accurate and all the items I suggest to my users...

Spybot - Spy Protection
SpamBayes - Spam Protection
Avast - Virus Protection
Comodo Firewall - Intrusion Protection

Either way, it is important to have anti-virus and a firewall. And it is just important to have spyware removal tools and junk email filters to help when you either get malware on your machine or your email address is compromised.

[Kalah]

Are there any additions or corrections you would like to make to my first post?

[icesensemadness]

Thanks for posting this man. My antivirus subscription has just expired. anyways, i use spyware doctor is that good? i thought Spybot was a malware, that produces fake scan results? maybe it was another product.

[Pol]

I'm using hardware firewall - the one in router, software firewall - Agnitum Outpoost (and still tinkering with idea to get the Pro version, bet I have use for it) and Spyware Terminator with integrated Clamav antivirus. Also it looks, like soon here will be some Sandboxie - such is needed. (Sandbox is application which can create separate zone for your browser, thus end of many ActiveX, Java, Javascripts and bugs backdoors - when you know how to use it)

Thread purged.

PS In past I loved F-Prot, still free for linux and DOS I think

[MistWeaver]

I want to add few crucial notes about configuring firewall under Windows XP.

Main thing is about svchost.exe process. Under this process most of system services are run. And most of users go for "allow all in/out for svchost.exe" rule, which is really bad decision.

What needs to be allowed for svchost.exe:

- DNS Requests:
Outgoing TCP and UDP on port 53 to your DNS provider (you can see your DNS provider adress running ipconfig -all)

- DHCP Requests: (skip this if you have static IP)
Both UDP on ports 67,68 to your DHCP provider.

- Help Web Access (skip if are not using Windows help)
Outgoing TCP on ports 80, 443

- Time Synchronisation
Outgoing UDP on port 123 to time.windows.com, time.nist.gov

All other attempts mostly can be blocked.

Important!

Make sure that process' executable name is svchost.exe, not scvhost.exe, schost.exe and so on..
Also be sure that this executable is located in windows/system32, and not in windows/system or windows/ and so on.

[Kalah]

I am adding this: If you suspect (or just want to check) your computer is infected by malware, you can download this tool from Microsoft:

Windows Malicious Software Removal Tool

The tool is updated monthly, and can be used on computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 operating systems.