Pondering: the actual need for anything except for a firewall

[Guest]

[LeoniAquila]

Ever since I got my first personal computer 15 months ago, I've been using antivirus products, and since the last 12 months also third part firewalls (Comodo Firewall since three months or someting).

Only for the very last weeks, I've tried real-time protection, such as Spyware Terminator, in addition to antivirus. During my 15 months of using this computer, I've got about 5 viruses, none of them was unexpected, really.

Now I'm thinking: If one is protected by a really good firewall such as Comodo, and one consider every website or file one is using, what is the risk of getting a virus, malware, spyware or anything? I'm currently using Comodo Firewall, Comodo AntiVirus, Comodo BOClean and Spyware Terminator - and it provides a great sense of security - but also a sense of overkill. Programs that uses resources in vain. If I don't pick up any "strange" files, don't visit any "strange" websites - I shouldn't get any unwanted programs in the system, right? And if actually get spyware or something, then I think Comodo would stop its attempts to spy?

Arn't the problems of peoples computers very dependent of usage habits?

[Soyabeaner]

This is where I'm at already.  I still keep SAS and NOD as backup scanners, but they will go once CFP HIPS is finalized.  Then I won't have to constantly update my program databases/signatures, still have a strong security sense, but not an over-kill sense.

If I don't pick up any "strange" files, don't visit any "strange" websites - I shouldn't get any unwanted programs in the system, right?

Nothing is impossible, but the probability of being malware infected is greatly decreased.

And if actually get spyware or something, then I think Comodo would stop its attempts to spy?

If it tries to connect out and if it's not a new unknown malware then CFP's anti-leaking features will detect it.  Let's not forget if such a case happens, how will you remove the malware?  You'll still need a blacklist scanner.  My goal is not be infected in the first place.

Arn't the problems of peoples computers very dependent of usage habits?

Largely true, but that's not the only factor.  Let's suppose your pc is not Windows Updates patched and you don't do anything reckless.  Believe it or not, you're still vulnerable to being infected/hacked.  There are still Windows services that open up ports unless you know how to properly disable them.

[LeoniAquila]

Thanks for a good answer, as usual. You make it a bit clearer, but most of all: you remind me of CPF 3.0 that will have HIPS. I think it will constitute a very important part of the protection one needs.

You say that you'll later have only CPF 3. May I also ask you, do you consider your computer usage habits as very careful? If so, I understand the choice of only having CPF 3. Most likely I will try the same configuration when it comes out, but perhaps also something more to monitor what happens. Perhaps BOClean, but I want to read the documentation first (suppose Comodo will release it on Tuesday). BOClean seems to be really light on the system.

Anyone else who wants to share their oppinions?

[Soyabeaner]

Indeed.  HIPS will have systematic protection, which in turn affects network protection.  Luckily, Comodo is going the whitelist method, which is intended to minimize alerts .  The only thing that I hope won't happen is that since it'll be constantly monitoring the system, that it won't use up a lot or any cpu.  I've never used a HIPS, so no experience from me in this area.

Me careful?  From a scale of 1 to 10 (with 10 being mindless ), I would rate myself 3.  I'm not totally careful because of my knowledge/experience/confidence, however small they maybe .  Aside from usage, knowledge is equally important.  Even though I'm aiming to restrict myself with one security program in the future, that doesn't mean I'm not prepared.  I keep Windows updated and use Opera to block unsolicited sites, yet I still enable javascript so that sites will function.  Of course, my current usage patterns resulted from my experience.  I've been infected several times in the past.  Used various security programs.  Sometimes ended up with re-formats .  But given where I'm at right now and how none of the scanners has detected anything except 1 false positive for several months, I'd say CFP 3 will be sufficient for me.

BOClean (the new acronym is CBAM ) is indeed resource-friendly.  What you can do to confirm my testimony is to give it and/or other security programs for a last test drive and check if any baddies are picked up along the highway for a month or whenever you feel ready.  If nothing then I have a feeling you'll be at my same destination: a light, yet realistically security system .

[LeoniAquila]

Hopefully Comodo considers the usage of resources as they develop CPF 3
I've experienced HIPS from both CAVS and Spyware Terminator. Currently enabled only in CAVS, there have been so many alerts, I'm sick of it. As I wrote in anothe thread: during the first launch of the newly installed "The GIMP", CAVS gave me about 50 alerts of unknown programs, all belonging to the GIMP. So I think HIPS require a huge safelist to be a good system for the average user.

About habits; then I think we both are quite careful. And as I see how my friends are using their computers (as adware suddenly pops up from nowhere all the time), I get more and more convinced that most people don't have a clue what risks they are exposing themselves to. Which problems people actually are hit by then, is a combination of their habits/knowledge and their protection. Knowledge and suspiciousness have to be really good protection! Putting me in this picture - I feel it's overkill have three Comodo programs and Spyware Terminator, even though there are risks with Windows (XP), as you wrote before. But I'll continue for a while like you suggest. Not the least, I'm curious what CBAM can do, as everybody has written so much about it, and now I see how small and simple it seems to be. Actually, it would be "fun" to visit some "bad" sites just to see what happens!

Anyway, we'll surely meet on the light security way with CPF 3

[Soyabeaner]

See there's a correlation to this.  (I don't know if that's the right word.  It just suddenly "popped up" in mind lol).

Blacklist:  Effectiveness requires a large signature database with minimal to no false positives.  The old cat and mouse chasing game between security and malware programmers.  Unfortunately, the bad guys have historically proven to be ahead with their zero-day attacks.

Whitelist:  Also must have a large database, aka safelist.  This is to reduce alerts.  Your experience with CAVS was a letdown because the database hasn't grown to that desired level yet.

Both lists are constantly growing as new programs are developed; good or nasty.  Correct me if you will, but I believe the whitelist has an advantage.  A blacklist strives to cover all the malware, but there are tons out there in the wild that haven't been released.  A whitelist is easier to build because they're more public and I bet CFP 3 will also have an option to submit files (namely "false positives") to Comodo so they can analyze them and add it to the list; the data is readily available.

[LeoniAquila]

Both lists are constantly growing as new programs are developed; good or nasty.  Correct me if you will, but I believe the whitelist has an advantage.  A blacklist strives to cover all the malware, but there are tons out there in the wild that haven't been released.  A whitelist is easier to build because they're more public and I bet CFP 3 will also have an option to submit files (namely "false positives") to Comodo so they can analyze them and add it to the list; the data is readily available.

I surely agree with you. A black list system will always make the users more or less vulnerable, whilst a white list system should be safer. That's where the beta testers of CAVS come into the picture; we have to submit files to Comodo (as all those GIMP files)! I suppose Comodo Firewall will use the same list as CAVS, continuing building it up.

Looking forward to what Comodo will present later! 

/L

[PapaSmurf]

Oh, thank goodness I am not the only one.
I made a posting that relates here...
http://forums.comodo.com/index.php/topic,8833.msg69909.html#new

My usage is sometimes a little on the edge. However, I also do not want "over-kill".
The great all-mighty MicroSoft can and WILL open up the occasional port, just look in
your firewall to confirm that..lol.

There are also a couple of freebie files, (very tiny), that will allow you a little more control
over some of the background windows stuff, simple "on/off" switches you could say...

http://www.grc.com/freepopular.htm

A couple that might be of interest here are "Shoot the Messenger" and "SocketLock" .
These are off of the grc site, like I said, a couple of years old, but still effective. Worth checking out.
Simple on/off switches so if you do not like the results, you can just switch back. no harm, no foul, no reboot needed.
Yes, this can be done via the admin system area, but the little grc files just make it desktop easy.
Cheers 

[LeoniAquila]

Thanks PapaSmurf for your posting! I also read your post about Ad-Aware. To you, and other people on the forum, I would like to ask:

IE7 - is it still so much worse than FF, when it comes to security? I've think I've seen a test which ranks IE7 quite good, not worse than FF. I still use IE because you can hide the menu row, you can get the home page loaded in a new tab, and it is deeply integrated with the OS. As for integration, that wouldn't affect the use of FF, but IE is kind of impossible to remove so I have to use it...

Independent on which browser is the best, I'm still unsure when it comes to matters like blocking bad addresses and cookies. I think (but don't know for sure) that you have to make some really stupid mouse clicks to get adware/spyware on your computer, or actually installing bad ActiveX stuff. But still, what about the threats that I can't really control? Cookies? (I can't block them all, have to enable cookies for web mail etc.) Is there a need to use the features of e.g. Spybot or SpywareBlaster that load black lists addresses in the browser?

I'm still careful, I use CPF 2.4 and BOClean 4.23, but that is no guarantee for being safe, I think.

LA

[Soyabeaner]

IE7 - is it still so much worse than FF, when it comes to security? I've think I've seen a test which ranks IE7 quite good, not worse than FF. I still use IE because you can hide the menu row, you can get the home page loaded in a new tab, and it is deeply integrated with the OS. As for integration, that wouldn't affect the use of FF, but IE is kind of impossible to remove so I have to use it...

Does IE7 still use ActiveX like its predecessors?  Then that alone is a nut-kicker.  You don't have to use it if you don't want to, unless for optional Windows Updates.  I still have IE6 for that purpose.

Independent on which browser is the best, I'm still unsure when it comes to matters like blocking bad addresses and cookies. I think (but don't know for sure) that you have to make some really stupid mouse clicks to get adware/spyware on your computer, or actually installing bad ActiveX stuff. But still, what about the threats that I can't really control? Cookies? (I can't block them all, have to enable cookies for web mail etc.)

The threats that are uncontrollable in the web-browsing sense are activex and scripts -- if you enable them.  Cookies should only affect privacy not security (i.e. sites track your usage).  Here's how I handle them: disable all cookies by default except for sites that I need to log in.  But don't forget that cookies also have advantages like faster browsing.

Is there a need to use the features of e.g. Spybot or SpywareBlaster that load black lists addresses in the browser?

For you, it would be beneficial because you're still using IE.  As an Opera user, no need.

[Little Mac]

Not sure about Spybot, but SpywareBlaster doesn't integrate with Opera anyway, afaik.  The problem, from a paranoia standpoint is that you never know for sure what the bad guys are up to; what knew ways they're working on to get computers infected.  Not yours specifically (they don't know and don't care about the individual), but just in general; if you get caught in the web, so be it.  SpywareBlaster does load a blacklist of known bad sites into the browser (IE or FF) and will keep you from accessing those sites, where "drive-by" infections are possible (no interaction from the user required).  And yes, in general (if not specifically) blocking scripts from running is a very good defense.

I agree with you, LA; I think infections are largely due to user habits (and possibly, ignorance - or just plain stupidity).  People still open email attachments from people they don't know.  They actually open email from unknown sources (where header-embedded viral payloads can be released on an unpatched system with out-of-date antivirus (which research shows the majority of home and possibly small business users are all out of date...).  I know in my current and last job, they would be if it weren't for me and my moderate-level paranoia.  In fact, the computer I inherited at my last job was infected with tons of backdoors when I got it.  Why?  Instant Messenging by the previous user, no antivirus, a backlog of uninstalled Windows updates/patches, and a hardware firewall that wasn't even turned on (on a static external IP address)!!!!!

Then folks surf porn sites, click any links in email or on the web, download this that or the other screensaver, cool pictures, and whatnot.  Again, no AV (or out of date), no system updates, no security in general. 

Then you've got the wannabees that do all these things (and possibly p2p downloads as well) and think they're invulnerable because they are up to date, they've turned off some Windows services, use an alternative browser that gives scripting control, and so on.  But if you play with fire, you're gonna get burned...

I've only been infected by a virus once on a computer completely controlled by me (in 2000 or 2002, I can't remember).  Not saying I'm some sort of security genius (I'm not!), but I do tend to be careful.  That one time was an email virus from someone I knew, and looked innocent enough.  That was my introduction into Windows vulnerabilities, and how header-embedded viruses can launch without the user opening the attachment.  Ah, the sweet pain of a reformat...

As for CFP 3, so far I'm impressed with its footprint.  It's an Alpha, and unstable; one time it froze up on me, and I think that's when it hit the Peak usage, of 17MB; other than that it's been right about 8MB, between both running processes.  And that's not even with the final safelist, apparently.  Looks promising...

LM

[PapaSmurf]

I agree with you, LA; I think infections are largely due to user habits (and possibly, ignorance - or just plain stupidity).  People still open email attachments from people they don't know.  They actually open email from unknown sources (where header-embedded viral payloads can be released on an unpatched system with out-of-date antivirus (which research shows the majority of home and possibly small business users are all out of date...).

I would like to add that if you still use outlook, or any other email client that downloads the email to your system, then you are foolish. Web-based mail is by far the safest, and IMO Gmail is the best.

Then folks surf porn sites, click any links in email or on the web, download this that or the other screensaver, cool pictures, and whatnot.  Again, no AV (or out of date), no system updates, no security in general.

Then you've got the wannabees that do all these things (and possibly p2p downloads as well) and think they're invulnerable because they are up to date, they've turned off some Windows services, use an alternative browser that gives scripting control, and so on.  But if you play with fire, you're gonna get burned...

I hate to say it, but everyone from time to time has downloaded something. Anytime you download anything you can get burned. As far as "wannabees" I prefer to think of them as average users. We can go back and forth all day as to the best way to secure a system, and in the end, the average user would not be able to use it. The most secure system is one that is OFF.

I use an alternative browser because IE is a vulnerable BLOATED COW. Since it is the most common browser, most all the nasties were written to run inside of it. FireFox does not have this issue.
It also has add-on controls you can put in place that will take the place of external system pigs such as spybot or the like. I have also p2p'd in my usage time. So has just about EVERYONE. Any file that I may have gotten in this matter was AUTOMATICALLY routed to my anti-virus program.
I use AVG, again because it is not a bloated system cow, and I agree..updates are very important.
Yup, I too have turned off some windows services...again, vunerable bloated cow issue. If I do not use it, I do not want it RUNNING on my system. Now, that is not hard to understand eh?

I run Comodo for much the same reason. Strong, effective, NOT a bloated cow.
I still say a streamlined set up is the way to go. Fast, efficient, clean.
I also do not turn my system off. It simply goes to standby. If I did not run streamlined, I probably would have to re-boot once every few days. But since I have my set-up as efficient as I can get it, (and no I am no expert), I can leave my system running for extended periods of time with out it getting bogged down.

I guess it is just a matter of how one views "usage". I prefer fast and efficient. As far as "porn" sites are concerned, if somebody choses to surf that area of cyberspace, then they should not complain when their system gets infected.

 

Thanks PapaSmurf for your posting! I also read your post about Ad-Aware. To you, and other people on the forum, I would like to ask:

IE7 - is it still so much worse than FF, when it comes to security? I've think I've seen a test which ranks IE7 quite good, not worse than FF. I still use IE because you can hide the menu row, you can get the home page loaded in a new tab, and it is deeply integrated with the OS. As for integration, that wouldn't affect the use of FF, but IE is kind of impossible to remove so I have to use it...

Lol, no, you do NOT have to use it. It is like drugs....just say NO
Give something alse a try for one week. I like FireFox, but do not just take my word for it.
And there is no need to remove it. Just don't use it. You can istall another browser without affecting IE at all.

[LeoniAquila]

Hi all, thank you, good answers!

Soya

The threats that are uncontrollable in the web-browsing sense are activex and scripts -- if you enable them.  Cookies should only affect privacy not security (i.e. sites track your usage).  Here's how I handle them: disable all cookies by default except for sites that I need to log in.

But again, isn't it necessary to actually click on "install" (or a similar button), to get new things - ActiveX - installed? In IE you always get a warning. As for scripts, I now understand that they may be harmful (I'm going to answer LM below). As for cookies, your idea is very good. I could live with slower browsing, at least my connection is very fast. I've even had the idea to use two browsers! IE strictly for sites requiring cookies (web mail, forums etc.), FF/Opera/Netscape with nothing allowed at all.

LM

Interesting stories/experiences you have! Just a couple of questions:

Not sure about Spybot, but SpywareBlaster doesn't integrate with Opera anyway, afaik.  The problem, from a paranoia standpoint is that you never know for sure what the bad guys are up to; what knew ways they're working on to get computers infected.  Not yours specifically (they don't know and don't care about the individual), but just in general; if you get caught in the web, so be it.  SpywareBlaster does load a blacklist of known bad sites into the browser (IE or FF) and will keep you from accessing those sites, where "drive-by" infections are possible (no interaction from the user required).  And yes, in general (if not specifically) blocking scripts from running is a very good defense.

So then I got it right, concerning Spybot and SpywareBlaster. "Drive-by" infections, that was an illustrating term... now you talk about scripts, do you mean e.g. JavaScript? If I would chose to block all kinds of scripts, wouldn't a lot of websites be impossible to render?

As for CFP 3, so far I'm impressed with its footprint.  It's an Alpha, and unstable; one time it froze up on me, and I think that's when it hit the Peak usage, of 17MB; other than that it's been right about 8MB, between both running processes.  And that's not even with the final safelist, apparently.  Looks promising...

LM

The memory usage is truly fantastic, hard to believe! A firewall that is just as good (or even a bit better) than 2.4, plus the Defense+ system.

Continuing in the firewall topic; since I got CPF 2 I've thought "it doesn't matter too much if malware gets into my computer, CPF will stop its attempts to connect to the Internet". I'm not sure though, that this is absolutely correct. Perhaps malware can still use IE, if a bad script infects the computer, without CPF 2.4 noticing it? After all, it's "just" a firewall (teriffic though)? If this is correct, perhaps it is also correct that Defense+ will block these things.

PapaSmurf

I would like to add that if you still use outlook, or any other email client that downloads the email to your system, then you are foolish. Web-based mail is by far the safest, and IMO Gmail is the best.

Agree with you. It took me a few years, but finally I realized the advantages with web mail. All files get scanned by the provider (besides I hardly get any files from any others than spammers), and there is no need to backup the e-mails if the system crashes. Yeah, Gmail is the best!

Lol, no, you do NOT have to use it. It is like drugs....just say NO
Give something alse a try for one week. I like FireFox, but do not just take my word for it.
And there is no need to remove it. Just don't use it. You can istall another browser without affecting IE at all.

I'll consider your suggestions
FF is still an interesting browser, it is just a matter of very small details! Probably the new Netscape 9.0 will be good, and then there is Opera. Again, I just hate that IE is impossible to remove, but the same problem applies to other Windows programs as well... (well they are kind of removable in safe mode, but the folders - and many traces - will still be there). I'm getting more and more drawn to the Linux world, Little Mac has recently gone into it!

.....

/LA

[JamesFrance]

Firefox has some excellent add-ons available, as well as letting you choose which cookies to allow.

I have a small list of cookies to keep and the rest are removed as soon as Firefox is closed.

The add-ons I like are:

http://noscript.net/
Which lets you choose which sites are allowed to use java script.

http://ietab.mozdev.org/
So that when IE is essential it runs within Firefox.

http://www.siteadvisor.com/
Which shows up unsafe web sites.

Last but not least Comodo Verification Engine.

[Soyabeaner]

I like PapaSmurf's post because I share the same view .

Soya

But again, isn't it necessary to actually click on "install" (or a similar button), to get new things - ActiveX - installed? In IE you always get a warning. As for scripts, I now understand that they may be harmful (I'm going to answer LM below). As for cookies, your idea is very good. I could live with slower browsing, at least my connection is very fast. I've even had the idea to use two browsers! IE strictly for sites requiring cookies (web mail, forums etc.), FF/Opera/Netscape with nothing allowed at all.LM

For the most part, there should be ActiveX prompts in IE, but there are times where it just feels like ActiveX or whatever nasty still gets installed without any prompts even with strict settings.  I may be wrong, but ever since the switch to Opera, I haven't had anything really bad get on my computer without my knowledge.  If the main security difference between Opera and IE is ActiveX (excluding browser code vulnerabilities), then...well, there shouldn't be a need to worry about ActiveX in the first place.  Based on your usage description of the different browsers, I think you don't need to feel paranoid any more .

[Tags:]