Some guidance on a comprehensive system

Hi,

(Copied over from CEO blog forum) I’m currently getting increasingly irritated with the McAfee suite of programs - among other things, the privacy service (or something) seems to be creating a local proxy server which appears to be causing a “black hole router” problem with one eBank I use. It’s the newer version to the McAfee system I’m using on XP Pro sp2. The latest update is now causing the occasional DHCP problem: the DHCP server in my hardware firewall is sending DHCPNACK messages from time to time.

On my older latpop, I have a series of self-assembled programs to do the necessary jobs of security. One of them is the Sygate firewall, which always worked very well, but has been eaten by the Symatnec conglomerate and is no longer supported.

I also used to use Vet AV, which was quick, up to date and non-intrusive. That got eaten by Computer Associates and is now similar to McAfee AV. OK but not as good as it used to be, interface and intrusiveness-wise.

I did previously use Norton AV, and I found that really bad on Win2K - slowed stuff down a ton, very intrusive.

So I have a problem. I want to remove the McAfee stuff and assemble a suite of programs to do firewall, AV, spam and spyware.

I set out to find good appliations for these tasks. So far, Comodo Firewall looks a good choice. But I don’t have any strong views on the rest.

I don’t mind McAfee AV and their email spam system is quite good (I use Thunderbird email and Firefox browser, and I control pop-ups in Firefox. You’d be amazed how tricky it is to stop McAfee turning off the Firefox anti-popup system).

I don’t want a “you will blow your nose whether you need to or not” total-system-suite, just a series of applications I can configure, trust and run in the background, that don’t drain system resources. If they’re from one source so much the better.

What views and or prejudices do people have on solving these needs?

DN

Great, now we can chew some fat on this! Don’t let the “off topic” appellation throw you; that just means that we can discuss anything without getting off topic. If we were to go to strictly firewall, antivirus, etc then we’d be more limited. And I guess Melih felt it would be better somewhere besides original posting. No problem…

I’ve experienced the same thing with McAfee Privacy Service, and some of their other products. Oh well, moving on. There’s plenty of good free stuff. Better, even!

Comodo firewall is simply, IMO, the best there is right now. Dig into that, and we’ll help you every step. This is a good place to start, for that. https://forums.comodo.com/index.php/topic,6167.0.html

For other stuff. Comodo recently acquired BOClean, which is a top-rated, low profile/resource anti-trojan (and more). It runs real-time and stops a bunch of stuff dead in its tracks. This will soon be available. For free.

CAVS is still getting up to speed. Its strength now is in the HIPS.

LM

Nice set of tutorials! Comodo looks like it runs a lot like Sygate. Which I like.

But how about anit-spyware? Webroot is slow and irritating (pop-ups etc) though it sort of works - except it doesn’t read Firefox tracking cookies, only IE which is silly.

AV seems a mixed bag too. Kaspersky or NOD32 look good. ■■■■■■ interfaces aren’t a concern provided I can stop it scanning files that cannot contain viruses. McAfee is bad - not configurable at all. Vet used to be very good.

DN

[s]OK, some guidance on Comodo Firewall 2.4: It’s installed, working (to an extent) and I like it. I’ve created a rule to allow LAN traffic, but I can’t see another computer on the LAN. It can see me, but not vice versa. The rule as it stands:

Allow IP in or out from IP Range: 192.168.168.0 -192.168.168.50 to IP (Any) where IPROTO is Any

The tutorials (link above) give plenty of advice for older versions of Comodo but aren’t (so far as I have found) relevant for 2.4[/s]

Belay that. I found the right rabbit burrow to go down: Security > Tasks > Define a new trusted network. It set the requisite rules.

DN

Sorry I had to run quickly last night; didn’t really get to finish my post. Here’s some more thoughts, and response to your questions about AV, etc.

For AV, I think the general consensus is NOD32 is the best. Not free, though.

The free Kaspsersky (I think it’s licensed under AOL, or something) is supposed to be good, but seems to conflict with a lot of stuff. Some users have it w/Comodo FW and no problems, for others the AV insists the FW has to be uninstalled and not used again.

Others like Avast! HE, Avira Antivir, AVG, are all probably very decent for the average home user. I’ve used all three. Avast seemed to consume a fair amount of resources when I tried it, but was fine other than that. Interesting interface (certainly the coolest in that respect).

BitDefender also has a free version; it’s on-demand only, no email or on-access.

CAVS is a full AV and has AS capabilities as well. Plus it has an application-based HIPS (similar to Spyware Terminator’s) that will alert on any new application/executable/etc at various levels. Thus, it’s focus is on Prevention of any malware running (whether a virus, trojan, keylogger, backdoor, rootkit, etc). Some users have complained that its virus definitions database is too small, as compared to other major players. A key thing with that is that the others have a lot of outdated definitions that pump their numbers up; in reality, it’s probably not that far behind, and is growing rapidly. Stability, resource usage, and other issues are greatly improved, and rapidly improving. It is still a Beta though. Once it gets to a stable release, I have no problem recommending it for general use.

For antispyware/malware, BOClean will fill a lot of that gap. It should be an excellent addition to a solid AV. It does not scan, ever. It runs real-time, and has a unique way of identifying malware no matter how it hides. The 10+ years of definitions they have will (in the future) be incorporated into CAVS as well (and I think even the product itself, or its mechanism).

There are also a lot of low-resource anti-spyware apps. SpywareTerminator has a HIPS and real-time scanning, as well as scheduled, and automatic updates. Spybot Search & Destroy has scheduled scanning, and I think can be set for auto updates. Some other handy apps are SpywareGuard (real-time only, no scanning) and SpywareBlaster (helps protect browsing/browsers). EMSISoft has a-squared antimalware free; a strong on-demand malware scanner (virus, trojan, etc). No scheduling, no auto-updates.

For anti-spam, I actually use a product called SpamAware. It has an updated blacklist, and you also get to build both whitelists and and blacklists based on personal requirements. Seems to me to be very light, very easy to use.

I tried Comodo’s antispam product, which uses a challenge/response methodology to completely eliminate spam, but it wouldn’t work for my email servers, for the login requirements they have.

Comodo also has a neat application called Verification Engine, that works with your browser. It runs silently in the background, and will give you a highlighted border when a website’s identify (based on certificates) is verified. Thus you know that the site is indeed what it says it is.

That oughta give you something to chew on a bit. Got questions?

LM

Thanx. Time to do a bit of homework. At the moment I’ve got McAfee running - all but the firewall and privacy service - with Comodo. There’s no way I want to go back to the McAfee firewall even though I’ve paid for it. Although the McAfee security suite does not realize that there is a firewall in operation. Apparently too dumb to recognize Comodo.

And I finally found out how to avoid the McAfee proxy service, which turned out to be the problem with stalling websites. The trick is to stop the McAfee redirector service, which is what diverts applications to use the proxy.

DN