Sunbeltblog comments
Alex, the spam tool that I rely upon is Mailwasher Pro. I think it is exceptional.
Catherine
Kerio Personal Firewall is my firewall of choice, and has been for a good year or so.
I recently bought it and AVG Pro in a bundle, saving about £11 IIRC. Definitely a good deal IMO.
Is the Windows Firewall at all useful/functional? How does it compare to ZoneAlarm et al?
I'm a big fan of the free SpywareBlaster. No IE user should be without it. For a small charge, you can have it auto-update itself, the free version requires manual updates.
By the way: The Windows firewall is terrible when compared to the free ZoneAlarm product. Can't hold a candle. It's better than nothing though.
I think that honerable mention should also be given in the area of antiphishing tools to the Netcraft tool bar (http://www.netcraft.com/). It works with both IE and FireFox and is free.
I have been impressed with it in the short time that i have been evaluating it. It has stopped everything I have thrown at it so far.
Couple of comments to the comments:
Ed, regarding Netcraft: I played with it when it first came out, and was not impressed. However, if it's gotten better, good. I personally like the ones I've listed.
Sidewinder: The Windows firewall is inbound only. A firewall like Zone Alarm will give you inbound and outbound protection. The Windows firewall will have outbound protection in Windows Vista as well as OneCare (the new Microsoft antivirus program). For now, stick with Zone Alarm or Sygate's free offerings.
Alex Eckelberry
Firewall follow-up: The free ZoneAlarm firewall also warns you when a program requests server rights, something the Windows firewall does not. And too, it protects itself from attack by malware on your computer, which the Windows FW does not.
Perhaps its biggest advantage though is simplicity. When it prompts the user or asks a question, it is pretty easy to understand the situation. Other firewalls can be brutally obtuse and confusing when communicating with the user. For one thing, ZA never bugs the user about ports.
I'd definitely include ALWIL's free avast! Home Edition AV package among the recommended antivirus products. Not only is it a terrific AV tool that's completely free-of-charge to home users, but it includes built-in modules that protect against IM viruses and which afford firewall-like protections against worms.
Excellent summary, Alex. I appreciate your openness and candor, and would have written something similar four months ago. It's great info for those who want to manage their own security for the least cost, without regard to the time it takes.
What I find as I visit user groups is that there is a healthy share of people out there (I'm one of them) who recognize all of the hidden costs of free software and trying to be your own security expert. So I signed up for a $15/month service that includes your 4 pillars (corporate-grade editions) and unlimited tech support. I've never felt safer, and not having to spend all the time it takes being your own security expert is far more liberating than I thought it would be.
The enterprise / corporate-grade software they use are:
- Sophos Anti-Virus
- Pest Patrol Enterprise Edition
- Kerio Firewall
- Big Fix updates and alerts
What's best, and what you're paying the most for, is the unlimited phone support - which is excellent. Just like yours. 
Keep up the good work protecting people from the bad guys out there...
One tool you missed in the list is PGP. It's something everyone should have on their computer -- and know how to use!
I leave programs like PGP to the .002% of the population that can actually understand how to use them.
Alex,
Very nice!
Thanks a ton...
This site here:
http://www.thezjooj.is-a-geek.co...asp?TID=20&
PN=1
Has a really nice feed as well on spyware apps that I would think compliments yours.
Regards,
Dale
You forgot two more freebies, both easy to use, different functions:
1. WinPatrol
http://www.winpatrol.com
2. IE-Spyad
https://netfiles.uiuc.edu/ehowes/...ww/
resource.htm
PGP is way to complex for most users not to mention messy. X.509 is much easier to use, and if you we could get users to USE them and sites to accept them (see how the USPS EPM site does this at www.uspsepm.com ) then it would eliminate the risk of phishing sites because the a client cert login doesn't hand off anything useful to an attacker.
Smartcards are the only safe way to hold your PGP and X.509 keysets.
Enough of that rant.
The windows firewall doesn't give you anywhere near the control of ZoneAlarm.
AVG only caught one third of the EICAR email tests from http://www.webmail.us/testvirus
enough said about their antivirus, though the Antivirus included with ZoneAlarm Pro does similarly poorly.
Congratulations are in order for CounterSpy. This week I was handed a machine and asked to fix it, 3 other antispyware tools found other spyware on this machine and were able to clean some of it only CounterSpy got everything.
Spybot said the machine was clean.
Trend Micro's "House Call" found 30 spyware programs.
Microsofts Antispyware found 10 additional.
CounterSpy found an additional 7.
I couldn't find anthing more than what Counterspy found with any other tool .
For a personal rant, I have seen that certain companies do extraordinarily well at certian things, CounterSpy excels at Anti-spyware, ZoneAlarm for firewalls, and I have lots of stories about other antivirus products so I really like PC-Cillin from TrendMicro. But Trend and ZoneLabs and many other companies insist on rolling their own rather than letting the user choose, or packaging tools together, and making them interoperable. McAfee seems to have the closest thing to a worthwhile "complete" package, at least in my experience.
I'm a big fan of AV-Test, an independent lab that tests many antivirus products on both effectiveness and responsiveness to outbreaks.
http://www.av-test.org/
I have been using Pand's Software as anti-virus and now with their firewall. I have run test at online sites and I have passed all and was asked a couple of times what I was running. I was like a blck hole to them and my system did not respond to threats, just blocked them. Am very satisfied with Panda.
I switched to Firefox some months ago. Problem is that it takes up to two minutes for either Firefox or Thunderbird to appear on screen. Is this normal? Is there any way to speed things up? Ta Ta.
I have seen Firefox take a long time to load, this problems was quickly solved by adding memory. If your machine is not memory contrained, Firefox will load much faster than IE.
Very good list Alex. I would add http://Ewido.net to you list of av programs. has a free 30 day trial. It is very good at removing quoologic infections (coolwebsearch).
thanks and keep up the good fight!
For Anti Spam, try the Outlook plugin for SpamBayes. Works very well, I feel and is OpenSource.
I have used Registry Healer as a way of maintaining peak performance and undoing any damage that may have been inflicted by unwanted spyware etc...
It is free, but the free version is a pain to use. A subscription makes it very functional. I don't know enough about software to confirm this, but my sense is that it is helpful to keep the Windows registry cleaned-up and efficient. I have used it regularly for a couple of years, have always allowed the recommended changes and have never had a problem.
Alex,
You mention Kaspersky AV and Kerio Firewall.
Do you have any info on CyberScrub's offering @ $40 for 5 years all upgrades included free, $40 thats the lot.They state that their AV uses the Kaspersky engine and throw in Kerio for free.
Martin
I'll check into it.
Alex,
Thanks for the excellent advice. I often help people who have computers that still run 9x. I would like to see a link to a list of security measures just for the 9x users. A person looking at the current list needs to check each application's system requirements. Also, any recommended toolbar should specify whether it is compatible with all browsers or only for IE.
Thanks for this refreshingly intelligent and therefore honest information from one of the major players in the security industry. This is especially interesting because so far the industry's "information" has almost exclusively consisted of mostly dishonest distortion of the truth to create panic and willing buyers. On the basis of this article alone, i sincerely wish your company the best financial success in the
industry. It's no coincidence that Eric Howes, one of the best, most
intelligent, and most honest spyware researchers, joined your company.
Brains and honesty are always better business policies than letting the
marketing department take over the company as at McAfee, Norton, and
Microsoft. http://web.archive.org/web/20050...m?id=242&
page=4
http://vmyths.com/resource.cfm_i...d=31&
page=1.htm
http://vmyths.com/rant.cfm_id=24...=247&
page=4.htm
http://vmyths.com/resource.cfm_i...d=82&
page=1.htm
But i've got some criticism and questions too. Why is the default setting of Kerio not a real firewall?! It allows all outgoing traffic! http://www.pcmag.com/article2/
0,...,1864607,00.asp It's dishonest to peddle something that in its default install isn't better than XP's pseudo-firewall and then having it turn that off. Looks like a scam to get people to pay for the "full" version by having them first install an easy version that asks no questions because it also doesn't protect you. Unfortunately, the uncomfortable truth about firewalls, which is also covered up even by the entire media, is that there still are no easy to use and intelligently made firewalls available.
Also, after enabling Kerio's "application behavior" blocking, i was *not* alerted to nor asked about the GRC leaktest! I had to reinstall Kerio to make it "wake up". Looks like a serious bug. I'll admit that Kerio's questions in advanced mode are less geeky than Sygate's, but there were at least two that most people would not have known how to answer. And i didn't know how to answer the incoming connection alert question for Generic Host Process; i know it's connected with Windows Update, but what should one do when it's from an unknown IP address?!
All firewalls still ask stupid questions, i.e. geeky stuff that the user should not have to know and that the programmers are too lazy or stupid
to automate. Well, even most IT journalists are probably too clueless to know such a basic truth, so one can't say the entire media covers this
up purposely, but there are some journalists who should know better than to lament and wonder about the fact that most people still don't have a firewall.
Ekhart,
You bring up a very good point. Keep in mind that the Kerio in "Simple mode" does do more than just inbound protection, but I agree, people should have both inbound and outbound protection. We do ask the user which they would like during setup, but perhaps we need to make it clearer that the "Simple mode" does not provide outbound protection.
As you know, software firewalls can be maddening in the amount of "scary" questions and alerts they provide. The Simple mode gets people using the firewall, and then they can switch to the more advanced modes later.
One of the more pressing issues with any software firewall is the fact that too much information is presented to the user. You have firewalls warning of a connection by SVCHOST, for example -- it may be completely innocuous. We would like that to be one of our concentrations -- making the Kerio firewall much more user friendly in this regard.
Thanks for the good comments and the kind words.
Alex
Thanks for your quick answer! Many readers however won't find it and all the other important info here due to the erroneous comment count of zero at the bottom of the article.
Thanks for the promise to warn users in the future that they don't get outbound protection in "Simple" mode. It's not a question of needing to "make it clearer that the "Simple mode" does not provide outbound protection." Right now, there is no hint at all to that effect. (There are also grammar errors and references to "advanced mode" although that doesn't exist in the UI, i.e. the kind of things that make an excellent product look flimsy).
The default (preselected) mode in the setup program is the first of the following two, as you know:
"Simple (No Popup mode):
This is a typical setting for most users. By default, firewall (=> the f) won't ask you for anything. You can switch to advanced mode later." (difficult to find because not called that)
Advanced (Learning mode):
This setting provides more security and flexibility for advanced users. Firewall (=>The f) will ask you about unknown network traffic and launching unknown applications."
What do you mean with "Kerio in 'Simple mode' does do more than just inbound protection"? What else besides outbound protection, which it doesn't do, is there? Are you saying that Kerio in simple mode does more than the XP "firewall"?
Even if Kerio does more than just inbound protection, it's not a real firewall if it doesn't provide outbound control. And very few users are going to switch later to advanced mode. So your claim "the Simple mode gets people using the firewall" is not true; it gets them to use a one-way firewall that is not much better than what the XP "firewall" it's replacing. Since many think Kerio is much better, they even pay for it in simple mode, which makes the whole thing a hopefully unintentional scam. This is especially true since support was dropped for older Windows versions, which don't have even a one-way firewall.
Thanks also for the promise to make Kerio more user friendly. You didn't answer my implied question about why the advanced mode doesn't know what to do with an incoming connection attempt with Generic Host Process nor my direct question about what the user is supposed to answer. Is it necessary to allow this to not block automatic Windows updates? Does the fact that the firewall in advanced mode doesn't automatically know what to mean that in simple mode it perhaps blocks automatic updates or allows access to bots and hackers?
And the complicated method required to unblock file sharing on the local network described here
http://www.pcmag.com/article2/
0,...,1864607,00.asp
is a bad joke in terms of user friendliness compared to Sygate and ZoneAlarm where one only needs to add one check mark.
BTW considering that the only change in the newest version seems to have been the rebranding as Sunbelt, somebody was pretty sloppy. The restricted version announcement has the wrong URL for getting people to buy the full version 
www.kerio.com
Ekhart, the simple version defaults with HIPS and NIPS functionality and more. So it's not completely just an inbound firewall.
Good points, I'll get them to development.
Alex
Hi Alex,
I am missing one very important point in "the Four Pillars of Internet Security" as you call it.
For all windows 2k & XP users here:
shut down all services not needed.
How? Where?
--> Configuring NT-services much more secure:
http://www.ntsvcfg.de/ntsvcfg_eng.html
Antonio, I would put that in the area of "additional security measures" -- not the core 4 pillars of security. Thanks for the note.
Alex
Poke! update the bit about firewalls :-p
Sygate personal is discontinued, and you own kiero-firewall now, which would probably be worth mentioning -- people are already going to be suspiciouse of product reccomendations from an antispyware-vendor, and if you reccomend your own product without mentioning that it's your own, they may distrust all of the advice in the article.
speaking of which -- kudos on what is, afaict, a pretty unbiased set of reccomendations.
Dak -- fixed that, thanks. It's an old article and I don't always update it regularly.
Very useful, I know a few people who will benefit from reading that. Two more to add to the list; Mozilla Thunderbird for email and spam-filtering - and if Outlook Express is the only option a POP3 only spamfilter called K9 - small but powerful, from www.kier.net
Glad I clicked on comments otherwise I'd not have seen the other..er..comments and useful information. Especially the regarding Kerio in Simple mode.
Just wanted to thank you for the list Alex
Been using most of the software for years. What I think most people should realise though, is that security on the cheap is good for "protection and prevention"...but not so good at clean ups (eg AVG is not so good at disinfecting as some of the big boys, detection rates are okay).
So if you already have problems all over your machine, then you need to download the free trials of some of the major programs out there (Kav/NOD)/(Counterspy/Spysweeper) etc to clean your system, and THEN apply the principles from security on the cheap.
And how anyone can get junk/viruses on the machine if they are surfing with Firefox with Noscripts extension, and don't fileshare I don't know. For that matter, even IE is not that bad, if used in conjunction with Site Advisor...
On the other hand if your out there, filesharing and the like, all the security in the world won't be enough - your going to get lots of problems a lot of the time. Maybe that should be one of your security tips - Don't use file sharing programs and don't go looking for cracks/hacks/porn in IE.
Or does that rule out pretty much everyone's internet useage?
I have to disagree about multiple profiles. While good in theory, if your computer does get infected, you are going to have a harder time cleaning it. I disinfect PCs all the time and those who have four or five profiles are the WORST. At an hourly rate, a format and reinstall usually comes out better.
Another thing I advocate is to use a DOS version of F-Prot or McAfee (NOTE: I HATE Windows based Mcafee anything) in conjunction NTFS DOS Pro. There is only so much you can do if Windoze is running. This is for disinfection not for maintenance.
You should consider looking into SUPERAntiSpyware, much superior to Ad-Aware and Spybot. There is a free version available.
Has anyone tried SPYWARE TERMINATOR?
It is free anti-virus and sywware.It
looks good BUT I HAVE DOUBTS. Let me
Know please. Bill Mattila
You might also want to consider K9 at http://www.k9webprotection.com for protecting your kids fro free.
Hi Alex
I'm surprised that the artist formaly known as "ewido" now AVG7.5 free ASW and SAS free did not get a lookin on the free botkillers....
Agread with your sentiments on SpyBot effectiveness as a cleaner although it dose contain tools/functions that the other softwares lack.
(for now)Adaware is losing ground all the time on the recent evo's of malware,no UPX unpack,no kernel hook equates to be being p4wned against the more unpleasent/deeply rooted infections(Their support forums bare testiment to that fact,SOS get combofix,warefix or SmitRem into do the job!)
That said great article and BTW congrats on your software,hardly seen it mentioned in the HJT logs on infected 'puters.So you and the team are definetly getting things right :D
Thanks fcukdat, I'll look at some revisions in the next few weeks. This article gets revised constantly.
Hi Alex,sorry i forgot to include this in previous comment with reference to free antirootkit tools.
Have you or the lab had a play with RootKit Unhooker recently ?
http://www.rku.xell.ru/?l=e&a=main
I've been utilizing it for the last 2 months of its evolution and it is IMO the pick of the bunch available at the moment.
On top of its sucess vs most known mal related rootkits its one of the few free tools that can detect the presence and effectively clean Rustock A or B out of its ADS hiding hole
Good stuff, thanks.
EXCELLENT! Post you cover a lot of information there, I'm in the autosurf world and we're always been hit by hackers and all kinds of security risks, I got you for sure in my bookmarks, keep up the good work.
I don't agree with the stuff written in this post.
Accordingly to Sunbelt's own site in the CounteSpy page, Spybot Search and Destroy and Lavasoft Ad-aware no longer do the job as they were supposed to. The same is mentioned on the post, I wonder why?
After seeing such a statement and affirmation, I decided to make some tests and guess what? CounterSpy didn't detect nothing, and neither did Spybot or Ad-aware. What does that mean? Is CounterSpy a bad product such as Spybot and Ad-ware? Or both spybot and ad-ware are great free products at the same level as CounterSpy? I leave that answer to Sunbelt.
For home protection there is no need to buy any product, as there are great free products that do the job at the same level as paid products.
I am a freelancer security consultant and I perform tests between free and paid products for my costumers, and I advise them to get free stuff because using such tools with GOOD SENSE, they will have a secure system. Of course there ain't no 100% secure system. But that applies to both free and paid products.
Bottom line: Why pay when you can get free products at the same level as the paid ones?
Of course companies that develope software and sells it, will say that free software/freeware sucks big time. But that's what they're suppose to do. Or would they make such software and require payment, and then state: Oh, please, do not buy our stuff as there are free products as good as ours, which by the way are paid.
See my point?
Soultrain, I was one of the first security bloggers to push for using free -- see
http://sunbeltblog.blogspot.com/...y-on-
cheap.html
I have no problems with free. I encourage it. But a false sense of security is a different story.
See:
http://reviews.cnet.com/4520-368...l?
tag=cnetfd.mt
http://reviews.cnet.com/security...7-
32367867.html
http://www.pcmag.com/article2/
0,...,2261257,00.asp
Other reviews here:
http://www.firewallguide.com/spyware.htm
Don't get me wrong -- I like Kolla father and son team, and I like the folks at Lavasoft. I don't care if someone doesn't buy CounterSpy. But I do care if someone relies on a product that's simply not up to current standards of detection and remediation. This goes for Windows Defender as well.
In the end, however, the days of the dedicated antispyware product are on their way out. Things are moving toward combined antispyware + antivirus products.
With so many names now available, it seems they are all rebrands of the major software... not sure what you end up buying.
Don't forget about 3rd party apps. Adobe Flash Player, Acrobat Reader, Quicktime, Java, Real Player, and of course the MS Office updates. The free Secunia Personal Software Inspector at secunia.com for personal use, is a very valuable app to show you which 3rd party apps are out of date. There is an online version that detects less but doesn't have a home-only license. SO many systems have been pwned due to vulnerable 3rd party apps, which often are slower to update and are more lax on security. Think about the Gumblar malware, and think about the Advanced Pack malware, exploiting (among other things) flash player and acrobat reader with heapspray techniques and more. Update everything, not just the OS!
Commenting by HaloScan
