Jump to content


Photo

Ditch ZAP & Use Router Only


  • Please log in to reply
9 replies to this topic

#1 minnetonka.cje

minnetonka.cje

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 20 August 2005 - 09:04 AM

I just took my computer in to a network engineer at work to have the bios updated. He told me I had too many antispyware programs and a better way would be to ditch ZAP, and just use a hardwired router with a firewall (such as Linksys BEFSX41). He said that if I went to Shields Up, I would see that my computer is still completely stealthed.

He said that IE is now safer than Netscape which doesn't release patches (my default browser) and Firefox (installed, but only use occasionally).

I have been very happy with CounterSpy running with ZAP, although I seem to have more and more problems with ZAP and see that even CheckPoint doesn't recommend the newest update to 6.xxx yet (buggy). I can't access sites (like this) unless I add them to the "Trusted Sites" within the ID Vault or turn ZAP off.

I always thought the best solution would be to run BOTH a router and software-based firewall. Do the newer routers have equivelent quality firewalls now?

On the SpywareInfo recommended software for firewalls, I no longer see Zone Alarm . . . is there a reason for this?

I also don't like using IE--partly because I perceive it to be less secure and I also like the tabbed browsing in Netscape and Firefox.

Your recommendations and/or opinions would be greatly appreciated.

(XP Pro w/ all updates installed, ZAP, CounterSpy, Spy Sweeper, Trojan Hunter Scanner, Spyware Doctor, Spyware Blaster w/ auto update, Spybot, AVG Free, CW Shredder, Registry First Aid)

#2 wreck

wreck

    Always Learning!

  • Full Member
  • PipPipPipPip
  • 285 posts

Posted 20 August 2005 - 10:05 AM

It's always touchy to recommend anything here but Firefox, but an alternative is Maxthon browser. Safer than IE (but runs on IE shell) and features "tabbed browsing.") A good firewall that is light on resources in Kerio (version 2.1.5). A router will serve as an excellent hardware firewall, an additional software firewall will prevent "outbound" "phoning home" .
"It's not the size of the dog in the fight -- it's the size of the fight in the dog."

#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 20 August 2005 - 10:23 AM

You still need the software firewall. Most of what is advertised today as a "hardware firewall" really aren't full deatured firewalls. Unless they have programable rules for both incoming and outgoing traffic, I would not consider them a firewall, but simply a NAT router, possibly with some extra features. A NAT router will only check incoming data. If you were to become infected with malware, which then tried to access the internet to look for other systems to infect, or to call back to a central server, possibly with your personal data, if you only had the router, you would not be protected. A rules based software firewall, if properly configured, would alert you that a non-authorized program was attempting to access the internet, and allow you to decide what action to take. Even if I had a real hardware firewall like a Zyxel or Sonicwall, I'd still want the software firewall.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 20 August 2005 - 10:36 AM

Based on your list of software, I would continue to use ZoneAlarm for your firewall, AVG Free for your antivirus, and TrojanHunter for your anti-trojan scanner (I also use TrojanHunter, but if I was to buy a trojan scanner today it would be Ewido). For the spyware prevention, I would keep Sunbelt Software's CounterSpy, and dump Spyware Sweeper and Spyware Doctor as unneccessary duplication. I would add two other items though. I would add a good HOSTS file, like MVPS HOSTS File, to prevent communications with sites known to be associated with malware, and IE-SPYAD to add bad sites to your Internet Restricted Zone. The HOSTS file and IE-SPYAD do not run resident, so they should not conflict with anything or consume any significant resources. I would use Ad-Aware and Spybot S&D as on-demand scanners. I would not consider CWShredder a prevention tool, but a tool to use to fix some infections when needed.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,521 posts

Posted 20 August 2005 - 10:58 AM

I would not "dump" the extra anti-spyware programs so much as turn them off and keep them as backup... If you run 2 programs that serve the same function in a resident mode, they can conflict with each other...

As for your network engineer... My experience has been that most professional IT people know very little about security on a home computer... The solution to a spyware problem where I work is to wipe the drive and install a new image... They don't even begin to try to actually find and kill the problem... They provide some network protection, but the individual user on the network is on his/her own and is generally not able to make choices about browsers or protection programs...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 minnetonka.cje

minnetonka.cje

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 20 August 2005 - 11:53 AM

Thank you for all the good advice! I have never seen any recommendations for a router only and will stay with a combination of the two.

I did have IE-SPYAD on my old computer, but forgot to put it on this new one--appreciate the reminder and will try MVPS Hosts File.

I got a great laugh about wiping the image and install a new image! Exacta-mungo where I work too!

I'm still wondering about what's happening with ZAP--that is to say, if Kerio's protection is as highly rated as ZAP, I would gladly consider switching. I do not believe that XPs built-in firewall can compare, but after using ZAP for 7-8 years with no trouble, it's been more and more troublesome in the last year or so. Everytime I write on the ZA forum about problems accessing websites or programs loading or downloading, I'm told to wipe out the whole thing and reinstall.

Do you consider Shields Up to be the best test site for protection/stealth testing?

My own opinion on Firefox is that even with vulnerabilities showing up more often, they seem to put out the updates more quickly. Would you agree that Netscape should be retired?

Thanks again--I'm going to only run Counterspy and a firewall. I was told to keep AVG running, but would rather keep the minimum and run the others once a week or as needed.

As for a router, do you think it matters whether it has an "SPI" firewall (i.e, not just a "NAT)? We just have one computer and I'd like to minimize conflicts as much as possible.

#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 20 August 2005 - 12:36 PM

I really would keep AVG running. You really do need an antivirus program running, and are at risk without one.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,521 posts

Posted 20 August 2005 - 01:16 PM

As TheJoker said... DO NOT run without a resident antivirus... You will be infected and you may end up with 8 years of trying to clear up identity theft issues... The antivirus will not conflict with other programs most of the time...

As for ZAP... I used to use it and even went out and bought the retail version... It quickly screwed up my system and I eventually completely removed it after some totally useless encounters with what may be the worst technical support available on the web... It is bloated when installed and it has probably become more bloated over time... If you want to use it, you probably do need to completely uninstall it and then reinstall a fresh copy... Unfortunately, uninstalling it is no picnic either...

Kerio is what I am using now and it works well... It has a simple mode for those who don't want to mess with it and a more advanced mode if you want more control... Sygate is also good, but it was just bought by Symantec, so it is not likely to be free much longer and it will probably end up bloated too...

I am in the Twin Cities too, so we may even have the same employer...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#9 minnetonka.cje

minnetonka.cje

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 12 September 2005 - 12:00 AM

As for ZAP... I used to use it and even went out and bought the retail version... It quickly screwed up my system and I eventually completely removed it after some totally useless encounters with what may be the worst technical support available on the web... It is bloated when installed and it has probably become more bloated over time... If you want to use it, you probably do need to completely uninstall it and then reinstall a fresh copy... Unfortunately, uninstalling it is no picnic either...

Kerio is what I am using now and it works well... It has a simple mode for those who don't want to mess with it and a more advanced mode if you want more control...  Sygate is also good, but it was just bought by Symantec, so it is not likely to be free much longer and it will probably end up bloated too...

I am in the Twin Cities too, so we may even have the same employer...

View Post


Oh Great! I spent a good afternoon making sure all traces of ZAP (it was good once-upon-a-time) and installed Kerio. I love it and was ready to purchase when the news came out that it's going to be discontinued as of 12-2005 w/ support until 12-2006.

Kerio's recommendation is Tiny Firewall. I'll check it out and I've noted that many SWI members seem to be using it. Seems a shame, though.

#10 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 13 September 2005 - 10:00 PM

It's always touchy to recommend anything here but Firefox, but an alternative is Maxthon browser. Safer than IE (but runs on IE shell) and features "tabbed browsing.")

View Post


The reason why it's touchy is because the claim of Maxthon being safer is largely untrue.

Sure Maxthon does make it easier to turn on and off activex, but that's largely a GUI feature, since IE can be locked down as well as Maxthon.

Sure, once a long time ago, Bloodchen added some filtering ability for a certain exploit a few days AFTER an exploit was announced and before MS released a patch, but that was strictly one off and not to be counted on. You could do the same with Prxomitron for example.

Sure, because of tab browsing which IE lacks, Maxthon behaves differently in respect to handling links so occasionally but not always phishing exploits for IE fail, but the same thing can be said of people running firefox with extensions that change tab browser functionality.

But when it comes to the main threat, IE exploits that cause remote autoexecution of arbitary code, Maxthon is as unsafe as IE.

Okay wreck?
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.





Member of UNITE
Support SpywareInfo Forum - click the button