My subscription is up in 10 days for my Norton Internet Security and Antivirus. Instead of renewing, I'm thinking about trying something else.

What's out there that has good support and is user friendly?

www.avast.com - better than Norton IMHO and also has Internet Shielding, in the form of differernt secutity "providers" (little portions of the program that specialise in protecting you from attacks via email, web browser AND Instant Messenger).

It's free for home use and auto updates itself.

HIGHLY RECOMMENDED.

For antivirus I'm a diehard fan of F-Prot antivirus. It has a miniscule footprint, no-frills interface, and is religiously updated (automatically, if chosen of course).

www.f-prot.com

I feel an urge to recommend linux, here. But I won't.

For FireWall , ZoneAlarm is awesome and free ;) http://www.zonelabs.com/
For Antivirus, AntiVirXp is great to and o its completely free :D http://www.free-av.com/

Slight note on this... You can still get virus definition updates for NAV... The only thing that happens when the subscription expires is you can't use auto-update (though when I did a comp re-install on the last version I owned it re-started the clock for 1 year and didn't check the servers to see if I previously registered it) :lol:

But you can still go to their webpage and download the virus definition update manually. After downloading the .exe file to your HD (or opening it from link in IE) you can apply it as such. The webpage

http://securityresponse.symantec.com/avcenter/defs.download.html

I switched to McAffee last year, but it was only due to the fact I don't like software activation, and Symantec was picking up activation in the version that came out. I didn't have complaints with the software version I was using prior to then however...

This had allowed me to update the software without purchasing subscriptions however. As to updating manually, eh...an auto-updated isn't that important to me. Just make sure to check the site for updates somewhat routinely.

I'm actually pretty sure that even the manually-downloaded updates check the status of your subscription now.

no all you have to do is uninstall it and reinstall it and it works again......

I don't like AV or soft firewalls they slow my comp down too much. I would prefer to use a router with a built in firewall and not download anything executable.

Both my firewall and AV are 100% and have been using them for a few years now.

Kerio firewall (http://www.kerio.com/kpf_home.html) (note has a 30day trial period, after which some features are lost, like ad blocker, and internet sharing)

AVG free anti virus (http://free.grisoft.com/freeweb.php/doc/2/)

Using AVG and Sygate Personal Firewall (http://smb.sygate.com/download_buy.htm). Both are free, low on system resources and are simple to use (or at least you know why something works the way it does). I've also used Kerio PF in the past without any problems.

People seem to have problems with ZoneAlarm. It seems to interfere with a lot of internet programs and can be very difficult to completely uninstall from your system.

I like the latest Sygate Firewall. I used to love Kerio until they changed the interface. ZoneAlarm Pro is fine, and you best add a few custom rules to it, like blocking all ports for incoming TCP. That command alone will limit many hacks. If you aren't running a server no outside comps need to be making incoming TCP hook ups. As far as ICMP goes echo reply and request are fine when limited correctly. I would also prohibit "other ICMP" outgoing in ZA Pro.

Thanks for all of the advice. I want to switch from Norton because I'm having some weird conflict with another program and it randomly blocks IE and msnmsgr from accessing the 'net. I know, I plan on using Firefox once I reload my computer sometime in the near future.

I like the latest Sygate Firewall. I used to love Kerio until they changed the interface. ZoneAlarm Pro is fine, and you best add a few custom rules to it, like blocking all ports for incoming TCP. That command alone will limit many hacks. If you aren't running a server no outside comps need to be making incoming TCP hook ups. As far as ICMP goes echo reply and request are fine when limited correctly. I would also prohibit "other ICMP" outgoing in ZA Pro.

Malf I'm sorry to say it bro, but while the theory is sound in application it will not be correct. A variety of services, including Windows Update, IRC's identd, BitTorrent and almost any other P2P filesharing app will not work correctly if you make a 'blanket block all incoming TCP" rule. However, should you add rules to open or forward those ports AFTER your block all incoming TCP rule in your router/ZA/any other firewall you will be fine.

Also, the free version of ZA does not have granular TCP/UDP packet control. Therefore you can't make a 'BLOCK INCOMING TCP' rule in. There is no facility.

The best combination I have found is a decent router/modem with built in NAT and 'port stealthing' for INCOMING TRAFFIC and a local software firewall for OUTGOING TRAFFIC.

NAT refers to Network Address Translation - basically this allow you to have LOCAL NETWORK of PC's access the internet via ONE IP address as assigned by the ISP. As a function of NAT it uses what is known as a look up table to define valid traffic. If any traffic comes into the LOCAL NETWORK from the Internet that was not originated from the the LOCAL NETWORK, then it is automatically dropped. These makes it mauch harder (some might downright impossible) for people to SPOOF you (fool your firewall/router that they are part of your local network).

The second feature, Port Stealthing, is a clever little technology developed by Israeli's back in the very early 90s. Basically it extended ROUTER functionality with the ability to anonymously "drop" a packet. Let me explain this.

Back in the day, routers (pre firewall) either did one of two things with network traffic, they either allowed it through (ACCEPT/ACK) or rejected it (NO ACCEPT/NACK). This presented a problem when hacking started to become more widespread, as Routers would continually announce thier LOCATION (IP address/Segment) as they rejected packets. That means that if a hacker tried to get into a site (that was supposed to be protected) he could PORT SCAN that IP Segment and any machines not accepting his traffic would send a reject notice or NACK back to his machine.

By being able to allow the ROUTER to anonymously drop the packets, any machines not accepting the traffic from the PORT SCAN would just basically not respond at all, as far as the hacker is concerned and now those machines that were previously visible via the NACK messages they sent back when they REJECTED the hacker's traffic, now remain almost totally invisible.

Now if we were running simpler operating systems that would be all we would need (in the main in terms of generic PC usage), but due to the fact that our current OS's ARE complex beasts they have many inbuilt vulnerabilities that a hacker could take advantage of when trying to compromise your system. You'll note that Windows Update often has very small fixes available for download, especially in light of recent occurences. Most (if not all) of these smaller updates are MS trying to patch against many of these vulnerabilities. Most Windows NT based vulnerabilities stem from Buffer Overflow/Overrun attacks. This is where the hacker will continually try to access a resource (say an IIS Web Server) on a specific port that will eventually cause a portion of either the software and/or the host operating to not respond, eventually causing the relevant security module to fall over and allow the hacker in. One of the most common of these is when people are FLOODED off IRC. Basically one IRC user sends another IRC user a very large stream of text, this causes the text parsing portion of mIRC to be kept too busy, so that the IP portion of the app no longer sends responding pings or IRC traffic to the server, so the server drops the attacked machine.

For the home user, a personal firewall will prevent these types of attacks from becoming much more than just an occasional irritation (there will be times when the software firewall may not be patched or may just fail to work properly - IP traffic is complex and with ISP's now doing a lot more "packet shaping" certain cheaper personal firewalls just can't cope).

So there you have it. A good combination of a hardware NAT based router/modem with a decent Personal Firewall should set you straight.

As I mentioned before I heartily recommend Avast. It offers some personal firewall features (in the form of application specific "shields") over and above its excellenet AntiVirus features.

Kind Regards,

I agree, I've been using Avast for over a year now after my PC-Cillin 2000 expired, and I've got to you, its not a bad deal.

Also, the sound effects are hilarious, when they find a virus. There's this insanely loud beeping noise, and then a computerized voice says:

WARNING! Virus Detected. Your system is in immenent threat. Do not panic."

Or something like that. It's been a while since I heard it.

Hehe :) Yes,avast! does use sound for warnings,but it can be disabled as well.
That loud sound is actually a siren ;)

Right now i'm testing a long awaiting avast! 4.5 BETA and i must say it looks even better than current official 4.1. Strong generic detections updated few days ago have dramatically increased trojan like malware detection,also thee will be updated unpacking engine in v4.5 and lots of other cool stuff. Update servers are always at max performance so you can expect small and fast automatic updates. And its free(and it will still be). An offer you can't refuse ;)

Yeah, I loved avast. I uninstalled it to try out Sophos but will be reinstalling avast. I didn't know there was a new beta around. Is it on their site?

Download is available on their forums under avast! 4.5 beta section (search for INTRODUCING: blablabla thread

Malf I'm sorry to say it bro, but while the theory is sound in application it will not be correct. A variety of services, including Windows Update, IRC's identd, BitTorrent and almost any other P2P filesharing app will not work correctly if you make a 'blanket block all incoming TCP" rule. However, should you add rules to open or forward those ports AFTER your block all incoming TCP rule in your router/ZA/any other firewall you will be fine.

Also, the free version of ZA does not have granular TCP/UDP packet control. Therefore you can't make a 'BLOCK INCOMING TCP' rule in. There is no facility.

The best combination I have found is a decent router/modem with built in NAT and 'port stealthing' for INCOMING TRAFFIC and a local software firewall for OUTGOING TRAFFIC.

NAT refers to Network Address Translation - basically this allow you to have LOCAL NETWORK of PC's access the internet via ONE IP address as assigned by the ISP. As a function of NAT it uses what is known as a look up table to define valid traffic. If any traffic comes into the LOCAL NETWORK from the Internet that was not originated from the the LOCAL NETWORK, then it is automatically dropped. These makes it mauch harder (some might downright impossible) for people to SPOOF you (fool your firewall/router that they are part of your local network).

The second feature, Port Stealthing, is a clever little technology developed by Israeli's back in the very early 90s. Basically it extended ROUTER functionality with the ability to anonymously "drop" a packet. Let me explain this.

Back in the day, routers (pre firewall) either did one of two things with network traffic, they either allowed it through (ACCEPT/ACK) or rejected it (NO ACCEPT/NACK). This presented a problem when hacking started to become more widespread, as Routers would continually announce thier LOCATION (IP address/Segment) as they rejected packets. That means that if a hacker tried to get into a site (that was supposed to be protected) he could PORT SCAN that IP Segment and any machines not accepting his traffic would send a reject notice or NACK back to his machine.

By being able to allow the ROUTER to anonymously drop the packets, any machines not accepting the traffic from the PORT SCAN would just basically not respond at all, as far as the hacker is concerned and now those machines that were previously visible via the NACK messages they sent back when they REJECTED the hacker's traffic, now remain almost totally invisible.

Now if we were running simpler operating systems that would be all we would need (in the main in terms of generic PC usage), but due to the fact that our current OS's ARE complex beasts they have many inbuilt vulnerabilities that a hacker could take advantage of when trying to compromise your system. You'll note that Windows Update often has very small fixes available for download, especially in light of recent occurences. Most (if not all) of these smaller updates are MS trying to patch against many of these vulnerabilities. Most Windows NT based vulnerabilities stem from Buffer Overflow/Overrun attacks. This is where the hacker will continually try to access a resource (say an IIS Web Server) on a specific port that will eventually cause a portion of either the software and/or the host operating to not respond, eventually causing the relevant security module to fall over and allow the hacker in. One of the most common of these is when people are FLOODED off IRC. Basically one IRC user sends another IRC user a very large stream of text, this causes the text parsing portion of mIRC to be kept too busy, so that the IP portion of the app no longer sends responding pings or IRC traffic to the server, so the server drops the attacked machine.

For the home user, a personal firewall will prevent these types of attacks from becoming much more than just an occasional irritation (there will be times when the software firewall may not be patched or may just fail to work properly - IP traffic is complex and with ISP's now doing a lot more "packet shaping" certain cheaper personal firewalls just can't cope).

So there you have it. A good combination of a hardware NAT based router/modem with a decent Personal Firewall should set you straight.

As I mentioned before I heartily recommend Avast. It offers some personal firewall features (in the form of application specific "shields") over and above its excellenet AntiVirus features.

Kind Regards,

I have zero problems set up as I am. Then again I have file sharing and such things turned off. I do not use them so the point for me is moot. Now ZA Pro allows you to set block incoming TCP 1-65, 535 for internet zone and local under custom settings if you so desire. If it works or not I am not sure. I haven't tested it.

You are certainly right though, if someone wants to use file sharing this would not be a good option to enable.

Here's a tight snip of how the rule looks in ZA Pro:

http://img79.exs.cx/img79/6779/zapro.jpg

I have the Sygate firewall as well and have used both. I am not sure which one I prefer.

I feel an urge to recommend linux, here. But I won't.
(foshiz)