About five years ago I installed the family version of Symantec's Norton Internet Security software on one of my PCs, rendering the machine unusable. Not only couldn't I get any access to the Internet, it was impossible to uninstall the program. I ended up having to reinstall the operating system and all my applications--except Norton Internet Security. At the time I said I would never again install a Symantec security program on any PC, but about a year ago I bought a PC that came with 90 days of Norton 360, and the program won me over. When the free trial period was over I even coughed up $80 for a year's subscription. Apart from the frequent nags about my need to back up (I prefer to use my own manual backup strategy), I'm happy with the Norton 360.
Now the other side of the coin: I've used CheckPoint's ZoneAlarm firewall--both the free and pro versions--for many years, and on many different PCs. The program would occasionally prevent a legitimate program from performing some operation, but on those rare instances I merely shut the firewall down long enough to complete the task, and then turned it back on. No problem.
Until this morning, that is. I spent four hours trying to update a Web site via ftp, only to be told that access to my ISP's ftp server was denied. I tried using the WS_FTP Pro ftp program, Windows Explorer, Firefox, and even a WYSIWYG Web editor, but nothing could get through to the server. I could access the remote system on another PC on my network, but I wanted to avoid having to move the files in question to that PC to complete the transfer. Just last week I had ftp'ed some files without a problem.
After several calls to my blameless ISP, a tech suggested that I uninstall ZoneAlarm. Not just shut it down (which I had already tried), but completely uninstall the app. This struck me as somewhat extreme, but after spending so much time trying to figure out the glitch, I thought it was worth a try. And what do you know: as soon as ZoneAlarm was off the system, I could access the ftp server without a hitch.
Customize your firewall's ftp access using these settings in the free Comodo Firewall Pro.
I suppose I could try to figure out why ZoneAlarm all of a sudden threw a monkey wrench into my server access, but it's quicker and simpler to rely on another free firewall. My ISP's tech guy said he trusted the firewall built into XP, which he claims Microsoft has improved tremendously. But its protection is one way: it doesn't monitor traffic from the PC to the Internet, just stuff inbound. Instead, I loaded the free Comodo Firewall Pro, which also scans your system for viruses, spyware, and other threats. Since I use a remote-access service to log into this PC while on the road, I chose to review requests for incoming connections rather than to block them automatically, which means I'll have to click through a few more pop-ups. But for me this is a small price to pay for the added convenience of remote access.
After you install the Comodo firewall it starts to train itself.
After you install the program and reboot, Comodo "learns" your system, running through the standard processes and services. It also learns as you open your browser and other network-connecting applications for the first time. Once its training is complete, you can click the Comodo icon in the system tray to view your blocked and allowed connections, as well as other traffic data. You also get a snapshot of your running applications, and your choice of five security and alert-frequency settings.
Get a snapshot of your system security on the Comodo Firewall Pro's summary page.
So what did my morning in tech-support hell teach me? First, that my ISP's tech support staff is worth their weight in gold (even if I did assume at first that it was all their fault). Second, that I'm glad there's a myriad of free options when it comes to PC security software. Third, that things change quickly in the computer world, and it doesn't pay to be glued to your assumptions. And fourth, if a program encounters a problem accessing the Internet, check for a conflict with your security software before you get on the horn to your ISP's tech support.
Tomorrow: tweak Windows XP for optimum performance.
Earlier I had a trilogy of postings about DropMyRights (Part 1, Part 2 and Part 3) that included the warning to run Microsoft Office applications in restricted mode in case a file (Word document, Excel spreadsheet, etc.) carried a virus or some other type of malicious software.
But what do you do if a Word document or Excel spreadsheet doesn't display or work properly when the application is run in restricted mode? A decision needs to be made whether to trust the file and open it in unrestricted mode.
If the file was sent to you by e-mail, you'll no doubt be tempted to judge it based on the person who sent the message. Don't.
For one thing, you can't trust that the reported sender of an e-mail message is the actual sender. It is trivially easy to forge the From address in an e-mail message. And even if the message really did come from the person in the From address, and you trust that person, you still should not assume the file is safe. The sender's computer could be infected with malicious software that sent the e-mail message on its own, without human involvement. But what if the trusted person actually sent the file on purpose? It still could be infected with malware without him or her knowing it.
What to do?
The safest thing, of course, is to delete the file. But if you want or need to use it, then I suggest using the Virus Total and/or Jotti Web sites. Each site lets you upload a file to be scanned by multiple antivirus programs.
The last time I used Virus Total, a free service from Hispasec Sistemas, it scanned my suspicious file with 29 different programs. The list included popular antivirus software from Symantec, Kaspersky and Clam, some less well-known products such as NOD32, Avast and Panda, and a host of products that I had never heard of such as DrWeb, Ikarus and TheHacker. That's the good news.
The bad news is that there probably won't be a consensus opinion. Each time I submitted something suspicious to Virus Total, the results were all over the map. For example, in this screenshot from July 10, you can see that 7 of the 29 programs felt the file was malicious. Democracy is great in other contexts, but here, I'd rather be safe than sorry.
I often joke about the reputation we analysts have for wild hyperbole and speculation but I also realize that some of this well deserved. For example, one frequent analyst diatribe is the "technology X is dead" rap. Point to some technology and become the industry beacon who foretells its demise. Someone resurrects this tired strategy every few years.
The latest version of this old analyst song is that "antivirus is dead." The theory states that new threats are simply too fast, stealthy, and targeted for tried-and-true antivirus software from vendors like McAfee, Symantec, and Trend Micro. After all, antivirus software operates on an a posteriori model where antivirus vendors find malicious code in the wild, develop software signature defenses, and then distribute these signatures to customers. The "antivirus is dead" crowd believes that this model can no longer keep up.
As a member of the brotherhood of industry analysts, I apologize to the world for this soundbite-focused oversimplification. Indeed, antivirus is not dead but like other security technologies its role has changed. Like other IT categories, client security depends upon a layered "defense in depth" model. There is still plenty of pedestrian malware out there that antivirus software is perfectly capable of addressing. Yes, there are other more ominous threats as well which is why desktop software vendors now provide intrusion prevention heuristics as part of their security suites. In other words, add another layer of protection to enhance security and protect against another type of threat. In its simplest form this description categorizes all security strategies.
Saying antivirus software is dead is like saying that airbags made seatbelts obsolete. In fact, airbags simply made seatbelts a part of an overall safety system and thus enhanced automotive safety.
Finally, can someone please introduce me to the analyst who proclaimed that "mainframes are dead" back in 1990 or so? Even after all of these years, I doubt that anyone would own up to such a ridiculous and wildly inaccurate assertion.
- prev
- 1
- next
