Rossian

Having sorted out my problems of a few days ago, I'm now re-assessing my needs in the subject field. I see there is an anti-malware element in Avast! Do I also need Malwarebytes, is it more comprhensive than the bit in Avast!? Should I put in a separate reg cleaner as I've loaded Ccleaner? Is Windows Defender a sufficient firewall? I don't want to load up the system with systems that spend most of their time checking each other. Any help/suggestions would be appreciated.
The Ancient Mariner

green granite

Eeeerrrrrrrrrr defender is not a firewall, to quote MS it's:

If you use a router then windows firewall is probably sufficient unless you visit some really bad sites.

Gertrude the Wombat

I don't run any of that crap, just gets in the way, causes crashes, and slows things down.

Stealth mode NAT router at the boundary, and don't visit porn or warez sites. That's all you need.

Oh, and an ISP who filters out email viruses on the server, I haven't seen one of those for years now.

Saab Dastard

And run as an ordinary user, not as an administrator or account with admin rights.

SD

Tarq57

You can have as many on-demand scanners (like the free version of MBAM) as you want. Some of them run a background service, but in general terms, except for when one of them actually is scanning, there is next to no resource usage.
Pretty good idea to have a couple of extra scanners on board, just in case you get something the AV doesn't deal with. And all the AV's can sometimes let something through. (New malware, or some kind of worm that disables the AV etc.)
At one time, while using AVG, it alerted me to a trojan but could not stop the trojan installing its cargo. Don't know why. This hasn't happened to me while using Avast, yet.
If you do get something nasty, you'll be glad you already have the demand scanners installed.

As stated, WD is not a firewall. Vista (like XP) has a built in firewall. There is an application I've read about that sounds pretty good, called Vista Firewall Control that is basically a user friendly GUI for the built in firewall, that gives you easier to manage control over anything attempting an outbound connection. To know what should be allowed to connect etc takes a bit of study, but it's not a bad idea. If an as-yet unknown trojan slips into your system, the firewall can be thought of as the last opportunity to prevent it phoning home, gathering reinforcements.
This isn't always bulletproof. I believe there are some types of malware that can inject themselves into a legitimate process, and the change isn't always recognized by the firewall, or if it prompts, by the user.

Avast Home has the same detection and cleaning ability as its paid for version. Includes antispyware (part of the AV engine, so it isn't a separate component), and an antirootkit scan that by default runs 8 minutes after startup. I also use Threatfire, a behaviour blocker, a 3rd party firewall (cause the Windows one doesn't control outbound in XP), a thingy called Secunia PSI, which monitors many many programs on the PC and compares the versions against its own database. Basically it makes sure you're patched. Windows and other programs. It's here.

Scanners etc are only of use to clean an infected system. A bit of prevention is wise. Set scripts in all (except, perhaps, trusted) zones of the browser to "prompt" or "disable". Better still, use a browser like Firefox, with the Noscript add-on installed, and you can see exactly what scripts are attempting to run on any web page.
An application like SpywareBlaster, by Javacool is good. Basically blocks known bad sites from connecting. Uses no resource; needs manual updating roughly every week.
I have installed far too many demand scanners and other tools. Doesn't matter; they don't run at start, and occupy a relatively small disk space. I like to play around with these things. It's become a bit of a hobby. I think for the average user, some kind of AV (Avast is great, IMO), a firewall, disabling scripting, and a demand scanner or two is probably quite adequate.

Lastly, with Avast running, the number of times another scanner has actually found a real threat on the PC over the last year, has been zero. Go figure.

Rossian

SD could you elaborate on your statement please.

I don't have a router far less a "stealth mode NAT router" whatever that is, just an ADSL modem.
The Ancient Mariner

Saab Dastard

The ADSL modem can often have a router / firewall built into it.

If you don't have a hardware firewall, you should. Especially one that allows you to connect multiple devices wirelessly or wired.

The router (filrewall) that sits between your cable / adsl modem and your PCs (it may also have a wireless network) must (by definition) be a NAT (network address translation) router.

This means that the router has a single public (routable on the internet) IP address on the "outside" and a private address range on the "inside" to allow multiple devices (your PCs) to connect to it and thence to the internet.

NAT on its own is a good first line of defence, Stealth Mode simply means that the router doesn't reply to incoming requests on closed ports - e.g. ICMP PING requests - originating from the internet, instead of simply rejecting them (i.e. negative response). It's not actually particularly helpful or necessary, and in the case of ICMP actually in contravention of Internet standard RFC 1122.

In addition to NAT, most home firewalls have 2 further levels of defence - port & address filtering and stateful packet inspection (SPI). The first simply means that certain TCP/UDP ports (that support certain services, e.g. Telnet, FTP) are blocked, and also that IP traffic to / from certain IP addresses is or can be blocked. SPI is useful because it helps to prevent "spoofed" packets (e.g. replies to IP packets you never sent) from fooling the system into allowing them through.

This is a VERY cursory skim over firewalls, btw! As you can imagine, it's quite a big topic!

Rule of least privilege!

There are 3 levels of user accounts in Windows XP, User, Power User and Administrator. Running as a standard user means that your account does not have any elevated (admin) privileges, so that when the trojan / virus comes along to try to install some nasty on your system it is unable to do so. If you were running as an admin or Power User, it would be able to install the malware.

In Vista, MS removed Power User, and tried to force everyone into using standard User - howls of protest from the masses.

[RANT]
Lots of software writers were too lazy to code properly for non-admin accounts (legacy from Win 9x where security didn't exist), and hence much software won't run unless you are an admin. It's ludicrous, because all it takes is for the install program to ensure that temp / user files are placed correctly to be accessible to each user, not dump them into the Windows or Program Files folders (where standard users have read-only access).
[/RANT]

SD

Gertrude the Wombat

Too right. I run so much of such stuff that I gave up running as non-adminstrator within a few days of setting up the new machine. I would be (very slightly) happier running as non-adminstrator, actually. I suppose one of these decades all my clients will stop using this legacy software so I won't have to support it any more.

Jofm5

I agree with alot of what your saying but I would say you dont explain alot to the laymen to understand the acronyms your using.

NAT = Network address translation, each node on the internet has an address which is xxx.xxx.xxx.xxx which is often refered to by a name e.g. www.bbc.co.uk (this name known as the ip address is looked up and the real address is always used).

With a router (or ADSL modem/router) that permforms NAT it splits the networks it operates on (local and internet) into two different address ranges - one private and one public.

The whole point of a NAT router is that your private machine may open a connection over the internet which the router will route your outbound traffic to and the router will also know because your talking to that source that any inbound traffic from that remote address needs to be translated to the local address and forwarded to you (this can be gone into much more deeply on port levels but this explanation is sufficient).

I dont agree with the rant on software developers not coding for non administrative accounts. Quite rightly so the operating systems have been restricting what we can do so for some operations we have been required to ask users to login under administrative actions to perform these things. The problem actually is that the end user see's this as an irritation and rather than suffer the account changes decides to just run as administrator all the time for a simple life - which then creates the security risk. It is not something the software developer can either code for, cater for and allow for - its just human nature.

The changes in vista were to give us software developers an avenue to allow the user to temporarily go into administrative mode to perform these functions - which is not dissimilar in linux to drop into superuser etc.

I would say before laying blame on the developer - fully assess and understand the constraints they are working within.

Regards

Jof
p.s. TCP is the transmission control protocol - above that is either IP or UDP it is not TCP or UDP as UDP is over TCP.

Keef

After you've done all that - or even before you do it - test your setup to see if it's secure.

Go to https://www.grc.com/x/ne.dll?bh0bkyd2

and Proceed, select Common Ports, and wait.

If you get PASSED - TRUSTEALTH then you're in reasonable shape as regards firewall. If you don't, you need help.

Once you've done that, go for a decent virus protection (AVG, Avast or similar) and Spyware protection.

Rossian

Thanks a lot to all who have replied. Some of the acronyms still don't actually MEAN a lot. TCP for example, I understand what each individual word means but what does the whole phrase mean? UDP? I don't even know what the individual letters stand for!

At bottom I just want to USE a computer as a means of information, communication, entertainment, news, music and all sorts of other stuff - I don't REALLY care how it does it. Unfortunately the people who create software seem to miss this aspect of what the great mass of folks want a computer for. Sometimes (particularly on the occasions when I've had to resort to the help line in India, I find myself being led through the labyrinths of the computer knowing full well I will NEVER be able to retrace these steps by myself should the problem recur) one finds oneself wondering "why do they make it so bloody complicated?" when trying to do something apparently simple.

Don't get me wrong - I'm truly grateful for the help and explanations I find in this forum. So bear with me if I seem to be asking noddy questions in the future.
The Ancient Mariner

Rossian

OK Keef

Did as you suggested, and came up "Failed" in big red letters for port 80 and 443. Now what?

I already run Avast! and Ccleaner. Suggestions?
The Ancient Mariner

Saab Dastard

Jofm5, I don't think you understand my rant! I am pissed at those developers - mainly of games - who release software that cannot be used unless one is an administrator. I don't mean cannot be installed or configured, I mean will not run unless using an admin account.

I have found that the vast majority of software I have installed for my children over the last 10 years won't run unless they are running with an admin account! I mean FFS - requiring 3-12 year-olds to operate as admins!

I have usually been able to laboriously find out what part of the file system the game is trying to write to, and assign write access there for the kids' user accounts. But that is what I'm talking about - it's sloppy and it's lazy.

On a couple of factual points - a router doesn't split any networks. All it does is connect 2 or more different IP networks.

Also, I think you will find that TCP and UDP sit alongside each other in the Transport Layer, both above IP - the Network Layer. Lots of good reading on TCP/IP and IP networking to be found via google - this.
and this for example.

SD

Saab Dastard

The IP address specifies the source or destination of the packets being sent. The port number defines which service the packet is destined for - HTTP, SMTP, FTP, Telnet etc.

The packet will either be sent to a port using TCP (Transmission Control Protocol) or UDP (User Datagram Protocol). The former provides error correction and guaranteed delivery but with a reduced speed due to the overhead, while the latter is faster but without error correction. A rough analogy is ordinary snail mail (fire and forget) and recorded delivery (guaranteed delivery but more expensive).

SD

Saab Dastard

Rossian,

I believe that what the "failure" means is that inbound requests over ports 80 and 443 (HTTP and HTTPS - standard WWW protocols) from the internet are being allowed through your firewall - you would normally only allow this if you had your own webserver inside your firewall.

If you haven't got a webserver then these should be closed.

Note that it is not the same as closing the ports for outbound requests - i.e. your PC making requests to webservers on the internet.

SD

Jofm5

If it is a router then grc will be scanning the router not the machine NAT'd behind the router.

These ports are probably open because the router most likely has a remote administration portal - this should be selected off if possible so that the router cannot be configured from the web (from his own confessions of understanding I would imagine he wont want the remote config operability).

Keef

Given your comments above about what you want to use your computer for, you won't want to put "security" on those ports: you just want to close them.

How that is done will depend on what kit you have. Specifically, whether it's a modem, or a modem-router, and what sort thereof. The easiest way is to read off the make and model number - or just post a pic of the label. From that, one of us can probably look up how to do that on your device.

If it's a USB modem, the answer may be to install a software firewall like ZoneAlarm, which is very good (but a bit of a pain at first). If it's a separate modem/router, then there is (hopefully) a way to tell it to close those ports.

I could wax lyrical on the philosophy of computer design ("make it able to do everything" ... to which the cynical would add "so that we geeks are always assured of a job sorting it"). It's a pain in the neck for users who don't care how it works, but it's essential for compulsive dabblers like me.

Mac the Knife

DropMyRights, an unofficial Microsoft tool is your best friend

Security Fix - Windows Users: Drop Your Rights

DropMyRights - Free software downloads and reviews - CNET Download.com

Every Windows XP user should drop their rights | Defensive Computing - CNET News

DropMyRights part 2: Installing and configuring | Defensive Computing - CNET News

Log in as an Administrator (so games and suchlike work) but run web-facing apps like browsers and email at a lower level of privilege.

Mac

call100

I surf in some pretty murky areas....(Not for the reasons you are thinking)....Anyway, I have never had a virus or any Trojans dumped on me that have not been caught....Luck?..Maybe, but, My AV etc catch plenty before they can do any damage.
I use Comodo firewall, Avast anti virus, and Spyware Terminator running Real time Shield.
On tests my system is running invisibly. Periodically scan with Malwarebytes and online virus scan to make sure.
Nothing complicated or too technical done.
I think that people like the OP (and Me!) don't need to be blinded by technology or be too scared to do anything. At the end of the day the best protection for your computer is plain old common sense....

BOAC

Mac - I leapt at that! Looks great. Installed and running, thanks - BUT - probably due to a surfeit of chocolate (yes, only 10:00 in the UK!!) affecting my brain, it appears to have dropped 'my rights' so far down the pan I cannot change the home page from **MSN** nor stop the 'default browser' check. Switching the icon to 'run as admin' allows this, but it defaults to baby stuff on return. HELP!??