[_] Anti virus
Oliver Humpage
oliver at watershed.co.uk
Thu Sep 28 11:25:21 BST 2006
on 28/9/06 11:18, Raymond Brooks at ray at conscious.co.uk wrote:
> Joel Hughes wrote:
>> Nice one, free sounds good to me.
>>
>> With AVG or NOD32 do I need a firewall or is one included (or is the
>> windows one OK)?
>>
>>
> Sounds like someone needs a macintosh.
The problem with firewalls is that it's impossible to have one that's a)
secure, and b) user friendly. A secure one *has* to filter outgoing traffic
as well as incoming. Unfortunately, it's very hard (if not impossible) to do
that in a user-friendly manner without a lot of proxy work and traffic
inspection - plus, of course, you need the firewall to live in an external
box anyway so it doesn't get turned off when your machine gets hacked.
Plus, neither Win nor Mac firewalls let you configure interesting things
like "let ssh in, but only from these hosts". You either let SSH in, or you
don't.
If you've just got a box sitting at home, having NAT on your broadband is
really as good as you're going to get. If you're on the road and connecting
to possibly dodgy networks, then yeah, filter everything coming in - but
both OS's in-built ones will do that AFAIK.
Don't expect a firewall that costs under a couple of grand to protect you
from any viruses, trojans, malware, adware, etc...
Oliver.
> Joel Hughes wrote:
>> Nice one, free sounds good to me.
>>
>> With AVG or NOD32 do I need a firewall or is one included (or is the
>> windows one OK)?
>>
>>
> Sounds like someone needs a macintosh.
The problem with firewalls is that it's impossible to have one that's a)
secure, and b) user friendly. A secure one *has* to filter outgoing traffic
as well as incoming. Unfortunately, it's very hard (if not impossible) to do
that in a user-friendly manner without a lot of proxy work and traffic
inspection - plus, of course, you need the firewall to live in an external
box anyway so it doesn't get turned off when your machine gets hacked.
Plus, neither Win nor Mac firewalls let you configure interesting things
like "let ssh in, but only from these hosts". You either let SSH in, or you
don't.
If you've just got a box sitting at home, having NAT on your broadband is
really as good as you're going to get. If you're on the road and connecting
to possibly dodgy networks, then yeah, filter everything coming in - but
both OS's in-built ones will do that AFAIK.
Don't expect a firewall that costs under a couple of grand to protect you
from any viruses, trojans, malware, adware, etc...
Oliver.