Hm, this site says that MS's firewall sucks: http://www.pcworld.com/businesscenter/article/128834/analysis_new_windows_vista_firewall_fails_on_outbound_security.html
But does the Vista firewall use less resources than over third-party apps, such as say, Comodo or Zonealarm?
You can find a site somewhere that will say anything sucks. Doesn’t always mean it does. Personally I prefer to learn from forums rather than possibly sponsored magazine articles what works and how.
Here are a couple of posts that give an idea of what can be done, courtesy of Wilders. (They can be pretty hardcore about security.)
http://www.wilderssecurity.com/showthread.php?t=187445 http://www.wilderssecurity.com/showthread.php?t=232602 Should give you some idea.
I have no idea how much resource the firewall uses compared to others. You’d probably need to try a handful out, see what works best for you.
Sorry, what is WSG? And may I ask your opinion about ST and why it’s “not as good” now?
WSG is Web Security Guard. And you may. About a year ago there was a significant staffing (and philosophy) change at Crawler, or so it appeared from the changes in the then “latest release” of ST. It seemed to me that a great deal of development was put into the WSG (with bundled toolbar) at the expense of developing the core ST program, at a time when a lot of users were experiencing quite serious bugs. Other users were still getting malware on their computers, undetected, even with the HIPS on. (AFAIK the application has continued to be quite buggy.) Initially the way the toolbar was bundled - undeclared - was seen as highly sus.(And it was.) When the forum moderator either quit or lost his employment, I decided “enough”, found an alternative to ST,(Threatfire) and haven’t looked back. I may try it again someday, but probably not.
So you believe that avast! will be good enough for both virus and spyware real-time protection , and that I only need one or two addition apps for on-demand? (& so avast is the only realtime protection running)
That's not [i]quite[/i] what I said. If you look again, I also mentioned having a bit of immunity (see first reply above), and using some kind of behaviour blocking, (in this case HIPS in a firewall) but to be honest, I've found the combo I'm using has kept me malware free, and a lot of that is due to a firewall, and Avast. So the sentence you used- putting words in my mouth, really - may be true.
Actually, until recently I've done that for quite a while. There was like a one-year period of not really caring about my comp security & less scans. However I decided that I should probably better protect myself.
Scans are necessary only for detection of threats that slipped through the resident or passive detection. An updated database might detect something today that it didn't detect last week, when thingy.exe slipped itself on to your hard drive. To tell the truth, you're a bit unlucky to score one of these "zero day" threats. (Yet thousands of users do. So it happens.) And adding a behaviour blocker, which detects based on malicious behaviour rather than detections, reduces the risk further. Adding outbound control (2 way firewall) is a safety net which should be the last opportunity to stop something connecting outbound, but even that may not be foolproof, if the malware hooks a system file and the firewall doesn't register the change. But by that stage, you're talking very small chances of infection indeed. Add a sandbox to the mix, the trojan/virus etc can't write to anything but a sandboxed space anyway.
There may be a way for the malware writers to get around those layers, but frankly, if I was a software writer for the mafia, I wouldn't even try. There are enough careless users on the web with outdated systems, outdated or no AV, p2p active all the time, clicking on any old thing, [i]they[/i] are the more likely and easy targets.
Thank you so much scythe944