There seems to be some misunderstanding in the (beginner to medium range-user) internet community about what programs protect versus what. I think that is understandable, in that, the companies themselves are not always upfront about the boundaries, limitations and scope of their products. Let me see if I can help some.
Firewalls (like Norton Firewall, ZoneAlarm pro, Kerio, etc)
In the simplest terms, when you go online, your computer is talking to another computer. The 'mouth' of your computer is a port. A port is like a portal or door through which, your information passes. You have many many ports on your computer. Each port is numbered; some are reserved port numbers and others are open for any type of traffic. For example, port 80 is reserved for HTTP traffic.
A Firewall simply sets up a set of rules for using those ports. You can tell your firewall "nobody uses port 194" or 'alert me when port 194 is accessed' or 'leave port 194 wide open for anyone and dont tell me about it'. (194 is the IRC reserved port.) You would have to either specify another port to connect with your IRC program, or not be able to use it at all.
http://webopedia.internet.com/quick_ref/portnumbers.asp
has a nice list of reserved port numbers.
Now most firewalls, monitor and regulate inbound traffic through these ports. But fewer firewalls monitor and regulate outbound traffic. So it is important to choose a firewall which monitors inbound and outbound.
Q. Why do we need to monitor outbound if we are protected from the badguys who are on the outside?
A. Because no matter how good your antivirus program is, there is always someone out there coding the next new badguy that your antivirus program doesn't know about yet. Or you could upload it on an mp3 that you downloaded from napster. Or you could unwittingly install it with some other software that you purchased. *yes, this happens all the time.* So there are many ways that badguys get on your system. Once they are there, the most common thing for them to do is replicate, send themselves to other users, or worse...use your machine as a robot to attack webservers.
If you have outbound protection, then this cant happen. At least you will be made aware that you have a badguy on board so you can take appropriate action.
So a firewall simply monitors and regulates traffic over a network (this can be between your computer and another server like
www.techsupportforum.com or it can be between your computer and another computer). A firewall has nothing to do with monitoring file types, file sizes, or file functions.
Antivirus
A virus is any piece of code (ie program) that has the ability to replicate itself. Viruses are usually executable files (.exe), but can have any extension, eg. .dll, .com, etc. A virus can do anything that a user can command a computer to do. ie. if your computer can do it, then one can code a virus to do that action/command. A Worm is a special type of virus that can replicate itself, use memory, but cannot attach itself to other programs.
A Trojan is not a virus. Trojans cannot replicate themselves, but can be just as destructive as viruses.
Specifically a trojan is a malicious program that masquerades as a legitimate program or piggy-packs on a legitimate program and 'drops the payload' during installation or running of that legitimate program.
Like all programs, viruses, worms and trojans contain text code. Within this code, they have certain signatures or strings of code that are recognizable and distinct from other legitimate programs' code.
Antivirus programs look for these signature or patterns in the files or memory of your computer that indicate the possible presence of a known virus. So when you upload 'definition files' for Norton Antivirus, McAfee Virusscan, etc, that is what you are doing. You are adding new signatures of known new viruses.
An antivirus program literally compares it's known list of badguy signatures to the code in the files on your system. That is what is happening during a scan.
So the antivirus program is only as good as the most current definition list. If you download a badguy which is not known to your antivirus program, then most likely you will have no protection and be infected. Antivirus companies try to stay as current as possible. But new viruses appear everyday, so it is always a cat and mouse game where the antivirus companies are trying to catch up.
Spyware, Adware, Malware
Spyware is any program which records or transmits data from your computer and sends it to a secondary source.
Adware is any program which places, installs or updates advertisements on your computer. Adware may appear as ads, banners, or popup advertising on your computer.
Malware, short for malicious software, is a general term for any program which damages your computer and was placed on your computer without your authorization.
Most people consider malware to be the header category and spyware, adware, viruses, trojans and worms are the subcategories.
Q. What is the difference between a virus and a non-virus piece of malware?
A. Its difficult to say. Technically, if it harms your system and can replicate itself, then it is a virus. If it harms your system but cannot replicate, then it is called 'malware'. Even though in reality, by definition all viruses are malware.
Now, ideally we want the antivirus software to stop all the malware. But in reality this would not be practical or efficient. So where do antivirus companies draw the line? It is hard to say. Mostly they stick to the strict definition of viruses and most antivirus programs also tackle worms and trojans. But dont be fooled. There are non-virus malware out there which are as deadly and evil as their virus counterparts. There are simple viruses which can disable your ability to rename file names. Likewise, there are simple malware programs which cause endless popup windows to appear during internet browsing. After 5 minutes of browsers opening on top of each other, your memory is completely taxed. And your system crashes. Which is worse?
Sometimes you will find that the programs overlap; an antispyware program and your antivirus program both discover and remove a particular badguy. But for the most part, each program specializes in a particular area of malware. eg. AdAware and Spybot focus on adware and spyware. There are several tools out there which specialize specific to one type of infection, like Kill2Me is a decent program to remove the Look2Me bug.
No one tool can do everything....at least not yet. Ultimately, you need a variety of utilities on your machine to prevent all the malware, adware, spyware and virii out there. The bare essentials are: a good Firewall, a good virusscanner with autoprotect enabled, Spybot with Immunize enabled, AdAware, SpywareBlaster and SpywareGuard. For maximum effectiveness, these programs need to be updated regularly. Regularly means at least once a week. Preferably twice per week.
----------------------------------------------------------------
As a first line of defense I strongly recommend a good firewall, like
Norton Firewall 2004,
ZoneAlarm Pro or
Kerio; all three are very highly rated. If you are short on $ there are several free options available to you. Consider
ZoneAlarm or
Outpost.
Running Spybot S&D and AdAware regularly are a good second line of defense.
Additional protections
SpywareGuard is live protection from spyware. SpywareBlaster and IE-SpyAd are run-once prevention programs which are also free. You only need to update them periodically.
SpywareGuard (1.96 MB) functions like an antivirus program, scanning files before they are opened and downloaded, but for spyware. It also protects your internet browser from hijacks.
SpywareBlaster (2.1 MB) is not a system cleaner like Spybot; rather it blocks/prevents bad ActiveX and malevolent cookies from entering your system in the first place.
IE-SpyAd (227 kB) places over 5000 sites into your Restricted Zone so you do not accidentally visit known evil sites.
See also
So how did I get infected in the first place? for more information about spyware prevention.
----------------------------------------------------------------
Internet Explorer security settings
* IE | Tools | Internet Options | General tab | under Temporary Internet Files, click Delete Files, Wait
* same location, under History, click Clear History, OK
* IE | Tools | Internet Options | Security tab
Highlight Trusted Sites. Click Sites.
Make sure this is empty. There should never ever be anything in here. Badguys hijack known good sites everyday. So don't give them free access to your machine.
Now highlight Internet | Custom Level
Under Download signed ActiveX controls
set to Prompt
Under Download unsigned ActiveX controls
set to Disable
Initialize and script ActiveX not marked as safe
set to Disable
Java permissions
set to High Safety
Now unsigned ActiveX programs will not be allowed at all. When a Signed ActiveX programs attempts to download/install, you will be prompted. NOTE: if you click on a page (even a page you consider safe) but didn't actively download something, and are prompted to download an ActiveX file, ALWAYS DENY. Reputable sites are hijacked by malicious code all the time. So play it defensively. Only accept when you have actively clicked on something that you know requires an ActiveX program. If you are unsure, DENY access.
