[Dshield] Recommendations for free firewall and free anti-virus software

Kenton Smith ksmith at chartwelltechnology.com
Wed Apr 14 15:59:19 GMT 2004

I don't see anything that suggests the host-based firewall will be this
person's only line of defense. Even if it is, I always would question a
person's comfort level with their products. If this person has only ever
used Windows machines, he will probably have an easier time learning the
in's and out's of the security tools available for it. There also may be
corporate requirements for using IE and Outlook/Outlook Express,
although, again, he never said this is what he was using. If you open an
executable virus in Mozilla, you can still get infected. It's all well
and good to say don't use this and don't use that, but we don't know
what this person is actually using or his level of expertise.

All that aside, I have no experience with free A/V software, so I'm no
help there. I have used both Zone Alarm and Sygate "free" firewalls and
like both. My personal preference is Sygate because I find it easier to
control than Zone Alarm (create custom rules, get sufficient logging,

Preston, no matter what you choose, make sure you know how to use it
properly otherwise it will only give you a false sense of security.

Kenton Smith

On Wed, 2004-04-14 at 06:28, Mark Fugate wrote:
> At the risk of being accused of being a heretic, I would not reccomend 
> pointing any Microsoft product directly towards the internet.  Additionally, 
> I would advise against using Microsoft's web-browser, any version of Outlook, 
> and MS SQL*Server.  I watch network attacks like other people watch TV sports 
> and I can conservatively state that 75% of the attack data I collect with 
> sniffers and keep in a database originate from those products.  My logs last 
> week showed that 45% of the data I have collected is from compromised MS 
> SQL*Server installations.  Although small in number, I still collect "Witty 
> Worm" attacks which indicates that there must still be a number of unpatched 
> ISS and BlackIce implementations still in use.

More information about the list mailing list