Virus/Internet Protection Software

Electronics Computer Programming Q&A
Robert Reed
Posts: 2277
Joined: Wed Nov 24, 2004 1:01 am
Location: ASHTABULA,OHIO
Contact:

Re: Virus/Internet Protection Software

Post by Robert Reed »

Thanks for the follow up Ron, a few posts back. I followed up the download info and to no avail. I then did complete computer scan with all three of my AV's (1:45 Hr) - Nada! Then I remembered something either you or Setec told me about computers running programs twice and to restore to any prior date, which at the time did wonders. Tried that trick this time and computer slowed even more, so I restored back to current date and computer was really crawling. In disgust I shut the #&%$#*& thing off and left. Came back after supper and now its working pretty good. I really think some alien being transplanted these machines to earth to drive the human race absolutely mad! :smile:


PS do we have spell checker now?
User avatar
MrAl
Posts: 3862
Joined: Fri Jan 11, 2002 1:01 am
Location: NewJersey
Contact:

Re: Virus/Internet Protection Software

Post by MrAl »

Hi again,


So i guess im not the only one having problems then :smile:

The problem software is the firewall, which i decided to try out too. The funny thing is, when i turn OFF
all of the features of the firewall it STILL slows the disk down, in other words, it's still the problem.

The difference is MORE than the difference between night and day...
There are at least two kinds of disk access on a Windows system, one is called PIO and the other is
DMA (not sure if the second one goes by other names too). DOS and various types of C programs can
use PIO but that is limited to some bytes per second unlike with the newish Windows driver which can
go as high as 100 Megabytes per second or even faster for smaller files and the right hard drive.
So here is the kicker...
WITHOUT the firewall installed, PIO speed is about 20MB per second while DMA is about 100MB per second
and this test is entirely repeatable from run to run and may change slightly with disk fragmentation but
of course i have the disk defragged before these tests.
WITH the firewall, PIO stays about the same, maybe slows slightly, but nothing that is noticable,
but DMA slows to a crawl: 7MB per second!!! Yes, that's less than 10 fold decrease in performance.
I can easily prove that it's the firewall too, because uninstalling it clears up the problem, reinstalling it
brings it back, and also disabling the firewall drivers (and launch program) also clears up the problem,
and re-enabling them brings it right back again.
I'd leave them disabled, but the point is to be able to surf the web with the firewall running and
also be able to have fast disk access for storing files and even copying files.

Any ideas?
LEDs vs Bulbs, LEDs are winning.
SETEC_Astronomy
Posts: 582
Joined: Tue May 09, 2006 12:44 am
Contact:

Re: Virus/Internet Protection Software

Post by SETEC_Astronomy »

MrAl do you have high speed Internet? A home router? If so you already have a firewall by virtue of NAT. You don't have outbound protection but depending on your router it can be added or configured. If you're really serious about security and don't want to slow down your computer and have an old computer with two NICs why not try out Astaro. Astaro offers free for home use UTM software that includes real time virus scanning, firewall and so on. There are other options that are also free, PfSense, m0n0wall, etc... Check them out, you could stay at SP1.
User avatar
MrAl
Posts: 3862
Joined: Fri Jan 11, 2002 1:01 am
Location: NewJersey
Contact:

Re: Virus/Internet Protection Software

Post by MrAl »

Hi SET,


Yes i have high speed internet. Router? Yes, wireless but i dont use wireless i just plug right in.
What is NAT?
NIC what is that?
Astaro what is that?

Thanks in advance...
LEDs vs Bulbs, LEDs are winning.
SETEC_Astronomy
Posts: 582
Joined: Tue May 09, 2006 12:44 am
Contact:

Re: Virus/Internet Protection Software

Post by SETEC_Astronomy »

It's ok that you connect with a physical wire, if you're connected to a LAN port on your router the router is offering you inbound Firewall protection.

NAT stands for Network Address Translation. It's how a router allows several computers to share a single (sometimes multiple) Internet connection.

NIC is a Network Interface Card, what you plug an Ethernet cable into.

Astaro is the maker of The Astaro Security Gateway (UTM), their site can be found Here.
PfSense Here.
m0n0wall Here.
User avatar
MrAl
Posts: 3862
Joined: Fri Jan 11, 2002 1:01 am
Location: NewJersey
Contact:

Re: Virus/Internet Protection Software

Post by MrAl »

Hi SET,


Thanks for the info...

How does the router offer inbound Firewall protection?

I checked out Astaro and for the home firewall they want to overwrite all
the software on the computer to make your computer a dedicated device.
They overwrite with their own software, according to their web site.

Did i forget to mention that i run Windows?
LEDs vs Bulbs, LEDs are winning.
SETEC_Astronomy
Posts: 582
Joined: Tue May 09, 2006 12:44 am
Contact:

Re: Virus/Internet Protection Software

Post by SETEC_Astronomy »

Correct all three software packages I mentioned (Astaro, PfSense, m0n0wall) will wipe your computer, I suggested them only if you had a spare computer with two NICs. Please don't try to install any of them to your production machine.

To make a complicated process simple, your ISP assigns you a public facing IP address, your router takes this address for you and assigns all LAN connected (your home PC) computers a private IP address which is not externally accessible. So if anyone trys to attack your machine the farthest they can get is your router which is speaking on your behalf. The router by nature of how it works ignores spurious packets that are not associated with a request you made. There are a lot of caveats to those statements but that's the jist of it. Any decent router will have no open ports and will perform stateful packet inspection to determine legitimate traffic. Once you initiate an outbound connection, to a web site for example, the router tags the packet, sends it out, gets the response and allows it in at which point it is passed to your computer. You can enable port forwarding but that's a whole new can of worms....

Google will have far better explanations than I can provide if you're interested in the fine details.
User avatar
MrAl
Posts: 3862
Joined: Fri Jan 11, 2002 1:01 am
Location: NewJersey
Contact:

Re: Virus/Internet Protection Software

Post by MrAl »

Hi again,


Thanks, but if that is true then how am i getting attacked? I always have to use the router, no choice.
LEDs vs Bulbs, LEDs are winning.
SETEC_Astronomy
Posts: 582
Joined: Tue May 09, 2006 12:44 am
Contact:

Re: Virus/Internet Protection Software

Post by SETEC_Astronomy »

It's likely due to browsing habits, habits of other users, out of date software, etc... A lot of infections come from visiting sites with malicious intent (or good sites that have been hacked or tricked into displaying malicious ads). Once you send a request for a website the router forwards all related content to your PC (bypassing the firewall so you can actually use the internet), if your PC is vulnerable to an unpatched exploit malicious code is run and an infection occurs.
Robert Reed
Posts: 2277
Joined: Wed Nov 24, 2004 1:01 am
Location: ASHTABULA,OHIO
Contact:

Re: Virus/Internet Protection Software

Post by Robert Reed »

Wow-You guys are getting light years ahead of me. But while we are on this subject, two questions-MrAl, in regards to speed, are you talking both online and offline plus how do you check the speed you referred to?
Either- I think I may have two or more firewalls running at the same time. should I disable all but one?
I thought firewalls were only for incoming traffic but a major problem I have is slow operation even when offline.
User avatar
CeaSaR
Posts: 1949
Joined: Sat Nov 08, 2003 1:01 am
Location: Phoenixville, PA USA
Contact:

Re: Virus/Internet Protection Software

Post by CeaSaR »

Robert,

Firewalls, as with antivirus, should only be run one to a system. I run Zonealarm on my systems, but only after
I turn off the built in Microsoft firewall. The short time between when both were running (after install) was like
looking at pitch run down a boat hull, deathly slow. Things picked right up as soon as I turned off MS's FW.

Remember, computers may be a jack of all trades/supremely versatile, but when you overload them with resource
uses and conflicts, they will buckle at the knees. Wise use is always the best policy.

CeaSaR
Hey, what do I know?
Robert Reed
Posts: 2277
Joined: Wed Nov 24, 2004 1:01 am
Location: ASHTABULA,OHIO
Contact:

Re: Virus/Internet Protection Software

Post by Robert Reed »

I disabled Windows firewall and saw no change so I re enabled it. Even offline, the computer is running slow but especially during the first 10 minutes after startup. Must be something else going on. Seems like anything with PDF really hangs up quite a while.
User avatar
MrAl
Posts: 3862
Joined: Fri Jan 11, 2002 1:01 am
Location: NewJersey
Contact:

Re: Virus/Internet Protection Software

Post by MrAl »

Hi again,


Some software apparently is able to integrate nicely with Windows Firewall, but from my experience
if Windows Firewall actually does anything to begin with i'd be the most surprised guy around.
That's because it never did anything whatsoever for me and make that even more apparent
by NEVER giving me ANY notices like, "A program is trying to access the internet from your
computer...", or, "The trojan 'ThisThat.exe' tried to run on your computer...it has been blocked".
Never never never, have i EVER seen a message of any kind so i dont believe that Windows
Firewall does anything at all. I've also been attacked very severely even though i always
allowed that firewall to run.
This means to me turning it off will have almost no effect at all or even no effect at all.
LEDs vs Bulbs, LEDs are winning.
SETEC_Astronomy
Posts: 582
Joined: Tue May 09, 2006 12:44 am
Contact:

Re: Virus/Internet Protection Software

Post by SETEC_Astronomy »

The Windows firewall offers only inbound protection. You can set the Windows firewall to not allow exceptions and it will block certain things like uPnP, Printer Sharing, etc...

As a result of the Windows firewall being enabled by default in XP SP2 interaction-less infection rates of computers running it dropped dramatically.
reloadron
Posts: 519
Joined: Sat Jun 28, 2008 8:57 am
Location: Cleveland, Ohio
Contact:

Re: Virus/Internet Protection Software

Post by reloadron »

SETEC_Astronomy wrote:The Windows firewall offers only inbound protection. You can set the Windows firewall to not allow exceptions and it will block certain things like uPnP, Printer Sharing, etc...

As a result of the Windows firewall being enabled by default in XP SP2 interaction-less infection rates of computers running it dropped dramatically.
Somewhere back in this thread or a similar thread SETEC_Astronomy brought up what I feel is a very good point. Years ago when I first got broadband Internet via cable I was running I think Norton for a firewall and it would block countless hits on me. These hits weren't always malicious in nature but there were all these logged inbound hits. Then I added a wired router between me and the world. The hits went to zero. A simple wired router serves as a hardware firewall as SETEC_Astronomy explained in that post. Doesn't have to be fancy just a simple wired router. You don't need a big home network with multiple computers. Just a single home computer with a router between the PC and cable/dsl modem is a big step in a good hardware firewall. A relatively inexpensive investment these days for a good start at a hardware firewall.

Ron
Post Reply

Who is online

Users browsing this forum: No registered users and 16 guests