RE: Vista's personal firewall and AV package

["Roger A. Grimes" <roger () banneretcs com>]

Despite what many people will probably tell you, Vista's Windows
Firewall is a decent inbound and outbound blocking firewall. It blocks
all un-initiated inbound connections by default, but blocks no outbound
attempts by default. For many, the missing default outbound blocking is
enough to push them to other firewalls, along with easier end-user
interfaces in some other products.

But Vista's firewall is not hard to configure for the average admin, and
it is certainly easy to configure using group policy for the enterprise.
In the enterprise, it's multiple security profiles (domain, non-domain,
other/home) is something most host-based firewalls don't have. It also
has heavy, easy, integration with IPSec, resulting in a pretty solid
security domain isolation.

For many, Windows Firewall will all they need. Others will feel more
comfortable using ZoneAlarm or other host-based firewalls. My
recommendation is to spend a night or two and try out a few host-based
firewalls. Find out the one that suits your needs and tastes. 

On the antivirus decision, that's a whole other ball of wax. Windows
Defender, the free anti-spyware product in Vista does not do anti-virus,
so you will be looking to another product, paid or otherwise, to prevent
other types of malware infections.  Good luck.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of urandom character special device
Sent: Sunday, February 11, 2007 10:58 AM
To: security-basics () securityfocus com
Subject: Vista's personal firewall and AV package

I am speaking from a consumer level standpoint.

Should I replace Vistas own firewall with a third-party tool? In XP I
used Checkpoints ZoneLab (with AV, anti-spyware, firewall and other
add-ons). Is Vistas firewall (when properly configured for outbound and
inbound) secure? What are advantages and disadvantages of third-party
tools?

If I don't need a complete internet security suite, I only need AV
protection. What do you recommend me for AV? I wish to give Kaspersky a
chance. Are there professional comparisons these products?