antivirus vs. firewall question

[sunspore]

I'm confused about the difference between antivirus software and firewalls. I know that firewalls monitor incoming data from the internet, but do they specifically search for viruses? And do antivirus programs monitor incoming data, or do they just monitor what is already on the system and fix any viruses? Additionally, if I want to install either on a very small home network with a router, are there any performance considerations or compatibility issues? Thanks for your help.

Drew

 

[jrbarnett]

Drew,

A firewall monitors incoming (and outgoing in certain circumstances) connections and either permits it to go or blocks it, depending on a certain set of rules. It doesn't search for viruses at all, but if it can control outgoing connections, it can stop some viruses/worms connecting out (XP's built in one can't do this).

Antivirus software generally monitors disk reads and writes looking for suspicious activity, such as writes to the system areas or deletion/modification of key files (this is called heuristics) or matching against a list of signatures of known viruses. Many antivirus packages have plugins for common email packages which lets them scan attachments before they reach your inbox.

Are there performance considerations? Yes. Anything that has to monitor connections and either allow or deny it will slow the system down to some extent. The performance loss will vary depending upon the PC speed, other software running and the amount of internet bandwidth (ie whether you have a 56K modem or ADSL).

However, you say that you are on a network with a router. The router itself will provide some protection because it will mean that the internet connection is being done via the router, and as such the PC's will have private IP addresses, and any connections run through that are more secure just because the pc's don't have a public IP address.

John

 

[sunspore]

John, thanks for your help. Do you think I need the firewall at all since I am using the router to access the internet?

Drew

 

[Kliot]

Drew,

YES, you need both a firewall and anti-virus software. A firewall will keep someone from gaining access to your computer via the internet. A lot of hackers have software that searches the web for open ports into personal computer and once it finds one it infects that computer. A firewall will prevent this, most dsl/cable routers have a firewall built in. A firewall will not prevent you from downloading an infected file either by the web or by e-mail, this is the job of anti-virus software, anti-virus software will scan e-mail attachments and executable files for viruses and quarantine them if they are infected.

As John pointed out firewalls and virus software can slow down performance but it's a small sacrafice when compared to the damage that can be done by a virus.

Hope this helps
Perrin

 

[sunspore]

Thanks so much, Perrin. This is all getting clearer by the minute.

Drew

 

[cdogg]

Drew,
Firewalls, Routers, and Antivirus Scanners are 3 different beasts that have their own advantages. Typically for the most secure network, you want all 3.

However, the firewall is probably the least important if your router supports NAT (Network Address Translation) which places each PC's IP address in a private domain starting with 192.168.x.x. If you have a dial-up connection, firewall software isn't really necessary unless you stay connected for long periods of time.

Even with NAT, your router is mainly concerned about incoming traffic, and unless dinstinctively setup won't do much about outgoing traffic. This is where the firewall steps in and adds additional monitoring to outgoing traffic. Worms for instance exploit vulnerabilities in most home networks that don't have firewall software, because they use open ports on your router for outgoing traffic.

I wouldn't worry about slowness. If you have a broadband connection, you won't notice a difference.

Bottom line: You can't have too much protection, but can easily not have enough. Go for all 3 if it's within your budget.


John,
Just wanted to point out that not all routers have NAT built-in (though most do), so private IP's aren't always a given.


~cdogg
[tab]"The secret to creativity is knowing how to hide your sources"
[tab][tab]- A. Einstein

 

[jrbarnett]

CDogg

good point about NAT, but most small network routers do use that. I ought to point out that although 192.168.x.x (subnet 255.255.0.0) is the most common, it isn't the only private IP range - the others are 10.x.x.x (subnet 255.0.0.0) and 172.16.x.x (subnet 255.240.0.0) so these may be used instead.

John

 

[cdogg]

John,
Yes, 192.168.x.x is what almost all "small" routers will default to, though there are others like you mentioned. The main point wasn't to assume that a router and antivirus scanner was all you needed, especially if you happen to have a router that didn't support NAT.

It is always important to double-check and not assume - saying "most have it" is not the same as saying "all have it". Plus, having additional firewall software is still a smart option even with NAT on the router.



~cdogg
[tab]"The secret to creativity is knowing how to hide your sources"
[tab][tab]- A. Einstein

 

[BionicJohn]

cdogg
> the firewall is probably the least important if your router supports NAT (Network Address Translation)

Agreed. Since I starting using a NAT router to connect to the 'Net about a year ago, ZoneAlarm has not registered a single attack.

It is, however, useful for blocking pop-ups and watches out for applications on your system which want to access the 'Net.

Anti-virus is essential for checking your e-mail and monitoring your system.

Iechyd da! John
Glannau Mersi, Lloegr.

 

[cdogg]

John,

Did you read my entire post? Here are a few other excerpts from my post that explain that comment you quoted:


"[blue]Firewalls, Routers, and Antivirus Scanners are 3 different beasts that have their own advantages. Typically for the most secure network, you want all 3[/blue]"

"[blue]Even with NAT, your router is mainly concerned about incoming traffic, and unless distinctively setup won't do much about outgoing traffic. This is where the firewall steps in and adds additional monitoring to outgoing traffic.[/blue]"

"[blue]Bottom line: You can't have too much protection, but can easily not have enough. Go for all 3 if it's within your budget.[/blue]"


When you take that one single comment out of context, it does not reflect anything I was trying to say. I was making the point that the highest point of security is block incoming attacks/access. I also described that having an antivirus scanner and software firewall in addition to a router will help to enhance security - you pretty much reiterated what I said earlier.

Hope that clears up any confusion...


~cdogg
[tab]"All paid jobs absorb and degrade the mind"
[tab][tab]- Aristotle
[navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884

 

[BionicJohn]

> you pretty much reiterated what I said earlier.
Yup, just confirming it.

Iechyd da! John
Glannau Mersi, Lloegr.