If we have, say, the latest Norton Antivirus and firewall, are we completely protected?

And is it possible to download an infected program that will change the way AVs work?

No.... if your Norton is updated, your protection is pretty good, but if you picked up something new before the protection was released, you could still get infected. A firewall will limit the ability of hijackers and trojans to attack, but they are not foolproof. Spyware and some hijackers can get installed with your permission if you are into file sharing or use any number of "convenient" downloads. You have to read the license agreements carefully and it is a good idea to run a spyware detector regularly. The only way to be totally safe is to disconnect from the web and use only write protected disks on a cleanly formatted computer and even then you wouldn't be totally sure.

Try these:

Test the security of your Internet Connection
https://grc.com/x/ne.dll?bh0bkyd2

Articles on Windows Security
http://www.windowsecurity.com/

Testing e-mail Security
http://www.windowsecurity.com/emailsecuritytest/

http://www.asaa-avart.org/baseimages/Stealth.jpg (http://www.asaa-avart.org/)


The e-mail one opened a page with merely this:
'D:\home\web\securitysearch.net\emailsecuritytest\ process.plx' script produced no output :confused:

Actually, I beg to differ with some here, because you can still get hijacked (usually an ActiveX control), or since NAV doesn't catch many trojans, they are a threat.

So if all you have is an AV and firewall, there are still holes in your defenses...kind of like having a gate and no lock on it. I have never encountered any of the common ActiveX malware that will disable an AV but there are trojans that will, and there are javascript exploits, that while mostly annoyances, can "soften" defense and lead to more trouble.

Web security is vastly improved (IMO) by using a browser that doesn't support ActiveX or vbscript, and an email client that either (a) doesn't do HTML or (b) at least doesn't use the IE engine, and doesn't load remote content referenced in emails.

Yeah, that too....hehe.

I'd suggest you get both of these for additional protection.

IE-SPYAD http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
It adds around 3700 evil sites to your IE Restricted zone!

and SpywareBlaster will block bad ActiveX http://www.wilderssecurity.net/spywareblaster.html SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

How? By setting a "kill bit" for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a "Yes/No" box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!. All other Active-X controls or plug-ins will work fine.
Both of these are very small free programs that you run once, and then just occasionally to check for updates.

You should consider other things to such as:

Anti-Trojan (Trojan Defenece Suite/TrojanHunter/BOClean)
Anti-Worm (DiamondCS WormGuard)
Anti-Ad/spyware (SpywareBlaster, SpywareGuard, IE-SPYAD, Hosts Files, Spybot, Ad-aware)
Alternative E-mail client to OE/Outlook (Pocomail, The Bat, SecureBat good ones)
MailWasher is also good so you can decide what mail you want to receieve or delete from the pop3 server.

Tools such as System Safety Monitor are also a good idea. It basicly watches and lets you control anything that execuutes on your computer or enters into the registry etc... System Safety Monitor also stops all these leak tests no matter what firewall you use.

If you're on 2K/XP you should shut down all services that you don't need which closes off a lot of default listening ports. If you don't need completely disable NetBIOS to.

If you still want to use Outlook set it to run in the restricted zone.

Disable media player scripting. Although if you use the latest one I *think* it's already disabled. Also removing the .vbs extension if you don't need to run such things is something to do.