Re: anti-spyware vs antivirus vs firewall by Roger
Roger
Wed Sep 14 14:37:24 CDT 2005
I will try to clear up some of this.
First a firewall simply blocks or allows network traffic in or out
based on characteristics of the traffic. Often the characteristics
are only what protocol and port, what external IP, or to what
application on the receiving machine the receiving port is bound.
While there are firewall type devices that can do extensive
examination of what is in the packets that (might) pass through,
these are higher-end devices. So, usually device that is simply
a "firewall" device does not take note of whether there is a
virus or worm or spyware or . . .
The line between what anti-virus software defends against and
some of what is called spyware has been blurring. Traditionally
a virus involves code that finds a way to get execution cycles,
and then uses this to its ends. Also traditionally when those ends
include self-propagation it has been termed a worm. These days
people are not too critical of the distinction as most any virus now
does tend to attempt self-propagation using network connectivity.
Worms often are not carried on some other agent, whereas a virus
usually would be; that is, a worm might just be looking around for
an unpatched system on the network and making use of what it
finds whereas a virus is usually carried in on such as an email or
downloaded program. But, those are generalities.
Spyware on the other hand is loosely a software that collects and
returns to some "other" information about the system on which it
is running and the use and/or users of that system. Spyware may
be implanted due to entry from a virus or worm, or it may be
included in something one has invited into the system. Code that
is purely spyware is not going to attempt to self-propagate onto
other systems. Just what is and is not spyware is gray, but most
seems to say there is a legal line that gets crossed depending on
whether the system user (owner ?) has or has not given their
consent (knowingly, or not through failure to read the fine print) .
Now, there software that sends info to an external site that one
might want, and there is software doing so that would surprise
and disgust the system user. To me it is all spying, it is certainly
watching for things of interest to it and reporting back.
Unless the perimeter device is specifically configured to look for
known payloads in the network traffic, it is not going to block
the entry of any of these if the device allows the protocols and
ports used to pass through to the end systems.
"Spacey Spade" <spaceygum@hotpop.com> wrote in message
news:1126719911.435602.99850@o13g2000cwo.googlegroups.com...
>I know what all three are used for ( anti-spyware, antivirus,
> firewall), but I would like an explanation of the grey areas where they
> overlap.
>
> For example, I think a firewall will stop a worm from infecting a
> computer, but will a real-time antivirus also do this? Is there any
> overlap in the pests an antivirus and antispyware will take care of?
>
> Is there a website on the latest trends of security software?
>