Wednesday, July 20, 2011

Anti Virus/Firewall Programs

We all have them, and they are one of those things we all love to hate. One of the things about these security programs is that they can wreak havoc with other applications.  Email programs such as Thunderbird are particularly vulnerable dues to the fact that they interact almost exclusively with the internet and anti virus vendors love to stick little widgets into the Mail program 'for your convenience'.

Should you even have mail scanning enabled in your Anti Virus program?

This is the question that I have been asking now for a number of years.  My conclusion, after researching the topic is a resounding NO.  I am now not even really sure why it is included in almost very anti virus program in existence.

Now you probably think I am mad to come out any say this, so let me explain.  All modern anti virus programs have some sort of resident protection, something that blocks the nasties as soon as you try and execute them, or they try and run.  This is essential.  What good is an anti virus program that does not scan files that come in on that portable drive your friend lent you with the latest block buster movie on it.  Or the files your teenager downloaded using file sharing or even the file someone passed to you in MSN or Yahoo messenger.

For some reason that I can not fathom, email is treated differently.  This resident protection that protects against file sharing and casually inserted USB devices is suddenly not good enough for email.  Email is just another file.  You connect to the internet and download it.  Your mail program will most likely store the file in some sort of database, but it is still a file (and a text file at that).

Instead we have all these widgets and button and proxies, all of which make a simple file process complex and fraught with inexplicable glitches.  I had thought that being a Thunderbird person that it was Thunderbird that had all the problems.  But no that is not the case.  I stumbled upon this quotation from Tom Koch who was an MVP for Outlook Express.

"...When encountering the symptoms of DBX corruption, many people immediately fear that their computer is infected with a virus. As surprising and ironic as it may seem though, the most common cause of DBX corruption is not a virus, but rather anti-virus programs that are configured to scan incoming or outgoing e-mail. Even the most well-known anti-virus programs have exhibited this problem from time to time. To lessen the risk of such corruption you should disable the e-mail scanning module in your anti-virus program. This is usually easy to do by looking at the user-configurable options in the anti-virus program. It is not at all necessary to scan e-mail for viruses to protect your computer.Now before you dismiss me as mad, let me explain why e-mail scanning is unnecessary. Almost every anti-virus program for Windows installs by default a system scan that runs in the background every time Windows starts. This scan is necessary to protect your computer. If you receive a virus in an e-mail attachment, the virus cannot do anything at all until you actually open the attachment. ..." .

To add to my ever dimming view of email scanning I stumbled upon this thread over a cnet where a Symantec Tech support was assisting someone with Incredimail.

To quote from the reply he made there "If your email server requires the use of SSL than you need to disable the email scanning feature in Norton 360, as SSL is not supported. Even if you disable this feature, the real-time scanning engine called Auto-Protect will still scan both your incoming and outgoing email for threats."

What this makes clear is 'your protected' even if you disable mail scanning.  This advice was given for SSL connections, but the only difference between a normal email connection and SSL is that under SSL the data is transported in an encrypted state.  So if your safe not scanning encrypted connections, your just as safe not scanning unencrypted mail.





In program buttons and tool bars 

The greatest difficulty with these little widgets that play with SPAM and virus checking from within the mail program is that the companies release them for a specific version and are very slow to update them when the mail program is updated.  I see in forums all the time complains about a new version of Thunderbird 'breaking' this SPAM tool or that Anti virus checker.  Nothing could be further from the truth.

One of the things that is made very clear to anyone that writes add-ons for Mozilla applications (and this is what these things are) is that it is their responsibility to ensure their add-on works. So next time you have something break, don't complain to Mozilla, complain where the onus lies.  With the supplier of the add-on.

You are paying these companies for their expertise and their software. If they are not going to keep it up to date with the mail client you use they should make this very clear when they sell it to you. With the rapid release schedule for Thunderbird bringing out a new release every six weeks, it is highly likely that these companies will never get their stuff updated quickly enough for it to actually work on the day you buy it. Unless they significantly improve their performance in this area.


Firewalls.

I am not going to explain what they are.  There are plenty of good explanations in the internet.  Most people have heard of a firewall, most also know that there is one in their operating system.  This however is all to often where the knowledge ends.  These days, the average computer does not have one firewall, it has many.

Anti virus companies now routinely include a firewall component into their products.
Your Operating system has one.
Usually your wireless access point/router has one
Most DSL modems have one.

When things go wrong, it is often one of these firewall that is blocking communications (after all that is their job)  The hardware firewalls in routers and modems are normally open, although there was a US ISP that blocked certain ports in the Modem as an anti SPAM measure.  If you are a comcast customer, take note.

The most common cause for problems is one supplied by the anti virus companies, this is because normally a firewall is set up to block incoming connections.  The ones that come with your anti virus program also block programs and outgoing connections.

I can see where from a security perspective having a 'white list' of programs makes life easier. After all there is no better way to stop rogue malware from using your computer as a base to send SPAM that to have a white list  of programs that are allowed to connect to the internet.

I updated Thunderbird and now nothing works.

This is here because it is almost always an over eager security program causing the problem.  Thunderbird has a new version and the program is blocking it from accessing the internet.

To be fair, in most cases the program actually asks you it you want to block it,  but it does so while you are typing. As most of us are not touch typists we are not looking at the screen, we are looking at the keyboard.

Because the default of block, we never actually see the question, our next key stroke or press of the enter key just blocks it and we have a mysteriously non functional mail program.

Conclusion

If Thunderbird suddenly stops getting mail, your password that has been fine for years suddenly is not accepted or you get time out errors instead of action the first place to look is in these ubiquitous security programs.

Further rambling on the topic here 

5 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. like the post and all the useful info...I really enjoy reading it..Thanks you share it.

    Church Software

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. I gained new knowledge from well written content of this blog. It is showing some different kind of strategy to keep work better and improve with every new assignment. Gracefully written blog
    โปรแกรม แอนตี้ ไวรัส

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete