Just a bit of orientation about the various products for frequently asked questions.
Security sort of looks like a (layered) sieve:
FW---->AV/AS/AM/----->HIPS---->BB or ? with each layer trying to correct the mistakes of the previous layer, and often involving the user in the decisions.
A firewall ( like Zone Alarm) is all about connections, and blocks incoming connections that are not specifically allowed, and alerts you and sometimes blocks outgoing connections you didn't request directly or indirectly. But these are just packets, not files that anyone can deal with. So they don't know anything about Trojans. But often have add-ons to do other functions.
An AV/AS/AM, like Avast!, deals with the content of the connection, after it has been converted to files. It uses known virus/spyware/malware signatures and generic signatures (information on what the malware file might look like), along with algorithmic analysis of the malware and comparison to known threats. Very effective, but sometimes not up to the last minute or hour threat. Gives the most definite warning for malware:big "this is malware dummy" type popups. Some use heuristics, which are external rules of thumb about what a virus/spyware/malware might look like-variable results, but attempt to fill the time gap between virus discovery and virus characterization. So a modern AV/AS like Avast! should alert you to most Trojans and the like. Programs like SAS and MBAM add some specialized analysis capability for other classes of malware, but I don't use them online. Free versions are great for confirmation and removal if necessary, though.
A HIPS (often associated with a firewall) deals with the files when they try to execute, looks for things that a normal unknown executable might not do, and alerts you so you can decide whether the action makes sense in the context of what you are actually doing. So if a program executes another program or tries to access the disk, you can decide whether that makes sense. And if a Trojan is too new and different to be alerted by an AV/AS/AM, is another layer to try to stop it early.
Behavior blockers and the like (Threatfire, Prevx Edge, ...) try to extend the HIPS idea to sequences of actions-IAW if an executable starts installing things you don't know about, maybe you should block it.
In a sense, you are the BB for a HIPS, based on looking at the sequence of events, along with your knowledge of what you are doing at the time. A lot of current research is going into automating this.
Another tool that is invaluable as a last resort or otherwise is an imaging program. I use Acronis, but there are others. They provide a complete image of your disk, and the tools to extract from it or replace it if you are infected so badly that other removals are ineffective.
So welcome to Avast!, a key player in the layered protection of your computer.
