What firewall should I use?
Amaralandia
20-09-2006, 17:38
I'm currently using the free version of Zone Alarm.
Is there any free version of something I should use instead? I'm not sure I'm happy w/ Zonealarm, even though I used it for quite a long time.
Yootopia
20-09-2006, 17:39
ZoneAlarm is pretty much the best you'll get. Stick with it.
The Black Forrest
20-09-2006, 17:48
ZoneAlarm is pretty much the best you'll get. Stick with it.
Before they were bought out, I would agree with you.
We have the purchased version and lately they have been pissing us off with problems.
I have been using outpost by agnitum. However, you have to understand firewalls as it offers much more then the "point and click" approach of zonealarms.
We have also been looking into kerio personal firewall and find it's decent as well.
Now as anybody should now. Don't trust the windows firewall. Avoid the mcafee and I personally will never use anything Nortan.
Ginnoria
20-09-2006, 17:55
I'm currently using the free version of Zone Alarm.
Is there any free version of something I should use instead? I'm not sure I'm happy w/ Zonealarm, even though I used it for quite a long time.
Under no circumstances should you use the Windows XP firewall. It will get hacked by Cylons in seconds.
Amaralandia
20-09-2006, 18:06
Yep, I left Win firewall right out of the question.
Perhaps I will stick to Zonealarm for now, thank you all for the feedback.
UpwardThrust
20-09-2006, 18:12
Under no circumstances should you use the Windows XP firewall. It will get hacked by Cylons in seconds.
How so? I mean it is not my choice but their port auditing along with tiny packet and fragmentation offset default prevention is solid. Frame relay and TCP syn flooding is also checked for...
I mean it is not feature full but what it does it does as solid as any other solution
As far as software firewalls are concerned Sygate was always my favorite along with kerio (if you had a decent amount of ram) (it was formerly named tiny)
Right now I have seperate designated boxes for firewall purposes so ... and almost never use windows
In the *nix world for some firewall capabillity I like IPFW in BSD ... simmilar to IPTABLES in the Linux world
German Nightmare
20-09-2006, 18:23
Sygate Personal Firewall. It's free, just like Zone Alarm, but by no means as buggy. I have yet to see it interfere with other programs like ZA does.
PsychoticDan
20-09-2006, 18:25
ZoneAlarm is pretty much the best you'll get. Stick with it.
I agree, but make sure you have a router on your line. This is different than your modem. A router is cheap and acts like a firewall.
UpwardThrust
20-09-2006, 18:32
I agree, but make sure you have a router on your line. This is different than your modem. A router is cheap and acts like a firewall.
... Sometimes ... and it is just a statefull non configurable kind. The best security it provides is NAT which is not NESSISARILY a firewall feature
But it is a security feature.
Some out of the box OS solution like smoothwall would be better if you could get ahold of an old machine with two nic's ...
UpwardThrust
20-09-2006, 18:33
Sygate Personal Firewall. It's free, just like Zone Alarm, but by no means as buggy. I have yet to see it interfere with other programs like ZA does.
YAY at least I said it first :) I agree ... it has better features and is ALMOST as user friendly while using less system resources
Firewalls suck, don't use one unless you've got hackers for enemies.
PsychoticDan
20-09-2006, 18:36
... Sometimes ... and it is just a statefull non configurable kind. The best security it provides is NAT which is not NESSISARILY a firewall feature
But it is a security feature.
Some out of the box OS solution like smoothwall would be better if you could get ahold of an old machine with two nic's ...
Well, I'm assuming the OP can't afford to go out and buy a Cisco. Personally I think everyone should have a router at home. It won't protect against viruses or adware and such and it won't protect against a determined hacker or a syn/ack attack but it will make hacking your comp tough enough to deter someone who's just browsing. Works kinda like The Club. If someone really wants your car, they'll get it club or no. But if someone just wants a car, they'll move to the next one.
UpwardThrust
20-09-2006, 18:38
Firewalls suck, don't use one unless you've got hackers for enemies.
Why hacking is not the only problem they protect against ... having windows firewall default firewall on saved THOUSANDS of students at our campus from catching a network aware worm that someone walked in from off campus
None of these people knew the worm creator ... along with the other million or so people that were infected over a 2 week span in the US
Client firewalls are nessisary in any larger network, and a good idea in a home solution too
Kryozerkia
20-09-2006, 18:45
Sygate Personal Firewall. It's free, just like Zone Alarm, but by no means as buggy. I have yet to see it interfere with other programs like ZA does.
I'll second that. I use it and have never been disappointed with it.
German Nightmare
20-09-2006, 19:16
YAY at least I said it first :) I agree ... it has better features and is ALMOST as user friendly while using less system resources
Oh! :eek: Yes, you did...
I'll second that. I use it and have never been disappointed with it.
Me neither. Besides, Zone Alarm conflicts with my antivir, so that's not an option, either...
The Kerio firewall has served me well ever since I got disgusted with ZoneAlarm and abandoned it a couple years ago.
UpwardThrust
20-09-2006, 20:25
The Kerio firewall has served me well ever since I got disgusted with ZoneAlarm and abandoned it a couple years ago.
Kerio is cool but ram intensive ... qustion do you still have a trial period where features disappear after like the first 30 days?
Nope, there's a free version like ZoneAlarm has.
Ram intensive isn't a problem for me. I have two gigs of hard DDR RAM and four gigs of VRAM on my hard drive.
UpwardThrust
21-09-2006, 05:27
Nope, there's a free version like ZoneAlarm has.
Ram intensive isn't a problem for me. I have two gigs of hard DDR RAM and four gigs of VRAM on my hard drive.
My desk is got 4 GB now but it was an issue on my laptop at the time ... but that was like 2 years ago
Windows Firewall has yet to fail.
The Potato Factory
21-09-2006, 05:49
I use Lavasoft Personal Firewall. It works good enough. Although I don't think it's ever actually been updated. Maybe it just does that itself it secret...
BackwoodsSquatches
21-09-2006, 05:53
Windows Firewall has yet to fail.
and it wont, either.
However, it also wont stop any hacker with an IQ of 12.
and it wont, either.
However, it also wont stop any hacker with an IQ of 12.
What will stop them is never booting Windows.
And my router.
UpwardThrust
21-09-2006, 06:08
and it wont, either.
However, it also wont stop any hacker with an IQ of 12.
I am sorry to say any software solution does not pose major challenges to an actual attacker. The software firewalls are usually only alright at minimizing damage with your border is breached
And the occasional network aware worm. Like I said before windows firewall while short on logging abilities and features is solid on what it does do. It protects most of the major stack vulnerabilities and even has some SYN flooding blocking capabilities … something that both zone alarm and kerio used to fail at
Antikythera
21-09-2006, 06:16
firewalls are the evil, dont use one unless you have to.
*glares at SonicWall*
The Black Forrest
21-09-2006, 06:24
I am sorry to say any software solution does not pose major challenges to an actual attacker. The software firewalls are usually only alright at minimizing damage with your border is breached
So all those laptops are broken into everyday? ;)
Care to post some breach reports?
Even the hardware firewall is open especially from the household. Bad error is noticed, only so many households will bother updating firmware.....
And the occasional network aware worm. Like I said before windows firewall while short on logging abilities and features is solid on what it does do. It protects most of the major stack vulnerabilities and even has some SYN flooding blocking capabilities … something that both zone alarm and kerio used to fail at
Much of that would depend on your choice of anti-virus. I haven't seen a worm in 2 years.
Many of the Antivirus packages are dealing with stack problems, memory leaks, etc....
Windows firewall is indeed better then nothing but considering windows, that is not say much.
UpwardThrust
21-09-2006, 06:34
So all those laptops are broken into everyday? ;)
Care to post some breach reports?
Even the hardware firewall is open especially from the household. Bad error is noticed, only so many households will bother updating firmware.....
How many are the focus of an actual attacker? we were talking about difficulties for an actual hacker.
There are milions uppon millions of laptops that are not a target every day ...
On top of that they are usualy fairly low on the priority scale to start with.
But if you would like to see some logs we get 3 or 4 a year here that are actualy attacked I can get you the security reports from work tomarrow if you really want them
Much of that would depend on your choice of anti-virus. I haven't seen a worm in 2 years.
Many of the Antivirus packages are dealing with stack problems, memory leaks, etc....
Windows firewall is indeed better then nothing but considering windows, that is not say much.
I agree AV is a big part too but windows always on pollicy has GREATLY reduced how network aware worms spread in our network on campus ... it is usefully just for that
I am not saying that it is the end all or even the choice for experts but it is solid in what it does ... it does not do very advanced features but it does the basics well
I have yet to see a report of a serious flaw in its basic connection protection
The Black Forrest
21-09-2006, 06:40
How many are the focus of an actual attacker? we were talking about difficulties for an actual hacker.
There are milions uppon millions of laptops that are not a target every day ...
True but many people have them for home use and hackers are starting to realize many companies overlook the security involved with an employees home. Especially with Wireless.
My neighbor works for Cisco. I actually got onto their network from her very open wireless setup that was setup by the cisco IT people :eek:
Even my company was stunned to hear that a VPN client doesn't protect the computer and it offers a nice secure tunnel for the hacker to use back into the company :rolleyes:
On top of that they are usualy fairly low on the priority scale to start with.
But if you would like to see some logs we get 3 or 4 a year here that are actualy attacked I can get you the security reports from work tomarrow if you really want them
Nah. I will take your word for it.
UpwardThrust
21-09-2006, 06:42
True but many people have them for home use and hackers are starting to realize many companies overlook the security involved with an employees home. Especially with Wireless.
My neighbor works for Cisco. I actually got onto their network from her very open wireless setup that was setup by the cisco IT people :eek:
Even my company was stunned to hear that a VPN client doesn't protect the computer and it offers a nice secure tunnel for the hacker to use back into the company :rolleyes:
Nah. I will take your word for it.
Used right a VPN can be the biggest security feature or the biggest security risk
I use Lavasoft Personal Firewall, and already it's stopped a bunch of otherwise computer destroying attacks, for which I am grateful, since this is my new internet/gaming machine, and I'd like to not have to format the hard drive.
JiangGuo
21-09-2006, 09:00
Firewalls suck, don't use one unless you've got hackers for enemies.
And every random script-kiddie will have your precious data for lunch. There are damn few real hackers out there - just a lot of kiddies with point-n-click tools who think they're "hax0r".
JiangGuo
21-09-2006, 09:01
Windows Firewall has yet to fail.
That's because it only monitors data going in one direction, it's like leaving one of two doors wide-open.
Nobel Hobos
21-09-2006, 09:50
The only proven method of keeping a computer safe from hackers:
(Apply between modem and outside world)
http://www.orbitals.com/self/survey/pin/big/scissors.jpg
Boonytopia
21-09-2006, 10:41
Sygate Personal Firewall. It's free, just like Zone Alarm, but by no means as buggy. I have yet to see it interfere with other programs like ZA does.
Yep, I've used Sygate for a couple of years now & have had no problems with it.
Amaralandia
21-09-2006, 11:49
Well, since I couldn't reinstall Zonealarm by any means, damn thing started acting buggy on me like it never did, I followed your advices.
Tried Kerio, but didn't like it. My pc started to act slow, and somehow I don't think I had any say on what the hell the firewall was doing to it.
I'm now on SyGate, which I didn't want to try at first, because I always disliked symmatec products, but this seems actually quite good, and I think I'm sticking to it.
Dissonant Cognition
21-09-2006, 11:50
The only proven method of keeping a computer safe from hackers...
Nope. By far, the most important factor in securing a computer is physical security. That is, preventing people from sitting down at the actual keyboard and monitor. After I cause the machine to sprout legs and walk away, all I need to do is drop an appropriately configured live CD into the optical drive and reboot. The computer and all the personal data contained therein are now mine.
So, in reality, all methods of securing a computer should include at least one of each of the following:
http://upload.wikimedia.org/wikipedia/en/thumb/d/dc/Two_holes_no_waiting.JPG/180px-Two_holes_no_waiting.JPG
http://upload.wikimedia.org/wikipedia/commons/thumb/0/0b/SIG220-Morges.jpg/300px-SIG220-Morges.jpg
Someone who has gone to the trouble of defeating the first is likely to make the second necessary. And false ceilings should be avoided. They kind of make locked doors pointless.
Nobel Hobos
21-09-2006, 12:32
<snip>
http://upload.wikimedia.org/wikipedia/en/thumb/d/dc/Two_holes_no_waiting.JPG/180px-Two_holes_no_waiting.JPG
<another image>
Someone who has gone to the trouble of defeating the first is likely to make the second necessary. And false ceilings should be avoided. They kind of make locked doors pointless.
Eek! Yo pooter has tits!
There's no way I'm touching that. There's laws, and bother-in-laws.
The gun isn't necessary, really.
Jeruselem
21-09-2006, 13:08
I'd say ZoneLabs but the current version has a few issues (I'm a Senior Contributor on the Zonelabs forum - guess my user name?).
The most stable version of ZoneLabs firewall is 6.1.744.001.
I use 6.0.667 actually ... a little behind but nowhere near the same issues as 6.5.XXX.XXX.
Dissonant Cognition
21-09-2006, 13:54
The gun isn't necessary, really.
Fine. Just leave one of these on the seat of the chair at one's computer desk instead:
http://upload.wikimedia.org/wikipedia/en/thumb/c/c4/Leghold_trap.JPG/300px-Leghold_trap.JPG
Additonal content relevant to this thread: Hasn't ZoneAlarm been accused of being spyware? (http://en.wikipedia.org/wiki/Zonealarm#Version_6.0_spyware_controversy) The software provided by my ISP certainly is. Ah, the irony of using my firewall to block unauthorized internet activity by my firewall...
UpwardThrust
21-09-2006, 13:57
The only proven method of keeping a computer safe from hackers:
(Apply between modem and outside world)
http://www.orbitals.com/self/survey/pin/big/scissors.jpg
I use wireless (yes its a WAN) there is nothing between the modem and the outside world (at least not phisical)
UpwardThrust
21-09-2006, 13:58
And every random script-kiddie will have your precious data for lunch. There are damn few real hackers out there - just a lot of kiddies with point-n-click tools who think they're "hax0r".
There are not even a lot of them really ...
Not anymore