Software firewall other than ZoneAlarm?

[RSI]

I hate ZoneAlarm. Ffcks with your games, and I don't really like the interface.

I know I will be all plugged up to the router and stuff soon, but I'd like any ideas on software firewalls that you think are worthy, other than ZoneAlarm. How about Norton Internet Security?

-RSI

PS: ???? "f s c k" is a blocked word? "f v c k" too? jeez...

 

[edjam]

BlackIce Defender and the Tiny personal Firewall is meant to be quite good.

 

[royaldank]

<< BlackIce Defender and the Tiny personal Firewall is meant to be quite good. >>



BlackIce isn't what you want. From www.grc.com:


I did not have a current copy of BlackICE Defender around, but I felt that this was an important test. So I laid out $39.95 through Network ICE's connection to the Digital River eCommerce retailer and purchased the latest version (v2.5) of BlackICE Defender hot off the Internet. I had already removed all traces of ZoneAlarm and restarted the machine, so I installed BlackICE Defender, let everything settle down, and restarted the machine with my packet sniffer running on an adjacent PC.

As far as I could tell, BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the Zombies and Trojans running inside the poor "Sitting Duck" laptop. I knew that BlackICE Defender was a lame personal firewall, but this even surprised me.

The Zombie/Bot happily connected without a hitch to its IRC chat server to await further instructions. The Sub7 Trojan sent off its eMail containing the machine's IP and the port where it was listening. Then it connected and logged itself into the Sub7 IRC server, repeating the disclosure of the machine's IP address and awaiting port number. No alerts were raised, nothing was flashing in the system tray. The Trojans were not hampered and I received no indication that anything wrong or dangerous was going on.

 

[bozo1]

Blackice only works on incoming stuff. He's complaining about it not blocking data leaving his computer which is not what the program was designed to do. Steve Gibson is a flake anyway.

 

[Jzero]

<<

<< BlackIce Defender and the Tiny personal Firewall is meant to be quite good. >>



BlackIce isn't what you want. >>



Steve Gibson is a panicmongering tart. I think Black Ice is crap for no reason other than the fact that ZoneAlarm is free and provides the outbound filtering that Gibson is so upset that BID doesn't provide.
What Gibson doesn't tell you is that the behavior he describes is exactly how a majority of firewalls work. The accepted practice is to let everything go OUT unless you specifically say otherwise and to let nothing IN unless you specify otherwise.
Additionally, packets containing a valid "ack" bit, meaning packets that were requested by your machine are typically allowed in.
In Gibson's scenario, BID lets the "zombie" communications through b/c it allows all outbound comms, like most other routers. It won't do much to save you from trojans.
But neither will the router you'll probably get, nor a Checkpoint FW that costs some thousands of dollars.

BID's only fault is you have to pay for it.

Gibson's ShieldsUp and other utilities are useful, but you should accept his "opinions" with a great deal of salt.

 

[n0cmonkey]

<< What Gibson doesn't tell you is that the behavior he describes is exactly how a majority of firewalls work. The accepted practice is to let everything go OUT unless you specifically say otherwise and to let nothing IN unless you specify otherwise. >>



Like Checkpoint FW1 right? Not really. That is a bad way to setup a firewall. Black Ice sucks for other reasons, so I wont argue that with you, but outbound filtering is *VERY* important and anyone that does not do this (on a large scale for isps etc) is an a-hole.

 

[eplebnista]

There is also Sygate Personal Firewall. I have been using it for a while with no problems.

My $.02,
eplebnista

 

[JackMDS]

It seems that a lot of people like to take the approach:

?What I don?t know can not hurt me?.

Most current programs come with forms of ?Live update?, most default to install the program with ?Live update On?. Decent programs let you shut off the ?feature?; some does not even tell you that it is existing.

The ?Live Updates? read your Windows Registry, and look for certain files on your Hard Drive.

This process is done with good intentions to help. However, as the saying goes:

?The way to hell is paved with good intentions?.

Some of the implementation of this ?feature? can impair your system, and make it a security risk.

As I mentioned above, the Router Firewall is not meant to deal with these issues.

Yeah, Firewalls interfere with games; games need to send info out.

However, good Firewall can be easily set to allow the games to go out, or put your computer in the DMZ for time that you need to save humanity and ?kill the aliens?.

Think of a Firewall function as Traffic Lights in a busy city.

 

[Garion]

I agree that Checkpoint is a very BAD example to use - It's default config is everything out and nothing in, but it certainly isn't limited to that. In most big companies, the default is to allow NOTHING out from the desktop - All outbound traffic must be delivered through a proxy. Of course, there's a lot of malicious apps that send traffic over Port 80, but I don't know of any personal firewall which will block that - Now you're into AntiVirus territory..

- G

 

[n0cmonkey]

<< I agree that Checkpoint is a very BAD example to use - It's default config is everything out and nothing in, but it certainly isn't limited to that. In most big companies, the default is to allow NOTHING out from the desktop - All outbound traffic must be delivered through a proxy. Of course, there's a lot of malicious apps that send traffic over Port 80, but I don't know of any personal firewall which will block that - Now you're into AntiVirus territory..

- G >>



Everytime Ive setup, or played with a setup FW1 machine its always been configured to block all incoming and outgoing except for what you configure it to allow. Its a better (IMO) approach, but adds some complexity to the rule set.

 

[sml]

Re: Royaldank's assessment of BlackIce:
It may be a sub-par product, but anyone who takes the words of Steve Gibson at face value needs a sessions with the LART

 

[sml]

n0cmonkey: while I agree a textbook firewall configuration would have strict outgoing filter rules, perhaps restricting the user to 80/tcp and 443/tcp out of the internal network, this isn't very practical, especially in a large network environment. Sure, you can configure it like that; but people want to send email through their SMTP server someplace else, or they want to telnet someplace for some research collaboration, or some exec at another site is screaming because he can't make his napster work. etc. I find it's easier to filter on stuff I *KNOW* I wouldn't want on the network and stuff I can actually defend filtering [yahoo! games, napster, kazaa, gnutella, etc] and allowing everything else outbound from workstations. how do you keep the users in check? FW-1 w/ WebSense as a CVP plug-in for web filtering, and Trend Micro's InterScan product for scanning web pages for malicious applets and email going in and out for virii. My two cents

 

[n0cmonkey]

<< n0cmonkey: while I agree a textbook firewall configuration would have strict outgoing filter rules, perhaps restricting the user to 80/tcp and 443/tcp out of the internal network, this isn't very practical, especially in a large network environment. Sure, you can configure it like that; but people want to send email through their SMTP server someplace else, or they want to telnet someplace for some research collaboration, or some exec at another site is screaming because he can't make his napster work. etc. I find it's easier to filter on stuff I *KNOW* I wouldn't want on the network and stuff I can actually defend filtering [yahoo! games, napster, kazaa, gnutella, etc] and allowing everything else outbound from workstations. how do you keep the users in check? FW-1 w/ WebSense as a CVP plug-in for web filtering, and Trend Micro's InterScan product for scanning web pages for malicious applets and email going in and out for virii. My two cents >>



Of course you have to take every site on a case by case basis. I dont have as strict filtering on my outbound at home because I do quite a bit of things from those machines, but in a work environment I like to keep the users in check as much as possible. But 80, 443, 22, and maybe 23 are important ones I would let out on most networks. Others would depend on what the function of the network is. DMZs in particular should have *VERY* strict outbound filtering in my opinion. Only allow out what you absolutely need to.

 

[LuckyTaxi]

freesco

 

[ojai00]

I have Norton Internet Security...and sometimes, it's a pain in the butt. The pop-ups are really annoying when it's alerting you of incoming or outgoing traffic. I mean, I just use it because I'm on a cable modem and hoping that it catches anything that my router doesn't. But I really have no idea of its capabilities. I mean if you go to Norton's web site and do a security check, of course it's going to recommend you its product, and when you buy it and do the security check, it will show up all good. It might tell you to tweak something in the program,...but it will tell you that everything is secure. Well, I hope this helps somewhat. By the way, NIS's interface is integrated with SystemWorks...so when you edit, all the other programs in SystemWorks will show up as well.

 

[Thor86]

1- learn what ports your games are using
2- learn how to open/forward ports your games are using

or

Don't use any firewall program and take your chances.

 

[Valhalla1]

i like norton IS

 

[Pqee]

Need firewalls that stop outbound traffic? Bah --> http://tooleaky.zensoft.com

He claims his program can bypass any personal firewall on the market. TPF, Zonealarm etc...

 

[n0cmonkey]

<< Need firewalls that stop outbound traffic? Bah --> http://tooleaky.zensoft.com

He claims his program can bypass any personal firewall on the market. TPF, Zonealarm etc... >>



Nice find. I guess no one should be using firewalls since there is always a way around it. Heh, anyhow, outbound filtering is still important. There are ways around it. No biggie, nothing is 100% secure. Every little bit helps though.

 

[Pqee]

Yeah that guy says that outbound protecting firewalls are useless.

Personally I'd rather have an outbound protecting firewall to stop the million or so trojan/worms etc... that don't know how to bypass a firewall, at least for now.

 

[n0cmonkey]

<< Yeah that guy says that outbound protecting firewalls are useless.

Personally I'd rather have an outbound protecting firewall to stop the million or so trojan/worms etc... that don't know how to bypass a firewall, at least for now. >>



Hopefully with the code this guy produced the firewall companies will increase the effectiveness of their software. I dont filter by application, but by port and protocol.

 

[Pqee]

I use Tiny Personal Firewall which filters by Application as well as port/protocol. They have a program called Trojan Trap but I haven't had a chance to try it. I'm not sure if it works on XP or not. Its supposed to stop outbound traffic by some pretty intense protection. I'm not that technical so some of its features and descriptions are over my head but it sounds like the next best thing to a decent firewall.

 

[n0cmonkey]

<< I use Tiny Personal Firewall which filters by Application as well as port/protocol. They have a program called Trojan Trap but I haven't had a chance to try it. I'm not sure if it works on XP or not. Its supposed to stop outbound traffic by some pretty intense protection. I'm not that technical so some of its features and descriptions are over my head but it sounds like the next best thing to a decent firewall. >>



When I used Windows I used TPF. Its pretty nice.

 

[hatboy]

I like OpenBSD myself. I'm using 3.0 for firewalling and NAT. If you've got an old machine sitting around (and some Unix knowledge), it's a great way to make a VERY secure and stable firewall.

 

[n0cmonkey]

<< I like OpenBSD myself. I'm using 3.0 for firewalling and NAT. If you've got an old machine sitting around (and some Unix knowledge), it's a great way to make a VERY secure and stable firewall. >>



2.9-stable +IPF for my firewall. 3.0 on my desktop