Thoughts about running multiple firewalls

[Imyourzero]

With some programs, like adware/spyware scanners or even registry cleaners, it can be a good idea to run multiple programs because each one works slightly differently and one program might catch something that another one didn't.

With other programs, like anti-virus programs, this can be a bad idea. It is possible that one anti-virus product may find a virus that went undetected or uncleaned by another product, but it has been my experience that these types of software take such control over your system that they don't like sharing their duty with others. When is the last time you saw a computer running Norton, McAfee, PC-Cillin, AVG, Panda, and Avast all at the same time? Most people just pick one and stick with it.

But what about firewalls? I have a hardware firewall (router). Is that all I need, or should I run some form of software firewall as well? There's Norton Internet Security, McAfee Personal Firewall, ZoneAlarm, Sygate, and a bunch more. What about the WinXP firewall...does it still stink or is it any better after SP2?

Basically, are software firewalls only useful if you don't have a hardware firewall, or can they be a second line of defense? Will hardware and software firewalls typically work well together?

 

[JackMDS]

Each one of ?Live On? protection programs intercept the Network traffic to analyze and filter in its own way.

My experience on small Networks shows that it is much better to use One Live On comprehensive program that does most of the functions (Like Norton Internet Security).

I do use more programs like Ad-Ware and others to scan the hard drive for ?Parasites? that pass through, but I do not Activate them to be ?Live On? and intercept the traffic in serial to my main comprehensive protection.

Link to: Basic Protection for Broadband Internet Installation.

Link to: Internet infestation -Or, how you are getting Internet ?Junk? in and compromise your Computer/Network?

:sun:

 

[vi edit]

*Most* consumer level routers aren't true firewalls. They are in the sense that they'll block all incoming port traffic unless specifically told not, but they won't block any outbound traffic.

If you pick up a trojan horse via a website or an email, it can still phone home. That's where Zone alarm comes in to play (or norton, but I'm not a norton fan in any way). It'll let you know when a program is trying to make an outbound connection and let you open the port on the fly or reject it.

Another advantage of running a software program like zone alarm is that if a compromised machine (like a laptop or a friends computer) is brought inside your network, a worm is free to hop around without anything to stop it. Running zone alarm will do a very good job in stopping problems like that.

Nat devices are great for stopping 'net spreading worms from randoming infecting you. But they really only protect you in 1 of the 3 ways.

 

[Imyourzero]

Thanks for the replies guys. I guess I will run a software firewall in addition to my router. Does the Windows XP firewall do a good enough job, or are there still problems with it? I remember after WinXP came out, I seem to remember reading that it was best to disable the WinXP firewall as it wasn't the best and caused problems. I didn't know if SP2 changed any of that or if it's still best left disabled. So as far as software firewalls, is ZoneAlarm my best bet or are they all about the same? Sygate, BlackICE, etc...

And what about my mobo's firewall? I have an NForce3 250 chipset which has a hardware firewall, but I didn't know if Nvidia's firewall has proven to be good, bad, or simply mediocre.

 

[JackMDS]

It is not as elaborate as NIS or ZApro.

But it is Good, and it is there Free, give it a try.

You can combine it with AntiVir which is very good and Free too.

LOL, in few weeks if you need something else, every thing will be cheaper the Holydays craze is near by.

:sun:

 

[Sideswipe001]

I've never heard good things about BlackICE, by the way. ZA Pro is what I've been using for my computers, and it *usually* works well.

 

[CJP]

Originally posted by: Imyourzero
And what about my mobo's firewall? I have an NForce3 250 chipset which has a hardware firewall, but I didn't know if Nvidia's firewall has proven to be good, bad, or simply mediocre.

I'd be interested in knowing this too. Also, would you still use ZoneAlarm with the Nvidia firewall, and is the Nvidia firewall hard to configure?

 

[PTCvette]

FYI: I work in tech support for a software company and most of our users use either ZoneAlarm or Norton Internet Security, and they both seem to work well, and are easy enough to configure and screw with... Seems like anyone using the other stuff always has problems and we end up reccomending one of these other two programs to them. BlackIce seems to be the biggest PITA out of the big ones.

Jeff

 

[PlatinumGold]

Sygate has one i've been playing around with lately.

nice software firewall with a nice graphs showing incoming and outgoing traffic.

http://www.download.com/Sygate...47416.html?tag=lst-0-3

 

[PlatinumGold]

Originally posted by: PTCvette
FYI: I work in tech support for a software company and most of our users use either ZoneAlarm or Norton Internet Security, and they both seem to work well, and are easy enough to configure and screw with... Seems like anyone using the other stuff always has problems and we end up reccomending one of these other two programs to them. BlackIce seems to be the biggest PITA out of the big ones.

Jeff

Black Ice is by GRC correct? Gibson has some great utilities.