Whats the best software firewall?
- Thread starter ManBearPig
- Start date
dunno. i switched from Sygate to Jetico. Jetico is like a pitbull. if you dont have the patience to train the filters, it's not for you. But it catches everything going on with your OS.
Using an outbound filtering software firewall does nothing for security, so my suggestion is the native Windows SP2 firewall.
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
If you're already behind a router, then they're all a waste of time and resources IMO. If you have some specific need that really demands an additional software firewall, then you probably already know enough to make your choice.
Once malware is on the system, security has been compromised. If something wants to send something out an outbound filtering firewall running on the infected machine is not going to stop it.
Well I have a high protection levels set on my Westell router, yet occasionally I still get port scan alarms at the McAfee software firewall.
So I don't understand how hackers could be so good as to punch through the NAT at the router and get to my computer's software firewall, but apparently some are able to do so.
Conclusion, at least for me: run both router & software firewalls.
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
Then either 1) you have ports forwarded on your router, 2) you have a wireless point or some other entry point behind the NAT device, or possibly 3) there's some UPnP program that's "helpfully" opening up a port for you and the router has UPnP enabled.
No, they can't - something in your network is misconfigured. Better to fix that than apply band-aid solutions in software.
Yes, I do have 7 port forwarding rules set for the router. One is for bit torrent, the other 6 for games.
How about helping me learn what to do about that as far as protection from intrusive port scans?
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
They can't, unless the system is already compromised first, or you have an unpatched, high level service on a common port. This is also why most software firewalls are used by poorly educated users. Damn things need to be banned if you ask me given the number of users I' ve run across that use a third party software firewall, refuse to patch Windows up to date because those patches break their junk firewall product, then cuss out Bill Gates.
Justifying a software firewall on the basis that it will help desktop security by detecting outbound traffic is a lot like driving with your headlights off at night because your airbag will protect to in case you get into a accident. Most Malware, Trojans, Spyware, Virus's get onto your system via ActiveX or VB exploits, or dowloaded software. Has nothing to do with your stupid software firewall.
I've handled server/desktop security for a number of companies, and simply found software firewalls, (excluding MS's) cause far more damage and lost productivity than they help.
Get a pair of scissors, and cut your internet connection. There - nobody can scan your ports. Feel Better?
No, I'm not trying to be a jerk, but simply illustrate a point. If you are on the interent, your presence is known. Hackers don't go probing the internet looking for ports or IP's. They go probing the interent looking for ports with unpatched or poorly configured services behind them listening to those ports. If you are on the internet, then you have an IP address - period. It doesn't take a rocket scientist to figure out what ISP's have specific blocks of IPs, and hence "stealthing" your computer is an oxymoron promoted by goobers like GRC.
By far the most common type of 'port hack' to illustrate this is SMTP relaying. Every spammer in the universe is scanning the internet looking for IP's and open port 25's so they can bounce spam off of because this allows them to avoid global black lists. If you have a mail server installed, then by default it's likely listening to port 25, and it typically only takes a few days for spammers to find an open port 25 regardless of the firewall you are using or having your machine "stealthed". you need to have the service listening to port 25 configured to no accept relayed mail. Or, not surf with admin rights, which prevents that Trojan or worm from infected your machine and then listening to various ports for commands, such as turning into a zombie server as a mail relay. Assuming the the worst does happen, a software firewall sometimes alerts you to yoru system being compromised, but I'd rather put those resources into not getting hacked in the first place, dig?
Get a decent NAT router, avoid surfing with admin rights, grumble at MS but do install their numerous patches, and get an understanding of the additional services you are installing.
O.K. now you're scaring me! Up till now I've put a lot of trust in GRC.
up till now I've always installed MS' patches.
What if I'm surfing from behind the Privoxy & Tor proxies?
How do you see that?
- Mar 4, 2000
- 27,370
- 240
- 106
I have used ZoneAlarm Pro from years. But- like a lot of things, it has become too bloated and slow trying to be all things. So, I removed it. ZoneAlarm free is better, but still not efficient.
I then tried Comodo, and it was great - except no animated tray icon so I could see if there was up or down activity. Now I have installed Kerio - and it is great. It did cause me one problem until I gigured it out. I have a network printer, and immediately on installation, Kerio block that IP number as a "bad guy" and I could not print. I finally figured it out and put the printer's IP in the trusted zone. Kerio has little green and red animated lines in the tray icon that indicate up or down traffic. Nice.
Comodo is working on that, but they don't have it yet.
I then tried Comodo, and it was great - except no animated tray icon so I could see if there was up or down activity. Now I have installed Kerio - and it is great. It did cause me one problem until I gigured it out. I have a network printer, and immediately on installation, Kerio block that IP number as a "bad guy" and I could not print. I finally figured it out and put the printer's IP in the trusted zone. Kerio has little green and red animated lines in the tray icon that indicate up or down traffic. Nice.
Comodo is working on that, but they don't have it yet.
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
I'm pretty sure Chuck Norris did it once.
Bad idea. That stealthing stuff is really retarded.
As others have said, there's far better ways to protect yourself at home: hardware firewall, turning off UPnP and generally making sure you only have port forwards that you need and understand. Where host-based firewalls do come in handy is environments that you don't trust, like university residences or public wifi. But even then, a simple incoming filter should be so simple that it doesn't matter what you use. You've got 64k ports: they're each either open or closed, the rest is eye-candy/placebo.
Yeah, GRC is alarmist but that goes for just about any specialized endeavor. No need for knee-jerking in the opposite direction though.
Outbound blocking is useful regardless of malware because of the plethora of of "legitimate" software made to "phone home" sans user consent.
Lest we forget, Windows just recently included an inbound firewall and there are plenty o' home systems not using a router or even decent anti-virus software.
Outbound blocking is useful regardless of malware because of the plethora of of "legitimate" software made to "phone home" sans user consent.
Lest we forget, Windows just recently included an inbound firewall and there are plenty o' home systems not using a router or even decent anti-virus software.
I request a mini-education here re: firewalls.
Have standalone WinXP Pro SP2 PCs with a Westell DSL hardware router & McAfee software firewalls.
I'm getting hammered with Newtear attacks, Port Scan attacks, Fragment attacks, and Syn attacks.
McAfee software firewall is catching these.
Posters above have recommended using a router fw ONLY, without a sw firewall, for better PC performance. But if it wasn't for the McAfee software firewall I'd be totally infected by now.
I think the router blocks outgoing, but not incoming.
The router's web control page says: "Blocks all outgoing traffic except Mail, News, Web, FTP, and IPSE . . .with custom rules through NAT configuration."
7 ports are forwarded inward through the router, for uTorrent and games. I'm convinced the port forwarding is done properly.
Question 1: What if anything would you say is the best course of action under the constant barrage of attacks? Would you just ignore them & rely on the software firewall?
Question 2: How the heck do you guys protect yourselves by using a router only, naked of any additional software firewall? Do your routers have an active firewall on incoming traffic?
Have standalone WinXP Pro SP2 PCs with a Westell DSL hardware router & McAfee software firewalls.
I'm getting hammered with Newtear attacks, Port Scan attacks, Fragment attacks, and Syn attacks.
McAfee software firewall is catching these.
Posters above have recommended using a router fw ONLY, without a sw firewall, for better PC performance. But if it wasn't for the McAfee software firewall I'd be totally infected by now.
I think the router blocks outgoing, but not incoming.
The router's web control page says: "Blocks all outgoing traffic except Mail, News, Web, FTP, and IPSE . . .with custom rules through NAT configuration."
7 ports are forwarded inward through the router, for uTorrent and games. I'm convinced the port forwarding is done properly.
Question 1: What if anything would you say is the best course of action under the constant barrage of attacks? Would you just ignore them & rely on the software firewall?
Question 2: How the heck do you guys protect yourselves by using a router only, naked of any additional software firewall? Do your routers have an active firewall on incoming traffic?
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
NAT routing is by definition an active firewall. Are you sure you haven't put yourself in the dmz or anything like that? As for the warnings mcaffee's giving you, sounds to me like it's bullshltting you. Other than the error messages it's giving you, do you have any evidence that these things are actually happening? Or maybe somebody on your lan is messing with you :evil:
Personally, I just use secure software. Sorry if you mentioned it already but do you use Firefox or Opera, and Thunderbird for e-mail?
A NAT router is like a hard lead wall. Packets are like waves. The packets that were requested by a certain PC are directed to go around the wall while the others (the unrequested, anonymous Internet spam) just die. If you have software on your PC that is requesting intrusion, obviously the NAT router can't fix that. But if it wasn't requested, it won't be sent to you, unless you're on DMZ or have forwarded that port/protocol through which it was sent.
irishScott
Lifer
- Oct 10, 2006
- 21,562
- 3
- 0
Well would you please take a look at the screenshot of the router's control web page:
Here
Does it look to you like there's no way to set active firewall protection for inbound traffic? Maybe that's the root of my problem--maybe instead of this router the DSL service company provided, I should go buy a better one???
And:
Sorry, I don't understand that? "Demilitarized Zone???"
And xtknight, I use Firefox 1.5.0.7 and Thunderbird of same rev.
Advice will be appreciated.
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
I don't think you understand the concept of NAT. By definition, it is not even capable of sending internet traffic to your computer, unless the contact is specifically initiated by your computer. The only way to let any traffic through is to forward ports (but you probably haven't done enough of that to worry about) or to put yourself in the dmz, which means that all traffic coming to your router is sent to your computer.
Also, notice that your screenshot indicates that that screen is dealing with outbound traffic only and has no effect on what's coming in.
Also, notice that your screenshot indicates that that screen is dealing with outbound traffic only and has no effect on what's coming in.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
Facebook
Twitter