Web Design Forums
| View previous topic :: View next topic |
| Author |
Message |
Steve Terry
Guest
|
 Posted: Tue Jul 01, 2008 6:29 pm Post subject: What's the best free Firewall? |
 |
|
Anything better than ZoneAlarm?
for XP
Steve Terry |
|
| Back to top |
|
 |
| |
Ads |
Advertising
Sponsor
|
|
Johnw
Guest
|
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
baynole2@yahoo.com
Guest
|
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Saxman
Guest
|
| Posted: Tue Jul 01, 2008 7:30 pm Post subject: Re: What's the best free Firewall? |
|
|
Steve Terry wrote:
| Quote: |
Anything better than ZoneAlarm?
for XP
|
Yes. I like this.
http://www.pctools.com/firewall/ |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
elaich
Guest
|
| Posted: Tue Jul 01, 2008 7:30 pm Post subject: Re: What's the best free Firewall? |
|
|
Johnw <jmatt@webace.com.au> wrote in news:op.udl8qut229n8fs@john-
8ff5742a4a.home.gateway:
| Quote: |
I use the XP firewall.
|
Trusting that is like trusting the fox to guard the henhouse. That thing is
set up to allow anything through that Microsoft wants allowed through. It's
configuration can also be changed remotely by Microsoft in the guise of a
update.
I have only had the XP firewall alert me twice about anything, and those
were SECURITY programs that I had installed.
Install a real firewall with protection both directions, and you will learn
just how many processes that are embeded in Windows are constantly calling
out. None of them really need to be. |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Brian Arthur Robertson
Guest
|
| Posted: Tue Jul 01, 2008 7:34 pm Post subject: Re: What's the best free Firewall? |
|
|
Johnw wrote:
| Quote: |
On Tue, 01 Jul 2008 21:29:51 +0800, Steve Terry <gFOURwwk@tesco.net> wrote:
Anything better than ZoneAlarm?
for XP
I use the XP firewall.
Is the XP SP2 firewall getting a raw deal?
http://blogs.zdnet.com/Ou/?p=81
|
The raw deal that is referred to is a "...denial of service
vulnerability involving Windows RDP (Remote Desktop Protocol)" that was
apparently falsely blamed on the XP SP2 Firewall.
| Quote: |
http://www.fefe.de/pffaq/
|
This is just a ridiculous reference to quote.
"Do Personal Firewalls improve security?
No.
Why do so many people install them, then?
Because those people are all idiots."
| Quote: |
http://home.comcast.net/~SupportCD/XPMyths.html
Hack lets intruders sneak into home routers
|
Couldn't find this reference on the quoted page, but I did find "The
Windows XP Firewall is not good enough because it lacks outbound filtering."
This article makes a good point about "...does something very critical:
it protects the system at boot.".
The article also suggests that outbound protection is unnecessary
because "In an interactive attack the attacker can circumvent outbound
filters at will." This may be true of some skilled people, I just don't
see the need to make it easy for everyone to compromise my computer.
| Quote: |
http://news.zdnet.com/2100-1009_22-6159938.html?tag=nl.e540
If you haven't changed the default password on your home router, let
this recent threat serve as a reminder.
|
This is common sense.
There are several free firewalls out there that offer inbound and
outbound protection. So why just settle for only half of the protection
with the XP firewall.
Some useful references:
Pricelessware Home
http://www.pricelesswarehome.org/2007/PL2007SECURITY.php#1.10Firewall
Comodo Firewall has been recommended by several people in this group.
http://www.pricelesswarehome.org/2007/PL2007SECURITY.php#1.10Firewall
You can also find an extensive list of firewalls reviewed by Snap Files
here
http://www.snapfiles.com/downloadfind.php?st=firewall&action=s&search=Find+it&lc=1
HTH
--
Brian Arthur Robertson
http://brian.arthur.robertson.googlepages.com/freesoftware
http://brian.arthur.robertson.googlepages.com/rare-ware |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Bear Bottoms
Guest
|
| Posted: Tue Jul 01, 2008 7:51 pm Post subject: Re: What's the best free Firewall? |
|
|
On Tue, 01 Jul 2008 08:29:51 -0500, Steve Terry <gFOURwwk@tesco.net> wrote:
OnlineArmor http://www.tallemu.com/
--
Bear Bottoms
Freeware website: http://bearware.info |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
VanguardLH
Guest
|
| Posted: Tue Jul 01, 2008 7:55 pm Post subject: Re: What's the best free Firewall? |
|
|
"Steve Terry" in <news:g4dbk5$idb$1@news.albasani.net> wrote:
| Quote: |
Anything better than ZoneAlarm?
for XP
Steve Terry
|
Depends on what you want in a firewall. I've used the following:
Comodo Firewall Pro
Online Armor
These also include HIPS (host intrusion protection system) which lets
you regulate what program can load into memory. If a program, like
malware, isn't allowed to load into memory then it can't run. Yes, you
will get a lot of prompts. Each has a learning mode so you can reboot
the host to auto-record those processes along with starting all your
applications to auto-record them, then you disable learn mode and answer
the prompts thereafter which will be fewer in number. The assumption is
that you've already ensured your host is clean before learning. Online
Armor also provides a whitelist of known good applications (by a hash
value to identify them) to reduce the prompt count. I don't remember if
Comodo has a whitelist but it might. If you don't want to use HIPS, you
can disable it as it will impact the responsiveness of your host. I
used HIPS in both for awhile but noticed my host was noticeably snappier
when it was disabled.
Comodo's v3 firewall is a bit difficult to figure out how to configure.
Not that it is difficult to navigate through the program but to figure
out how to configure it all, plus there is trying to figure out the
application and global rules. They do have active forums for help, as
does Online Armor. Comodo's HIPS will not only regulate what program
can load into memory but also who can call that program to load into
memory. For example, malware could call the web browser to visit a web
site. You'll very likely have the HIPS always allow the load of the web
browser but only by authorized callers. Online Armor doesn't have the
ability to track the parent-child (or caller-callee) relationship but
plans on adding it. The problem is with more prompts. Not only might
you get prompted to allow loading a program (if not in the whitelist)
but you'll get prompted on every program that wants to load that
authorized program, and there can be a lot of different programs that
call another program to load. v2.4 of Comodo's firewall doesn't have
HIPS and is a bit easier to setup and use. Online Armor is easier to
use than Comodo's v3 firewall and about the same as Comodo's v2.4
firewall.
A software firewall really only regulates non-malware programs as to
what can connect out. Malware can still bypass a software firewall (and
why some users and companies don't use them and instead rely on a
firewall appliance or run the software on a different host as a
gateway). I finally gave up on using a firewall to control non-malware
programs regarding which can make connections. At this point, if I
won't tolerate the behavior of a program for its connections for which
it won't let me control or configure it how I want, I get rid of the
misbehaving or nonconfigurable program. HIPS gave me lots of extra
control but I prefer a more quick-responding host. I also have a
firewall in the router. So I opted to get rid of the above firewall
(whichever I was using on my hosts) and just go with the Windows
firewall for inbound-only protection (mostly from other hosts on my
intranet that I don't manage) and the firewall in the router. Too much
security can get in the way of using your computer. Too few leaves you
vulnerable but then you are always vulnerable to some degree no matter
how much security you add. Security and ease-of-use are the antithesis
of each other so you need to find a blend of security with which you are
comfortable. |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Craig
Guest
|
| Posted: Tue Jul 01, 2008 8:12 pm Post subject: Re: What's the best free Firewall? |
|
|
Steve Terry wrote:
| Quote: |
Anything better than ZoneAlarm?
for XP
This DIY article was written for win2k but can be applied to Winxp as |
well. Executive summary: Roll your own firewall. There are a lot of
advantages to this method, one of which is that you can unequivocally
trust the "author" of the firewall.
hth,
-Craig
<http://homepages.wmich.edu/~mchugha/w2kfirewall.htm> |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
§
Guest
|
| Posted: Tue Jul 01, 2008 8:34 pm Post subject: Re: What's the best free Firewall? |
|
|
Craig wrote:
| Quote: |
Steve Terry wrote:
Anything better than ZoneAlarm?
for XP
This DIY article was written for win2k but can be applied to Winxp as
well. Executive summary: Roll your own firewall. There are a lot of
advantages to this method, one of which is that you can unequivocally
trust the "author" of the firewall.
hth,
-Craig
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
|
Bravo!
Finally, someone added some solid good advice. |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Craig
Guest
|
| Posted: Tue Jul 01, 2008 8:58 pm Post subject: Re: What's the best free Firewall? |
|
|
§ wrote:
| Quote: |
Craig wrote:
Steve Terry wrote:
Anything better than ZoneAlarm?
for XP
This DIY article was written for win2k but can be applied to Winxp as
well. Executive summary: Roll your own firewall. There are a lot of
advantages to this method, one of which is that you can unequivocally
trust the "author" of the firewall.
hth,
-Craig
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
Bravo!
Finally, someone added some solid good advice.
|
Feel strongly about it, do you? <grin>. Yea, after a few posters
forcefully <ahem> derided PFS's, I started to dig around for the why's &
wherefore's & came up with the above. It's the clearest how-to I've
found on the subject (for NTOS).
For anyone who doesn't mind moderately difficult projects and who has
serious doubts about the need/desirability for 3rd party-produced PFS,
this is a great place to start.
fwiw,
-Craig |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
§
Guest
|
| Posted: Tue Jul 01, 2008 9:03 pm Post subject: Re: What's the best free Firewall? |
|
|
Craig wrote:
| Quote: |
§ wrote:
Craig wrote:
Steve Terry wrote:
Anything better than ZoneAlarm?
for XP
This DIY article was written for win2k but can be applied to Winxp as
well. Executive summary: Roll your own firewall. There are a lot
of advantages to this method, one of which is that you can
unequivocally trust the "author" of the firewall.
hth,
-Craig
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
Bravo!
Finally, someone added some solid good advice.
Feel strongly about it, do you? <grin>. Yea, after a few posters
forcefully <ahem> derided PFS's, I started to dig around for the why's &
wherefore's & came up with the above. It's the clearest how-to I've
found on the subject (for NTOS).
|
heh, actually I posted that link a few months ago :)
| Quote: |
For anyone who doesn't mind moderately difficult projects and who has
serious doubts about the need/desirability for 3rd party-produced PFS,
this is a great place to start.
|
I actually made a script at one time that would perform everything
mentioned in that link to simplify things. Now, if I could only find
where I stuck that script...
Rest assured, *if* I find that script I'll post it here. |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Craig
Guest
|
| Posted: Tue Jul 01, 2008 9:09 pm Post subject: Re: What's the best free Firewall? |
|
|
§ wrote:
| Quote: |
Craig wrote:
§ wrote:
Craig wrote:
Steve Terry wrote:
Anything better than ZoneAlarm?
for XP
This DIY article was written for win2k but can be applied to Winxp
as well. Executive summary: Roll your own firewall. There are a
lot of advantages to this method, one of which is that you can
unequivocally trust the "author" of the firewall.
hth,
-Craig
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
It's the clearest how-to I've
found on the subject (for NTOS).
heh, actually I posted that link a few months ago 
|
For the life of me, I can't remember where I "dug" it up so it could've
very well been your post: thx.
| Quote: |
I actually made a script at one time that would perform everything
mentioned in that link to simplify things. Now, if I could only find
where I stuck that script...
Rest assured, *if* I find that script I'll post it here.
|
That'd be great. Thx.
-Craig |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Ron May
Guest
|
| Posted: Tue Jul 01, 2008 9:20 pm Post subject: Re: What's the best free Firewall? |
|
|
On Tue, 1 Jul 2008 14:29:51 +0100, "Steve Terry" <gFOURwwk@tesco.net>
wrote:
| Quote: |
Anything better than ZoneAlarm?
for XP
Steve Terry
|
Depends on your definition of "better" and "best."
For my purposes on XP and prior, Kerio 2.1.5 is very hard to beat.
Rock solid stable, lightweight, easy to use for the novice yet capable
of rulesets as configurable as you need them to be. Does not work
with Vista.
Info:
http://www.pricelesswarehome.org/2007/PL2007SECURITY.php#0409-PW
More info and download link (third program from the top):
http://www.321download.com/LastFreeware/page7.html
Of course, you can't go wrong withn the other recommendations for
bidirectional firewalls made here either, like Sygate, Comodo or (what
I use with Vista) PC Tools, as long as one realizes that a firewall is
only a very small part of a much larger overall security strategy, of
which "safe hex" is always your first and best line of defense.
--
Ron M.
(I filter Googlespam)
alt.comp.freeware information pages:
http://www.pricelesswarehome.org/acf/Index.php |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
Sparky
Guest
|
| Posted: Tue Jul 01, 2008 9:51 pm Post subject: Re: What's the best free Firewall? |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Craig wrote:
| Quote: |
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
Bravo!
Finally, someone added some solid good advice.
Feel strongly about it, do you? <grin>. Yea, after a few posters
forcefully <ahem> derided PFS's, I started to dig around for the why's &
wherefore's & came up with the above. It's the clearest how-to I've
found on the subject (for NTOS).
|
At risk of being labeled a "forceful derider"... ;)
The concept of a personal firewall is flawed at its core. In essence,
you have software 'A' which allows or facilitates some connection. You
apply software 'B' to interject a layer between 'A' and the outside
world. The potential vulnerabilities still exist, they're just "masked".
By something that in effect accepts the connection, and deals with it as
per your instructions. And that mask itself brings an entire additional
layer of potential vulnerabilities. It's not unheard of at all for
personal firewall software to be exploitable directly.
Personal firewalls are a band aid. They'll always be inferior to simply
shutting off all services to any outside contact. Rather than subjecting
stray IP packets to analysis, they should be simply and routinely
rejected by the OS network stack in accordance with RFC, or whatever the
OS defaults are. That's the safest way to deal with "net noise" all the
way around. Lowest possible chance of a nefarious packet breaking
something, and you don't stick out in any way.
Which highlights one of the most snake oily aspects of persona
firewalls. So called "stealth". Probably one of the worst things that
ever happened to personal computer security. Hackers absolutely love
people who blindly drop packets because they stick out like sore thumbs.
Where rejecting packets normally allows you to blend in amongst a block
of IP addresses which respond with various "service unavailable"
messages, disappearing IP packets are a red flag showing exactly where
exploitable machines might reside. :(
| Quote: |
For anyone who doesn't mind moderately difficult projects and who has
serious doubts about the need/desirability for 3rd party-produced PFS,
this is a great place to start.
|
There use to be tutorials out there regarding disabling everything that
might listen on a public facing port. I don't have nay current links it
seems, but I'm sure Google would spit some out. I honestly believe that
would be a better place to start.
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAkhqprwACgkQUZCI41IC43hMCwCeOqsIbyBGxAewd80Eu/27VeF+
y+wAnjhGa0ci11ZBcM/7ygo5FKeWDpG6
=9xeS
-----END PGP SIGNATURE----- |
|
| Back to top |
|
|
| |
Ads |
Advertising
Sponsor
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
55 Attacks blocked
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
