Firewall Software.

arnisador

Sr. Grandmaster
MTS Alumni
Joined
Aug 28, 2001
Messages
44,573
Reaction score
457
Location
Terre Haute, IN
My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants?
 
dunno if this is true or not, but read it in a PC magazine...

Hackers tend to hack computers that are always available to them... so when you're not using your system, turn it off.


I'm not really sure about the software, but I've got some friends who are network admins, so I'll ask around for ya.

-N-
 
http://zonelabs.com ZoneAlarm is your friend... it blocks in AND out, and gives you control over what does what.

Its a bit tricky sometimes to tweak, but I run it exclusivly on my systems.

Try the free version. Its all I use and I've had no problems.
 
Arnisador,

I use Zone Alarm on my PC with a Cable connection. I believe that ZOne Alarm is for free and that ZOne Alarm Plus is available for a slight charge. I just use the zone alarm. I have not had any problems in the year I have been on line with a cable modem. I have a freind that haS USED zone alarm and Blac Ise both at different times. THey offer different advantages.

Just my experience, use at your own risk

Rich

PS: Dang IT Kaith posted by the time I finished mine ;~) :D
 
What brand of router did you purchase? The reason I ask is that many of the routers on the market have a built in firewall. I have a Linksys router, and it has a very effective firewall. FYI, there are two types of firewalls, hardware and software. Both are effective, but I prefer a hardware firewall. The routers that act as a firewall in effect become the "computer" that is seen from the internet. So since the router has nothing on it, what can be seen is nothing. You then attach your computers via a network cable to the router and what is seen on your side of the router is effectively blank for all the world to see. The router does everything your PC does for connecting to the internet, and acts as a DHCP server to your PCs. So it takes the connection to the internet and then assigns an IP to each of the PCs on your network dynamically. So when you send a request (like click a link on a webpage) it knows which computer sent it, and who to route the resulting web page to. Because it is the result of a send, it allows a receive to take place. On the other hand, it an unrequested "receive" comes in, the router basically ignores it. This in effect puts your internal network in "stealth" mode, and appears to not even exist. Also the router, unlike doesn't have ports on it like your PC and therefore there is no way to get in.

After that long (and hopefully not too confusing) explaination, the botton line is that hardware firewalls are more effective shields for your PCs since it makes them unseen by those on the internet. Software firewalls do the same thing, but my experience is that when a ports is probed by someone and you use a software firewall, the return they get is that the ports is "blocked". So they know something is there and with enough persistence, may be able to still get in. Whereas a hardware firewall gives the response that nothing is there, so they move on to another target.

If you would like to test your own vulnerability, go to these resources:

Gibson Research Corporation at http://grc.com. Follow the links to Shields Up! and use their test. It will probe your ports and let you know how the rest of the internet see you! Please note that GRC just upgraded their servers and the Shield's Up! test is currently offline. So check back in a couple of days.
Also, do a little surfing at GRC. They review different types of firewall, both hardware and software. Lots of good information without all of the sales garbage you get from the companies that make the software.
 
Originally posted by arnisador

My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants?

I asked about this when I got my cable modem and found out that Mac OS X has firewall software built-in. I just had to turn it on. So switch and get a Mac.
:)
 
Originally posted by arnisador

My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants?

You might want to try using a software firewall too. Maybe that will be 100% Protection
 
with Norton Internet Security. I tried Zone Alarm and it's OK, but I've found the Norton's product catches and stops much more activity. Hope this helps.

Respects,
Bill Parsons
 
Originally posted by bdparsons

with Norton Internet Security. I tried Zone Alarm and it's OK, but I've found the Norton's product catches and stops much more activity. Hope this helps.

Respects,
Bill Parsons
ZA is much better than NIS, and ZA can do a lot than NIS can't. Among the best firewalls are Zone Alarm Pro, Zone Alarm PLus, Zone Alarm Free, Kerio, Sygate Free & Pro, Outpost Free & Pro (which im currently using), and maybe I forgot another . But NIS is not included there
NIS is really not a good idea after-all. I tried it myself for 1 1/2years. You would like more on this subject, try www.dslreports.com/www.broadbandreports.com It's like the best forum for PC Related. Here's the security link > http://www.dslreports.com/forum/security,1

Yes, it can be a little hard while surfing, just remember to click on all those buttons on top they will take you were you want. the red one, like a envelope, will take you where all the forum are at, and you click on the one you want, and it show you some topcs. become a member first. free & easy
see you there.
 
With the hardware firewalls you do get a different feedback when trying to 'ping' or break your way in.

Yet, I have found with most of my friends that the Istant Messengers may work for the quick messages but not for file transfers or the like.

Do your research and find out which is best for you.

:)

Rich
 
i use tiny software's firewall, it's free and has a good level of control, but its not very intelligent. i dont believe that most software is. ive been told that if you are willing to drop some cash on one of the external hardware-type firewall systems you will get the real deal.
like robert carver said, the hardware is better. basically because software becomes a part of your operating system so its not really keeping anyone or anything out of your computer, it just throws up a smokescreen from inside. the external hardware will put up a tangible first barrier against incoming hits. just another degree of security. ive heard that you will pay 100-200 u.s.$ for a good one.:)
 
i had probs with hardware firewalls but yup they r most effective in most cases...
otherwise best software is ZoneAlarm pro(if u can pay) otherwise there's free version too..
-TkdWarrior-
 
Good point Rich. I have also noted that file transfers with instant messages do not work with a hardware firewall. Never tried it with a software forewall, but at least you can disable it quickly (no disconnecting the modem from the router and plugging directly into your PC). However, I don't accept file transfers from any instant messanger chat, so that is not a problem for me.

Arnisador, here is the bottom line. The only sure way to protect yourself from miscreants on the internet is to unplug your PC from the internet. Since that is probably not an option :), then the next best thing is to isolate your PCs/network from the internet. That is where a hardware firewall comes into play. It simply does not let port probes get to your PC (past the firewall). On the other hand, as theneuhauser points out, a software firewall still allows port probes to get to your PC, it just blocks that probe.

Also, like I mentioned previously, most routers come with a built in firewall. Check your manual, because you may already be protected.
 
Originally posted by Robert Carver

Also, like I mentioned previously, most routers come with a built in firewall. Check your manual, because you may already be protected.

I appreciated the explanation of what the hardware and software versions do. It never occurred to me that the router might have this built in--I just assumed I'd have to buy one. I'll check its documentation (iPAQ Connection Point CP-2E) and look into the GRC site when it's back up (it is still down now) and also into Zone Alarm.

Thanks all, this has been very helpful!
 
Originally posted by theneuhauser

i use tiny software's firewall, it's free and has a good level of control, but its not very intelligent. i dont believe that most software is. ive been told that if you are willing to drop some cash on one of the external hardware-type firewall systems you will get the real deal.
like robert carver said, the hardware is better. basically because software becomes a part of your operating system so its not really keeping anyone or anything out of your computer, it just throws up a smokescreen from inside. the external hardware will put up a tangible first barrier against incoming hits. just another degree of security. ive heard that you will pay 100-200 u.s.$ for a good one.:)
Wrong. Tiny is the firewall that is not so good, but that doesn't mean others arent. I can prove for myself that Kerio 3 is currently beta will be good, Zone Alarm products are great. Agnitum Outpost is like 1 of the best.
 
Originally posted by TkdWarrior

i had probs with hardware firewalls but yup they r most effective in most cases...
otherwise best software is ZoneAlarm pro(if u can pay) otherwise there's free version too..
-TkdWarrior-
Agnitum Outpost Firewall does more than what ZA does or can ever do ;)
Outpost has free n pro version. Not much difference, either one is still great.
 
Thanks Mr. Carver, your help has been much appreciated! There are aspects of computers I know well but networking is not one of them.

I did download Zone Alarm but it now sounds like it would be superfluous.
 
Happy to help Arnisador. Check your documentation for the iPac. My Linksys router has the ability to integrate ZoneAlarm into it for double the protection. Yours may also have the ability.

If you need any further assistance, please feel free to contact me via email if you like.
 
I work in the networking fiel in the information systems industry. I have always had a tough time explaining to customers why a hardware firewall is better than a software firewall. Thank you for making it even clearer to me.

Best Regards,

Jeremy
 
Back
Top