Firewalls - Any Advice?

Do you experts have any advice about firewalls. I had a nasty infection(s) and, after solving my problem with the help of Steamwiz, I got my computer clean after a long and laborious process for both of us.

After fixing the problem, I installed Zone Alarm as suggested in Tony Klein's post. Now, I've been doing a little research and it seems that a hardware firewall is recommended over a softwall firewall, particularly for protection of outgoing information.

I was able to acquire a D-LInk DI-704P, and I have been trying to set it up. I've put a lot of time into it and it just seems so complicated! I'm wondering if you would recommend that I keep on plugging with that or should I look into buying a newer one - maybe the Alpha Shield -- looking like it is more novice-friendly.....???

Hi there.

I don't use Zone Alarm myself, (although many do like it a lot), as I find it too bloated for my taste.

Comodo's free firewall is not hard to configure.

--------------------------------------
Edit: I no longer use Comodo.
--------------------------------------

Note: The Comodo Firewall download is now available only as part of a suite, which includes Comodo Firewall Pro and also Comodo Antivirus.
During the install you will be offered options:

Comodo Internet Security comes with a collection of vital security needs for your PC. Please select products you wish to install or unselect products you wish to uninstall in order to continue.

Click to expand...

First you will see:
Install Comodo AntiVirus.
Install Comodo Firewall.

You may wish to uncheck during installation, "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage", and install the firewall ONLY.
---------------------------------------

If you want to look into hardware though, I suggest you take a look here: dslreports.

Hope that helps.

hi dancingqueen,

nothing wrong with using both a hardware and software firewall. do you need both? depends on your computing habits. just about any router has some kind of rudimentary firewall built in to it. Its the software firewall (ZA) that provides the out going prompts.

your router shouldnt be that difficult to set up. you are following the setup guide or install wizard? once setup you can forget about it other than a occasional reboot.

shelf life

Thanks for the Advice....

However, the one thing I'll say about Comodo, which I have installed - twice now, actually - because the first time I installed it, it started sending me all of these messages right away - and I didn't know how to respond to them. Such as: C/Windows/explorer.exe has tried to use svchost.exe through OLE automation, which can be used to hijack other applications. explorer,exe might be using svchost.exe to access the internet.

The first time, I denied everything I saw, mainly out of fear of allowing anything dangerous....and then I couldn't get on Skype or, more importantly, the Internet.

Another message I got was: Generic host process for Win32 services is trying to connect to the internet. What would you like to do? Once again, the second time, I said "allow" -- basically to everything that poped up right after I installed it. NOw, the internet and Skype both seem to work. But the shield for Windows Securtiy is still red. Is that because it doesn't recognice Comodo and thinks my computer is at risk with no firewall?

Eeekkk! I hate to mess up my recently cleaned computer but I really want a firewall too! If I can just get it right, I'm sure it will help a lot.

Thanks for the hardware advice as well...

I'm going to figure out this software (Comodo) one before I tackle the hardware one. I will say that I have acquired (at a low price) a used D-LInk DI-704P. Do you consider it a viable option?

hi dancingqueen,

ive never used comodo. software firewalls can often flood the user with all kinds of prompts. just allowing all traffic or clicking thru the prompts wont do you any good if you happen to have a trojan on your computer. questioning it is good-- if you are malware free alittle experimenting might help. deny processes and make sure you still have functionality like web browsing, email, program updates etc. better yet visit the comodo firewall forum and poke around the FAQ and topics. most likely you will find the answer there.
yes, that d-link router would add a good layer of protection for your over all security.

I recommend comodo's free firewall. Zonealarm's firewall used to be highly recommended, but now it has become too bloated for the average user.

The paid version is good, but comodo's free version is the best.

"On the minus side the IDS is initially rather talkative and this can unnecessarily alarm inexperienced users. There have also been reports that the new version 3 has some new version bugs so it may be better to wait a couple of months until the new version has stabilized before installing. Additionally Comodo has been known to conflict with some other security products. However for the technically initiated who can cope with these annoyances this is an outstanding free product and an easy first choice." Gizmo - www.techsupportalert.com/best_46_free_utilities.htm

one option you can go to (sorry I can't tell you the exact location, im on a different computer) shows you the intensity of the messages shown - i set mine to 'low'

Honda

/\
|
|
|
about comodo firewall

i dont find zonealarm....

to be bloated at all. Comodo is good, i like it, but i prefer za as a much easier firewall to set and maintain. I think it is much easier to use for the average user, as comodo gets to detailed sometimes. When someone doesn't know much about computers, and i secure there systems, i use zonealarm and most feedback i get from people is that it is easy to understand and use. Try one or the other, and pick the one you like best.

129260:

Interesting comparison of leak-tests results of various firewalls:

• Leak-tests results - matousec.com
  http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

ZoneAlarm free firewall does not rate well. In fact it is rated "Very Poor" in these particular leak-tests results.

that is interesting....

and i understand what you mean. according to what a leak test is though, "Leak tests are small, non-destructive, programs designed by security experts that deliberately attempt to bypass a firewall's outgoing security measures."

ALSO: "In the overall rating, ZoneAlarm Pro 6.1.744.001 is comparable with Comodo Personal Firewall 2.3.6.81. The main property of ZoneAlarm Pro is very good personal firewall design, the best design among all firewalls we have already tested. The design of ZAP is not perfect, but it is close to the ideal design of personal firewalls. The only reason, why this product is not the number one in our tests, is an excessive number of bugs in the implementation of its security features. This makes the protection of ZAP very ineffective and easy to bypass regardless the good design. Since we reviewed ZoneAlarm Pro 6.1, its vendor have noticeably improved this product, fixed many bugs we have reported and released ZoneAlarm Pro 7, which would probably score much better in our tests than its older version."

outgoing, all my ports are stealth according to shields up. So therefor, As for incoming attacks, threats are possible to get through, but for the most part I am protected enough correct? I'm not as worried about threats that are on my computer trying to get out, because i have none that i know of. I scan with highjack this and several other antispyware and 1 antiviruis program(s). So yes, this is true that they did poorly in this test, but the ports are stealth and thats what my individual purpose for having a firewall is for. I do understand what your saying, and def. feel free to tell me more if i am incorrect with what i said. I believe for the average home computer user, zonealarm is not a bad choice at all. Comodo is a good firewall too, i just prefer zonealarm compared to the other 4 firewalls i tried on my test machine. Even though i could use comodo, I see no compelling reason to switch to comodo or any other firewall. But feel free to tell me more. Like in my signature, "I yearn to learn" lol.

Firewall leaktest surveys are always a subject of intense debate.

If you are happy with your firewall and practice safe surfing, I wouldn't rush to try another either.

Awareness is half the game.

ya haha i know there a heated debate

"Firewall leaktest surveys are always a subject of intense debate.

If you are happy with your firewall and practice safe surfing, I wouldn't rush to try another either.

Awareness is half the game."

Ya, I'm not saying that a firewall is a silver bullet, but a general rule of thumb that i believe is that if your ports are stealthed, hackers would rather attack somebody who is unprotected and easy to attack verses someone who isn't. Unless they are proving to there "buddies" that they can hack something, (which most hack there friends if they want to prove a point) and Unless they really badly want access to your computer and files, you should be fine. Besides, I'm behind a router firewall, and za. So anyone that is that determined to get into my system is going to have a hard time. haha. Eventually they can get in after awhile, but i have nothing file wise that anyone would want. As for safe surfing, it is quite easy now that there are web extensions such as Mcafee site advisor, and link scanner light. thanx 4 the reply tashi!

Cheers.

What is your thought of not needing a software firewall with a hardware one?

I was chatting with a linksys tech awhile back and he told me that I didn't need a software firewall. I believe he even said that they recommend not useing one with their router.

"...not needing a software firewall with a hardware one? I was chatting with a linksys tech awhile back and he told me that I didn't need a software firewall..."

Click to expand...

1) Routers -usually- come with a NAT firewall* built-in, but check the specs on yours.

2) The Linksys tech is -not- the one defending your system. You are.

* http://www.cable-modems.org/articles/internet_sharing/software_firewall.htm
"...To some extent, NAT and proxy servers act as firewalls, but it's only true for the machines behind the NAT or proxy server. It does not in any way protect the gateway machine running the NAT/Proxy..."

:fear:

The reason arguments often occur relating to leak-tests is that as usual the parties are really arguing about two different things.

In the first place, any firewall that displays no open ports (common slang term - stealth) to the Internet is actually sufficient to protect from an outside IP attempting to connect to the internal IP, whether the firewall is hardware or software. This includes the Windows XP or Vista firewalls when no ports are opened for sharing or other purposes.

The primary reason that third-party software firewalls came into existence was initially to block inbound requests before the Windows firewalls were available, and later to detect outbound requests, including those that might be generated by malware. What these really were doing was an early form of simplistic IDS (Intrusion Detection System) that sometimes also performs a user controlled IPS (Intrusion Protection System) function.

The problem with these technologies is that while they can help make a user aware of unknown IP traffic, they really depend to heavily on the knowledge of the user in most cases. Even if they do actually detect an outbound request it's often left to the user to make a highly technical decision that they often have no understanding to base the decision on.

The fact that "firewalls" had become IDS/IPS systems and thus to some extent anti-malware products muddied the waters, since a firewall itself really has none of this functionality. A firewall simply blocks or allows ports based on a set of configurations or rules that may also depend on the initial creation of an outbound connection to allow a corresponding return connection inbound to the device or network.

So how do leak tests figure into this? Well, if you define a firewall by its basic definition then virtually all of the leak tests would succeed, since there would be no higher logic involved to stop any outbound traffic from occuring unless it was manually configured to block those specific ports.

If, however, you believe a firewall inherently should include the more recently added IDS/IPS functions, then you will believe that leak tests have validity, though to some extent they will also depend on the answers to prompts the product displays when something is detected.

So as usual, the argument comes about as a result of a 'belief' as to what a firewall really is. Thus, like religon, no one will ever win the argument since they are arguing beliefs rather than facts.

The answer to the basic question is, however, extremely simple. If you believe that you can understand and properly answer the questions your firewall product might ask you when it detects something and displays it for your decision then you should use that product. If you don't get rid of it, because it will at best frustrate you and at worst put you in danger of identity theft.

Bitman

def. true

right on bitman

Hi I am new here and although I did not come to the forum for this subject, I felt I may as well add to all who have written.
For approx 7 years I have been using Sygate Firewall and have had no problems at all.
I like the ability to block ports that are open slather for the "jerks" out there who like to create chaos for all who own a computer.
Although I think "Snorten Norten" has bought out Sygate, I can still manually operate it to configure it to my way use, and it seems to have no problem.
I like it as unlike Norton, which has more bells and whistles than an amusement park, it doesn't suck my resources to zero where I can't move right or left.

Regards
BarbM