Do you experts have any advice about firewalls. I had a nasty infection(s) and, after solving my problem with the help of Steamwiz, I got my computer clean after a long and laborious process for both of us.

After fixing the problem, I installed Zone Alarm as suggested in Tony Klein's post. Now, I've been doing a little research and it seems that a hardware firewall is recommended over a softwall firewall, particularly for protection of outgoing information.

I was able to acquire a D-LInk DI-704P, and I have been trying to set it up. I've put a lot of time into it and it just seems so complicated! I'm wondering if you would recommend that I keep on plugging with that or should I look into buying a newer one - maybe the Alpha Shield -- looking like it is more novice-friendly.....???

Hi there.

I don't use Zone Alarm myself, (although many do like it a lot), as I find it too bloated for my taste.

Comodo's free firewall (http://www.personalfirewall.comodo.com/download_cis.html) is not hard to configure.

--------------------------------------
Edit: I no longer use Comodo.
--------------------------------------

Note: The Comodo Firewall download is now available only as part of a suite, which includes Comodo Firewall Pro and also Comodo Antivirus.
During the install you will be offered options:

Comodo Internet Security comes with a collection of vital security needs for your PC. Please select products you wish to install or unselect products you wish to uninstall in order to continue.
First you will see:
Install Comodo AntiVirus.
Install Comodo Firewall.

You may wish to uncheck during installation, "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage", and install the firewall ONLY.
---------------------------------------

If you want to look into hardware though, I suggest you take a look here: dslreports (http://www.dslreports.com/forums/18).

Hope that helps. :)

hi dancingqueen,

nothing wrong with using both a hardware and software firewall. do you need both? depends on your computing habits. just about any router has some kind of rudimentary firewall built in to it. Its the software firewall (ZA) that provides the out going prompts.

your router shouldnt be that difficult to set up. you are following the setup guide or install wizard? once setup you can forget about it other than a occasional reboot.

shelf life

However, the one thing I'll say about Comodo, which I have installed - twice now, actually - because the first time I installed it, it started sending me all of these messages right away - and I didn't know how to respond to them. Such as: C/Windows/explorer.exe has tried to use svchost.exe through OLE automation, which can be used to hijack other applications. explorer,exe might be using svchost.exe to access the internet.

The first time, I denied everything I saw, mainly out of fear of allowing anything dangerous....and then I couldn't get on Skype or, more importantly, the Internet.

Another message I got was: Generic host process for Win32 services is trying to connect to the internet. What would you like to do? Once again, the second time, I said "allow" -- basically to everything that poped up right after I installed it. NOw, the internet and Skype both seem to work. But the shield for Windows Securtiy is still red. Is that because it doesn't recognice Comodo and thinks my computer is at risk with no firewall?

Eeekkk! I hate to mess up my recently cleaned computer but I really want a firewall too! If I can just get it right, I'm sure it will help a lot.

I'm going to figure out this software (Comodo) one before I tackle the hardware one. I will say that I have acquired (at a low price) a used D-LInk DI-704P. Do you consider it a viable option?

hi dancingqueen,

ive never used comodo. software firewalls can often flood the user with all kinds of prompts. just allowing all traffic or clicking thru the prompts wont do you any good if you happen to have a trojan on your computer. questioning it is good-- if you are malware free alittle experimenting might help. deny processes and make sure you still have functionality like web browsing, email, program updates etc. better yet visit the comodo firewall forum and poke around the FAQ and topics. most likely you will find the answer there.
yes, that d-link router would add a good layer of protection for your over all security.

I recommend comodo's free firewall. Zonealarm's firewall used to be highly recommended, but now it has become too bloated for the average user.

The paid version is good, but comodo's free version is the best.

"On the minus side the IDS is initially rather talkative and this can unnecessarily alarm inexperienced users. There have also been reports that the new version 3 has some new version bugs so it may be better to wait a couple of months until the new version has stabilized before installing. Additionally Comodo has been known to conflict with some other security products. However for the technically initiated who can cope with these annoyances this is an outstanding free product and an easy first choice." Gizmo - www.techsupportalert.com/best_46_free_utilities.htm

one option you can go to (sorry I can't tell you the exact location, im on a different computer) shows you the intensity of the messages shown - i set mine to 'low'

Honda :)

/\
|
|
|
about comodo firewall

to be bloated at all. Comodo is good, i like it, but i prefer za as a much easier firewall to set and maintain. I think it is much easier to use for the average user, as comodo gets to detailed sometimes. When someone doesn't know much about computers, and i secure there systems, i use zonealarm and most feedback i get from people is that it is easy to understand and use. Try one or the other, and pick the one you like best. :)

129260:

Interesting comparison of leak-tests results of various firewalls:
Leak-tests results - matousec.com
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
ZoneAlarm free firewall does not rate well. In fact it is rated "Very Poor" in these particular leak-tests results.

and i understand what you mean. according to what a leak test is though, "Leak tests are small, non-destructive, programs designed by security experts that deliberately attempt to bypass a firewall's outgoing security measures."

ALSO: "In the overall rating, ZoneAlarm Pro 6.1.744.001 is comparable with Comodo Personal Firewall 2.3.6.81. The main property of ZoneAlarm Pro is very good personal firewall design, the best design among all firewalls we have already tested. The design of ZAP is not perfect, but it is close to the ideal design of personal firewalls. The only reason, why this product is not the number one in our tests, is an excessive number of bugs in the implementation of its security features. This makes the protection of ZAP very ineffective and easy to bypass regardless the good design. Since we reviewed ZoneAlarm Pro 6.1, its vendor have noticeably improved this product, fixed many bugs we have reported and released ZoneAlarm Pro 7, which would probably score much better in our tests than its older version."

outgoing, all my ports are stealth according to shields up. So therefor, As for incoming attacks, threats are possible to get through, but for the most part I am protected enough correct? I'm not as worried about threats that are on my computer trying to get out, because i have none that i know of. I scan with highjack this and several other antispyware and 1 antiviruis program(s). So yes, this is true that they did poorly in this test, but the ports are stealth and thats what my individual purpose for having a firewall is for. I do understand what your saying, and def. feel free to tell me more if i am incorrect with what i said. :) I believe for the average home computer user, zonealarm is not a bad choice at all. Comodo is a good firewall too, i just prefer zonealarm compared to the other 4 firewalls i tried on my test machine. Even though i could use comodo, I see no compelling reason to switch to comodo or any other firewall. But feel free to tell me more. Like in my signature, "I yearn to learn" lol.

Firewall leaktest surveys are always a subject of intense debate.

If you are happy with your firewall and practice safe surfing, I wouldn't rush to try another either.

Awareness is half the game.

"Firewall leaktest surveys are always a subject of intense debate.

If you are happy with your firewall and practice safe surfing, I wouldn't rush to try another either.

Awareness is half the game."

Ya, I'm not saying that a firewall is a silver bullet, but a general rule of thumb that i believe is that if your ports are stealthed, hackers would rather attack somebody who is unprotected and easy to attack verses someone who isn't. Unless they are proving to there "buddies" that they can hack something, (which most hack there friends if they want to prove a point) and Unless they really badly want access to your computer and files, you should be fine. Besides, I'm behind a router firewall, and za. So anyone that is that determined to get into my system is going to have a hard time. haha. Eventually they can get in after awhile, but i have nothing file wise that anyone would want. As for safe surfing, it is quite easy now that there are web extensions such as Mcafee site advisor, and link scanner light. :) thanx 4 the reply tashi!

Cheers. :)

What is your thought of not needing a software firewall with a hardware one?

I was chatting with a linksys tech awhile back and he told me that I didn't need a software firewall. I believe he even said that they recommend not useing one with their router.

"...not needing a software firewall with a hardware one? I was chatting with a linksys tech awhile back and he told me that I didn't need a software firewall..."

1) Routers -usually- come with a NAT firewall* built-in, but check the specs on yours.

2) The Linksys tech is -not- the one defending your system. You are.

* http://www.cable-modems.org/articles/internet_sharing/software_firewall.htm
"...To some extent, NAT and proxy servers act as firewalls, but it's only true for the machines behind the NAT or proxy server. It does not in any way protect the gateway machine running the NAT/Proxy..."

:fear:

The reason arguments often occur relating to leak-tests is that as usual the parties are really arguing about two different things.

In the first place, any firewall that displays no open ports (common slang term - stealth) to the Internet is actually sufficient to protect from an outside IP attempting to connect to the internal IP, whether the firewall is hardware or software. This includes the Windows XP or Vista firewalls when no ports are opened for sharing or other purposes.

The primary reason that third-party software firewalls came into existence was initially to block inbound requests before the Windows firewalls were available, and later to detect outbound requests, including those that might be generated by malware. What these really were doing was an early form of simplistic IDS (Intrusion Detection System) that sometimes also performs a user controlled IPS (Intrusion Protection System) function.

The problem with these technologies is that while they can help make a user aware of unknown IP traffic, they really depend to heavily on the knowledge of the user in most cases. Even if they do actually detect an outbound request it's often left to the user to make a highly technical decision that they often have no understanding to base the decision on.

The fact that "firewalls" had become IDS/IPS systems and thus to some extent anti-malware products muddied the waters, since a firewall itself really has none of this functionality. A firewall simply blocks or allows ports based on a set of configurations or rules that may also depend on the initial creation of an outbound connection to allow a corresponding return connection inbound to the device or network.

So how do leak tests figure into this? Well, if you define a firewall by its basic definition then virtually all of the leak tests would succeed, since there would be no higher logic involved to stop any outbound traffic from occuring unless it was manually configured to block those specific ports.

If, however, you believe a firewall inherently should include the more recently added IDS/IPS functions, then you will believe that leak tests have validity, though to some extent they will also depend on the answers to prompts the product displays when something is detected.

So as usual, the argument comes about as a result of a 'belief' as to what a firewall really is. Thus, like religon, no one will ever win the argument since they are arguing beliefs rather than facts.

The answer to the basic question is, however, extremely simple. If you believe that you can understand and properly answer the questions your firewall product might ask you when it detects something and displays it for your decision then you should use that product. If you don't get rid of it, because it will at best frustrate you and at worst put you in danger of identity theft.

Bitman

right on bitman

Hi I am new here and although I did not come to the forum for this subject, I felt I may as well add to all who have written.
For approx 7 years I have been using Sygate Firewall and have had no problems at all.
I like the ability to block ports that are open slather for the "jerks" out there who like to create chaos for all who own a computer.
Although I think "Snorten Norten" has bought out Sygate, I can still manually operate it to configure it to my way use, and it seems to have no problem.
I like it as unlike Norton, which has more bells and whistles than an amusement park, it doesn't suck my resources to zero where I can't move right or left.

Regards
BarbM

BarbM,

As you noted the Sygate Firewall product was bought out and is no longer supported, which means it isn't being maintained.

Since support ended there have been multiple vulnerabilities discovered, which make the use of this firewall unsafe.

Vulnerability Report: Sygate Personal Firewall 5.x
http://secunia.com/product/254/?task=advisories

I'd recommend that you look into more current firewall products that have support, there are a couple discussed earlier in this thread.

Bitman

To Mr Bitman, have now Online Armor, a little harder to configure but good all the same.
McAfee AV died in the butt, so now have Avira freebie, and works okay.
Went to my tuneup place to see how well both perform, and the firewall is okay but they said Avira was not detected. Wierd!

Are there any utilities that you can use to test the abilities of firewalls to make sure they are as secure as they should be?

Daz3210:

Here's a pair of tests:
GRC ShieldsUP! — Internet Vulnerability Profiling
https://www.grc.com/x/ne.dll?bh0bkyd2
GRC LeakTest -- Firewall Leakage Tester
http://www.grc.com/lt/leaktest.htm
"ShieldsUP!" primarily tests inbound vulnerability. "LeakTest" primarily tests outbound vulnerability.

My personal feeling is that if you have a clean system (i.e. no spyware, keyloggers, Trojans, etc.) the "LeakTest" is less critical than the "ShieldsUP!" test.

Other very important considerations in securing your system are:
Making sure your browser settings are not to lax.
Keeping your software up-to-date so that known vulnerabilities can not be exploited.

http://www.matousec.com/projects/firewall-challenge/results.php

After going through the trouble of cleaning up my PC again with the kind help of pskelley again I've been thoroughly reviewing the advice given on here as to how to avoid malware catastrophe. Amongst these things I spotted the fact that Norton Internet Security was in fact as useless as I suspected; via the Matousec test results thing. Norton frequently eats all my system resources and fails to spot anything vaguely damaging. (It was difficult to describe my feelings towards Norton without using expletives!)

So, in short: Should I remove Norton Internet Security 2008 completely, and pick up a nice little package like Kaspersky? Or perhaps a separate firewall and Virus Scanner etc? Your advice would be fantastically appreciated.

All the best,

Dunc

Hello Dunc,

Personally I don't care for suites.

I use Comodo firewall free, without the Comodo SafeSurf-ASK Toolbar option, and Eset Nod32 anti virus, paid.

If I didn't use Nod32 I would try a trial of Kaspersky's AV. I also have Avira's AntiVir free on another computer.

I'm happy with those programs at the moment. :)

Kool and the Gang. Once my current problem is officially diagnosed as sorted I will endeavour to follow your example and install Comodo and Eset Nod32, after getting rid of Norton's foul scourge. Thanks very much for the advice.

All the best,

Dunc

Just for future reference to future readers: I have uninstalled Norton and have replaced it with Comodo and Nod32 working in glorious fashion. These two fine pieces of software run smoothly without eating system resources like ol' Norton and instil far more confidence in me as to my system's security. Thanks for your valuable advice tashi.

Just wanted to say :) Comodo is a Turkish made firewall. Melih is the president of Comodo and Egemen has written the core of Comodo. Such a perfect firewall being achieved by turkish engineers makes us proud. :wav:

I've recently started trying out Comodo as well and quite like it :)
Will probably replace Outpost 1.0 as my favorite (about time, as much outdated as that is ;) ).

I've recently started trying out Comodo as well and quite like it :)
Will probably replace Outpost 1.0 as my favorite (about time, as much outdated as that is ;) ).

Yeah, I like comodo - A little bit talkative by default though :laugh:

i just tried the shieldsup test, and all ports showed as stealth, but i also got this message:

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

all ports are stealth but my system still replied to ping? what does that mean?

i use the xp firewall, and have used zonealarm before but the results where the same with both. i also use a router/modem with the firewall turned on, i dont think i have seen anything special in the xp firewall log, but that is maybe because i have the router/modem firewall.

i have been recommended online armor and kerio, but some firewalls is just an annoyance and asks to many questions. do someone have an easy to use firewall to recommend that blocks the ping mentioned above?

i have now stopped using utorrent because of what i have been reading here: http://forums.spybot.info/showthread.php?t=31554&page=2 where is that originally posted by the way? i couldnt find it as a sticky, and the other sticky is different than that one. utorrent was mainly the reason why i didnt use another firewall than the xp one because the others was just to difficult to configure with utorrent, but it is easier now when i dont have any filesharing program of course. i couldnt connect to the internet when using pctools firewall so i will not use that one.

I say, the PCTools Firewall is a joke :P (since this is the Tavern afterall).

I also received the same results are blues, all ports stealth, however my computer responded the Ping. :scratch:

I say, the PCTools Firewall is a joke :P (since this is the Tavern afterall).

I also received the same results are blues, all ports stealth, however my computer responded the Ping. :scratch:


i hope someone have an answer to what it is that is causing it.

Re: Comodo Firewall and ShieldsUP! (https://www.grc.com/x/ne.dll?bh0bkyd2 ) Ping test.

It seems that Comodo Firewall does not prevent responses to pings (ICMP Echo) requests. See the following thread the Comodo Forum (http://forums.comodo.com):
Blocking ping reply
http://forums.comodo.com/empty-t25362.0.html
On the subject of ShieldsUP! (https://www.grc.com/x/ne.dll?bh0bkyd2 ) pings being responded to while using Comodo Firewall, I found post 13 of 23 in the following thread in the CNET forums: Spyware, viruses, & security (http://forums.cnet.com/internet-security/5204-6132_102-0.html?forumID=32) forum interesting:
I have another Shields Up question..
http://forums.cnet.com/internet-security/5208-6132_102-0.html?forumID=32&threadID=301651&messageID=2814519#2814519

i use the xp firewall,

Which only blocks incoming traffic, although better than no firewall at all. :)



i have now stopped using utorrent because of what i have been reading here: http://forums.spybot.info/showthread.php?t=31554&page=2 where is that originally posted by the way? i couldnt find it as a sticky, and the other sticky is different than that one.

Actually that is a new policy at two sites, still under review here and if posted, probably wouldn't be in the same format.

Cheers.

i use zonealarm and i didn't fail one shields up test. all shields up tests were unable to ping my computer. :)

Re: Comodo Firewall and ShieldsUP! (https://www.grc.com/x/ne.dll?bh0bkyd2 ) Ping test.

It seems that Comodo Firewall does not prevent responses to pings (ICMP Echo) requests. See the following thread the Comodo Forum (http://forums.comodo.com):
Blocking ping reply
http://forums.comodo.com/empty-t25362.0.html
On the subject of ShieldsUP! (https://www.grc.com/x/ne.dll?bh0bkyd2 ) pings being responded to while using Comodo Firewall, I found post 13 of 23 in the following thread in the CNET forums: Spyware, viruses, & security (http://forums.cnet.com/internet-security/5204-6132_102-0.html?forumID=32) forum interesting:
I have another Shields Up question..
http://forums.cnet.com/internet-security/5208-6132_102-0.html?forumID=32&threadID=301651&messageID=2814519#2814519


this from the comodo thread was interesting: Killing ICMP causes real-world trouble, unlike the imaginatory "wow t3h noes, I'm visible and hackers will get me" nonsense published by GRC on Shields Up, upsetting almost all users who have no clue about real security and have been recommended to use Shields Up as a way to test their firewall.

so then maybe shieldsup is useless? and just give out information that is wrong.

maybe it is my router/modem that replyed to ping, the firewall was off by default but i turned it on some weeks ago. i will try to turn off upnp on the computer and router/modem just to test with shieldsup again and reply back in this thread with the results.



Which only blocks incoming traffic, although better than no firewall at all. :)



Actually that is a new policy at two sites, still under review here and if posted, probably wouldn't be in the same format.

Cheers.

the security experts scares me about what they say about filesharing, but it is mostly the downloads that CAN be dangerous. i would not recommend anyone to download programs with filesharing programs, as almost everything i have tested with antivirus and antimalware programs that was downloaded with utorrent had trojans, i rarely have seen viruses in a while. it was fun to test it, but it was just tests. i have one cd with malware again, and some malware that spybot didnt found is on it. but this tests is maybe like playing a game with the computer:fear:

129260:

Have you tested zonealarm with a LeakTest such as:
GRC LeakTest -- Firewall Leakage Tester
http://www.grc.com/lt/leaktest.htm

this is from my response in this same thread regarding the issue:

that is interesting....
and i understand what you mean. according to what a leak test is though, "Leak tests are small, non-destructive, programs designed by security experts that deliberately attempt to bypass a firewall's outgoing security measures."

ALSO: "In the overall rating, ZoneAlarm Pro 6.1.744.001 is comparable with Comodo Personal Firewall 2.3.6.81. The main property of ZoneAlarm Pro is very good personal firewall design, the best design among all firewalls we have already tested. The design of ZAP is not perfect, but it is close to the ideal design of personal firewalls. The only reason, why this product is not the number one in our tests, is an excessive number of bugs in the implementation of its security features. This makes the protection of ZAP very ineffective and easy to bypass regardless the good design. Since we reviewed ZoneAlarm Pro 6.1, its vendor have noticeably improved this product, fixed many bugs we have reported and released ZoneAlarm Pro 7, which would probably score much better in our tests than its older version."

outgoing, all my ports are stealth according to shields up. So therefor, As for incoming attacks, threats are possible to get through, but for the most part I am protected enough correct? I'm not as worried about threats that are on my computer trying to get out, because i have none that i know of. I scan with highjack this and several other antispyware and 1 antiviruis program(s). I know almost every service and process running on my machine. So yes, this is true that they did poorly in this test, but the ports are stealth and thats what my individual purpose for having a firewall is for. I do understand what your saying, and def. feel free to tell me more if i am incorrect with what i said. I believe for the average home computer user, zonealarm is not a bad choice at all. Comodo is a good firewall too, i just prefer zonealarm compared to the other 4 firewalls i tried on my test machine. Even though i could use comodo, I see no compelling reason to switch to comodo or any other firewall. But feel free to tell me more. Like in my signature, "I yearn to learn" lol.

http://forums.spybot.info/showthread.php?t=18603&page=2

thats the link where we talked about this. But, i will download and try this test that you gave in your link. :) I'll let you know of the results.

Also see this link on how zonealarm did on recent testing: http://www.matousec.com/projects/firewall-challenge/level.php?num=1

The only weird thing about that link is i think not all of it's pages are updated....some pages said za failed even though the other pages said it passed. The ones that said it passed had a more recent date though...

Also from the page you gave me on the leaktest: "This first versions 1.x of Leaktest simply demonstrate how any TRIVIAL malicious program can easily bypass any current software firewall! The only exception to this is ZoneLabs' free ZoneAlarm, because ZoneAlarm is the only firewall to cryptographically certify the identity of executable programs.

Therefore, version 1.x of LeakTest is only meant to quickly and convincingly demonstrate an alarming flaw that currently exists in the vast majority of personal computer software firewalls. Because this is a serious problem, EVERY firewall manufacturer (except ZoneLabs) is currently working to correct this glaring deficiency."

EDIT: i just did the leaktest, i passed with flying colors!! :)

it didnt help to turn off upnp. i can see the router has a feature that is called
Intrusion Detection, but i dont know how to turn it on. i have talked about my router on the hphosts forum, and they explained what the settings is used for.

Comodo Firewall in training mode. Windows Vista. Router.

I haven't tried ShieldsUP! in years, but thought I'd run the test because of this thread.


Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

I receive the same result on all my shield up tests with zonealarm. :)

:bigthumb:

you two are lucky:)

howewer, strange that all my ports are stealth and i still respond to ping:scratch: is shieldsup really thrustworthy or what? i am not scared, because nothing malicious seems to have happened on my computer that i know about.

Same here, with the same results as blues. I've set Comodo Pro to 'Safe Mode' and 'Clean PC Mode'.

ports are stealth and i still respond to pingprobably because you would have to block ICMP echo reply in, in the firewall set up but iam only guessing. you should try some other external port scanners other than grc. your isp can also filter certain ports and if you have router in the picture you are port scanning it. as for being stealth, personally i think it offers no more security than a port that is closed.

As I recall Blues mentioned having a router, so that most likely is what's responding to the ping.

Bitman

thanks:) i just logged in to my isps sites, and found this:

Increased security for ADSL

If you want a higher security, you can use Telenor Plus his aksessliste. This feature makes it more difficult for people to gain access to your PC, while you surf the Web as well.
This feature closes some ports on your PC that contains the traffic that IP telephony, peer to peer, and the like. This is traffic that can sap your capacity. Simply put, this means that the filter will allow most of the traffic that is generated from you out to the Internet, and block for just about anything that will be sent to you from the Internet. This is to reduce unwanted traffic to you, which will reduce your speed.
NOTE:

If you find that some services may stop working, you can remove the filter to see if it is the one that is the cause.
Have you installed wlan (wireless network), you need to even make the necessary security. This feature is only designed for your traffic to the Internet, not your wireless network.

drragostea, maybe your isp also has something like this.
but this seems drastically to do, maybe messengers and such doesnt work then (i dont use messengers now)

this is the description on my router and i dont understand it: firewall: The firewall levels only have impact on the forward hook. This means that
the handling of traffic from and to the Web pages of the SpeedTouch™ is
independent of the selected firewall level.
Protocol checks will be performed on all accepted connections, irrespective
of the chosen level. You can only disable protocol checks via the CLI.

and i was told this on the hphosts forum: because the firewall is limited, you'd obviously still need a desktop firewall.

but that wasnt about ping and port checks, it was just me asking for explanations of my routers settings because my router was restarting itself. maybe someone remotely did something with the router (through upnp or something like that)

i could not find a setting that disables icmp in the router(icmp is the same as ping isnt it?)

i will try others than grc, but i dont know what ones is thrustworthy and gives the right results.

the router firewall is on, and this is the settings: BlockAll:
All traffic from and to the Internet is blocked. Game and Application Sharing is not allowed by the firewall. Although BlockAll should block all connections, some mandatory types of traffic such as DNS will still be relayed between LAN and WAN via the THOMSON ST.

Standard:
All outgoing connections are allowed. All incoming connections are blocked, except for inbound connections assigned to a local host via Game and Application Sharing.

Disabled:
All in- and outgoing traffic is allowed to pass through your THOMSON ST, including Game and Application Sharing.
This is the default firewall level.

i use the standard setting in the firewall.

now i tested shieldsup with another computer that is connected to my router, that computer use norton 360, and it was the same results as on my computer, the other computer has vista.

i also have tried the auditmypc test, and i passed that test.

someone tried to do something with my router/computer one day here.

and this is the log from my router when that happened:

FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: (ip adress) Dst ip: (ip adress) Type: Destination Unreachable Code: Communication with Destination Host is Administratively Prohibited

maybe it is my router...
'Just a thought - maybe it is.

Try this: http://www.opendns.com/ ...

and set up your router according to their instructions - 'might fix it and save you alot of problems in the future.

:spider:

'Just a thought - maybe it is.

Try this: http://www.opendns.com/ ...

and set up your router according to their instructions - 'might fix it and save you alot of problems in the future.

:spider:

this was the only thing i found in my router that has with dns settings to do:

Dynamic DNS Service
Dynamic DNS can be used to point a fixed host name (e.g host.a-domain.com) to the public (or WAN) IP address assigned by your Internet Service Provider (typically a dynamic IP address). This allows servers located on your Local Network (configured using Game & Application Sharing) to be accessible using this alias rather than the IP address assigned by your Internet Service Provider.

OK - let's be specific.

What kind of router do you have (make, model, etc.)?

Why is it setup for "Dynamic DNS", whatever that is?
('Sounds real suspicious to me.)
- http://en.wikipedia.org/wiki/Dynamic_DNS

:blink:

dynamic dns is disabled, and it have never been enabled, but that was the only setting about dns i could find on the router.

it is easier to link to this thread over at hphosts, there is most of the information on my router, howewer, that thread wasnt about stealth ports and ping, it is on page three and four:

http://forum.hosts-file.net/viewtopic.php?f=13&t=594&st=0&sk=t&sd=a

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet.

your router may have a option to "discard ping from WAN"
you have a router and a software firewall, i would'nt be to concerned about the above reply from the scan result. it is not a security risk that your router replied to the ping.

i have tried to run the setup wizard in the router because i have read somewhere that the intrusion detection (wich i dont think is the same as the firewall) can only be enabled in the setup wizard. the logs of intrusion detection is always empty and intrusion detection is disabled. maybe there is a setting that can block ping in the wizard too? there is difficult questions in the setup wizard wich i dont understand, and this is the first one:

Service Selection
You need to select the service you want to connect to. Select the service of your DSL account. Click Next to continue.

Select a service:
"Telenor PPP" "Telenor DHCP" "Telenor Bridge"

Description of selected service:
DESCRIPTION PPP or dhcp or bridged conecction.
REGION Norway
PROVIDER Telenor

what should i choose here? my isp is telenor.

this is some information from the router, and probably the setting that is set now: Service Name: Telenor PPPoE (modified by user)

i did not use the wizard myself when i got my router, and i dont know if he who was here and setup everything did use it either.

it is not a security risk that your router replied to the ping.

then maybe i shouldnt care about doing something with it.:scratch:

you might check with your isp about the correct router settings to use with there service.
i wouldnt worry about the ping reply.

i will see what i do. thanks for all your help, all of you:)

Has anyone used the free version of ZA, and if so how do you like it.

ZoneAlarm Free is alright. It is decent and includes Stealth Ports. The only way to know is try out for yourself. I was a ex-ZA user, but I've moved to Comodo Pro Free to test out it's features. Not only that, but it scored a high percentage in the firewall test.

The link to the test should be in this thread... :santa:

Thanks I did see that link you mentioned.

i was just reading this:

It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows XP. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. (The built-in Vista firewall blocks both incoming and outbound, but is still written to the registry). Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions.
Two good free ones are Online Armor and Outpost. The trial version of Sunbelt Kerio Personal Firewall will also work in "free mode" after the trial period expires. Please only use one firewall at a time!

from this link: http://www.spywareinfoforum.com/index.php?showtopic=60955

what do they mean by saying this: It doesn't block everything that may try to get in.

is this true? it is the first time i have heard that.

That windows firewall provides inbound protection, but outbound it does not. So honestly, i do not know..

To all: If I were a spybot user i would just set myself up as a regular user, set msie to cookies blocked and security to all the highest. Use mozilla and turn off cookies and java and just set exceptions to where you login only. Import bookmarks only as a file. Forget about future windows patches. Copy over all your files from a usb drive if resintllaing windows. Install your programs all at once as an administrator bring your files over and update spybot once a week or every two weeks from there. Use free zone labs and on some machines it teatimer fails to start it can be put in /local machine/ instead of just local user (logged in as admin). Or you can run a bat file with "wait". With this you dont need avg or norton av at all and you run virus free just like i do now. Get a simple wireless router wgr14 so your wife/girlfriend can use a macbook in the kitchen. Stay off useless sites like iwon.com if you go there. Remember spybot will block claria, download.net and a few others off of ebay and free sites like tripod. But not if your an admin no matter what you are running unless you want to pay big bucks to spysweeper and have it lock your desktop. Yes we can run win machines like linux boxes day in and day out and completely stop paying retired bill gates money. All of this reduces the computer work down to getting a spybot update every so often. Save your money.

Do you experts have any advice about firewalls. I had a nasty infection(s) and, after solving my problem with the help of Steamwiz, I got my computer clean after a long and laborious process for both of us.
ok iopjj ojop op

After fixing the problem, I installed Zone Alarm as suggested in Tony Klein's post. Now, I've been doing a little research and it seems that a hardware firewall is recommended over a softwall firewall, particularly for protection of outgoing information.

I was able to acquire a D-LInk DI-704P, and I have been trying to set it up. I've put a lot of time into it and it just seems so complicated! I'm wondering if you would recommend that I keep on plugging with that or should I look into buying a newer one - maybe the Alpha Shield -- looking like it is more novice-friendly.....???



ok ok ihi jio

I use a combination the Hardware Firewall in my BT Voyager 2110 Router and the Latest version of the Comodo Pro Software Firewall and it works a treat:yes:.

Is it worth me getting a firewall? I am using a very old and there for slow laptop so i need to have as few things running as possible. I never thought i needed a firewall before because the site that recommended spybot and avast said keeping them updated and scanning regularly would be enough.

Not having a Firewall in this day and age is suicide though if your running anything less that Windows 2000 your unlikely to find a firewall thats compatible. My advice is to buy a new laptop (if you can afford it) and install the Following:

Comodo Pro 3.0 Firewall
Avast 4.8
Spybot 1.6
Spyware Blaster 4.1
CCleaner
Secunia Personal Software Inspector
All currently avaliable Windows Updates

The laptop itself is old not the operating system (it only just meets the requirments for xp) so i guess i'll be fine. Thanks for the advice.

(it only just meets the requirments for xp)


Which Service Pack do you have on XP? :)

Which Service Pack do you have on XP? :)

I updated recently so i have service pack 3. Something else i notice when looking at the system properties is that it has xp professional not the home kind.

Is it worth me getting a firewall? I am using a very old and there for slow laptop so i need to have as few things running as possible. I never thought i needed a firewall before because the site that recommended spybot and avast said keeping them updated and scanning regularly would be enough.
I am in the same situation with an old PII 400MHz Windows 2000 desktop behind a hardware firewall, and in fact I use exactly the same combination of Avast! and Spybot S&D on that PC. You are even better off since you've got Windows XP.

Since Avast! includes several modules including a 'Network Shield', it monitors some of the same things that many personal firewall's do.


Network Shield
A new resident protection module was added to avast! 4.5: the Network Shield. This module provides protection against known Internet worms/attacks. It analyzes all network traffic and scans for malicious content. It can be viewed as a lightweight firewall (or, more precisely, an IDS (Intrusion Detection System)).

The Network Shield is only available on NT-based systems (Windows NT/2000/XP/Vista).
Though this isn't exactly the same thing, you are correct that having Windows XP SP3 properly patched, with the Avast! AntiVirus and Spybot S&D are quite good protection. The really important thing is keeping all of your updates (Windows & Anti-Malware) current and understanding how your Anti-Malware programs work.

You already have the Windows firewall to protect from direct inbound attacks, so this along with the Avast! shields is sufficient to keep you protected and informed.

Bitman

Thats good to know because i tried installing comodo and got a message along the lines of 'not a valid win32 apllication (or it could have been process - i don't know). Did a little research and that may be because i need to turn off the security thats running but either way i want virtumonde gone first.

129260
Senior Member

said :

I am learning just like everyone else"
Windows XP home sp3 2.50 ghz processor,760 Mb Ram. spybot version 1.6 final edition.
Latest teatimer, IE resident active.
welcome new members!!

Thanks! Just a qestion ;) so you use spybot and ZA - I too - and I have AVG AV 8.0 free and I thinking about instaling Trojan Hunter 5.0 alongside - what is your opinion: I heart that different security devices ( resident shields ) hinder each other - is this so or do they deliver more security together ? :) Samoth

Samoth welcome.
To me TrojanHunter and it's subscription price is a bit not average. You might want to read it's site analysis from McAfee SiteAdvisor... (Although WOT [Web of Trust] came back clean):
http://www.siteadvisor.com/sites/misec.net?ref=safesearch&client_ver=FF_26.6_6275&locale=en-US&premium=false&aff_id=0
-
TeaTimer, AVG, and ZA should co-exist with no problems. Well, it might also depend on what version of ZA you have (Pro, Internet Security). One AV and one anti-malware Resident Shields make a good configuration, so it's fine.

Hmm, interesting debate on firewalls here. I currently have the latest version of Online Armor Free. I downloaded this after I read the firewall test report on matousec.com and seeing the overall rating. It indicates a high overall rating. I used to have the free version of ZoneAlarm. In fact, it was the first firewall I used. But now I'm having some second thoughts about Online Armor because it blocked Kaspersky's Online Scanner without even asking me and this was the first time that I used the scanner. I'm thinking about getting ZoneAlarm again. I felt pretty safe with it, probably because it kept statistics on blocked intrusions and maybe because it had more details on what was blocked. ZoneAlarm was rated lower than Online Armor though. I felt safe with ZoneAlarm but the firewall test results says Online Armor ranks better and yet I feel not as safe when I had ZoneAlarm (I'm guessing due to Online Armor having less features).

Should I get ZoneAlarm again or it is nostalgia that's affecting my judgment? :p:

It would depend on the user's perspective. In my opinion, there is no one "perfect" firewall. Each firewall has it's own special strengths. I was just discussing the other day in another forum and a member told me that it is well the firewall is that allows and blocks things going in and how, that is it's strength.

Some members, say that ZoneAlarm is a cardboard box :laugh: just like Windows Firewall, and some people say ZoneAlarm is very good. I can't give my opinion because I have not used ZoneAlarm in quite some time.

You should (in my opinion) to evaluate it's features (special features like spyware and virus protection in ZA Pro) to see for yourself if ZA is good or bad.

Each person's opinions differs.
Good luck.

The simple reason there is so much 'opinion' involved is that the real issue for most people has nothing to do with the firewall capabilities themselves. In fact, there's absolutely nothing wrong with the Windows firewall if that's all you are really attempting to acquire.

The problem comes in when unknowledgeable users are involved, such as children or in fact most users. The reality is that what most people identify as a 'firewall' is actually a mild form of an IDS (Intrusion Detection System) or in the least a dynamic configuration system.

In skilled hands, the Windows Vista firewall may be configured in minutes to be as secure as any third-party firewall. However, most users today are completely unable to perform such a relatively simple configuration, primarily because they have absolutely no real computer training, which really isn't surprising.

So the first decision in selecting a firewall is what are you attempting to accomplish? Do you actually want a simple firewall with other applications to perform the more sophisticated protection or do you prefer that the firewall be an active part of that protection and act as a dynamic configuration system (for outbound) maybe with additional IDS capabilities on top of that?

As drragostea mentioned, this is where opinion enters the decision, which is why there are often arguments that no one ever 'wins'. However, the decision itself is really rather simple, because highly complex applications never work well in the hands of unskilled users. So if children or other non-technical users are involved with the PC, use the KISS principle (Keep It Simple Stupid). Otherwise, decide how technically knowledgeable you wish to become and pick your firewall based on the criteria you choose to investigate.

Though I'm highly technical and have spent years in the IT field, I've found that the more complex systems tend to most easily confuse, so the KISS principal usually applies for everyone at some point. It's just when they finally get tired of spending most of their time managing their protection rather than using the computer for the reasons they originally bought it.

Bitman

Heh, I can't argue against that. Of course, I'm no IT professional so what do I know. :p: You mentioned Keep It Simple Stupid. I remember one of my high school teachers said that. I think it was a chemistry teacher that said that. It wasn't about computers though but I guess the same principle applies.

So, I'm guessing there are tutorials on how to make the most use out of Windows firewall. However, I don't see any recommendations to use Windows firewall except on Microsoft's website. Just something I observed.

Yes, the KISS principal is generic and isn't intended to mean anything about an individual by the way, since I apply it to my own PC and those of others I help protect.

Again, your firewall decision relates more to what makes operation easy for you and/or others that use your PC. I can make the Windows Vista firewall work efffectively for inbound protection only on Windows XP, outbound also on Windows Vista, but I wouldn't use it on my non-technical relatives PCs or I'd have to return to configure too often.

Bitman

...but I wouldn't use it on my non-technical relatives PCs or I'd have to return to configure too often.

Bitman
I'll have to agree on that bitman. I really like you "out-of-the box" thinking. I used to have configured ZA Free on my aunt's computer, whom was non-technical. Of course, it didn't really work out as bitman said because it's using sophisticated software by non-technical users. Basically, there were prompts and prompts so I had to reconfigure it for her once in a while.

I used to have configured ZA Free on my aunt's computer, whom was non-technical. Of course, it didn't really work out as bitman said because it's using sophisticated software by non-technical users. Basically, there were prompts and prompts so I had to reconfigure it for her once in a while.

I see your point. It can become overwhelming for non-technical users.

Well, I decided to stick with Online Armor. I didn't really give it much of a chance, especially since I only got it a few days ago. I'm kind of warming up to it. But that's not the only reason. I read somewhere (don't remember where exactly, maybe it was a thread around here) that ZA interferes with AVG 8 Free.

I have not tested Online Armor, but I heard it was good. I'm not so familiar with Online Armor, so I do not plan to use it anytime soon.

I don't recall any problems reported with AVG 8.0 and ZA co-existing (until now? :laugh:). Feel free to describe what happened.

I don't recall any problems reported with AVG 8.0 and ZA co-existing (until now? :laugh:). Feel free to describe what happened.

Really? Maybe what I read was old news and the problem was already resolved. As I said, I don't remember exactly. :p:

A thread about that could have been started in another forum :laugh:?

A thread about that could have been started in another forum :laugh:?

Perhaps. :p: There's just so much information about firewalls. It's hard to determine what's what. :p:

I read somewhere (don't remember where exactly, maybe it was a thread around here) that ZA interferes with AVG 8 Free.

No problems here :crowned:

I, personally, absolutely love ZoneAlarm. I have had it for over a year now. I use it along with several other security programs and have experienced no problems on either one of my computers (with different anti-virus and anti-spyware on each). My computers even passed the ShieldsUP! test with flying colors (no intrusions).

I have AVG 8.0 Free Edition, AdAware, Spybot, and Spywareblasters oon my computer. So far they work well together. Is there any chance that they could end up conflicting each other. What firewall will be compatible with what I already have on my computer?

Your configuration is fine. No problems. Any standalone firewall will do.

I hate personal firewalls it always freezes multiplayer games so every time I play (lots everyday) I got to turn it of so i just run through and external firewall

its like this

PC-Lan Switch-Firewall-Router-Internet

I bet there's a name for it but I don't know what its called, but its really good blocks 99% of all the viruses spyware etc...

oh and don't use windows firewall, or any microsoft software for that matter, (I only use windows and that's only because Linux doesn't run my games) and don't use IE USE FIREFOX!!! :FF: as soon as I moved to Firefox from IE I got about 90% less spyware, oh and windows secruity center is useless to, if it doesn't totally AGGRIVATE you then its prolly ok to leave it on, but for a gammer like me NO WAY

Hardware firewall?

I bet there's a name for it but I don't know what its called, but its really good blocks 99% of all the viruses spyware etc...
If there was such a thing that would block almost everything, past and future too... that'd be awesome.

bitman said that Mozilla Firefox isn't really that 'safer' than Microsoft Internet Explorer, because it can't be exploited using ActiveX usince Firefox doesn't support it. Besides that, I feel that Mozilla Firefox has the extra bells&whistles plus a friendly user interface with community support :o).

oh and windows secruity center is useless to
Hope the Security Center isn't useless when malware disables your firewall and anti-virus programs.

And FF has some nice addons, like adblock+, flashblock... Block ad servers using right click adblock frame (and strip end of url to block the whole ad.domain.com or ads.adserver.com)...
I always get "Congratulations, no immediate threats found!"...

I'm thinking about getting a Mac and I was wondering what the best FREE Anti-Virus, Firewall and Anti Spyware programs are, that are Mac compatible?

Interesting comparison of leak-tests results of various firewalls:
Leak-tests results - matousec.com
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php


Any other websites on firewall leak test results?? I need them as a comparision for my school project. :thanks::santa:

chewdz:

Here's one:
Test My PC Security
http://www.testmypcsecurity.com/view_results_xp.html
But, the results may be skewed (biased) because the test appears to have been sponsored by Comodo (http://comodo.com/). See:
Test My PC Security
http://www.testmypcsecurity.com/news/04_09_08.html

Thanks for the website! My project was done and it looks ok. Thank you once again! :bigthumb: =)

Ok first of all comodo sucks i have installed it multiple times and gotten so many errors the firewall that is built into windows works just fine trust me the only thing u really need is something like Antivir Antivirus and ur good get it its really great and i dont find one problem with it or u can also try green av

... u can also try green av

Green AV sounds awfully rouge-ish. A quick google search only gives guides of how to remove Green AV. ;)

* * *

Seeing that my personal firewall preference has changed since I last posted in this thread, I would like to say I don't use Comodo firewall anymore (ever since they started releasing their 'Internet Security' suite).

As well as a hardware router, I recently started using the free edition of Outpost Firewall 2009 which offers everything I need, without excessive pop-ups or ridiculous memory usage (I've found it to be usually taking up ~26mb). It is also one of the best rated on Matousec (http://www.matousec.com/projects/proactive-security-challenge/results.php).

For a good comparison of firewalls you may want to look at the article on Gizmo's Freeware reviews: http://www.techsupportalert.com/best-free-firewall.htm

Comodo Firewall is not doing so well for me.
Hm, honda12 last time I used Outpost Firewall Free, the firewall icon kept showing up as a question mark. Several hours later, it would turn green except when I hovered over the icon again it turned into a question mark. Normal?

drragostea,

I think your firewall policy was set to 'Rules wizard' where Outpost firewall 'learns' your commonly used applications for a week. You can change this setting by right clicking the icon, hovering over 'Firewall Policy' and selecting 'Block most'.

The phenomenon you describe, I have never experienced. :scratch:
It sounds like a software bug to me.

I also forgot to mention that should anyone want to use Outpost firewall I found the default host protection settings to be a little weak, so I recommend you go into settings, then 'Host Protection' and move the slider up to 'Advanced'.

AVG includes its own firewall (if you have the professional version).

To use it as the default, you should turn off the Windows Firewall in Control Panel.

AVG includes its own firewall (if you have the professional version).

To use it as the default, you should turn off the Windows Firewall in Control Panel.

That's a good tip in general, Hamburger. :)

When installing a new software firewall, make sure you turn off Windows firewall to avoid conflicts.

The Windows Firewall in windows 7 is good enough for most home users now. :)

I believe that big business always update their software with new tegnologias but always leave a hole, I do not know if it is done intentionally but the realities, and there is always someone who is ....

I would recommend COMODO since it is free and offers strong protection against viruses and hackers. This program saved me several times because some bad guys where trying to steal my data (sales, client info, etc.)

FYI.

Zone Alarm Forum thread.
"Angry with ZA
zbot.zeus Notice"

http://forums.zonealarm.com/showthread.php?t=75332

it didnt help to turn off upnp. i can see the router has a feature that is called
Intrusion Detection, but i dont know how to turn it on. i have talked about my router on the hphosts forum, and they explained what the settings is used for.
blues is offline Report Post Reply With Quote

Are you using the AVG firewall?

friends,

i am new here in this forum,me 22 male from Pakistan . I have no information that why we use fire wall and how this software protect our system .seriously i not know that for what purpose it is being used.So is there any one who told me about that?

thanks in advance

A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions