Firewalls - Any Advice?

[129260]

this is from my response in this same thread regarding the issue:

that is interesting....
and i understand what you mean. according to what a leak test is though, "Leak tests are small, non-destructive, programs designed by security experts that deliberately attempt to bypass a firewall's outgoing security measures."

ALSO: "In the overall rating, ZoneAlarm Pro 6.1.744.001 is comparable with Comodo Personal Firewall 2.3.6.81. The main property of ZoneAlarm Pro is very good personal firewall design, the best design among all firewalls we have already tested. The design of ZAP is not perfect, but it is close to the ideal design of personal firewalls. The only reason, why this product is not the number one in our tests, is an excessive number of bugs in the implementation of its security features. This makes the protection of ZAP very ineffective and easy to bypass regardless the good design. Since we reviewed ZoneAlarm Pro 6.1, its vendor have noticeably improved this product, fixed many bugs we have reported and released ZoneAlarm Pro 7, which would probably score much better in our tests than its older version."

outgoing, all my ports are stealth according to shields up. So therefor, As for incoming attacks, threats are possible to get through, but for the most part I am protected enough correct? I'm not as worried about threats that are on my computer trying to get out, because i have none that i know of. I scan with highjack this and several other antispyware and 1 antiviruis program(s). I know almost every service and process running on my machine. So yes, this is true that they did poorly in this test, but the ports are stealth and thats what my individual purpose for having a firewall is for. I do understand what your saying, and def. feel free to tell me more if i am incorrect with what i said. I believe for the average home computer user, zonealarm is not a bad choice at all. Comodo is a good firewall too, i just prefer zonealarm compared to the other 4 firewalls i tried on my test machine. Even though i could use comodo, I see no compelling reason to switch to comodo or any other firewall. But feel free to tell me more. Like in my signature, "I yearn to learn" lol.

http://forums.spybot.info/showthread.php?t=18603&page=2

thats the link where we talked about this. But, i will download and try this test that you gave in your link. I'll let you know of the results.

Also see this link on how zonealarm did on recent testing: http://www.matousec.com/projects/fir...evel.php?num=1

The only weird thing about that link is i think not all of it's pages are updated....some pages said za failed even though the other pages said it passed. The ones that said it passed had a more recent date though...

Also from the page you gave me on the leaktest: "This first versions 1.x of Leaktest simply demonstrate how any TRIVIAL malicious program can easily bypass any current software firewall! The only exception to this is ZoneLabs' free ZoneAlarm, because ZoneAlarm is the only firewall to cryptographically certify the identity of executable programs.

Therefore, version 1.x of LeakTest is only meant to quickly and convincingly demonstrate an alarming flaw that currently exists in the vast majority of personal computer software firewalls. Because this is a serious problem, EVERY firewall manufacturer (except ZoneLabs) is currently working to correct this glaring deficiency."

EDIT: i just did the leaktest, i passed with flying colors!!

[blues]

it didnt help to turn off upnp. i can see the router has a feature that is called
Intrusion Detection, but i dont know how to turn it on. i have talked about my router on the hphosts forum, and they explained what the settings is used for.

[tashi]

Comodo Firewall in training mode. Windows Vista. Router.

I haven't tried ShieldsUP! in years, but thought I'd run the test because of this thread.

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

[129260]

I receive the same result on all my shield up tests with zonealarm.

[tashi]

[blues]

you two are lucky

howewer, strange that all my ports are stealth and i still respond to ping is shieldsup really thrustworthy or what? i am not scared, because nothing malicious seems to have happened on my computer that i know about.

[drragostea]

Same here, with the same results as blues. I've set Comodo Pro to 'Safe Mode' and 'Clean PC Mode'.

[shelf life]

ports are stealth and i still respond to ping

probably because you would have to block ICMP echo reply in, in the firewall set up but iam only guessing. you should try some other external port scanners other than grc. your isp can also filter certain ports and if you have router in the picture you are port scanning it. as for being stealth, personally i think it offers no more security than a port that is closed.

[bitman]

As I recall Blues mentioned having a router, so that most likely is what's responding to the ping.

Bitman

[blues]

thanks i just logged in to my isps sites, and found this:

Increased security for ADSL

If you want a higher security, you can use Telenor Plus his aksessliste. This feature makes it more difficult for people to gain access to your PC, while you surf the Web as well.
This feature closes some ports on your PC that contains the traffic that IP telephony, peer to peer, and the like. This is traffic that can sap your capacity. Simply put, this means that the filter will allow most of the traffic that is generated from you out to the Internet, and block for just about anything that will be sent to you from the Internet. This is to reduce unwanted traffic to you, which will reduce your speed.
NOTE:

If you find that some services may stop working, you can remove the filter to see if it is the one that is the cause.
Have you installed wlan (wireless network), you need to even make the necessary security. This feature is only designed for your traffic to the Internet, not your wireless network.

drragostea, maybe your isp also has something like this.
but this seems drastically to do, maybe messengers and such doesnt work then (i dont use messengers now)

this is the description on my router and i dont understand it: firewall: The firewall levels only have impact on the forward hook. This means that
the handling of traffic from and to the Web pages of the SpeedTouch™ is
independent of the selected firewall level.
Protocol checks will be performed on all accepted connections, irrespective
of the chosen level. You can only disable protocol checks via the CLI.

and i was told this on the hphosts forum: because the firewall is limited, you'd obviously still need a desktop firewall.

but that wasnt about ping and port checks, it was just me asking for explanations of my routers settings because my router was restarting itself. maybe someone remotely did something with the router (through upnp or something like that)

i could not find a setting that disables icmp in the router(icmp is the same as ping isnt it?)

i will try others than grc, but i dont know what ones is thrustworthy and gives the right results.

the router firewall is on, and this is the settings: BlockAll:
All traffic from and to the Internet is blocked. Game and Application Sharing is not allowed by the firewall. Although BlockAll should block all connections, some mandatory types of traffic such as DNS will still be relayed between LAN and WAN via the THOMSON ST.

Standard:
All outgoing connections are allowed. All incoming connections are blocked, except for inbound connections assigned to a local host via Game and Application Sharing.

Disabled:
All in- and outgoing traffic is allowed to pass through your THOMSON ST, including Game and Application Sharing.
This is the default firewall level.

i use the standard setting in the firewall.