I'm looking for a very strong firewall. I don't mind if it's heavy on resources. It just has to be very secure. What are your opinions. ATM I'm using Comodo 3.0. I don't want a lot of pop-ups too.

nothing wrong with comodo... or any other well known software firewall.
if you're happy with comodo, stay with them.

Microsoft ISA.

InJoy Firewall.

Most configurable, most secure, even on workstations.

Regards
joter

-{ Quote: "I'm looking for a very strong firewall. I don't mind if it's heavy on resources. It just has to be very secure. What are your opinions. ATM I'm using Comodo 3.0. I don't want a lot of pop-ups too." }-

You can reduce the number of popups in almost any software firewall by adding rules by hand. For those rules, the firewall will no longer need to ask you what to do.

Comodo is the best right now... just disable Defense + if you don't want any popups... But then again at firewall level as others have said they are all pretty decent...

-{ Quote: "I'm looking for a very strong firewall. I don't mind if it's heavy on resources. It just has to be very secure. What are your opinions. ATM I'm using Comodo 3.0. I don't want a lot of pop-ups too." }-

Would your recommendations still include a router firewall with a software FW or is this an overkill. I know this question is asked every so ofen but the threats seem to evolve over time.

-{ Quote: "Would your recommendations still include a router firewall with a software FW or is this an overkill. I know this question is asked every so ofen but the threats seem to evolve over time." }-

Actually here is another post about the same questions answered:
http://www.wilderssecurity.com/showpost.php?p=1168872&postcount=1878

-{ Quote: "Would your recommendations still include a router firewall with a software FW or is this an overkill. I know this question is asked every so ofen but the threats seem to evolve over time." }-


I would start with the router. In fact, a router and any free firewall beats any paid firewall, in the same price range. If you want the ultimate, run something like Smoothwall on an old computer and put some sort of HIPS on your machine to keep track of outbound connects.

Hello,
Any which one will do.
Cheers,
Mrk

-{ Quote: "Would your recommendations still include a router firewall with a software FW or is this an overkill. " }-

A router is a fabulous investment even for a home computer. IMO it is not overkill to use a software firewall in concert with a router, but then you would have to be willing and ambitious enough to want to control outbound connections for specific applications, otherwise there is no point using a software firewall to control their network access. As a minimum you want inbound security so even Windows fw is fine, but a router is the "Dog's Bollocks" ;D

BTW, what is "best" for some is not necessarily the best for others ;)

Comodo all the way.

-{ Quote: "I'm looking for a very strong firewall. I don't mind if it's heavy on resources. It just has to be very secure. What are your opinions. ATM I'm using Comodo 3.0. I don't want a lot of pop-ups too." }-

Depends on what you mean by secure. What do you want your firewall to 'secure' against? Incoming packets? Outgoing packets? Preventing leaks? Content filtering?

Incoming --> Windows built in firewall. (Although it doesn't block IGMP)
Outgoing --> Almost all other third party firewalls
Leaks --> Need a behavior blocker. Comodo 3 has D+. Jetico 1&2, Sunbelt, Zonealarm, Outpost etc all have have behavior blockers
Content filtering --> look at proxies

-{ Quote: "Incoming --> Windows built in firewall. (Although it doesn't block IGMP)" }-
What is IGMP? I use windows xp firewall for now, should I worry about this?

-{ Quote: "What is IGMP? I use windows xp firewall for now, should I worry about this?" }-


IGMP (http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol).

-{ Quote: "What is IGMP? I use windows xp firewall for now, should I worry about this?" }-

There was a recent exploit based on IGMP. I dont' know of any other issues with IGMP.

As long as a firewall passes the stealth test at Shields Up I feel secure.
Comodo,Online Armor,Zone Alarm are all free programs that have passed for me.

-{ Quote: "As long as a firewall passes the stealth test at Shields Up I feel secure.
Comodo,Online Armor,Zone Alarm are all free programs that have passed for me." }-

I only use the Vista Firewall, and it also gives a perfect stealth report at Shields up.

-{ Quote: "I only use the Vista Firewall, and it also gives a perfect stealth report at Shields up." }-

Exactly, depends on what you are looking for. I've been looking at some of the threads on IPS/IDS signatures. Too bad it is only mostly on enterprise products.

id say comodo because there is a pop up every 5 seconds.;D

Interesting review here:

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings

-{ Quote: "Interesting review here:

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings" }-

Is it? Like shitting in your pants and you tighten the belt.

-{ Quote: "Is it? Like shitting in your pants and you tighten the belt." }-

You forgot the bicycle clips. Gravity. The belt won't help.

:)

How about simple common sense?

-{ Quote: "How about simple common sense?" }-

Common sense isn't common place.

I don't think there is much point to this thread unless we know what kind of functionality a user expects from a firewall.

-{ Quote: "I don't think there is much point to this thread unless we know what kind of functionality a user expects from a firewall." }-

Ditto... if you interpret the thread title as "Your opinions on the best firewall." The answer will vary, case by case. In additions to expectations of functionality, we also need to know the user's level of experience and/or willingness to learn. We also need to know the hardware platform -- try putting Online Armor on a PII laptop with 128 Mb of RAM. :)

-{ Quote: "Ditto... if you interpret the thread title as "Your opinions on the best firewall." The answer will vary, case by case. In additions to expectations of functionality, we also need to know the user's level of experience and/or willingness to learn. We also need to know the hardware platform -- try putting Online Armor on a PII laptop with 128 Mb of RAM. :)" }-

I wouldn't put XP on a PII laptop with 128mb of RAM :)

-{ Quote: "I wouldn't put XP on a PII laptop with 128mb of RAM :)" }-

PII? Wow, must be a certified museum piece! (Just thinking how much that crap cost someone... Ouch!).

-{ Quote: "PII? Wow, must be a certified museum piece! (Just thinking how much that crap cost someone... Ouch!)." }-

I am still using a PII system. Luckily it didn't cost me a penny (even the shipping was free). ;D :thumb: 8)

Most routers we use at home only have DHCP, NAT and SPI features but don't really
qualify as hardware routers -- yea some even have filters -- but still that's not
enough.

A real hardware firewall appliance has a serial cable for a monitor attachment
and can be configured without any attachment to a lan-side system.
IF this device is administered by a professional network engineer, then everything
on the LAN side is controlled (and protected by the same rules).
This is real network security -- all systems configured alike from one interface.

Like you, I can't afford one of these either, so we opt for a cheap router
(at least we get NAT and SPI) and then use a software FW for each system.
Using a 'decent 2-way FW' (unlike the MS default being 1-way inbound only),
we get to control both sides of the connections.

All those pop-ups --- they're trying to further qualify which applications are
allowed to make connections. When you start your email client and (the first
time) you get the popup, you know you started the program and ports
25,110,143 are valid so you ALLOW.

Two days (or minutes) later something named xyx.dll wants access to port 25.
Hopefully you get a popup and you say to yourself, "What the Heck!" --
what's xyx.dll and why is it trying to send email!! DENY! DENY! DENY.
You just slammed the door on some worm trying to steal info from your system!

Don't you love those popups :) I DO! :thumb: