Recommended firewall for a student

I have just bought a laptop for my son who starts University in a couple of months time.

He is a typical student; Uses P2P a lot and visits a "wide-range" of web sites. But overall he has no interest in computer security despite my efforts.

I have taught him some security basics and so far I have installed good AV/Anti-Spyware programs and he will be using FireFox.

The problem comes with a choice for a firewall.

I am looking to install something which is very easy to use. Resource usage should not be a problem on his new computer. The more "set and forget" the better.

1. Even though it has no application control, would Windows in-built firewall, ICF, be sufficient for him?

2. If not, can you suggest alternatives which can either be free or commercial.

 

I'll recommend BlackICE with the application control disabled

 

If he does p2p a lot, and visits a wide range of web sites, downloads and installs programs and so on, then it would probably be wise to use something more than just the Windows FW. There are many to choose from. ZoneAlarm is probably one of the easiest to use for someone who doesn't care much about fiddling with security apps.

 

How good is the new version of ZA compared to past versions? And is it still difficult to uninstall ( I am thinking of testing a number of FW's.).

I would have selected my desktop firewall, Look'n'Stop, but I thought this had problems with some aspects of P2P?

 

I would install if I was me :

http://methlabs.org/projects/peerguardian-2-windows/

Also have a look at various things here:

http://www.bluetack.co.uk/index.php

Gerard

 

For P2P,there is only one rock solid firewall. Sygate (free version is just fine)
Just don't try to use ZoneALarm with P2P apps like eMule...

 

I think 5.5 is pretty good, however, they seem to keep adding new and unnecessary things to it all the time. That would be my chief complaint. ZA has had it's uninstall problems true, however, I have never had any trouble using the /clean switch, especially if you shut down the service first. Proceed with caution though. I chose ZA because it's a pretty good all around firewall which is easy to use. All of them have various problems here and there. It's hard to find any product that's truly trouble free.

I am working with LnS right now myself. I don't use p2p though, so I can't comment on that aspect of it. If you're thinking of using LnS on the laptop you might try asking in the LnS forum here at Wilders and see if there are any outstanding p2p issues with 2.05p2.

 

I think Zonealarm or Sygate would be the easiest to use. When ZA 5 was first introduced I saw memory leakage with vsmon.exe using P2P, but it appears they may have taken care of it. My University offers Zonealarm and Kerio to students for free, the sad thing is that most student don't bother to use them. In a lecture room with 300+ students, you'd be surprised at how many laptops one can get in to.

 

What problems are there with ZA and emule? I use ZA with Limewire, winMX, Ares, Shareaza, BitTornado, and emule.

 

What's the reason for this, RejZoR?

 

Main reason is the ZA's TrueVector engine that mucks up sources and whole LowID/HighID status. With 4.x versions of ZA you got LowID status in eMule and you acted like LowID client (bad upload,lots of sources blocked by ZA engine,dropped conenctions itd). Now the ZA 5.x series give you HighID status in eMule,but you still act the same as LowID client. Other eMule clients with HighID will try to treat you as HighID,but they'll fail because you just have that tag,but you don't actually work like HighID.

So final result is that you upload very small amounts of data with huge delay,problems with source exchange (SX aka Source eXchange) between clients,sources parsing from servers and so on. Not to mention huge problems with serverless Kademlia (KAD) network.

Only firewalls that are eMule compatible and aproved by me are Windows XP SP2 firewall and Sygate Personal and Pro firewalls. I got some words that Outpost also works fine (both 1.x and 2.x versions).
McAfee firewalls are also compatible with most of P2P apps,but McAfee usually stats to consume more memory than usual. Sygate bounces between 7 and 10 MB of memory usage which never goes pass 12MB even on extreme source exchange ande massive numbers of connections.

 

You are right about the memory leakage in ZA. I think it is still there in 5.5 also. Has been around for some time according to some. I saw it on my machine myself. Sygate would be a fairly good choice for a free offering also. Pretty easy to use. However, there is that proxy/loopback issue, which could let outbound connections thru if a proxy is used. Outpost Pro might be good, but not free. To be honest, they all have problems. The only one I know of that doesn't is good old CHX-I, but that's no better than the Windows FW for his purposes.

 

For P2P, why not use the old Kerio 2.15 with BZ rules plus a free anti virus with P2P module like Avast, would go very well and for additional security, add CHX with its basic sample filter set.

Sygate is very good but can't be combined with Avast as Sygate has issues with proxy of any kind.

 

for p2p, i would use either oupost or sygate.

 

I can't agree with that. Running avast! 4.6 and Sygate Personal Firewall 5.6 free togehther on my PC. No issues at all. They work great together.

 

Since Avast implements invisible proxy, Sygate will let everything pass through HTTP port 80 without asking permission, apart from that, I don't see any other issues running Sygate.

 

Has anyone tried Look 'n' Stop with P2P? and even more specifically eDonkey?

Cheers

 

I installed Zone Alarm for a relitive that had just bought their first computer. They complained as it was too difficult for them to use. I then put on Mcafee Desktop Firewall 8 on and they seemed to have no problems with that what so ever. Of all the Firewalls i have tried that is the easiest in my opinion. Outpost and Zone alarm are the best in my opinion but as a compromise i would recommend MDF. So much so that i put this on all of my two aunties computers and sisters and none have complained about using it.

But if your son is very lax on security as an off the wall suggestion. I would suggest setting up a dual boot partition with Linux Xandros Deluxe. it isnt as hard to do as you would think and it literally is as safe as houses when browsing the net. And suprisingly its easier if you connect via ethernet. As for one virtually no viruses or spyware is designed for linux. No software can install on the machine unless you type in a admin password and the default browser is firefox. I would say to him use Xandros to browse the net until your hearts content and use windows for doing your uni work.

Also Limewire has a linux version which is simply the only P2P program to get. That is what i would recommend to try.

(Also about the MDF his university if like mine may give it to him free).

Hope suggestion helps

 

LnS is much too difficult for me to get properly working. i dislike rules-based firewalls however outpost is different since it usually has presets as well as an allow/deny all plus u dont have to worry about ordering ur rules or at least i dont.

 

One other thing I like about Outpost is that there support forum usually has the rules I am looking for when I install new apps.

 

If you're using fast broadband connections I think Zone Alarm free is the best, it is very user friendly and has an automatic protections in default mode. But if the pc suffers from stability and slow connections and sometimes could not connect to some website then maybe try some other. Sygate is the second has also some automatic protection mode after installations.

 

RejZoR,

Given that Windows Firewall is well known to provide only inbound protection and has virtually no outbound protection (a critical vulnerability), despite its compatibility with eMule, perhaps you might reconsider your approval?

XP SP2 (Windows Firewall) only monitors incoming packets and ignores any attempts to access the Net by:
a)Virus or security programs attempting to update(Ewido,SG,AVG etc)
b)Trojans,keyloggers,Spyware,& call-home dialers
c) any internal programs can access the internet & use your connection without hindrance,& without any alerts.

Microsoft's concept of firewall security is a bandaid approach with no sense of urgency to provide a well-balanced approach.

-- Tom

 

No it does not.
Not even my IE browser.
I have manually confgured Avast webshield to only my main browser Firefox.

Even with the default settings of WebShield, it should pass only known browsers by through that Sygate local proxy issue.

Avast and Sygate combination works fine with me.

 

im using nod32 with wyvernworks firewall 2004. no problems with anything what so ever

 

If that is the case, if he gets prompts to allow/block apps from accessing the internet he will probably just ask a buddy to shut the thing off for good and then he will have NO protection, inbound or outbound. StyleWars solution(BlackIce with application control disabled) or BlackIce 2.9 (didn't have application control) or CHX-I would all be suitable, especially if you are going to be there initially to verify everything works. If not, maybe ICF would be best. Close all unnecessary ports in case the firewall "accidently" gets shut off. You could also have the operating system on one partition, data on another partition and having another partition (or HDD) for images and install an imaging program like Drive Image or Ghost or Trueimage, etc. When things go bad he will at least be able to restore stuff this way.