appropriate firewall for Vista laptop ?

I am not real familiar with everything needed for a laptop but I am already pretty sure I do not want to use the built in Vista firewall. From what I have seen there are only a few "non suite" firewalls that run in Vista- Jetico 2, Comodo, PC Tools/threatfire, Webroot. Maybe a few more that escape me now.

Anyway, considering a laptop as opposed to a desktop (where I am behind a dsl modem/firewall) what are features I need to look for specific for a laptop? I may end up doing some wifi connections on the road. Does any firewall offer needed protection that are especially necessary for a laptop? I am not asking "which is better". I am asking for what is necessary for a laptop and which firewalls provides such things.

I am especially concerned with monitoring outbound connections and a HIPS would be nice too.

Thanks

 

Whether you are connecting wired or wireless the need\function of a lap top firewall is the same as a desk top. It protects the PC it is installed on. It is once the data is sent\or being received that the potential danger arises. If it is a wired connection then the threats are the same as you would face with a desk top. If you are on a wireless connection then the security begins and ends with how you establish the connection to the WAP (=Wireless Access Point). This is where things such as WPA (=Wi-Fi Protected Access) come into play.

 

Actually, the built in Vista firewall does a good job. Vista identifies new networks and asks you if file sharing and network discovery is to be allowed. Great for laptop users.

Outbound filtering is possible with the Vista firewall, but if you are worried about leak tests the Vista firewall is not designed to deal with that. It is mainly designed to enforce IT policy.

If you want something more complex with HIPS and outbound leak prevention, Comodo 3 is presently the best free alternative for Vista, but the HIPS can be a pain to use. As for the paid ones, personally I don't think any are worth paying for. Others will certainly disagree.

Online Armor is promising a Vista compatible version soon.

 

I don't think you really need one behind a NAT router with Vista; however, since a laptop/notebook is portable and may end up connecting somewhere else sometime, a firewall is a good precaution.

My vista notebook configuration is documented on my website. I do not use Windows Defender nor UAC and the firewall in ZoneAlarm AntiVirus turns off the Windows Firewall.

 

I am very mobile with my Vista Laptop, and use it a lot on the road, both in public wifi settings and open relays. Currently using and have used both Comodo V3 and Vista Firewall on two different computers, and Avast! 4.8 antivirus/antispyware/antirootkit. Also have UAC turned off because of compatiblity issues with some of my applications (plus it is a fairly useless PITA for most individual users). You need a good firewall and antivirus much more with a mobile laptop because you are using untrusted routers and networks with unknown characteristics and unknown members. You also can't always connect like at home with WPA-you are either in the clear or off the air. So one thing to remember is to always use SSL email links-if your ISP doesn't have them, get a gmail account. Your browser traffic usually works out pretty well, since the https: certified sites use good encryption. Avoid things like newsreaders, games, P2P, anything that sends passwords in the clear. If you are really serious about your connection security, look into getting a VPN connection. You can even get a free one (for now) from Comodo called "TrustConnect" at their website.

 

Personally, I think turning off UAC is like throwing out the baby with the bathwater. Not only do I use UAC, but software restriction policy is in effect.

Once the machine is set up the UAC prompt should rarely be seen.

 

Let us pray for the souls of all the poor bastards stuck using XP and not having the Grace of UAC to fall back on. In the meantime, those who read about the capabilities of UAC can decide for themselves whether they feel significantly more comfortable using it in their operational environment, or are willing to do without it because of the nuisance value. And whether it is appropriate to their perceived threats. When I did risk analysis (Common Criteria) for the Government, we at least tried to think about that. In spite of the security wonks.

 

Being an XP user, I don't feel left out by not having UAC so no need to pray for me.

 

Vista default FW plus outbound control is Vista FireWall Control 1.3, easy simple and free. It offers reasonable strong protection in regard to its out of the box user friendliness. Search for BigC comments, he is positive on VFWC, so that is an endorsement to me.

Regards K

 

LUA on with consentprompt admin to 0 (quiet mode of TweakUAC) and intelligent installer recognition off, reduces irritating pop-ups to zero. With this you still have file protection, registry virtualisation, programs starting in LUA by default and IE protected mode.

Because intelligent installer recognistion is off, you will have to start installs as an admin (after removing safety security restriction of downloaded files with properties). This is a threshold which works ok until now (no malware encountered which succeded to auto elevate for install).

FOr the rest I totally agree with diver. The above is used at a gaming machine (punkbuster and team speak always require elevation request in full LUA mode). On normal PC's LUA elevation request should deminish to zero