Need set-it-and-forget firewall

A family member is in need of an easy to use firewall for win98se (like the one that is built into XP). We have already tried Sygates free ed. but the many popups asking to allow/deny is too much for him. There´s got to be a firewall where you dont have to deal with xxx.xxx.xxx.xxx IPs all the time.

 

Any proper firewall will need some sort of configuration since everyone's system and network usage is different. The increasing dangers posed by trojans that attempt to infiltrate legitimate applications in order to bypass firewalls complicates things further. You may wish to look at ZoneAlarm (which is as simple as things get) but it is a pig to uninstall and reports any incoming connection attempt as an "attack".

 

Outpost has the Block Most mode. It only allows the communication that you accepted in the rule sets and then it never bothers to ask you anything else.
This really is set and forget. Just remember to set it right.

 

Thanks. Will look into that.

 

LookNStop is one that can be run 'straight out of the box'. Install, then load enhanced rules set. That's it really. Trial it first, to see if it suits you and your system.

http://www.looknstop.com/En/firewall.htm
http://www.soft4ever.com/LooknStop/En/
https://www.wilderssecurity.com/forumdisplay.php?f=27
http://wilders.org/firewalls.htm


But make sure you remove all previously installed firewalls before any firewall testing period because of possible driver conflicts.

 

I agree with Paranoid2K, ZoneAlarm is as easy as they come, and what few alerts that do appear are presented in an easy to understand fashion.

 

BlackICE. Just install and set alert notification to orange then do a baseline. you will never need to touch it again. couldnt be easier!

 

My vote goes to Kaspersky Antihacker 1.5. It's almost as easy to use as Zone Alarm Pro, but isn't the resource hog that program is. As for Outpost, no way is it a set and forget firewall. If you want confirmation of that see Paranoid 2000's guide to secure computing with Outpost which is available over on the Outpost forum reachable through http://www.agnitum.com.

I am a licensed user of all three programs (Outpost 2.1, Zone Alarm 3.5 to 5.0 and KAH 1.5) and have used all three on my various computers (not at the same time of course). This has been my experience with the programs. However, other persons' experiences may differ, so whatever you do, take advantage of free trials and try before you buy.

Hope this helps.

 

Ditto the KAH 1.5. Outpost isn't very difficult at all either.

That about sums it up...
Good luck.

 

Actually for Win98 if one wants to block unsolicited communications from the internet the easiest way without using a software firewall or a NAT router (an option for those on broadband but not for those on a normal dialup connection) is to unbind NetBIOS from TCP/IP. Instructions are available here: http://grc.com/su-bondage.htm

This will close the netBIOS ports and if no other services are running that keep ports open, all the ports will be closed on the internet. The results are like having an inbound only firewall. The PC won't be "stealth" but that's a firewall feature that can be much overrated, IMO. The ports will be closed to unsolicited inbound port scans, probes and thus protection is there without a firewall.

I did this on my Win98 pc and it was fine. I could run ZA if I wished to provide outbound monitoring and app control. But I could also not run ZA and be safe from inbound scans looking for vulnerable PC's.

For some people who simply cannot handle the interactivity with a basic software firewall, the unbinding procedure (if performed by someone with basic skills...reading the instructions and following them) is a viable alternative. This is especially good for someone on a stand alone PC on dialup who cannot use a NAT router.

I assume if this is an option you or someone else in the family could set it up for the person in question. As long as the PC isn't used for file/printer sharing with another PC on a network via TCP/IP, it would be OK. If the PC is on a LAN and filesharing is an issue, if the other PC's are of the 9x family (including ME) they can all be unbound from TCP/IP and could share over NetBEUI. It gets more complicated when file sharing with an XP box, but reportedly some people have done it although most would say it's not worth the trouble and to just use a NAT router and software firewall and forget about the unbinding deal. Anyway, the instructions on the GRC site should provide sufficient information.

But certainly for a standalone PC the procedure I've linked to above is an option. Again, one can check via the GRC, Sygate, PCFlank port scans to make sure no other services are running so the ports will be closed. (For example, I recall in the past some people with W98 were inadvertantly and unknowingly running webservers...can't recall if it was Front Page or something else they used that resulted in that. This came to light during one of the first big network worm outbreak years ago and people were investigating infected PC's.)

Anyway, this is just another alternative to consider if it might suit the situation.

 

In all fairness, Outpost can be configured simply since it offers 3 levels of detail - Trusted/Blocked applications (which is the level of ZA or LnS), preset rulesets and custom rulesets. The secure configuration guide is aimed at advanced users - a better idea of Outpost can be gained from the Web-Hiker's Guide to Outpost Firewall (while it covers version 1, most of it applies equally to version 2 also).

The real complexity of configuring a firewall is not the program itself, but knowing the minimum access requirements for the software that needs Internet access. Many firewalls sidestep this issue by not giving you any option to restrict this but a truly secure system will need restrictions on every application (not least to prevent unnecessary and possibly privacy-violating connections like those of Windows Media Player or to limit the extent to which trusted software can be abused by any malware you pick up).

 

NOT BlackICE. BlackICE is leaky - go to the Wilders free download page and click on the link that says "leaktest" or something like that. If you look at the list of leaky firewalls, BlackICE is on it.

I've tried ZoneAlarm myself, and it is simple enough for my puny mind to grasp. However, as Paranoid2000 mentioned, its uninstaller is very messy. Also, it seems to have some rather bizarre compatibility issues. (But that could be my crappy old computer. I really do not know. )

 

I agree with Paranoid 2000 that too many "easy to use" personal firewalls purchase their ease of use at the expense of security of outgoing traffic. That's why I use Outpost Pro 2.1 on my personal machine rather than Kaspersky Antihacker 1.5.

Unfortunately, as Paranoid 2000 also points out, properly using Outpost requires one to know which applications ought and ought not be accessing the internet. That is difficult for many non-advanced users to attain. Perhaps the ideal solution would be some sort of advice system which guides users on whether an application really needs access. Zone Alarm Pro, kind of tries this, but IMHO, does not do it particularly well.

Until such a system is developed, I guess the best thing for a person who can't or won't learn what programs should be able to access the internet, is to use an "easy to use" program like KAH 1.5. It's certainly better than not using one at all, or trying to use one like Outpost Pro 2.1 and uninstalling it when the novice user is bombarded with questions as to whether an application should be blocked or allowed.

 

Having utilised all of the above over the past and being not too knowing of how to set up firewalls , i have to say that Looknstop is the best and easiest and lighjtest. Once loaded onto the system all it takes is one click to set up "enharnced ruleset " and one is really well covered . There is also an excellent support both here at wilders and by email .
The others mentioned are great too , but I have found looknstop the best for my use.

 

profhsg-
I agree with your last post but I just want to clarify that just because KAH is easy to use, it does not mean that it will not secure a PC. The nice thing about this firewall is that you configure your rules (I've noticed that many rules are best configured manually) and from there set the security level to High. After that you won't be prompted to allow or deny anything else and nothing else gets in or out. It's as simple as that. I do agree that in the hands of someone who has no firewall experience things probably could be left open and vulnerable, but I just wanted to clear that KAH will secure Internet/network access when configured right.

 

BlackICE does not leak if baseline is set. I tried all test and it passes all but one - most leaktests dont prove anything anyhow. BI will allow safe outbound data as it is smart enough to know what is safe and what is not - unlike most firewalls. It wont waste your time asking if you want app x to connect to location y using protocol z etc. It will even alert you to hack attempts and give you details of the attacker, it will alert you if you have most trojans active on your system - and in some cases identify the specific trojan, it will even alert you if you recieve a worm or virus in an email attachment - and warn you about unsafe html etc. I have used it since day one and it has never ever let me down. Lots of people knock it as they dont understand it. Just run BlackICE and hook up a nat router and you are as safe as you need to be.

 

Simple, don't run a gash software firewall.. Install a nice Firewall/Router, and you'll have way better protection.. SMC Barricades are amazing, and can be had for under $50.00.. Plug it in, turn on the SPI and Intrusion system, and forget about it. No drag on system, no conflicts, no popups..

 

Gers, I already mentioned using a router as a firewall for someone who's on a broadband connection....but what do you suggest if the person happens to be on a dialup ISP? Not everyone is on broadband.

 

Sorry, but this is totally wrong. A hardware firewall makes an excellent first line of defence from outside probes and Denial-of-Service attacks but has no ability to detect or prevent trojans/adware/malware on your PC from communicating out (it will see this as normal application traffic). Only a software firewall (which can monitor which applications on the PC are actually sending data) can provide protection against this.

Since the worst case scenario for most people is having a keylogger or remote access trojan giving outsiders access to their data or control of their PC, a software firewall should be the first step with a hardware firewall as an extra.