Which firewall do you use?

I just removed Blink to try Webroot Desktop firewall. Had it running a couple of days now and so far no complaints. I've checked it periodically since it does have DSA and DSA seems to forget things. In the couple of days though, no problem yet. It's all still in learning mode.

I've noticed that my computer is a bit faster, not a huge amount but noticeable. For antivirus, I installed AVAST today because I've always liked and trusted AVAST.

I'm still working my way through a learning process with WDF, but it all seems fairly simple. I can't say whether I like it enough to keep or if I'll go back to Blink. We're on a hardware firewall but I like being able to keep an eye on what goes out, too.

 

Uncheck all learning modes in WDF settings and you will see how responssive it is. In settings and in settings/advanced and in settings/advanced/view edit application list/processes - uncheck all training and check all detections.

And of course Process monitor on high.

 

Hi all,

Online Armor firewall suits nicely with security setup

Regards,

MaB

 

So the admuncher problem is fixed?

 

Hi Lonewolf,

No the conflict is not yet fixed (i switched to OA free) but according Mike Nask, next Ad Muncher version (4.72) will fix it.

Regards,

MaB

 

Thanks for the info.

 

I have been using Sygate Personal Firewall Professional for a number of years. Most likely I will continue using the firewall until convinced to change. I have heard so many pros and cons regarding various firewalls that changing now is not a priority for me. I probably have listened to Mrkvonics' comments most because they bolster my confidence in Sygate. I am including in this post the following link to the "Sygate personal firewall guide" which has helped me and hopefully it may help other Sygate users. http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

 

Hi,

I know this SPFGuide, on Sygate.de is an additional advice about ICMP.
http://www.sygate.de/konfiguration/ICMP.html
So this was the advanced rule I always added first:
Rule Summary:
This rule will allow both incoming and outgoing traffic from/to all hosts on ICMP type 0,3,4,8,11,12,13,14. This rule will be applied to all network interface cards.

So my questions are:
Is this advice correct, to allow ICMP traffic?
And if so, are there any changes in ICMP types if you are behind a router?

Cheers!

 

What Diver said - Comodo 2.4 is outstanding - whether you're a novice or a security expert.

My current security setup:
- NAT router with SPI protection.
- Comodo Firewall Pro RC1 (Network Monitor with HIPS active).
- Spywareblaster innoculator.
- Comodo BOClean 4.25 resident anti-spyware.*
- NOD32 V3 antivirus.
- SuperAntiSpyware (manual scan only).*
- Using IE7 browser.
- TrueImage 10.0 Backup/Restore program.

* BOClean protection is excellent for detection of attempted malware start-ups, but ignores trivia such as adware cookies - you need a manual AS scanner.

All function flawlessly together.

Hope this helps!

 

gud4u

So few people seem to include backups as a security feature.

In fact I use ATI I0 to schedule 2 daily backups quietly in the backgound.

No matter what nasties may get through security (and so very few ever have ), I will never loose more than a few hours of data at the very most.

 

Hi,

I’m doing exactly the same, using ATI for backups too.

BTW before ATI I used PowerQuest’s Drive Image, but Symantec decided to absorb Powerquest like they later absorbed Sygate. Rapacious beast.

So using an image tool, I don’t have to be too afraid installing potential critically software or becoming a malware victim.
Booting up from CD and restoring partitions resolves nearly every problem.

Cheers!

 

These ICMP rules I think are safe:

• Echo Request type 8 outgoing
  
• Echo Reply type 0 incoming
  
• ICMP Unreachable type 3 incoming
  
• ICMP Time Exceeded Type 11 incoming

There is also router discovery, Type 10 which may be necessary, depending on your setup.

 

Hi, wat0114

Thanks for information!

Exactly the same settings are advised by protecus.de.
http://www.protecus.de/Firewall_Security/icmp.html

Don’t know why the settings from sygate.de differ.
Or sophos.com advices this one:
ICMP = 0 IN
ICMP = 3 IN OUT
ICMP = 8 OUT
ICMP = 10 IN OUT
ICMP = 11 IN
http://www.sophos.com/support/knowledgebase/article/14464.html#icmp

It’s a little bit irritating, shouldn’t it be for every PF the same

Cheers

 

I'm not sure subset. the only one I might question is ICMP = 3 IN OUT, since only if the pc belongs on a LAN would the Out direction perhaps be necessary. Someone with better knowledge in this area could probably elaborate.

 

After a brief stint with COMODO in my first change of firewalls in over 2 years after ZA, Kerio 2.15 returned by reappealing quickly to me again. I been pretty much resigned to it ever since. It's been long considered outdated but with a solid HIPS and a few other newcomer risk-preventers it's filled the need on XP Pro exceptionally well enough to depend on for the long term. But now enters OnlineArmor with it's dual capabilities and specialized firewall, so this one seems a very viable candidate now to maybe make a first replacement since departing ZA. If it's results (free version) prove out everything it's been raved about recently, theres a real opportunity it just might finally win implimentation into my overall strategy and then on over to the full program with all features. This is another one of those new golden opportunities where a very new program debut has the substance/results sought after to win over and replace whats been a long standing app where theres long been little interest to veer away from an old standard.

 

i used to use a firewall behind a nat router. but not anymore, too redundant imo. but its fun to try new firewalls etc.

 

I was going back and forth between ZoneAlarm and Outpost for a couple of years (with a brief trial of Comodo in between) until I found Online Armor a couple of months ago. No more problems and my machine has never been more responsive.

 

I originally had McAfee firewall, then ZA. I've been with Outpost now for a couple of years. Currently Using Outpost Pro 6.0.2175.8316. The latest version is stable on my machine.

 

The ICMP "Destination (Host) Unreachable" is Type 3 Codes(Subtypes) 1 & 7 (incoming).
The ICMP "Destination Unreachable/Fragment-size-re-state" is Type 3 Code(Subtype) 4 (incoming).
I have not allowed other ICMP Type 3 messages incoming through my Intego firewall on my Mac.

ICMP types and codes(subtypes) can be found at:
http://www.spirit.com/Resources/icmp.html
and a useful article at:
http://www.spirit.com/Network/net0700.html