Inbound Protection

It's what i suspect. If i boot XP again, i'll try to document it.

 

Well in that case, the OP can just run Windows Firewall (or any other) and be perfectly safe. Without issues, that is. Which makes this whole thread pointless.

I would also like to hear on what criteria does the members here recommend an inbound firewall. A hardware one (router) will hardly provide better filtering than most software firewalls, so...

@ Ghost ARCHER,
please don't hijack the thread. If you have concerns with Jetico, make your own.

Cheers,

 

Hi

So Jetico and Outpost both have better inbound than Windows Firewall?

Are Comodo and Online Armor good choices in terms of inbound protection?

Thanks

 

Yep, pretty much.....

 

Yes, Windows Firewall provides very basic inbound protection.

But almost all commerical grade firewalls provide good inbound protection. Including Comodo, OA, Outpost and Jetico. They have pre-built ruleset to cover most scenarios.
If you want to create powerful rule for some specific scenario. IMO, Jetico is best and Outpost comes second with its easier interface.

Hope that clarifies your question.

 

For beginners/newbies/non-techies:
PC Tools Firewall Plus
Sygate Personal Firewall 5.6.2808

For IT pros/com scientists/techheads:
Kerio 2.1.5
Online-Armor Firewall
CPF 3


If you're willing to pay, Outpost Firewall PRO is the best bargain

 

I'd recommend a software firewall for inbound traffic whenever you're not blocking all inbound traffic outright.
Examples:
If you want one app to be able to receive inbound specific traffic but not another, like a P2P program.
Hardware firewalls work on a system-wide basis. Traffic is allowed or blocked for the entire OS and everything installed on it. Only a software firewall can control traffic on a per-application basis.

 

Hi

Thanks for the reply. So all firewalls have pre-built rulesets which are better than Windows Firewall? Are these rulesets different to a NIPS and SPI?

Thanks

 

Hi

I've heard that Outpost uses user-mode hooks or something, which is supposedly not effective against real malware. Is this true?

Thanks

 

It's basically pretty simple. ANY firewall (Win Firewall or router included) that blocks inbound serves it's purpose, and for a home user, that is sufficient IMO. It just depends on how fanatical one wants to get with all this. There are various flags and types of packets and so on and on, some firewalls have rules to accomodate all this and some don't. So there are varying degrees of inbound protection, but once again, I would maintain that for an average home user, none of it matters. ANY firewall or router will effectively block inbound, even something as advanced as CHX-I will block inbound with one simple block rule.

Return packets from outbound traffic are allowed thru based on some form of SPI. There are also varying degrees and varieties of SPI as well.

If you enjoy experimenting and studying all this, that's fine. But again, for all practical home purposes and usage, unless you are expecting a packet generating cannon to be aimed at your firewall, anything will do.

 

[slightly OT & out of curiosity]

Is there a rule-based (inbound-only) firewall allowing us to set a rule to be activate when, and only when, a designated process is running?
I am only aware of the oldy Conseal PC firewal, back then.

 

Look'n'Stop can do this. If you say Conseal could do it I would suspect 8Signs can do the same, since it is a rebrand (or whatever) of Conseal.

 

I honestly don't know what is going on, and I am not familiar with KIS. Perhaps you can make a rule to allow all outbound connections to that url.

 

Great, I'm more and more tempted to change my firewall for L'n'L. I think am now ready give it a fair try. I am already a regular lurker in their support forum, from some months, and I like to see the developer is very active to answers all users' requests there.

I am using 8Signs and it's probably one if not the the only thing one of the rare features that was not ported from Conseal.

 

It is a great firewall. 8signs has a different purpose.

My bad most likely. I am not very familiar with these two, especially with Conseal. Someone will hopefully correct me.

 

I can't say for sure as I'm not using it anymore, but it's possible that CHX-I may be able to do this, however, it's not application oriented in the usual sense, so I really don't know. Also, it's no longer supported or developed. But I do remember v3 had various triggering oriented features...

 

CHX-I! I did never find my way to try this intriguing firewall, and knowing its current abandon state I am now reluctant to invest a fair amount of learning time in it. But I should have v3 archived on some cd from 1 or 2 years ago, so if curiosity really get on me I could maybe give it a looksee.
But I would say that I am almost sold to go with L'n'S, for now... and compare its abilities vs my using of 8Signs.

 

I don't get it. Need more explanation. First I don't know if you suggest to that I should or should not. I have read this sentence for 3 times and because I don't understand that much, I don't know if I should or should not .


Then I post a screenshot on what lightweight means, cheers
http://i38.tinypic.com/2wefkhz.png

Also, I found that I can play the warrock again after I switch to jetico from Online armor free. It was once updated frames every 10 seconds to 1+ minutes

Cheers

 

Yes, Windows Firewall has limited capabilities. Since it has limited rules, which are hardcoded and are not updated with passage of time.

Now as you point out firewall can use different methods to provide protection. For ex: Ruleset, NIPS and SPI.

Ruleset: Is most basic, fast and gives a lot of manual tweaking abilities. For any new attack/flood, you will need newer rules. Hence its best to choose a Firewall which can update its ruleset via internet regularly.
Probably comparable to signature database/detection of AV.

SPI: Requires a litter more buffer and can cause incompartiblity issues under some conditions like TCP window scaling. But because it treats each packet as untrusted, it can protect against some attacks for which explicit rules may not exist.
Probably comparable to heuristic scanner of AV.

NIPS : Highest resource usage and using neural matrix can predict/detect attacks hence providing greatest amount of protect. But it needs to be trained and well configured, else will lead to blockage of good traffic.
Probably comparable to Behavioral Blocker of AV.

Now for your normal home user, rule-based firewalls are enough. Since they are not directly connected to the internet and can rely upon the ISP network to filter many attacks.
If you want to be extra cautious, you can also try firewall which has SPI. At the cost of performance, you can get some more defense.
If you want to provide armor to your server/gateway/network, you can go for NIPS.

Hope that helps.

 

So there is not much chance that something can get by even the Windows firewall?

Thanks

 

Are there any other different methods to provide protection?
Which firewalls have which of these features?

Thanks

 

@vijayind: I have WinXP firewall and a home router with SPI. Do you think this covers the things mentioned in your post?

 

Hello all,

I see a discussion regarding a comparison between a typical home router and windows firewall for inbound protection/filtering.

For me personally, given the option of paying for a cheap router or using windows firewall, I would pick windows firewall. (of course, that is based on a single PC setup)

I will put together a post showing the options and filtering of windows firewall (something I should of done (and meant to) a while ago. I will do that this afternoon and post to a new thread.

- Stem

 

Again, what is the definition of cheap?
Or is the conclusion/opinion that every home router is crap?

I mean, does your remark apply to a router that costs 20-30 dollars or also to a router that costs around 200 dollars (roughly recalculated from euro to dollar)?

 

If you have a home router with SPI, you are well secured against inbound attacks

But since, most malware can sneek past Windows Firewalls outbound protection. I would recommend using HIPS/Behavioral Blocker programs.