appropriate firewall for Vista laptop ?

Discussion in 'other firewalls' started by acr1965, Mar 26, 2008.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I am not real familiar with everything needed for a laptop but I am already pretty sure I do not want to use the built in Vista firewall. From what I have seen there are only a few "non suite" firewalls that run in Vista- Jetico 2, Comodo, PC Tools/threatfire, Webroot. Maybe a few more that escape me now.

    Anyway, considering a laptop as opposed to a desktop (where I am behind a dsl modem/firewall) what are features I need to look for specific for a laptop? I may end up doing some wifi connections on the road. Does any firewall offer needed protection that are especially necessary for a laptop? I am not asking "which is better". I am asking for what is necessary for a laptop and which firewalls provides such things.

    I am especially concerned with monitoring outbound connections and a HIPS would be nice too.

    Thanks
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Whether you are connecting wired or wireless the need\function of a lap top firewall is the same as a desk top. It protects the PC it is installed on. It is once the data is sent\or being received that the potential danger arises. If it is a wired connection then the threats are the same as you would face with a desk top. If you are on a wireless connection then the security begins and ends with how you establish the connection to the WAP (=Wireless Access Point). This is where things such as WPA (=Wi-Fi Protected Access) come into play.
     
  3. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Actually, the built in Vista firewall does a good job. Vista identifies new networks and asks you if file sharing and network discovery is to be allowed. Great for laptop users.

    Outbound filtering is possible with the Vista firewall, but if you are worried about leak tests the Vista firewall is not designed to deal with that. It is mainly designed to enforce IT policy.

    If you want something more complex with HIPS and outbound leak prevention, Comodo 3 is presently the best free alternative for Vista, but the HIPS can be a pain to use. As for the paid ones, personally I don't think any are worth paying for. Others will certainly disagree.

    Online Armor is promising a Vista compatible version soon.
     
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I don't think you really need one behind a NAT router with Vista; however, since a laptop/notebook is portable and may end up connecting somewhere else sometime, a firewall is a good precaution.

    My vista notebook configuration is documented on my website. I do not use Windows Defender nor UAC and the firewall in ZoneAlarm AntiVirus turns off the Windows Firewall.
     
  5. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    I am very mobile with my Vista Laptop, and use it a lot on the road, both in public wifi settings and open relays. Currently using and have used both Comodo V3 and Vista Firewall on two different computers, and Avast! 4.8 antivirus/antispyware/antirootkit. Also have UAC turned off because of compatiblity issues with some of my applications (plus it is a fairly useless PITA for most individual users). You need a good firewall and antivirus much more with a mobile laptop because you are using untrusted routers and networks with unknown characteristics and unknown members. You also can't always connect like at home with WPA-you are either in the clear or off the air. So one thing to remember is to always use SSL email links-if your ISP doesn't have them, get a gmail account. Your browser traffic usually works out pretty well, since the https: certified sites use good encryption. Avoid things like newsreaders, games, P2P, anything that sends passwords in the clear. If you are really serious about your connection security, look into getting a VPN connection. You can even get a free one (for now) from Comodo called "TrustConnect" at their website. :)
     
    Last edited: Mar 26, 2008
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Personally, I think turning off UAC is like throwing out the baby with the bathwater. Not only do I use UAC, but software restriction policy is in effect.

    Once the machine is set up the UAC prompt should rarely be seen.
     
  7. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Let us pray for the souls of all the poor bastards stuck using XP and not having the Grace of UAC to fall back on. :) In the meantime, those who read about the capabilities of UAC can decide for themselves whether they feel significantly more comfortable using it in their operational environment, or are willing to do without it because of the nuisance value. And whether it is appropriate to their perceived threats. When I did risk analysis (Common Criteria) for the Government, we at least tried to think about that. In spite of the security wonks. :thumbd:
     
    Last edited: Mar 26, 2008
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    Being an XP user, I don't feel left out by not having UAC so no need to pray for me. ;)
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Vista default FW plus outbound control is Vista FireWall Control 1.3, easy simple and free. It offers reasonable strong protection in regard to its out of the box user friendliness. Search for BigC comments, he is positive on VFWC, so that is an endorsement to me.

    Regards K
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    LUA on with consentprompt admin to 0 (quiet mode of TweakUAC) and intelligent installer recognition off, reduces irritating pop-ups to zero. With this you still have file protection, registry virtualisation, programs starting in LUA by default and IE protected mode.

    Because intelligent installer recognistion is off, you will have to start installs as an admin (after removing safety security restriction of downloaded files with properties). This is a threshold which works ok until now (no malware encountered which succeded to auto elevate for install).

    FOr the rest I totally agree with diver. The above is used at a gaming machine (punkbuster and team speak always require elevation request in full LUA mode). On normal PC's LUA elevation request should deminish to zero
     
Loading...
Thread Status:
Not open for further replies.