Can anyone recommend a good firewall?

Discussion in 'other firewalls' started by emuleman, Jul 29, 2007.

Thread Status:
Not open for further replies.
  1. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,068
    Location:
    Serbia
    @ Bunkhouse Buck as well... :D

    This is very good reasoning, but you also have to consider this:
    It is not just the matter of malicious programs calling out. It is also about the control of your "trusted" benign applications, updates for security software (AV, AS), email, browsing... Anything that wants to go out of your system could be controlled and fine tuned with a good outbound protection. Actually, the better term would be "outbound control".
    I agree with you on Windows firewall for inbound protection, but application control have it's place. It should not be disregarded.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    toasale, why not believe the man?

    bunk, I, too, believe is mainly for controlling your "trusted" apps, not malware. I agree that once you get hit by the cacky, it's game over. However, regarding benign apps, I do not want certain games to connect or certain beta apps, or I wish to monitor network traffic etc.

    Mrk
     
  3. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    The claim was "I have never had a virus or a hacker get inside my system"
    Not exactly unreasonable. A claim many could make I would have thought.
    Although I can go back as far as 1968 ( Olivetti 101) I have only been on line since 1996 and have yet to see a live virus or suffer from any malware. Like most I went thru a phase of loading up with every new anti, anti but all I got was a collection of false positives.

    Do I ever turn my unit on ? Currently have 7 units - 3 or more on at any time for 15 hours a day.
     
  4. Dogbiscuit

    Dogbiscuit Guest

    Maybe in an XP admin account.

    But running as a limited user would prevent malware (such as Rustock.B and Srizbi) from modifying network drivers (tcpip.sys, ndis.sys, etc.) to get around outbound firewalls, as no software, including malware, has the access needed to modify these system files from within a limited account.

    Password protecting the firewall should prevent any changes to it (by malware) from within a limited user account.
     
  5. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    IMO, In this day and age, outbound protection is a must as well as some form of execution control. I guess it depends on what you use your pc for, what you have on it, and your browsing, downloading habits.
     
  6. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    Amazing the responses. Precisely what I expected. The hacks and shills for firewall software companies likely disagreed with my comments, while the people with no conflict of interest thought the Windows XP firewall was sufficient as I argued.

    As to my surfing habits, I am on the internet 16 hours a day, am a high risk user both with my computer and dozens of others in my office. I (we) have never had a virus or a hacker since the dawn of man (1967).

    If you want to monitor what is going out fine, but that is a different argument than what I contended-and that was to keep the bad guys out, the XP firewall was sufficient.

    If they get in, Comodo or any top rated leak test software program is not going to stop them. The trick is not letting them in your system in the first place.

    Btw, I use NOD32, WinPatrol Plus, and Windows XP firewall and run as administrator.

    If you are having continual problems with hackers and viruses, you might want to take a long hard look in the mirror.
     
  7. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    At least for my own usage, that's the only function I use a firewall for - controlling outbound communications of completely valid programs.
    Exactly, although one should also verify that these "hacking" event are, in fact, real and not an artifact of either program conflict or misinterpreted information.

    Given what one could implement using intrinsic OS functionality and completely free options, I'd have to agree. While the one-off wake-up call infection is conceivably understandable, once that message has been given, the steps to a reasonable level of protection are quite minor and don't involve a complex assembly of measures. Configurations such as a general antimalware application/suite, a backup measure if desired, Windows firewall and/or SOHO router are quite sufficient. Can one weave a scenario in which this won't work? Sure. Of course, you can also do that for any other configuration one way wish to propose. It's only a question of how elaborate that scenario becomes and the point at which one transitions from the sublime to the ridiculous. At least from my personal experience, that transition to the ridiculous occurs quite early - which is why the simple measures mentioned by Bunkhouse Buck work perfectly fine for most of the inhabitants of this planet.

    Blue
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    A common misconception that many people develop is this:

    1. They download a file.
    2. They execute a file.
    3. It turns out to eat their firewall and more along the way.
    4. They complain about being "hacked."

    When in fact, they brought the doom upon themselves.

    Mrk
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Through trial and lots of error, I have discovered 4 trojans in my system in the past. All came from downloaded files. I need s/w to protect Windows from me lol.
     
  10. rhuds13

    rhuds13 Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    109
    So if I just use Avast Home and SUPERAntiSpyware Pro with XP fw and make sure to scan all downloads before opening I should be safe? Or should I still use a software firewall to be extra sure? I have been thinking about this very thing for a while.
     
  11. QuestionX

    QuestionX Registered Member

    Joined:
    Aug 16, 2007
    Posts:
    28
    I've always had good luck with software..been using Zone alarm for years..it protects incoming, outgoing, email, files,etc... it grabs a virus on the web before it can do any damage.. i goto to thoes places where the bad stuff is just to test and it does a great job...even email I suspect I open anyway and Zone Alarm is there to stop the virus ( mostly trojans)..but you also have to use your own head...practice makes better ( not perfect)..
     
  12. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    This, a safe browser and a router and you should be good-to-go
     
  13. Dogbiscuit

    Dogbiscuit Guest

    Do you a mean an outbound firewall won't stop malware from causing havoc on your system, or an outbound firewall won't stop malware from sending out information?

    Also, some specifics would be helpful to verify what you're claiming.
     
    Last edited by a moderator: Aug 16, 2007
  14. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    Of course XP firewall is sufficient to stop direct attacks (it has been tested pretty extensively), but it does not stop the most prolific problems that plague users today, namely "drive by" infections using an insecure browser, and running infected downloads.

    Just because you have not got an infection since way way back in 1967 :) does not really mean that much. Except that maybe you know what you are doing, many people don't, and or engage in very high risk browsing, and downloading.
     
  15. wat0114

    wat0114 Guest

    I would like to see evidence of this. Sometime when I'm bored I'm going to seek out some of that firewall-crippling malware and try it out on my test machine.
     
  16. InMyOpinion

    InMyOpinion Registered Member

    Joined:
    Aug 16, 2007
    Posts:
    2
    emuleman,

    Since 2005, I have used TINY Firewall with NOD32 and both compliment each other extremely well. Now, I have added Dynamic Security Agent and I am very pleased with the results.

    I hope this helps.
     
  17. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    I can add my 5 zloti to the story.

    In Windows, as admin, you have 100% control of kernel when installing a program. Therefore, the program can do ANYTHING. Given the sufficient skill of the programmer, a malicious piece of code can disable anything already working in that same Windows, if it grabs a more comfortable piece of kernel and owns it.

    Therefore, once you get infected, your firewall or any other software MIGHT stop malware, but it also might not.

    The whole idea is not to get infected, not to mitigate infections.

    Mrk
     
  18. wat0114

    wat0114 Guest

    I'm a huge proponent of outbound controling firewalls, but that is well said :thumb:
     
  19. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I have 2 concerns about outbound controlling firewalls:

    (1) If nothing bad gets in then from a security point of view do they serve any real purpose ?
    (2) what do many users do when kerio or whatever pops up with a question ?
    most of the time the desire to continue doing what they were doing means the user will click yes to the "allow mayhem and pillage ? Question.
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    1. Nothing bad gets in - that's the purpose of the firewall. Outbound - to control programs you trust, been said before
    (see above).

    2. When a question pops up, you take your time to read and understand. BTW, once configured, firewall alerts are rare - when you install new software, once you update existing software, here and there a few alerts on the incoming, all in all no more than 4-5 events a week.

    Mrk
     
  21. wat0114

    wat0114 Guest

    Two reasons I like outbound control:

    1. Keeping an eye on M$ processes as well as, possibly, a few others.

    2. IF for some reason my machine gets whacked by malware, it can feel free to blow away my harddrive. I have backups. But I just want a fighting chance to keep my personal data in rather then couriered out by a bot to some remote scumbag. If my firewall can survive the onslaught, then I have a fighting chance.

    Obviously Mrk's point of keeping the bugs out is still by far the most important of all, but we're only human so there is some room for screwing up.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,
    No problem is screwing up - although there's no reason why is should happen in the PC world. And if you do screw up, have a nice restore formula ready - imaging, backup etc - and undo the damage quickly and painlessly. if anything, computers are time-independent. Time has no meaning. It's one of the few privileges in life, where you can actually undo your mistakes.
    Mrk
     
  23. Dogbiscuit

    Dogbiscuit Guest

    Wouldn't running as a limited user prevent this from happening?

    Having a "plan B" (just in case) makes sense. How could it not?
     
  24. wat0114

    wat0114 Guest

    Can you install your program under a limited account? Probably not. Either it's installed under an administative account or in the case of XP under limited using the "Run as" option, so if your new "software" turns out to be infected, it's game over.

    BTW, does anyone know if installing with "Run as" under a limited account affords the same kernel level priviliges as installing under the administrative account?
     
  25. Mr. Malware

    Mr. Malware Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    15
    Comodo is NOT a top ranked leak test software program, they just want you to think that!!!

    "The only firewall that doesn't leak" Yeah right!!!

    Go to firewall leaktester.com and see how many leaks it has.
    And the comodo knows about it.

    http://www.firewallleaktester.com/

    Comodo needs to start practising truth in advertising.

    How cares if its free I will never use it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.