Easy to use firewall

Ok so here is my dilema. I have built a nearly $6000 dollar computer, completely state of the art, for my mom and I want to keep it as safe from problems as possible while still being very user friendly and as little up keep as possible. She isn't the most knowledgeable about what kind of access to grant applications and the like and I'd really rather her not have to worry about it while still having the protection of a firewall. So what I need is a firewall that requires as little user involvement (after the initial setup) as possible even when installing new applications. I am willing to sacrifice security for simplicity in this case as I'm behind a router with a firewall and stealth capabilities built in. Any suggestions as to a firewall for this instance would be greatly appreciated.

 

http://www.softhall.com/Norton-Personal-Firewall-Download-5808.htm for example.

 

i dont think that u need a software firewall

 

If you don't want user intervention, then there is no need for a software firewall since you have a hardware router.

But if you want an easy to use firewall then ZoneAlarm is maybe the easiest to use firewall.

 

ZoneAlarm is one of the best - it stops connections leaving your PC if something like spyware does get in - this won't be stopped by most router/firewalls.
You need:
- a good antivirus like NOD32.
- a good s/w firewall like ZoneAlarm.
- anti-spyware s/w like spybot S&D (free) or adaware.
- best to be behind a hardware firewall router like yours so most operating system exploits don't work.

Scan yourself with the "Sheilds Up" links at www.grc.com to see how secure you are!

 

ZoneAlarm FREE or Look 'n' Stop. I have used ZoneAlarm FREE for over 10 years and recently swapped to LnS. With little user interaction being required LnS wins hands down.

Cheers

 

My vote goes for Zone Alarm, nothing beats its simplicity and it is the least complex to use for first timer.

 

Zone Alarm is easy to use and is the firewall I am currently using. I have had both McAfee & Zone Alarm.

 

I have to say ZoneAlarm also. Just set `n`forget.

 

I'm sorry, but I slightly disagree with the "no software firewall needed" comment.

This is of course more a matter of opinion that anything else, but let me illustrate.

With a hardware firewall you are basically protected against worms attacking the computer from outside the firewall (i.e. self-propagating viral apps that spread through open ports).

That's it.

If the system is infected by a user-downloadable trojan or virus that wants to spread itself, the hardware firewall will give absolutely no added protection to the system (against downloading of additional viral components) or to other systems (spreading of the viral code).

For the system to operate with the basic internet apps, the hw firewall must open basic ports for smtp, pop, imap, http, etc. Trojans and virii can be downloaded through these, if the user is not careful (and happens to be unlucky).

With these ports open and the hardware firewall having absolutely no idea, which program is using the ports to access the network, there is very little protection once the system is infected.

This can be of course problamatic for people who are not very advanced users and "just click on stuff" whether those are malicious web links, downloads or e-mail attachments.

Of course, against those risks anti-virus and anti-trojen programs should be used at any rate.

But if the system becomes infected regardless of AT/AV, the risk factors associated with that compromised system AND towards other systems can be potentially reduced, with a software firewall.

A software firewall will do a couple of things no hardware firewall, anti-trojan or anti-virus program can do (once the system is compromised).

- deny network access completely for unknown apps
- deny specific network access for known apps
- deny launching of separate processes to act as download conduits for viral programs

As a results, a software firewall (if capable and properly configured), can prevent a viral piece of software from:

- downloading new viral components to the system (new keyloggers, servers, new attacks, etc)
- spreading itself to trusted LAN or to other computers on WAN
- making the computer act as a zombie in a Distributed Denial of Service type attacks

Of course, a software firewall is again NOT a guarantee that these things will not happen, but it will lessen the security risk.

And the loss is of course, added user complication.

HOWEVER, and this is a big however (imho), if the user in question uses ONLY known and predefined applications to access Internet, then it's relatively easy to add a software application firewall that just works.

It just works in the background and prevents all except the predefined applications from accessing the internet (and only through predefined protocols).

I have set up my moms computer to be able to access:

- windows update
- antivirus updates
- mail (via Mozilla)
- web via Moz

She does not need ftp, nntp, sntp, etc.

So, everything else (afair) is disallowed.

Works for her.

If she wants to lean how to use IM, it's not a big deal for me to go over and punch one more rule to the software firewall to allow for specific IM traffic.

That's my two cents worth.