I need your opinion!

If I were to use Application filtering based software firewall it would be the new Outpost.

 

If you can shut down those other services (i.e. if you don't run applications that depend on them) then yes, port 135 won't be open. Of course, you still have to watch out for patches/updates/installs re-enabling these services.

Port 445 IIRC.

Given that trojans can be hidden in downloaded files even from mainstream sites this is, sadly, not enough nowadays. Only by abstaining from downloads altogether (not really practical) or manually disassembling and analysing every program before running it can you avoid compromises here. However an application-filtering firewall can provide an extra layer of defense, and one that most people can understand far more easily.

If your firewall fails, your system is vulnerable even without open ports, so a far better fallback would be a router with its own (firmware) firewall. Open ports are not a problem in themselves (you will have some even with a firewall if you run programs that need to accept unsolicited incoming traffic), it is the applications behind them which can contain vulnerabilities. Closing unnecessary ones is good security practice as is disabling unneeded services but not a universal panacea - other security measures should still be taken.

 

Does this mean we can have arguments debates about stateful inspection in the Outpost forum as well?

 

You know how much I'd luv to but, It has already been proving and you had admit to the fact Outpost SPI is stateful-like. Regardless the new Outpost from far glance does seem nice...

I would not use Outpost, I prefer something with true stateful packet inspection, but for many other reasons, something like CHX-I, 8Signs ....

But I’m saying If I were to use a application-filtering based software firewall, between the two (ZoneAlarm and new-Outpost) I would choose Outpost anyday…

 

Would you please give some definitions about what you mean with phrases like "stateful-like" and "strong and true"? (like I have in this post). My previous statements about Outpost's SPI is that it is at packet-level, like almost every other personal firewall with an option of limited connection-level SPI - this has not changed so I find your claim that I have "admitted" anything rather puzzling... perhaps you have been misreading my posts?

 

Excellent post P2K !!!

 

Ok then, then I would like to clear this up what I actually want here for a software firewall then. Great link there P2K. I love it.

Ok, MAIN QUESTION HERE again....

After reading what P2K posted, I want to or would like to ask, if Zone Alarm does the same SPI what Check Point has to offer?

NOW THAT WAS MY QUESTION. Does ZA offer the same SPI what Check Point has to offer?

And another thing I want something that works also what thr Linksys routers do as far as being "SPI" what says on the box especially the model: BEFSX41 made by Linksys and says n the box "powerful SPI protection"

Again, does ZA provide all those "stateful-like" features? Or which software firewall provides the closest to Check Point or Linksys router SPI?

And must be for Dial-up, as I have another machine that uses dial-up. Thats all I want to know. So in conclusion to all of my questions here, what is the closest to Check Point? ZA, Sygate? or Outpost Pro?

 

That's a tough question to answer... Didn't Check Point buy ZA a while ago? If so, does that mean anything? I don't know..

Of the 3 you mention (Outpost, Sygate, ZA), my guess would be that ZA probably has the best SPI. But I can't prove that or even lead you to any links that support that conclusion.

Best if you try asking ZoneLabs perhaps.. They should be able to give you some kind of answer...

 

Oh boy .
I really think you are losing sleep over a minimal thing . You can kill yourself thinking about things that firewalls offer . To answer your question , Yes , in a basic sense . Technically , no . But , for you , the home user , it would not make a difference . I know you are wanting the best . It is hard to give straight answers when the questions are so technical . As I said in another thread , the more questions like this you ask , the more you will have . It will not end . And , if you have a router , why would you care about something so tiny , that you would not know anyway ? Checkpoint , to my understanding , either bought or conjoined ZoneLabs . Checkpoint has hardware with a differing type of SPI but , the same in a basic sense . Again , for the home user , it is good . If ZA is what you are so interested in , take it . You will be fine . SPI will not be a problem . You will be protected as best as ZA can do . SPI really will not play a role in your protection . Good luck in your quest

 

Kerodo .
I suggest it is Outpost without a doubt . But , it really makes no difference . Besides . i think he wants ZA , he just wants to make sure it has the things he hears so much about yet , not all that important to the end user as long as it is on .

 

I prefer Outpost Pro over ZA myself, but he keeps asking about SPI and I'm not sure who's SPI is best. I would vote for ZA's SPI, but overall I'd vote for Outpost as a firewall. In the end, they're probably all similar anyway..

BTW, I notice that you use Prevx. What do you think of it? I was thinking of trying it but wasn't sure...

 

Kerodo .
Some people have said it uses too much resource . I do not understand that . It hardly uses any . I use the Pro version and think it is great . The free home version is very good too . One of the major differences now is that the Pro starts up ( loads ) a little faster . It took forever toload in the past and I stayed on them to fix that . They released an update a few days ago that did just that . Excellent program . Set on maximum and go . Only thing is , if you are about to install a program that you trust , click the " suspend protection " or else you will be bombarded with popups as to what to allow . The protection cannot be beaten . Free is great . I would probably use the free but , I helped out with the program so they were kind to me . lol . Try it . The protection is great . And let me know what you think and if you have any questions . Very simple to use though . Again . Set it to maximum and you are done . Good luck in YOUR quest my friend

 

Ok, thanks Hollywood.. I think I'll probably give Prevx Home a try in the next few days, probably this weekend.

 

Yes like you stated, I do want the best out there even for home use. No doubt about it.

ZA's interface looks too easy and maybe thats why Im always thinking that its not secure enough. Thats why. I know.....

I will try contacting ZA's tech support also. But I will take your word for it.

This may sound strange, but this bugs me too. Ok, I just dont like it that the fact that most firewalls (not just ZA) that the Action in the logs dont have it as like Check Point: For example: If I were to have a DROPPED something or ACCEPT something, other software firewalls interpreted as BLOCKED or ALLOW. I know I am weird in this way, but thats me. I know. I'd like to see in the future to see firewalls more in a professional manner like Check Point.

Oh well...

 

No it does not. ZA's SPI, like almost every other personal firewall, is at packet-level. That however is the most important from a security point of view since it allows firewalls to distinguish between unsolicited incoming packets and legitimate replies to previous outgoing requests. Higher levels of SPI offer far less benefit in security terms (their main benefit is making rules-creation for complex applications simpler).

Checkpoint's Firewall-1 product is designed for enterprise use and has a price to match. The only firewall that is likely to come close to it in SPI for home use is CHX-I which appears to offer application-level SPI for some applications (see the CHX-I thread for more on this) - however full details on which applications are supported do not seem to be available. The downside of CHX-I is that it does not offer application-filtering (i.e. it could not distinguish between Internet Explorer/Firefox/Opera making a connection to port 80 on a webserver to view a webpage and malware making a connection to port 80 in order to send information taken from your system). For this reason, CHX-I is best deployed on proxy servers and gateways (where information on the application sending traffic is not available anyway), not on home PCs where malware/spyware bundled in software downloads present a greater threat.

Packet-level SPI again here almost surely - though connection-level SPI is likely for FTP (since this requires special treatment for Network Address Translation - which this router should include for sharing the Internet connection between multiple PCs). Higher levels of SPI are protocol/application specific so any appliance offering these would list the protocols supported, like Checkpoint does.

All personal firewalls should work with dialup connections and all the major ones offer packet-level SPI - the only odd one out to my knowledge is Look'n'Stop where SPI is an option (and if enabled, limits the total number of network connections - 128 is the current maximum I believe).

ZoneAlarm is a good choice for beginners but if you prefer greater control, then a rules-based firewall is the next step up with Kerio, Look'n'Stop and Outpost being the best options (Sygate is worth considering only if you do not run any local proxy software like web filters, anonymizing clients or email scanners). If you have one of these properly configured along with process-control software like Process Guard or System Safety Monitor, then very little is going to go amiss without you getting warning about it.

 

Hi guys

Thanks all of you for your help.
Last week i use free Kerio 4. I understand that most of you don't like it.
It seems to me a good product and easy for a beginner in its default mode.
What's you don't like about Kerio 4?
Really very helpful for me have your opinion about that.

I tried Jetico for a little but i comfused too mutch and get it out.

I use Avast 4,6 as av and like it. I think it's the av i need.

Sorry for my English.
Have a nice day.

 

ZA DOES , INDEED , tell you what was blocked and what was allowed . Well , ZAP does . Not sure about the free version . And you are going to contact tech support ? hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha . Anyone wish to join me in a moment of prayer for this poor guy . By the time you are dead , you STILL will not have an answer . ZA tech support is the absolute worst there is . IDIOTS ! And they do not care about your problem . You want the best ? Quit fooling around with ZA . GEEZ . It is no where near the best . ZAP , years ago , was at the top . No more . Outpost Pro , Tiny , Kerio , and LnS are at the top . If you want something very good and strong and easy for beginners yet , powerful enough for a power user , Outpost Pro . You keep talking about ZA . Just use it and contact ZoneLabs . You will find very quickly that you made a bad choice when it comes to getting help . You have asked enough . Do you not feel you have enough info to make the choice ? You are already choosing ZA so why do you still question things ? It is ok . You like . Take it . And good luck . Now for the prayer ................

 

Sorry about the allow and block thing . I NOW see you mean you would rather have dropped instead of blocked . Yes , you are VERY weird . But , everyone is different . Again , good luck

 

Well, I'll just stick with Linux IPtables. Thats the great way to go. I have the easiest Linux distro along with Windows but I'll stick with Linux.

I had thought about this a while back now. Iptables....

 

IPtables is like a router firewall - it can give good protection from incoming attacks but cannot alert you to malware on your own system trying to send data out. Only a personal firewall running on your Windows system can see which applications are trying to send data and alert you accordingly.

IPtables is a good backup - but no substitute for a personal firewall when it comes to malware detection.

 

This what I still do not understand about protecting PCs from outbound traffic I still cant seem to soak it up to my understanding here. I always thought that incoming traffic is the most important of all.

Please explain this please.

 

The vast majority of malware needs to make an Internet connection to send data out (e.g. spyware sending out your browsing history, keyloggers sending your passwords, remote access trojans letting their controller know they are online). If they were missed by your anti-virus/anti-trojan scanners, a decent (and properly-configured) firewall would alert you that a new program was trying to send data out, letting you know that something was amiss.

 

Ok got it and well said... But hey, Im running Linux..... But I have to agree that Linux could be vulnerable too, but to a lesser extent though. If, you install any OS clean WITHOUT any spyware or malware, then you no need to worry about outgoing traffic. Because if your starting a new clean installation without any malware on the system then your OK, correct me if Im wrong.

Remember that someone said that Firewall routers cannot be bypassed by trojans?? Well they could if you have UPnP Enabled on the Router. So anyone who uses a router for a firewall, must have that UPnP unchecked at all times.

 

If you are running Linux on your main computer, then most of the information given in this forum will not apply to you. Linux is not designed for security first and foremost (you need to look to OpenBSD for that) but it does not have the design and architectural flaws of Windows.

With Windows, most malware gets installed via exploits in Internet Explorer which, in its default configuration, allows a hostile website to do far too much. Other applications can also serve as attack routes (email, messaging, peer-to-peer apps) so further measures (scanners, registry monitors, process protection) are needed to keep a clean system clean.

UPnP is a typical example of the stupid design decisions Microsoft has made in the past - Windows XP SP2's firewall can also have its configuration changed by applications to let their traffic through, suggesting that Microsoft doesn't learn from their mistakes very well.

 

Yes your right. But I dont want to get into the Linux vs. Windows rant here. But, yes, Linux IS HACKABLE It might have LESS viruses, but it is hackable and even more so than Windows for that matter......

Yes, the first thing I did on my other DSL machine, is that I automatically disabled UPnP on the router. Also I would like to add, how can I DISABLE UpnP manually Just curious.

And you mentioned OpenBSD.....YES YES YES, I have the version 3.5 CDs right here. But just can't or afraid to install it though
I even was afraid or too hesitant to install Linux.....