# Firewall Software.



## arnisador (Nov 2, 2002)

My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants?


----------



## Nightingale (Nov 2, 2002)

dunno if this is true or not, but read it in a PC magazine...

Hackers tend to hack computers that are always available to them... so when you're not using your system, turn it off.  


I'm not really sure about the software, but I've got some friends who are network admins, so I'll ask around for ya.

-N-


----------



## Bob Hubbard (Nov 3, 2002)

http://zonelabs.com  ZoneAlarm is your friend... it blocks in AND out, and gives you control over what does what.

Its a bit tricky sometimes to tweak, but I run it exclusivly on my systems.

Try the free version.  Its all I use and I've had no problems.


----------



## Rich Parsons (Nov 3, 2002)

Arnisador,

I use Zone Alarm on my PC with a Cable connection. I believe that ZOne Alarm is for free and that ZOne Alarm Plus is available for a slight charge. I just use the zone alarm. I have not had any problems in the year I have been on line with a cable modem. I have a freind that haS USED zone alarm and Blac Ise both at different times. THey offer different advantages.

Just my experience, use at your own risk

Rich

PS:  Dang IT Kaith posted by the time I finished mine ;~)


----------



## Robert Carver (Nov 3, 2002)

What brand of router did you purchase? The reason I ask is that many of the routers on the market have a built in firewall. I have a Linksys router, and it has a very effective firewall. FYI, there are two types of firewalls, hardware and software. Both are effective, but I prefer a hardware firewall. The routers that act as a firewall in effect become the "computer" that is seen from the internet. So since the router has nothing on it, what can be seen is nothing. You then attach your computers via a network cable to the router and what is seen on your side of the router is effectively blank for all the world to see. The router does everything your PC does for connecting to the internet, and acts as a DHCP server to your PCs.  So it takes the connection to the internet and then assigns an IP to each of the PCs on your network dynamically. So when you send a request (like click a link on a webpage) it knows which computer sent it, and who to route the resulting web page to. Because it is the result of a send, it allows a receive to take place. On the other hand, it an unrequested "receive" comes in, the router basically ignores it. This in effect puts your internal network in "stealth" mode, and appears to not even exist. Also the router, unlike doesn't have ports on it like your PC and therefore there is no way to get in.

After that long (and hopefully not too confusing) explaination, the botton line is that hardware firewalls are more effective shields for your PCs since it makes them unseen by those on the internet. Software firewalls do the same thing, but my experience is that when a ports is probed by someone and you use a software firewall, the return they get is that the ports is "blocked". So they know something is there and with enough persistence, may be able to still get in. Whereas a hardware firewall gives the response that nothing is there, so they move on to another target.

If you would like to test your own vulnerability, go to these resources:

Gibson Research Corporation at http://grc.com. Follow the links to Shields Up! and use their test. It will probe your ports and let you know how the rest of the internet see you! Please note that GRC just upgraded their servers and the Shield's Up! test is currently offline. So check back in a couple of days.
Also, do a little surfing at GRC. They review different types of firewall, both hardware and software. Lots of good information without all of the sales garbage you get from the companies that make the software.


----------



## cdhall (Nov 3, 2002)

> _Originally posted by arnisador _
> 
> *My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants? *



I asked about this when I got my cable modem and found out that Mac OS X has firewall software built-in.  I just had to turn it on.  So switch and get a Mac.


----------



## Beng*Chuan (Nov 3, 2002)

> _Originally posted by arnisador _
> 
> *My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants? *



You might want to try using a software firewall too. Maybe that will be 100% Protection


----------



## bdparsons (Nov 3, 2002)

with Norton Internet Security.  I tried Zone Alarm and it's OK, but I've found the Norton's product catches and stops much more activity.  Hope this helps.

Respects,
Bill Parsons


----------



## Beng*Chuan (Nov 3, 2002)

> _Originally posted by bdparsons _
> 
> *with Norton Internet Security.  I tried Zone Alarm and it's OK, but I've found the Norton's product catches and stops much more activity.  Hope this helps.
> 
> ...


 ZA is much better than NIS, and ZA can do a lot than NIS can't. Among the best firewalls are Zone Alarm Pro, Zone Alarm PLus, Zone Alarm Free, Kerio, Sygate Free & Pro, Outpost Free & Pro (which im currently using), and maybe I forgot another . But NIS is not included there
NIS is really not a good idea after-all. I tried it myself for 1 1/2years. You would like more on this subject, try www.dslreports.com/www.broadbandreports.com It's like the best forum for PC Related. Here's the security link > http://www.dslreports.com/forum/security,1

Yes, it can be a little hard while surfing, just remember to click on all those buttons on top they will take you were you want. the red one, like a envelope, will take you where all the forum are at, and you click on the one you want, and it show you some topcs. become a member first. free & easy 
see you there.


----------



## Rich Parsons (Nov 3, 2002)

With the hardware firewalls you do get a different feedback when trying to 'ping' or break your way in.

Yet, I have found with most of my friends that the Istant Messengers may work for the quick messages but not for file transfers or the like.

Do your research and find out which is best for you. 

 

Rich


----------



## theneuhauser (Nov 3, 2002)

i use tiny software's firewall, it's free and has a good level of control, but its not very intelligent. i dont believe that most software is. ive been told that if you are willing to drop some cash on one of the external hardware-type firewall systems you will get the real deal. 
like robert carver said, the hardware is better. basically because software becomes a part of your operating system so its not really keeping anyone or anything out of your computer, it just throws up a smokescreen from inside. the external hardware will put up a tangible first barrier against incoming hits. just another degree of security. ive heard that you will pay 100-200 u.s.$ for a good one.


----------



## TkdWarrior (Nov 3, 2002)

i had probs with hardware firewalls but yup they r most effective in most cases...
otherwise best software is ZoneAlarm pro(if u can pay) otherwise there's free version too..
-TkdWarrior-


----------



## Robert Carver (Nov 3, 2002)

Good point Rich. I have also noted that file transfers with instant messages do not work with a hardware firewall. Never tried it with a software forewall, but at least you can disable it quickly (no disconnecting the modem from the router and plugging directly into your PC). However, I don't accept file transfers from any instant messanger chat, so that is not a problem for me. 

Arnisador, here is the bottom line. The only sure way to protect yourself from miscreants on the internet is to unplug your PC from the internet. Since that is probably not an option , then the next best thing is to isolate your PCs/network from the internet. That is where a hardware firewall comes into play. It simply does not let port probes get to your PC (past the firewall). On the other hand, as theneuhauser points out, a software firewall still allows port probes to get to your PC, it just blocks that probe.

Also, like I mentioned previously, most routers come with a built in firewall. Check your manual, because you may already be protected.


----------



## arnisador (Nov 3, 2002)

> _Originally posted by Robert Carver _
> 
> *Also, like I mentioned previously, most routers come with a built in firewall. Check your manual, because you may already be protected. *



I appreciated the explanation of what the hardware and software versions do. It never occurred to me that the router might have this built in--I just assumed I'd have to buy one. I'll check its documentation (iPAQ Connection Point CP-2E) and look into the GRC site when it's back up (it is still down now) and also into Zone Alarm.

Thanks all, this has been very helpful!


----------



## Beng*Chuan (Nov 3, 2002)

> _Originally posted by theneuhauser _
> 
> *i use tiny software's firewall, it's free and has a good level of control, but its not very intelligent. i dont believe that most software is. ive been told that if you are willing to drop some cash on one of the external hardware-type firewall systems you will get the real deal.
> like robert carver said, the hardware is better. basically because software becomes a part of your operating system so its not really keeping anyone or anything out of your computer, it just throws up a smokescreen from inside. the external hardware will put up a tangible first barrier against incoming hits. just another degree of security. ive heard that you will pay 100-200 u.s.$ for a good one. *


Wrong. Tiny is the firewall that is not so good, but that doesn't mean others arent. I can prove for myself that Kerio 3 is currently beta will be good, Zone Alarm products are great. Agnitum Outpost is like 1 of the best.


----------



## Beng*Chuan (Nov 3, 2002)

> _Originally posted by TkdWarrior _
> 
> *i had probs with hardware firewalls but yup they r most effective in most cases...
> otherwise best software is ZoneAlarm pro(if u can pay) otherwise there's free version too..
> -TkdWarrior- *


Agnitum Outpost Firewall does  more than what ZA does or can ever do  
Outpost has free n pro version. Not much difference, either one is still great.


----------



## Robert Carver (Nov 3, 2002)

Arnisador:

Just looked up your product on the HP/Compaq site, and yes you do have a built in firewall.


----------



## arnisador (Nov 3, 2002)

Thanks Mr. Carver, your help has been much appreciated! There are aspects of computers I know well but networking is _not_ one of them.

I did download Zone Alarm but it now sounds like it would be superfluous.


----------



## Robert Carver (Nov 3, 2002)

Happy to help Arnisador. Check your documentation for the iPac. My Linksys router has the ability to integrate ZoneAlarm into it for double the protection. Yours may also have the ability.

If you need any further assistance, please feel free to contact me via email if you like.


----------



## JD_Nelson (Nov 4, 2002)

I work in the networking fiel in the information systems industry.  I have always had a tough time explaining to customers why a hardware firewall is better than a software firewall.  Thank you for making it even clearer to me.  

Best Regards,

Jeremy


----------



## satans.barber (Nov 6, 2002)

> _Originally posted by arnisador _
> 
> *My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants? *



Bear in mind that now you've got a router you don't really need a firewall, unless you're forwarding ports.

See, you only have one IP address for your house, which would have used to have belonged to the computer that you dialed up with, or that had your cable or DSL modem attatched to. 

When people scanned IP ranges for exploits, if your IP was in the range it would have scanned your actual machine, which is why firewall software would have been a good idea. Now though, the IP will belong to your router, which isn't running Windows and therefore isn't vulnerable to the attacks you had to worry about before. 

You only need to put a firewall on your PCs if you're forwarding ports (for instance if you're running an HTTP or FTP server on one of the machines), and firewall software would be useless then anyway since you'd need to tell it that people could access these services in order for them to work.

Ian.


----------



## Mithios (Nov 21, 2003)

Your router has a built in firewall.  But if you want to know about one that works well, try black ice or zone alarm.  Trial versions of both are on www.download.com.  Check out www.majorgeeks.com for more firewall selections. I tried bitguard not to long ago and wasnt impressed with the results. Zone alarm and black ice are much better.
Mithios


----------



## lhommedieu (Nov 21, 2003)

> like robert carver said, the hardware is better. basically because software becomes a part of your operating system so its not really keeping anyone or anything out of your computer, it just throws up a smokescreen from inside. the external hardware will put up a tangible first barrier against incoming hits. just another degree of security. ive heard that you will pay 100-200 u.s.$ for a good one.



I was recently attacked by a nasty little scumware program that hijacked my internet browser and kept spitting out popup ads, websites - you name it, I got it.  It wouldn't let me overide my "homepage" options, so everytime I rebooted I got the same homepage again (disguised as a "search engine"). Every attempt to eradicate through Norton Utilities and Norton Anti-Virus failed; Finally I contacted the company that makes Norton and, _after an hour_ of taking over my system (pretty cool to watch), they were able to kill the little sucker.  No way I could have done it on my own, as they had to download programs onto my hard drive to get the job done.  I guess the moral is that if I had an adequate Firewall, it probably wouldn't have happened in the first place.

Here in NYC where I have Verizon DSL, Verizon sells the Linksys router for $79.95, and offers technical support to boot.  The payments can be split in three and put on your monthly bill.

Sounds like a great deal.  After reading Robert Carver's post and contacting Verizon, I think that this is the route I'm going to go...

Thanks, Robert.

Best,

Steve Lamade


----------



## phoenix (Nov 21, 2003)

> _Originally posted by arnisador _
> *I appreciated the explanation of what the hardware and software versions do. It never occurred to me that the router might have this built in--I just assumed I'd have to buy one. I'll check its documentation (iPAQ Connection Point CP-2E) and look into the GRC site when it's back up (it is still down now) and also into Zone Alarm.
> 
> Thanks all, this has been very helpful! *



Bear in mind there are two main kinds of attacks.  Typically a hardware-based firewall solution will deter network-based attacks, while a software firewall (such as zone alarm, norton, etc.) stop host-directed attacks.  I would recommend using your routers built-in firewall, if it has it, as well as a software based firewall (zone alarm if you're pretty computer savvy, norton or mcafee if you're more of a 'user').

Hope this helps.

Sean


----------



## arnisador (Nov 22, 2003)

I'm in-between.


----------



## Cthulhu (Nov 25, 2003)

You don't have to be 'savvy' to use ZoneAlarm.  Installing it is very easy and setting the permissions isn't difficult at all.  Now, if you want to be able to utilize all the information it logs, then it would help to have some familiarity with network and Internet concepts; however, if you just want to take advantages of its security, then it is definitly a worthy option.

And it's FREE.

Cthulhu


----------

