# What is the best...



## bobster_ice (May 4, 2006)

What is the best firewall?

Im asking this because my friend is being an *** and hacking my computer, not only is he hacking me, he is messing my computer up by moving files and stuff around. I would hack him back but....I would get into alot of trouble.


----------



## Bob Hubbard (May 4, 2006)

Zone Alarm.

Free, and works both ways.

See: http://rustaz.net/nonfiction/compcorner3.htm
has links and some info on it and other PC safeguards.


----------



## crushing (May 4, 2006)

After having some problems with Zone Alarm, I switched to Sygate, which is also listed in Mr. Hubbard's link.


----------



## Bigshadow (May 4, 2006)

Yep, Zone alarm should put a stop to that.


----------



## Andrew Green (May 4, 2006)

First run every windows update you can, might take a few runs.  But first priority should be to close the holes.  Then stick zonealarm in, maybe even a hardware firewall (router).

Any idea how you are being hacked?  Is he doing it off a local network or through the internet?  Any idea how he is getting in?


----------



## mantis (May 4, 2006)

crushing said:
			
		

> After having some problems with Zone Alarm, I switched to Sygate, which is also listed in Mr. Hubbard's link.


zone alarm can get really annoying. i switched to SYgate too. make sure you turn off the notification messages, unless you are into annoying stuff.

make sure you have good security on your machine. a good password and do not share folders on your computer. 

also, i recommend you use your martial arts against those who play with your computers. i would anyway!


----------



## Bigshadow (May 4, 2006)

Andrew Green said:
			
		

> First run every windows update you can, might take a few runs.  But first priority should be to close the holes.  Then stick zonealarm in, maybe even a hardware firewall (router).
> 
> Any idea how you are being hacked?  Is he doing it off a local network or through the internet?  Any idea how he is getting in?


Good point about the updates!  Definitely do them FIRST!  

I was going to mention a hardware router, too.  IHMO, a linksys router is a very good choice.  I figure his friend is a neighbor who has the same service and is probably walking up and down the subnet with file explorer.

Also, as others have mentioned, Zone Alarm can be annoying.  That is why a hardware router is so much more attractive as a solution.


----------



## bignick (May 4, 2006)

iptables is great, probably not to helpful to you though


----------



## crushing (May 4, 2006)

Good point Bigshadow.  Get thee behind a NAT.

I have my PC NAT'd behind a router, so the firewall isn't as big of an issue for incoming, however, the firewall is also key in letting me know what programs want to communicate out to the internet too, including nasties like spyware (or just other programs that want to phone home).  Which is what I think Mr. Hubbard meant by 'works both ways'.

http://www.howstuffworks.com/nat.htm

and more specifically, the security aspect of NAT:

http://computer.howstuffworks.com/nat3.htm


----------



## Bob Hubbard (May 4, 2006)

Zone Alarm works on both incoming and outgoing connection attempts.  Programs like Black Ice by comparison only work against incoming, but don't block outgoing connection attempts.  We found this out when my HOP printer driver tried 'phoning home'. lol

Sygate's decent, but last I looked they were bought up by Symantic, and I have a low opinion of anything made by them.  The notices from ZoneAlarm can be set to ignore.  I checked my logs recently and was amazed at what was in them, but only get an occasional notice.  (And I'm on line 12-18 hrs a day, lol)  

Hardware firewalls the best, though you can usually find something with most current DSL/Cable routers.


----------



## mantis (May 4, 2006)

Bob Hubbard said:
			
		

> Zone Alarm works on both incoming and outgoing connection attempts. Programs like Black Ice by comparison only work against incoming, but don't block outgoing connection attempts. We found this out when my HOP printer driver tried 'phoning home'. lol
> 
> Sygate's decent, but last I looked they were bought up by Symantic, and I have a low opinion of anything made by them. The notices from ZoneAlarm can be set to ignore. I checked my logs recently and was amazed at what was in them, but only get an occasional notice. (And I'm on line 12-18 hrs a day, lol)
> 
> Hardware firewalls the best, though you can usually find something with most current DSL/Cable routers.



yep, i keep the old executable of sygate before they were bought out. 
that was a bummer when i found out!
windows XP firewall is 'eh' but should be enough to block his nice funny hacker friend.


----------



## bobster_ice (May 5, 2006)

Thanks for your help everyone, I have now downloaded Zone alarm and ive done all of the updates, Thanks alot!!!

Bobby


----------



## Bigshadow (May 5, 2006)

crushing said:
			
		

> Good point Bigshadow.  Get thee behind a NAT.



One of the beauties about the hardware router/firewall is that the IP address that is doled out by the internal DHCP server is the non-routable IP addresses 192.168.x.x  This is compounded by the fact that the router must use NAT to connect an incoming (from the internet) socket request to a box on the local 192.168.x.x network.  If you don't configure NAT, then you are doing quite well unless someone gets some software inside on your computer that can report the network topology (outbound traffic).  So it is good to not only have the hardware firewall/router but some software that also monitors services and outbound traffic for suspicious activity.

I use a combination of things both hardware and software.


----------

