What software firewall are you using?

[Soccer4dummys]

Quote:

Originally Posted by linkinboi

i'm using the AVG 7.5 anti virus program which detects spywares too.n i run a scan everyday.do i still need a Spyware Detection Software?

I'd recommend it. Try downloading them, and see if they pick up anything. Better safe than sorry.

[Ailindah]

Little late for this thread, but gonna jump on it anyway hehe. I am one of the hardware firewall users. Over the course of years I've tried several different software firewalls and never really cared for any of them, aside from restricting which programs get access to the internet. As a private, home computer user I don't really see the need for a high end software firewall, this is only my opinion mind you, so I don't use one. I do a lot of chatting, downloading, IRC etc. and have never had any issues at all. However, I do use a good antivirus as well as 3 different spyware programs, only one for real time tho. However, firewall options are a per user basis and as long as it makes you feel secure then it is causing no harm.

[RU Still Down?]

When I used Windows the only 'firewall' i used was ISS's BlackICE PC Defender. It wasn't a real software firewall. It's more of an Intrusion Detection/Prevention System and because of this it was very lightweight. It kept people out of my system even if I hadn't updated Windows (or Internet Explorer) in a while (especially in paranoid mode). It was most useful when i was directly connected to the Internet (not behind a NAT router) via dial up.

Later on in its product cycle ISS decided to add Application Protection to BlackICE. I never used that feature because I feel like I have (or should have) more control over what is on my system than what is coming into it.

Alas, ISS was bought out by IBM and they decided (not immediately but eventually) to shutdown the BlackICE project. I'm disappointed.

If you're still really interested in an IDS/IPS (Intrusion Prevention System) to put in front of your computer I suggest you look into Snort (An old article about Snort at Security Focus). Snort is VERY complicated but it's worth it. Some suggest that Snort should be run on a linux (or FreeBSD) box in front (handles all of your traffic-- like a 'router') of your computer (so you won't notice it hogging CPU cycles) but there is a Windows Binary available if you're interested. There are also lots of books available on Snort (at least four). This list of Snort Resources might also be of interest (although it was last modified in 2005). You'll have to recompile Snort if you want to run it as an IPS.

Quote:

Originally Posted by Ailindah

I do a lot of chatting, downloading, IRC etc. and have never had any issues at all.

If you're downloading lots of 'pirated' material (whatever that means) you should use Peer Guardian. It can be used to block a list of IPs (and IP ranges) that belong to government (US and foreign) and (known) anti-p2p organizations. Read more about the various blocklists. I use the Level1 list from Index of /lists (it's labeled p2p.php there) which includes both government and anti-p2p organizations.

If you're not using Windows I suggest using Moblock (i've only run it on linux) for the same effect.

Of course, these lists are compiled by users so you might not trust them. Peer Guardian WILL mess with (block internet access to) various games because their IPs are on some blocklists. You'll have to add those IPs to a white list or remove them 'manually' depending on what software you're using.

Interestingly enough, an article was published on this exact subject on Arstechnica just two days ago. P2P researchers: use a blocklist or you will be tracked... 100% of the time

Quote:

Anirban Banerjee, Michalis Faloutsos, and Laxmi Bhuyan collected more than 100GB of TCP header information from P2P networks back in early 2006 using a specially-doctored client. The goal of the research was a simple one: to determine "how likely is it that a user will run into such a 'fake user' and thus run the risk of a lawsuit?" The results are outlined in a recent paper (PDF), "P2P: Is Big Brother Watching You?"

According to the article you should add a BOGON list (listed above) to Peer Guardian client. anti-p2p groups like to use those ranges.

Quote:

Originally Posted by Ailindah

... aside from restricting which programs get access to the internet. As a private, home computer user I don't really see the need for a high end software firewall...

I agree with most of what you say about software firewalls.

But there is a simple reason why a software firewall might be useful to someone (for home and business): If another computer on your home network (or any network you might connect to) is infected with something your computer might become infected too. This is especially true for laptops because they will run on many different networks in their lifetime. Even though your box might not be used to send spam (because its sharing a connection with other computers) or be served spyware, crackers might be interested in the files on your computer. They might also like to split up your zombie's work load with other machines on the network. With highly decentralized botnets (like the storm botnet) you never know what your computer might be used for. This is why you need to also monitor local connections via at least a basic software firewall if you're really interested in your computer's security.

[ahoier]

From my past experience, ZoneAlarm is good for the newbie user...though I haven't used it since the days before they added AntiVirus and made the move to their "Security Suite" (added bloat.....).

But from my experience, ZA Free firewall is a good newbie firewall.

Outpost was great when I tried it, it took a lot of rule-setting to "tie it down" per se though

But really, all "good" firewalls need some sort of rules...just hitting the "Always Allow" in ZA isn't the best option, but AFAIR, that's all they really offered...and if you added too many rules, you ended up with a sluggish firewall/computer due to too much rules processing.



Lately, I've just been using a NAT'ed router (Linksys). Nothing can get in, that's for sure, unless I open the port (BitTorrent for example...). Aside from that, I still have the Windows Firewall on, it doesn't nag me about outgoing connections, etc.

A quite-dated read, but I think it's still fairly accurate (for the largely commercialized/pay firewalls anyways....) - Personal Firewalls are snake-oil (http://samspade.org/d/firewalls.html). most of them "scare" you into believing you are under some attack so the consumer goes out to buy their "Pro" version....

It's almost as bad as the Anti-AntiMalware crap that's been hitting the Internet lately...telling the consumer they are infected with some malware (which the anti-antimalware installed...), but asks for a credit card number and $29.95 to "fix" the infection.

My solution? Safe Mode with Networking --> Internet Explorer --> Google.com --> online virus scan --> BitDefender online scan, when that's done, PandaAntivirus Online scan --> and then Windows Live OneCare "Safety Scan" (another online virus scan - don't buy into their product....yet).

[Dermot]

Any half decent bi-directional firewall can be classed good..

Oh and i picked other because i use ESS (Eset Security Suite)

Anti virus, antispam, antispyware, personal firewall all in one.

[VvWolverinevV]

Quote:

Originally Posted by Spike

... if you have a router you shouldn't ever need to use a software firewall (provided your hardware firewall is good at doing what it does).

This claim got me wondering, Spike. I asked about this on TS, and it seems like people there are generally more cautious than you are.

Firewall Software Necessary Behind Router? - TechSpot OpenBoards

[Philip]

Quote:

Originally Posted by Philip

I'm using Zone Alarm Free 7.1.078.000 with Windows Vista x32. Don't know when they'll be coming out with Vista x64 capability. You could check their forums.

Well scratch that out. I've gone back to Comodo Firewall Pro 3 after discovering ZA was the culprit behind my slow Vista shutdowns and interfering with my torrent downloads.

[MrEggsalad]

I no longer use a software firewall, just rely on the router. I've never had any issues (been doing this for quite some time) and well it's easy and it works!