As I recently got my ADSL line (finally!), and plan on leaving my main computer on for "extended periods of time", I'm beginning to ponder what firewal I should use. I've heard good things about ZoneAlarm, but I recently saw a post somewhere that it connects to ZoneAlarm web servers. People seemed pretty paranoid about this, even though I find it most likely the connections are only done when requesting info on access attempts etc - which is exactly what a ZoneAlarm associate said in a reply to an email sent to them. The same post mentioned a firewall called "tiny personal firewall", which generally seems to be pretty fine (and 100% free, tiny, not very bloated, etc). HOWEVER, as far as I can see, all configuration of "tiny" is done through a socket connection...and yes, remote administration is possible. You can turn remote admin off, but it i still configured through sockets, so I wonder if there could be backdoors or exploits available. At least tiny does inform you (in its connection status window) that it's listening on the various ports... All of this is from my own guesses and quick looks, so I have no confirmation. But it has made me curious and... paranoid :). What do you people think? And what (software) firewall would you recommend?
Posted on 2001-07-03 22:16:00 by f0dder
forget about firewall, get ICE DEFENDER. :) that program will shield you from attack (such as pinging and ip finding through netstat). not just that, it protect you against website. (i haven't use ice defender yet. i know, cause i couldn't hack my brother computer yet(he's using ice defender :D )). i don't use any firewall. if i use it, i will get many alert and that's annoying.
Posted on 2001-07-03 22:22:00 by disease_2000
"ice defender" wouldn't be "blackIce" or something similar, would it? I've heard bad stuff about it. Can't remember specifics, but it was bad enough I don't want to even test it. As for firewalls annoying you :), it's all about setting up a sane "default mode" and creating appropriate rules. There will (should) be a lot of alerts at first, but this will cool down as proper rules are applied. As for being protected against attacks, that's exactly what a firewall is about. To keep people away from your stuff, and *very* important in these days, to keep spyware from sending out spy data! Too bad you can't be protected against flood attacks (any "firewall" or "security" product claiming it can protect you against floods...is a product to avoid at all cost). I'm evaluating Sygate Personal Firewall right now, it seems like a decent product. Not as paranoid/configurable as I'd want, but... definitely easy to use. ZoneAlarm will be my next test app. More feedback welcome.
Posted on 2001-07-04 04:32:00 by f0dder
black ice defender isn't a firewall,it's creators state that themselves on their site. They say it's only an 'intrusion detection' application but that it doesn't prevent intrusion (like a firewall should) I personally use zonealarm right now and I have been pretty happy with it until now. Talking about firewalls: how do they work? I mean how do they know that something connects to a certain port and how do they stop it from happening? This message was edited by Hiroshimator, on 7/4/2001 5:07:30 AM
Posted on 2001-07-04 05:00:00 by Hiroshimator
I would think they place themselves between NDIS and your protocol drivers, ie, getting raw packets. Not too sharp on the NDIS interface, but there must be a way of passing packets up/down (or blocking them) in the hierarchy. This would seem to need VXD (or NT's equivalent) for ring0 code. Using the same techniques, you could get "raw sockets alike" under raw-socket-inhibited win9x...dunno if code like that should be made publicly available. I wouldn't like to see it as a plugin for hybris... distributed SYN floods from thousands of compromised win9x boxes, UGH.
Posted on 2001-07-04 05:26:00 by f0dder
Best firewall (in my opinion): iptables or ipchain Disadvantage: this is linux software :-)
Posted on 2001-07-04 05:53:00 by bazik
ZoneAlarm is a good firewall. noyhing will get in or out without your knowing about it. also I would put some programs on that scan downloads and your e-mail, as well as script checking while you browse the internet. also it would be good to also get a Cookie monitor to delete cookies but pick one that will let you allow what cookies you want or don't want. I have all of these things in my system, cuz I do leave my system online 24/7 couse I host myself. With all this stuff installed you should beable to surf the net and stay invisable, with all your info and content in your system staying there. I am a true believer that if you want info from me ASK!!!!!. otherwise, screw you. It took me over 6 Months to find all these program ones that will not interfer with each other. Alot of firewalls I have tryed messed with other programs I had for protection, and visversa, but I finally found all the right ones that work together. and does not take performance away from my ststem. ZoneAlarm is good. Zcoder.....
Posted on 2001-07-04 09:59:00 by Zcoder
let me ask you guy a question: why use firewall? i use the net alot. use icq, check email, browse the net. chatonline and have no problem except the CIH virus on June 26th. :) (and guess what? only one file was lost! and that was opengl2.exe, ha! i can get that easily off the net again) normally, the one with more skill in hacking doesn't run around and hack people like you and I, they would do that to some place that has strong security, that's what they considered as challenge. but newbie, the wannabe would attack us and most of the time, fail. ------------------------------------------------------------ oh wait. f0dder, it makes sense to me now. you're on DSL. ehhehe !!!!:D :D :D you should worry. This message was edited by disease_2000, on 7/4/2001 11:51:11 AM
Posted on 2001-07-04 11:47:00 by disease_2000
bAZiK: if I were to use stuff like that, I'd throw out my router, install a second NIC in my FreeBSD box, and use that for routing and firewall :P All: you might want to check out AdMuncher , a nice little app that removes banners.. works by putting a wsock32.dll file in the dir of each app you want to not use banners. Think the app has some of my code in it, btw :P
Posted on 2001-07-04 11:49:00 by f0dder
Blackice and ZoneAlarm are both good progs - I use/have used both and like both. There are advantages / disadv of each that are covered very well on Steve Gibsons site: http://grc.com Have a read and you can get an idea from that. Either one will do what you want at the end of the day. James http://james.ezylink.net.au
Posted on 2001-07-04 23:11:00 by James
If blackice == blackice defender, look what gibson has to write:
As far as I could tell, BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the Zombies and Trojans running inside the poor "Sitting Duck" laptop. I knew that BlackICE Defender was a lame personal firewall, but this even surprised me.
comes from his story about the DOS attacks on his server. Matches very well with what "knowledgable" people have been telling me - to stay away from blackice defender. I'm gonna stick with tiny personal firewall, http://www.tinysoftware.com. It seems to be a fair product, is free for personal use, etc. And can be configured to be "pretty suspicious" and give you a lot of nice warnings. Plus, it does MD5 hashes of trusted executables, so a trojan can't just call itself "iexplore.exe" and get through to the internet.
Posted on 2001-07-05 11:32:00 by f0dder
hi what about conseal? i use it both for w98 and NT, and never has any problem with it
Posted on 2001-07-05 12:35:00 by vecna
you should check out: http://grc.com/lt/scoreboard.htm
Posted on 2001-07-05 13:33:00 by savage
wasn't conseal bought lately? By mcafee, I think. Which means it will go straight to hell :P.
Posted on 2001-07-05 14:06:00 by f0dder
In my opinion, the best firewall is still AtGuard .... but the company has closed ..... and guess what ... Symantec bought them ... What is cool is that Norton Internet Security is completely based on previous AtGuard Technologies .. i've cheched and they use the same core ( same VxD's ) with minor modifications. This is a truly good firewall .... but beware of some bad things like AutoCreation of rules ( turn it off ). It also comes with an impressive set of pre-made rules. I make my own rules for some programs not covered by those pre-made rules .. The only drawback is the price Symantec charges you ... Hope this help ... Jp ps: sorry for my bad english lol :0 I'm from Quebec, by the way how do we pronounce Iczelion ?
Posted on 2001-07-05 22:18:00 by Jp