I ran SEVEN tests on my PC last night using EIGHT different firewalls, and this is what I came up with. ). I'm using TWO firewalls:

Agnitum Outpost Pro
(set up to let allow my most common applications access to the net)

Sygate Personal Pro
(set up to ask me whenever any application wants to access the net, including Internet Explorer)

Then I also have Trojan Remover and The Cleaner 3 installed, and they regularly check my machine for Trojans and other programs, and also scan for changes to programs that I already have installed.


These are the tests I ran on my PC:

pcAudit
GRC Leak Test
GRC Port Scan
Too Leaky
PC Flank Port Scan
Fire Hole
Outbound

pcAudit is probably the best Trojan simulator test to try, because it's ultra sneaky. This is how my system works to stop it:

pcAudit hijacks other programs, the ones that you allow to access the net (even the firewall itself), to send your info to their website. Well, what I did was restrict the number of applications that I allow to use the net on Agnitum Outpost Pro (and even then they're only partly trusted). Then I set up Sygate so that it asks me for permission before anything goes out. So what happens is that when I turn on pcAudit I get this strange message from Outpost Pro saying Windows Explorer wants to access the net. I have to then ask myself why? I didn't initiate this. Then why is information trying to leak out? Obviously something's wrong. So I say no. Ok, so then a moment later I get a message from Sygate saying that Internet Explorer wants to access the net. But why? I didn't initiate this either. So I say no again. Ok, so then pcAudit just says "Your PC is well protected" and turns off. Voila. The system passes the test. Outpost and Sygate are the only two firewalls I tested that pcAudit can't hijack for some reason.

You given NeoWatch a try?

I've been using it quite happily for a while now.

www.neoworx.org

God bless,
--PhirePhreak

Try this test on 1 firewall.[say Agnitum first]
Than on Sygate.

Will you get the same allerts?

Using 2 firewalls your first firewall detects something than your second firewall gives no allert only when the first doesn t detect it the second one will allert you[when he detects it??]


I like to hear your results. bye

It sounds to me like you tried SEVEN different tests on EIGHT diferent firewalls, and got NINE different results, and now need to come up with TEN ideas to fix them.

My opinion is that ONE firewall is enough!!

If it is configured correctly, you will not have any issues. Instead of wasting time with more than one firewall take some time to try an IDS.

Like it has been said before in these forums, using more than one firewall is like using more than one condom. It doesn't really give you any extra protection and it just makes it harder to get the job done.

Like it has been said before in these forums, using more than one firewall is like using more than one condom. It doesn't really give you any extra protection and it just makes it harder to get the job done. [/B][/QUOTE]

I sorry Invictus that isn t true!
As i said in another post my norton personal firewall 2001 did not detect microsoft windows kernel core component!!!

Sygate my second firewall did detect it!!!!!

At this moment norton also detects it[after an update]

So the second firewall did ad something to the defence!!!!

The simple fact of the matter is one of those firewalls is going to get hit with the data first and so it's going to bark first.

iNViCTuS - I couldn't have said it better myself. :thumbsup:


dpwes - If you want more protection then let me recommend setting up a gateway box in between your PC and internet connection. A really easy one to setup and get running is from www.clarkconnect.org. It's a simple Linux install that takes almost no knowledge of linux, you just need to know your pertinent IP info and you'll be up and running. This solution will afford you more security (not to mention stability) in the long run.

personally I don't see a problem with using more than one but be sure it is configured right.

I have to agree that more then one firewall is a waste..... get a firewall that is totaly customizable.... If its a good firewall(unlike norton) It will get the job done.

When i was on windows my favorite Firewall was Tiney Personal Firewall, it was very good and if u configured it right didnt give me any problems :)

Ones enough!

Like it has been said before in these forums, using more than one firewall is like using more than one condom. It doesn't really give you any extra protection and it just makes it harder to get the job done.

But what if she's on the pill and you use a condom? Surely that reduces the risk. Hmmm...but then the pill would be like the virus scanner and the condom would be the firewall. Have I got the analogy right? :)

Greg

sounds about right to me hot_ice. Unless of course you use spermacie and/or the foam. Then there are always diaphrams and the sponge and etc etc.

I love to see the downward spiral of some of these threads. :thumbsup:

Keep it up everyone. It's amazing to see how a thread about two firewalls turns into sex education. I just love it.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by gold eagle
personally I don't see a problem with using more than one but be sure it is configured right.


gold eagle so true.

Never seen some evedence 1 software firewall 100% fail proof.


New versions[updates] of firewalls keep on comming so their is something to improve.


The makers of firewalls are obvious not so convedent off their own products!


Why should we trust 1 software firewall if the next update or new version prob.will come after a few months.

Tell me!

is he talking about his personal computer if so damni thought i was paranoid one firewall to me is fine i use tiny on my windows machine and havent had any problems but on my network i use firewall between external router and dmz, and a firewall between dmz were i keep xternall servers and my internal router inside internal router an ids

New versions[updates] of firewalls keep on comming so their is something to improve.[and not trust]



Compare sygates 4.2 version with 5.0 beta and you know what i mean!

http://www.sygate.com/swat/products/std/whatsnew_std.htm

First off, installing a software firewall on whats your trying to protect is a flawed idea in itself. Using two firewalls is even more flawed. It just eats up resouces and you could still get screwed in the ass.... Don't see your condoms helpin you with that now do you. Personally setup a firewall on a computer that will act as a gateway or buy a firewall appliance perfereably with NAT.

Kadeng...

New updates of firewall software that are released are aimed more at functionality upgrades, not so much security updates. A basic firewall has served it's purpose for many years. The reason firewalls are getting better is because they are getting easier to configure.

So...like I said, multiple firewalls serves no purpose other than making a system more complicated and consuming more of your system resources. If you are going to use multiple firewalls, have one as a gateway at your network perimeter, and then a software based firewall (I personally like Tiny also) on your machine.

But I could think of much better things to be doing with my resources than loading up my systems with extra firewalls. Why don't you try to find out how many hacks can be done against a firewall itself. And no I am not talking about something that was misconfigured. When you find something major, come back and tell me.

Nearly all attacks are done by exploiting weakness in services that are not filtered by the firewall, not the firewall itself, so don't waste your time...

I downloaded agnitum (free version) installed it configured it and used pcaudit and it came back as your computer is secure I think everyone is right, the second one is just eating resources.

Hi all how you doing.

Well firstly differant firewalls work on diff levels of the osi so in theory you could do with 3 differant firewalls for the 3 differant levels that a firewall can work on.

Of cause most fiewalls cover these differant levels.


But with a piece of software that has been programmed there are allways little glitches so using two firewalls is a good idea personally i use 3 firewalls Protect X, Zone alarm, Tiny Personal Firewall each of them doing something else protecting diff ports and some ports are covered twice or thwice.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by THE-OMEN

Well firstly differant firewalls work on diff levels of the osi so in theory you could do with 3 differant firewalls for the 3 differant levels that a firewall can work on.



Sorry to say, but all firewalls except for a proxy server work at layer 4 (which is where TCP and UDP reside).

Proxy servers operate at the application layer and therefore must have an understanding of the application in order to literally tear down and rebuild the session. This is why Proxies are limited in flexibility, and impact performance. But, they are very secure.

All personal firewalls operate the same, none go higher than layer 4 and no personal firewalls are proxies, but can operate at layer 3 for basic packet filtering, like blocking all traffic from a certain IP address as an example.

Therefore i stick to my original opinion that all personal firewall are essentially the same because none of them inspect traffic any more strictly than the others. It all comes down to configuration. Which is why I say choose the PF that you are most comfortable with and is the easiest for you to use.

Now that you better understand this, maybe you can understand why using more than one firewall on the same machine is idiotic.

Your theory is about the same as saying you want to buy 2 cars to help you get to work faster. When in reality you can only drive one at a time anyway, so why not just pick the one that you like best and save yourself some money.

And 3 firewalls at once!!!

You really need help.

**Note to everyone** Sorry for the flame, but I am just trying to get my point across

I might need help but i am the omen i suggest you read networking complete it agree's with my above point although i can see where you are comming from

Discussion of 1 vs. 2 vs. 3 aside.....
What the hell are you trying to protect? My point here is - Is your data worth the effort it is going to take to get past even one ? Probably not.
No offense, but I can't think of a single damn thing I could want off someone's personal computer. Paranoia strikes deep, my friend. Are you so busy trying to protect yourself that you have stopped having fun?
That's just my opinion.

Hell, why stop at 3?

When you find something major, come back and tell me.


Hmm,Invictus did you forget the problem firewalls had with Leaktest and Zonealarm did not?


Major don t you think?

First of all...leak test sucks.

What problem are you referring to exactly?

Hmm,now your playing dumb and stupid.

You have to do better!

No one can learn from you when you act like this.

All the big firewall vendors did update their firewalls after the launch of Leaktest!

So your saying they are all morons listening to Steve Gibson?

A big vendor like Symantec knows notting about security but you do? lol

Steve Gibson is a fool I must say. He is as bad as Carolyn Meinel, especially with his look you've won letter. All you need is one good software firewall on a different computer then you are trying to protect or a firewall appliance. And of course some NAT!!!

Kadeng...

I was trying to help you in the first place by informing you that using multiple personal firewalls is STUPID....period.

I do not know why it is so hard for you to get that fact through your thick skull. Let me ask you a question. Have you ever been hacked while using a personal firewall? If not then why the hell do you have three of them. I am a firewall engineer for one of the largest banks in the world and believe me when I tell you that I have seen just about everthing over the last 7 years when it comes to firewalls. If you want to find out how "secure" your firewall is, test it yourself. Don't rely on someone who has created a simple scanner that isn't worth a shit.

If you don't want to listen to me then don't...I am just trying to help everyone else here since I have been down this road many times before.

And by the way...according to leaktest, a "leaky" firewall is one that does not block trojans and viruses. Well let me tell you this, that is not what a firewall is intended to do. That is what antivirus software is for. A firewall is intended to filter ports in and out of your network. Many personal firewall vendors have added in this type of functionality as "features" like I said earlier. Choose a firewall based on which features you desire.

Also, many personal firewalls are not really firewalls, they are IDS's. It is your responsibility to decide what you want.

I find it funny that you are so worried about your systems that you use 3 personal firewalls, yet you are not at all concerned about sending your clear text passwords across the Internet. Or maybe that is something your limited knowledge hasn't led you to realize yet.

Get a clue....

I'd like to agree with Invictus,

Most -so claimed- personal FWs are actually flow-based/heurystic analysis NIDS, they see an abnormal connection to/from an irregular port and consider it malicious activity or a HACK!!...

Try running RealServer behind ZA for Gods sake and you'll undertsand what I mean, it just needs something that maintains state and has *real* capabilities of acting like a FW....

Also, as invict noted, most packet FWs just don't pass the Layer 3 and 4 limits, and Application GWs/Proxies only work on Layer7 of the OSI model, although there are current attempts by kick-ass manufacturers to integrate the functionality of all the three mentioned technologies into one solution <flow-based NIDS + stateful packet inspection with an undertsanding of the underlying protocol> like the new version's of CP <wich could act like Proxies using resources> and StoneSoft's StoneGate's multi-layer stateful inspection solution. Yet, these solutions aren't mature enough to integrate into the final releases. CP allows you to check any part of a packet <any part of the OSI model> using INSPECT code, but the lack of documentation makes it look like magic more than reality :(

At the end, I would like to stress on invict's point, running multiple FWs on one box is just a plain stupid act with no use. Take it or leave it, but my knowlege with CP and experience with other top-notch vendor's solutions makes me sure of what invict and I are saying...

my 0.02$,
etsh911

I do not know why it is so hard for you to get that fact through your thick skull.

My thick skull needs more than words.

Let me ask you a question. Have you ever been hacked while using a personal firewall?
Like i said it ads something to security.
Try Norton personal Firewall + Sygate and do peer to peer with Morpheus.
Look at the sygate log[traffic]

I am a firewall engineer for one of the largest banks in the world and believe me when I tell you that I have seen just about everthing over the last 7 years when it comes to firewalls. If you want to find out how "secure" your firewall is, test it yourself. Don't rely on someone who has created a simple scanner that isn't worth a shit.

If you don't want to listen to me then don't...I am just trying to help everyone else here since I have been down this road many times before.

And by the way...according to leaktest, a "leaky" firewall is one that does not block trojans and viruses. Well let me tell you this, that is not what a firewall is intended to do. That is what antivirus software is for.

So the firewall engineer is telling me antivirus is 100% security against virus/trojans?lolAnd he forgets the popup windows a firewall shows[your tiny also]to warn you about the app. trying to connect?lol
Every firewall uses them!


A firewall is intended to filter ports in and out of your network. Many personal firewall vendors have added in this type of functionality as "features" like I said earlier. Choose a firewall based on which features you desire.

Also, many personal firewalls are not really firewalls, they are IDS's.
Norton,Sygate,Tiny,Zonealarm and Outpost have ids!


I find it funny that you are so worried about your systems that you use 3 personal firewalls,
2 personal firewalls+xDSL router with NAT.

yet you are not at all concerned about sending your clear text passwords across the Internet.
clear text passwords=leaktest with you as ids!
Or maybe that is something your limited knowledge hasn't led you to realize yet.

Every human has a limited knowlidge!

Get a clue.... [/B][/QUOTE]

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by hot_ice
But what if she's on the pill and you use a condom? Surely that reduces the risk. Hmmm...but then the pill would be like the virus scanner and the condom would be the firewall. Have I got the analogy right? :)

Greg

Nope, it's just vice versa. See, the pills don't protect you from viruses, condoms do. ;)

Test this

http://www.finjan.com/mcrc/sec_test.cfm

Uhm,

Malicious Web Page Demos: were blocked by my UFP sevrer, titghly integrated into a *real* firewall aka CPNG and another kick ass solution known as SSSG;

Scrap Files - Hidden File Extensions: Linux?;

Malicious File Attachment Demos: Receive as E-mail Attachment: That's why I got a CVP server, a CVP server for those who don't happen to know is an AV over IP security solution that -also- tightly integrates into CP thru simple resources;

So, my one and only REAL FW does better than your solution for a fraction of the system load, you know why? cuz it was built by security freaks for security freaks, installing 3 FWs on top of each other is just a system resouce hog no more, can't even consider it to solve any real security issues. Most of those FWs don't even bind to the interface's IP stack so packet based attacks like just pass thru it without any troubles, plus since when did these boxes do stateful inspection to undertsand wtf is actually going on?

The verdict?
Well, there are some solutions out there that cost a bit more but actually provide a lot more than having 3 FWs installed on the same box, plus, if your system cries from 3FWs, what would it do with an AV, IDS, VPN client-server, Auth demon and a small webserver do?

Bah,
etsh911

Cya invict ;)

I agree total on your post,but the majority of the users has limited funds and knowledge so their is no way they will even come close to a tight security you ve just told.

Kadeng.

Nothing is 100% secure, so no a virus scanner can not detect EVERY virus/trojan, but it will do a whole lot better than a personal firewall.

The key is to weigh the risk and determine what level of protection you need. Everything outside of that is simply a waste.

I am done arguing with you. You have already proven yourself to be a moron, and I am not going to waste any more of my time. (same concept you should follow...it is important to know when enough is enough...just like using multiple personal firewalls) ;)

ciao

Moron? boy

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by kadeng
Test this

http://www.finjan.com/mcrc/sec_test.cfm

I tried it, but my Finjan SurfinShield blocked the active content ;)

ah poo... what about just using the firewall provided with XP. anybody have any problems with it?

ah poo... what about just using the firewall provided with XP. anybody have any problems with it?

Configuration.

From what I know, you can't configure anything with it. It does not really inform you about anything that is happening. It doesn't ask you whether something should be allowed to access the internet.

I don't really know too much about it and how effective it is, but I use Sygate - I like to know what is happening and which programs are using my internet connection.

Greg