Can you say me where is the best firewall for windows? :o
Printable View
Can you say me where is the best firewall for windows? :o
Every firewall is good if you configure it right.
I use the one from Sygate, been good to me :)
http://www.uant.net/firewall/sygateg...n=googlesygate
Try using Tiny If you can configure it well.... if you want an easy to configure firewall try ZONEALARAM.
Forum search is your friend.
If you're running XP with SP2, get the inbuilt firewall running NOW.
Use it until you have chosen and installed the new version.
To paraphrase ©opy®ight :
It doesn't matter which one you choose - Just choose one, and use it.
Free firewalls :
http://www.google.com/search?sourcei...rewalls%2Bfree
I downloaded Sygate after checking out this
http://www.antionline.com/showthread...hreadid=262916
and I've been happy with it.
go for IPCOP as hardwarefirewall ! runs on a indipendent system . forget windows xp firewall.
imho a hardwarefirewall is more secure than a softwarefirewall.
well of course hardware is better, and there have been posts that the inbuilt XP firewall sucks, and is easily compromised. im still trying to find a firewall that works well with a low end windows system. it seems that a lot of companies are going for the memory hogging XP looking apps and forgetting about their friends with the old equiptment. sygate is decent, but i have had problems with it crashing....and the fact that to get it working you have to rename a file and copy it to /windows/system.
Quote:
Originally posted here by skarsatai
go for IPCOP as hardwarefirewall ! runs on a indipendent system . forget windows xp firewall.
imho a hardwarefirewall is more secure than a softwarefirewall.
I would like to see your research that leads you to believe the XP firewall sucks. If you ask me, Sygate is poor because they have 3 unpatched vuln's.Quote:
Originally posted here by karmine
well of course hardware is better, and there have been posts that the inbuilt XP firewall sucks, and is easily compromised. im still trying to find a firewall that works well with a low end windows system. it seems that a lot of companies are going for the memory hogging XP looking apps and forgetting about their friends with the old equiptment. sygate is decent, but i have had problems with it crashing....and the fact that to get it working you have to rename a file and copy it to /windows/system.
Including this one:
http://secunia.com/product/254/Quote:
Sygate Personal Firewall comes with a default rule set that blocks all udp requests, however if udp requests originates from source port 137 or 138 they are allowed, thus a malicious person could get access to all open udp ports on a target merely by sending all requests from source port 137 or 138.
I'd like you to link those for me.Quote:
there have been posts that the inbuilt XP firewall sucks, and is easily compromised
i could be wrong man. you dont have to get all mean about it, its been a few weeks and it could have been articles i read from other sites like hideaway etc etc. and no firewall is perfect i know unfortunately. but i still believe there was a post about how the XP firewall has some major issues
that can be compromised by "hackers". but of course i cant find it now, nor am i gonna start a fight over the crappy OS to begin with:)
Once again , now you call the OS crappy, if your Windows OS is crappy that's because you as a user are crappy. My WIndows box can be secure and efficient as any other Linux box !
I knew I heard lies being told somewhere. But, I will contain myself.Quote:
but of course i cant find it now, nor am i gonna start a fight over the crappy OS to begin with
In regards to Windows-based firewalls, I'll never use another firewall after having tasted the configurability and management of Kerio:
1. Boottime firewall protection per NIC. Instead of having the firewall load after being logged in, it loads as a system process and is thus running before you login (to help block incoming bootup attacks and incoming bootup-viri)
2. Built in IDS. Not entirely nessessary, but useful nonetheless.
3. Incoming detection, outgoing detection, program internet usage detection, program startup detection, program asking another program to startup detection.
4. Remote configuration with passworded SSL security (off by default).
Okay, yeah I need to stop before I respond to the "windows is crappy comment"
LOL people can discuss what the best (according to them) firewall is til the end of days...doesnt help much though, for peeps new to firewalls. It works like this...you find a firewall that you feel comfortable with, not necessarily user friendly, but YOU friendly...and then go and test it. There are sites available to test security on your system (i am new here, so not sure if this is one) or if you dont want a site doing it...get a friend to run a port scan on you, and have them try and send you packets...and establish a connection, etc...in my case, i use zone alarm security suite, and when i checked most of my ports are stealthed, which is nice...hehe
It does matter which firewall you choose. The ICF with SP2 (Internet connection firewall) does not have outbound blocking. Windows ICF has no protection against trojan horse applications and other out bound data transfer.Quote:
If you're running XP with SP2, get the inbuilt firewall running NOW. To paraphrase ©opy®ight : It doesn't matter which one you choose - Just choose one, and use it.
Heres the deal Windows firewall severally lacks outbound blocking which is a security risk. Choose Sygate like copyright stated.
He meant get up the XP firewall until you get something else, as having a somewhat crappy firewall is a hell of a lot more protection than none!
precisely...but get another firewall asap!!!
Sygate doesn't have protection against trojans either... what are you going to do when you have your browser as a trusted app, and some trojan uses that... Sygate probably wouldn't even ask you.
not sure about sygate...but i know zonealarm asks me (even for internet explorer) when a program has changed in any way (pain in the ass on updates though) lol
I didnt reply to disrespect or bash Windows ICF. But the truth is ICF only monitors incomming traffic. Not outbound. Lets say your system is infected with a trojan you get online and the person who owned your system is still controling your system with a firewall in place. Now if you have a 3rd party firewall that monitors incomming and outgoing traffic this wouldnt happen to you. ICF has a lot of configuration options not a resource hog, nice application maybe sometime in the future Microsoft will like to include this feature.Quote:
precisely...but get another firewall asap
Sygate has an Auto Trojan Termination feature stops known trojan horse applications before they transmit information from your computer. This quote taken from: Also URL to download it.Quote:
Sygate doesn't have protection against trojans either... what are you going to do when you have your browser as a trusted app, and some trojan uses that... Sygate probably wouldn't even ask you.
http://www.download.com/Sygate-Perso...=dl&tag=button
Hope this helps.Quote:
Sygate Personal Firewall Pro provides a multilayered shield of network, content, application, and operating-system protection for your PC. In addition to advanced firewall technologies, the Pro version integrates a world-class Intrusion Prevention System (IPS) that includes application-based IDS, DOS protection, and Trojan horse protection. Sygate Personal Firewall Pro is the ultimate desktop-security solution, trusted by professionals and relied upon by millions of users.
If your system is properly locked down, i.e. serivces, patches, etc.
You simply don't need a firewall.
And, there is nothing wrong with ICF. If you put the effort into it, Windows with ICF is just as secure as any other OS with any other firewall.
I agree with that... if you are a server!Quote:
Originally posted here by Winston
If your system is properly locked down, i.e. serivces, patches, etc.
You simply don't need a firewall.
And, there is nothing wrong with ICF. If you put the effort into it, Windows with ICF is just as secure as any other OS with any other firewall.
Desktop users require functionality... functionality and variety brings insecurity.
IE... Outlook... Winamp...:p
All have been exploited and can continue to be regardless if a firewall is in place or not. And then, what if the payload is a trojan? Firewall is sounding pretty good right about then. :D
A reverse bind shell will beat SP2, but I haven' t found a firewall I like yet that blocks outgoing connections without trying to get it's hands in everything.
well, first of all...no, that isnt the case...windows, even properly "locked down" is still entirely exploitable, though i understand there are certain things you can do to help...however, you do in fact still need a firewall, simply put...if a trojan gets in your system, and infects a windows file...what does windows do about it? nothing. a decent firewall will recognize that something is wrong, and stop it from axx the internet, til you can fix the file...a decent AV program helps too...but some viruses shut down AV programs lol...
just so you know where i stand...ICF is not NEARLY enough, i started out running with just that, and it let all kinds of crap happen to my computer...now i run a firewall, 2 AV programs, and 3 spyware/adware programs...and now nothing much bothers my computer...(an fyi...get a router...hardware firewalls are MEAN compared to software firewalls)
The routers you are talking about aren't any better than the software firewalls we're talking about...
Entirely exploitable huh...Quote:
windows, even properly "locked down" is still entirely exploitable
And what exploit would that be?
On an updated XP SP2 box, what would be your line of attack? An email attachment?:D
Spyware... hmmmm....Quote:
just so you know where i stand...ICF is not NEARLY enough, i started out running with just that, and it let all kinds of crap happen to my computer...now i run a firewall, 2 AV programs, and 3 spyware/adware programs...and now nothing much bothers my computer...(an fyi...get a router...hardware firewalls are MEAN compared to software firewalls)
Spyware comes almost exclusively through unpatched IE. Your lesson should have been to learn how to update, not to install 6 reactive solutions to one problem.
Your router isn't going to monitor applications on your win32 box... FYI ;)Quote:
(an fyi...get a router...hardware firewalls are MEAN compared to software firewalls)
----edit
Neg.... you just sit there and wait for me to start typing a post don't you
----edit 2
nevermind... I'm just slow. :eek:
funny, all you guys defending xp...amazing how many people run it, and how many updates there have been since its release...i use windows myself, however, as a company, i think ms sucks...they release all their OS half finished...when they do so, you HAVE to get like 6 programs to defend against all the numerous exploits there are. All you network gurus here, dont run firewalls? or antivirus programs? or spyware/adware programs? at all? must be pretty confident in a product that updates for new exploits CONSTANTLY...and i do in fact keep updated...even so, there are hackers that have broken into my computer any number of times...despite the updates, and despite firewalls and other stuff...(moral of the story...NOBODY is entirely unhackable, unless you have no computer/internet connection) so yes, windows is entirely exploitable...
An OS is only as secure as you make it.
I don't miss ActiveX. I don't miss IE, I don't miss Outlook.
But you know what.... I have full internet functionality, a nice browser, and an email client.
WTF have I lost? Viruses? Spyware?
My XP system has never been compromised... Well... externally... I've broken it a few times on my own...
Quote:
Originally posted here by dArtagnan
funny, all you guys defending xp... and how many updates there have been since its release...i use windows myself, however, as a company, i think ms sucks...they release all their OS half finished...when they do so, you HAVE to get like 6 programs to defend against all the numerous exploits there are. All you network gurus here, dont run firewalls? or antivirus programs? or spyware/adware programs? at all? must be pretty confident in a product that updates for new exploits CONSTANTLY...and i do in fact keep updated...even so, there are hackers that have broken into my computer any number of times...despite the updates, and despite firewalls and other stuff...(moral of the story...NOBODY is entirely unhackable, unless you have no computer/internet connection) so yes, windows is entirely exploitable...
All of your 6 solutions are reactive. 2 A-V, 3 A-Spy, 1 Outbound firewall. All of which are only necessary when you have been exploited.Quote:
amazing how many people run it,
I run my ICF, stay on top of updates and use a browser that doesn't hook into my OS. That is a preventive solution. Of course, it is good to have all the software on hand in case of a freak vulnerability nobody expects occurs (i.e. winamp) and that is why I have adaware, spybot and clamAV on a CD.
You are obviously doing something wrong. Any one of us here will tell you that.Quote:
there are hackers that have broken into my computer any number of times...despite the updates, and despite firewalls and other stuff
You are quite correct... but I would sure won't go as far as to say Windows is entirely exploitable... it is impossible to acheive perfect security on any operating system. An internet connection itself is a vulnerability for any network/OS.Quote:
NOBODY is entirely unhackable, unless you have no computer/internet connection) so yes, windows is entirely exploitable...
Where they are necessary :DQuote:
All you network gurus here, dont run firewalls? or antivirus programs? or spyware/adware programs? at all?
The system is only as secure as the user makes it. Give me a WIndows 2000/XP Professional I can make that system secure like Fort Knox. The configurations options for local security policies, computer management, services, are endless. Seriously, you can be securing your system for hours with 2000/ XP Professional. You can have a very secure system so no, windows is not entirely exploitable. :DQuote:
hackers that have broken into my computer any number of times despite the updates, and despites firewalls
well, sure...you can spend hours configuring windows to be really secure...at which point, you really cant do anything with it lol...just so you guys know, there is a reason that i havent mentioned that i actually need all those programs also...and i am not sure it is appropriate to mention it in this forum...in any case, "the OS is only as secure as the user makes it", well, what is with all these emergency patches and all the numerous security updates from microsoft then? if there was no problem, and an OS is as secure as a user makes it...no need for patches and security updates, right? Well, that is simply an opinion...lemme clue you guys in on something, so nobody gets offended...i am arguing for arguments sake, for knowledge...i am rather new to security myself, though i know more than the average person about windows xp (which isnt saying much, i know LOL) and i am here to learn more. You guys talk about configuring windows, and "locking it down" maybe you could give me some helpful links to start me learning about that stuff? then perhaps i can give you a more INTELLIGENT argument hehe...
Even if the OS completely unpatched, you can still secure it.Quote:
Originally posted here by dArtagnan
"the OS is only as secure as the user makes it", well, what is with all these emergency patches and all the numerous security updates from microsoft then? if there was no problem, and an OS is as secure as a user makes it...no need for patches and security updates, right? Well, that is simply an opinion...
Icluding:
1. Switch browsers
2. Get a firewall
3. Disable scripting wherever HTML is allowed (mail clients etc)
Just by doing those 3 things (plus others, I just woke up) you have eliminated your vulnerability to a large amount of vulns that need to be patched. Don't get me wrong though, that's just an example and I would never reccommend going unpatched.
switch browsers...you mean like mozilla? as far as "get a firewall" these guys seem to be saying you dont need one, if you know how to configure windows (or whatever os you are running)...and disable scripting, well, with all the websites i visit...kinda hard to do so (i do a lot of web browsing)
If you do a lot of web browsing, then get a secure browser. IE is integrated with the Windows OS, making exploits against it that much more dangerous. So try out k-meleon or firefox.
I would agree with firewalling desktops, although I could also understand why someone would prefer not to.
With servers, I am not so sure what I would do. Firewalls have been exploited in the past :(
McAfee's firewall is ok, I have Win XP SP2 myself and im not even sure i can trust windows built in firewall, i mean like come on isn't a firwall suppose to be updated to be come stonger against certain attacks like "Newtear" attacks among other type of attacks. Although for some reason or another my firewall abruptly stopped working for like 2 seconds, so i immediatly got off the internet and did a full system for virii and spyware, fortunetly none were found, it seems that even for like 2 seconds of your firewall being down, sometimes thats all is need to compromise your system. Firewall's are as essential as virii scanners, because they both work hand in hand.
I found Sygate to be a very nice firewall when I used Windows. Before that, I used ZoneAlarm, which was also quite nice, but overall: Sygate.
-ch4r
Someone told me that the Mac hardly ever gets hacked or is this because everybody hates windows and has to exploit windows and not worry about Mac users.
well, mac are hideously expensive for one...and also, most of the programs we commonly use (almost all games, and most software) is all geared to windows...same reason i imagine lots of people dont use linux...though of course, there ARE windows emulators, etc...
Look at the percentage of Mac HOMEusers compared to the Windows home users and you can EASILY see why windows gets viruses 99% more than Mac. Linux doesn't have many viruses yet because they still haven't really broken into the home market. Linux is still MAINLY used on servers, and an unpatched linux box is better off rooted and being used for something rather than just destructed. You can do a lot more from a Bash Shell than from cmd.
a buddy of mine only uses linux...and i dont think i ever heard him complain about hacker or virus problems yet...he uses redhat 8 now, i believe...
And I bet he keeps it halfway configured right and keeps it patched. Exact opposite of most windows users. A linux box with the same amount of effort as the average windows user puts in would be rooted within 2 or 3 hours.Quote:
Originally posted here by dArtagnan
a buddy of mine only uses linux...and i dont think i ever heard him complain about hacker or virus problems yet...he uses redhat 8 now, i believe...