Which Windows Firewall Do You Use?

Printable View

March 8th, 2002, 08:40 AM
smirc

Which Windows Firewall Do You Use?

Which windows firewall do you use and why?
March 8th, 2002, 08:43 AM
Gepeto

I don't use any anymore, but Zone Alarm seemed quite good (and free) to me, although if you really want something secure I'd suggest a linux box or another kind of hardware firewall between the windows machine and the network... But zonealarm should suffice!
March 8th, 2002, 08:48 AM
hot_ice

I use to use ZoneAlarm, but I felt as though it wasn't very customizable. I tried out Sygate Personal Firewall and have so far stuck with it - I would recommend trying it if you don't already have it.

Greg
March 8th, 2002, 08:56 AM
{P²P}Apocalypse

I had to say other. I go hardware. Not to say software firewalls are bad. Because hardware firewalls are just software in a smaller boxed machine so to speak. I use a router with NAT addressing. I run a dual boot Linux/XP Pro machine. So I'm currently building another Tux box out of an old K6-2 350 box. It will be my firewall when I finnish it. I'm getting to many boxes on my network so I need to lock em' down. When I had a seperate machine that was not running on my cable connection. I used Sygate on it. Although it was on my network. I had it setup to be my fax server for the entire LAN. When it did access the internet it did'nt through the network. It used the modem to dial up an alternate ISP.

So Sygate would be my choice.
March 8th, 2002, 09:46 AM
Kurupt007

I was using Blackice Server for my 2000 box but after reading a few articles and then testing a few things on it, I changed my mind and decided to switch over to "Tiny"

Tiny -- "i like because it lets you use Ip /port based rules and application-based and it is fairly easy to configure"
March 8th, 2002, 11:01 AM
micael

Currently Im using PGP Firewall 7.1.1 and Agnitum Outpost Firewall (test). I am not using any hardware or linux firewall/router since I want the above computers to be exposed the same way as less security minded people have their computers, its simple a test of the products :D.

But I would recomend to use a linux/hardware firewall and private adresses internally (dhcp with short lease time). NAT and Proxy. And "personal firewalls" or packet filters on all of the internal computers, Im paranoid :).
March 8th, 2002, 01:22 PM
debwalin

I use Zone Alarm, because it was a free download, and something one of my instructors suggested....and since I am currently suffering from newbienoia (you know, when you just find out all the naughty things people can do to your computer!) I came home and immediately downloaded it. It is a fairly quick download, and installation was fairly idiot proof (which was a big plus for me!!) I personally found it to be very option oriented...it asks you to say yes or no to EVERYTHING at first, and then if you choose for it to remember specific programs it won't ever ask you again. The constant popups about who's trying to access what on your computer gets old (I lasted about 1 day before I turned off the notify me every time switch) But I've also been told since I got here that it has holes in the program...But my question would be...doesn't everybody's? It seems like there are always opponents and proponents of every av software and firewall available.
Well, that's my (very long) two cents worth! :cool:
March 8th, 2002, 01:29 PM
RiOtEr

im on dialup so its not really needed gota luv dynamic ips lol but i agree with {P²P}Apocalypse hard ware is the only way to go get a freebsd box and ur set lol or a crunch box for those with more money lol im going to get flamed for that by korpdeath so to make him happy im sure sunscreen is good 2 hehe ohh well
cya
RiOtEr
March 8th, 2002, 01:58 PM
BrainStop

I'll have to go with debwalin ... ZoneAlarm.

I know it has some holes, but it does the basic job. Unfortunately, I don't have the time to spend on really securing my box ... I prefer making sure my virusscanner is up to date.

That and turning off my link to the Internet when I'm not using it :)

Cheers,

BrainStop
March 8th, 2002, 03:01 PM
souleman

RiOtEr> Gotta love dialup...Talk about the ultimate security. Thats what I use at home also. When I am running a firewall, I normally go with a dedicated linux/BSD box. I am going to have to set up a new one as it is. One of these days, I might get broadband again.....;)
March 8th, 2002, 03:09 PM
SarinMage

zonealarm, cause its free, and does what i need it too.
March 8th, 2002, 03:24 PM
debwalin

Woo-hoo, I feel popular, cause more people use my firewall....lolololol! :D
March 8th, 2002, 03:26 PM
preacherman481

I use Norton Personal Firewall 2002. So I voted for other. I got it because I was new, but I knew I needed something. Seems to be working ok so far. When I learn more about firewalls and computers in general I may change my mind.
March 8th, 2002, 04:03 PM
Aryoche

I had to vote other, because I'm using both Hardware and Software... my router is set up to handle NAT, and I'm also running Norton's Internet security.
March 8th, 2002, 04:13 PM
Maverick811

I voted 'Other' myself - I'm a hardware man. I too am using a router with NAT, built-in firewall functions, etc. Although in the past, before I set up my network at my house, I was using ZoneAlarm to protect my one PC that was connected to the net through dial-up. But then when I got my cable modem, I set up a network with several machines and purchased my router. Hardware firewalling is definately the best way to go.
March 8th, 2002, 05:22 PM
KorpDeath

Wuh?

Quote:

Originally posted here by RiOtEr
im on dialup so its not really needed gota luv dynamic ips lol but i agree with {P²P}Apocalypse hard ware is the only way to go get a freebsd box and ur set lol or a crunch box for those with more money lol im going to get flamed for that by korpdeath so to make him happy im sure sunscreen is good 2 hehe ohh well
cya
RiOtEr

Why would I flame you for that? I don't have a problem with the crunch box. You my friend are confused. :D :D :D

BTW Sunscreen is an enterprise solution, the hardware alone could cost 50k.

The three best personal firewalls are Sygate, NeoWatch and Tiny. ZA is a big flaming pile of crap and you kid yourself if you think it gives you security, but to each his own, right?
March 8th, 2002, 05:40 PM
detector

newbienoia? :-) or maybe newbieannoya
March 8th, 2002, 05:45 PM
zigar

at home i use watchguard soho hardware and sygate...at work i use...umm..no...i don't think i'll tell you my network topology thank you very much... ;) ...i do use a combination of multiple hardware solutions and sygate

READ THIS software firewall and win9x users...you might not be as secure as you think...

the following applies to zonealarm free version...i have not checked it with others...but it may be a problem as well...

IF YOU ARE USING ZA and WIN98...and you are not logging on all they time...or if your computer reboots while your not around....YOU ARE NOT PROTECTED..ZA under win98 ONLY loads after logon...if your box is sitting there with the welcome to windows networking dialog...it has not loaded and any ports or shares which you have are completely exposed...

we did some investigating a while back HERE

As VictorKaum put it...

Quote:

You can access a Win box when it's still at the log on screen.
ping, finger, Dos, DDoS...
shares are processed.

Try it at home... share a drive on a Win box, log off
try - with another pc in your LAN - to 'ping' to the box or 'net use' to the drive it will work. You can access any shared device on this box when the pc is still at the log on screen.

I'am testing it right now to be sure:

ping is possible (ZA does not block until it has been loaded, after logon)
DoS and DDoS are possible
.

this problem does not occur with win2k/xp since firewall and av softs are loaded as a service...prior to logon...
March 9th, 2002, 12:31 AM
NIN_Man

Hmmm... I don´t use any kind of firewall and i really don´t care. You know why? Because i haven´t got anything so important on my hard drive that i coulden´t lose. You must think about the same thing. Why the hell do you need 10 firewalls if you can have the power of a cd-rw backup drive? I don´t need anything else. And buying hardware? Complete waste of money... It´s only useful if you run a big company ( or work in one ) and you do your job over the internet. Yet my choice fell to Black Ice Defender 2.9 can because it´s a very good firewall and the only one i ever enjoyed to use.

Yes, yes, i´m done!!!
March 9th, 2002, 12:42 AM
xpaciscool

I voted Tiny Personal firewall. I used to use Neoworkx NeoWatch FireWall but NeoWatch simply told me what connections were coming in to my computer. It didn't have any options to permit the traffic or deny it. So NeoWatch sucked and someone told me about Tiny Personal firewall. i am happy so far with it.

Just my two cents,
March 9th, 2002, 12:48 AM
zigar

Quote:

I don´t use any kind of firewall and i really don´t care.

sigh..you should...because one of these days men with black suits might be banging on your door because your box has been compromised and is running zombie attacks on government or commerical sites...

some isps are starting to boot customers who are recklessly disregarding computer safety...and i think you'll see a lot more of this...

i can even foresee a day..where you may be legally liable for attacks from your computer...whether you knew about them or not...your failure to "take precautions" could be seen a negligence...
March 9th, 2002, 02:36 AM
Terr

Tiny Personal Firewall. At the moment, I'm not running any firewall software, but if I could, I would use Tiny. The only reason I don't is that my NAT software isn't quite the best, and stops working when I use Tiny. At any rate, TPF really caught me with it's clean and customizable ruleset.
March 9th, 2002, 02:57 AM
Conf1rm3d_K1ll

Re: Wuh?

Quote:

Originally posted here by KorpDeath

ZA is a big flaming pile of crap and you kid yourself if you think it gives you security

Ditto

Quote:

Originally posted bt Terr
Tiny Personal Firewall

Ditto
March 9th, 2002, 03:59 AM
KorpDeath

Tiny is what the Air Force uses.
March 9th, 2002, 05:53 AM
debwalin

Gee, all of these lovely comments about my firewall make me feel all warm and fuzzy inside.

I guess the phrase "big flaming pile of crap" means you really feel strongly about it....Maybe I should consider changing....lol. :eek:
March 9th, 2002, 06:02 AM
3ntropy

Zone Alarm is only good if you like the LOOK of a firewall that works,
Make sure you are not labeled a newb, do not use ZA. Uninstalling it completely is pain in the ass aswell. There are numerous registry keys that it leaves behind. Switch to either TPF, sygate, blackice, or any combination of 2 or even all three. That is my 2 cents.
March 9th, 2002, 07:35 AM
frednirk

Get Linux Man! SmoothWall
March 9th, 2002, 02:11 PM
kadeng

My question for you[and all the tux box users] is:What hppens after the power is cut from your home for let s say 5 minutes and than is restored?Will the tux box ALWAYS compleetly start up and firewall your lan and will the firewalls on all your pc in your lan with lets say Sygate or Norton work and provide defense when scandisk finds errors who will be corrected when you get home from work?[don t think they will]
Is it pos. to hack a win 98/me when it hangs in scandisk with it s found errors?????
A hardware router[mine from Sitecom]will provide instant protection![when the power is restored]Importend with cable and adsl connections.
March 9th, 2002, 06:17 PM
NIN_Man

Zigar:the men in black suits in really hard to happen. i live in europe , portugal to be precise, and there isn´t a big chance that hackers will pick me because i´m still in the oldie 56k connection.
Still there aren´t any kind of regulations for hacking attacks in my coutry ( at least not that i know of ) so i could do whatever i wnted and nothing happened. Anyway as i´m not sure of this i´ll check it out.
As for the isp´s issue what do you mean by "boot"? Discard them? Close their connection? I should say that my connection is better then alway without my firewall!

I still say that cd-rw is always better than a firewall!
March 9th, 2002, 07:33 PM
Remote_Access_

Agnitium Outpost.. It's available at:
www.agnitium.com

It's easily configured, reliable, customizable, and if you keep it updated it'll keep your win box secure. Agnitium also gives you the option to stealth your ports. You can test your firewall and see how well it's configured at these sites:

http://www.homenethelp.com/web/howto/firewall-test.asp
http://www.cert.org/security-improve...ices/p060.html
http://www.auditmypc.com/
http://scan.sygatetech.com/
http://grc.com/lt/leaktest.htm

Remote_Access_
March 9th, 2002, 09:23 PM
Conf1rm3d_K1ll

I's just like to add to R_A_'s list of test sites another one I've come across.

You can get to the test site by clicking here. The page claims to test your security against such things as Malicious Web Page's (Java, Active X), Malicious File Attachment Demos (Java, .exe VBS) amongst other things.......Check it out...
March 9th, 2002, 09:48 PM
Ouroboros

Other...

I have to agree with RemoteAccess...
I also use Agnitum's Outpost Firewall, and have had absolutely no problems with it thus far. It is almost infinately customizable, and has features that not many others do...Ad blocking being the most important to me, as I unfortuately use a dial-up connection. DNS cacheing and Attachment filtering are also very handy to have. If you have kids, the content filtering is also useful, although each and every website, etc. must be entered to be blocked. Active content (i.e. ActiveX, Java, VBS) can also be filtered in much the same way that IE does it (Enable, Disable, Prompt). And as RA said, it does allow one to answer ICMPs with Stealth(no reply) or Normal(report port as 'closed'). And the most striking thing to me was, that in the options section, clear as day, a box to be checked or unchecked for "Allow NetBIOS communication"...doesn't get much easier than that. The only complaint that I have is that the logs for the aforementioned filters take up a reasonable amout of space, and fill up very quickly, but the space allowed for them is also adjustable.
I used to use ZoneAlarm, but after numerous glitches and a negative opinion or two from a couple of IT guys that I know, I wanted to try this one...so far so good.

Ouroboros
March 10th, 2002, 12:04 AM
smirc

Thanks everyone for the positive feedback. I'm using this info for a uni assignment. All comments were appreciated :).
March 10th, 2002, 02:57 AM
trevorf

I use ZA, I have no idea whats so special about pro version though. Using the newer version 3 something. I hardly get any alerts though about unwanted connections or anything. But then also I do use an OpenBSD router with pf, blocking all inbound ports.
Seems like there is alot of disagreement to use of ZA, I tried tiny once, and norton's one, but both did something strange to my computer, so never used it again. I guess, overall I've heard a bunch of problems with most of these win filewalls, so I don't really know.
April 23rd, 2002, 01:41 PM
prodikal

i use zone alarm and sygate
April 27th, 2002, 12:51 AM
CrittendenIV

I swear by AtGuard 3.22 for software.

Currently I use a hardware solution for the NAT ability.
April 27th, 2002, 01:05 AM
chefer

Vote for other, I don't really hold the greatest of confidence in software based firewalls for windows any more. Most of them seem to work, but when they fail, boy do they ever fail. I've resorted to a FreeBSD based Firewall/Router to accommodate this kind of needs, and I've done away with windows based boxes behind it..
April 27th, 2002, 02:16 AM
fiber-x

I would have voted "Other" because I also am a hardware firewall fan. I used Zone Alarm Pro before Hardware and it is the best "Software" firewall available.
April 29th, 2002, 05:54 PM
service_pack

NAT+Tiny
Easy to configure and you're able to lock things down fairly good
January 12th, 2003, 05:09 AM
CyberSpyder

Zonealarm is good but if you want really good security use linux.

All times are GMT +1. The time now is 09:20 PM.