Results 1 to 9 of 9
  1. #1
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,571
    Thanks
    5
    Thanked 1,056 Times in 925 Posts

    Re: Software Firewall: Why use it, Where to get it

    Terrific post.

    Joe
    Joe

  2. #2
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Software Firewall: Why use it, Where to get it

    I agree with Joe. I don't know what motivated you to write all this down, Jefferson, but ya done good! Great job and THANKS!

  3. #3
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Software Firewall: Why use it, Where to get it

    Excellent piece of work !!! <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16> <img src=/S/clapping.gif border=0 alt=clapping width=19 height=23> <img src=/S/bravo.gif border=0 alt=bravo width=16 height=30>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  4. #4
    4 Star Lounger
    Join Date
    Dec 2003
    Location
    Zoetermeer, Zuid-Holland, Netherlands
    Posts
    559
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software Firewall: Why use it, Where to get it

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>

  5. #5
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Software Firewall: Why use it, Where to get it

    Nice post - If I can add one comment - Noting that Microsoft's Windows Firewall is woefully inadequate at protecting you from Trojans or other malware from "calling home" with your personal data (credit cards, passwords, etc.), or at preventing that malware from propagating itself from your system, it is certainly advisable to install another firewall such as ZoneAlarm or Sygate Personal Firewall. However, even Microsoft acknowledges that problems can occur if you attempt to run two firewall at once and Microsoft correctly recommends disabling Windows Firewall upon installation of your new firewall.

    See MS's Firewall FAQ - about 15 questions down.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  6. #6
    4 Star Lounger
    Join Date
    May 2002
    Location
    Australia
    Posts
    549
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software Firewall: Why use it, Where to get it

    Thank you for this useful information.

  7. #7
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Los Angeles, California, USA
    Posts
    289
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software Firewall: Why use it, Where to get it

    Nice encapsulation. Please add ISS BlackIce: BlackIce PC Protection

    The first (even before ZoneAlarm) and IMHO the BEST.

    Then, check to see if it's all working by going to "Shields-Up" and running each of the reports: GRC Corp - "Shields-up"

    Thanks again for the handy explanation and chart.

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Software Firewall: Why use it, Where to get it

    Original Post 21-Sep-04; updated 20-Nov-04.

    A firewall is a program (or a separate device containing a program) that inspects packets leaving and coming into your computer or network. Firewalls can protect your computer from packets that might cause it to crash, to become dysfunctional, or to fall under the control of someone with bad intentions.

    Modern, sophisticated software firewalls add a new feature: application control. These firewall determine which program on your computer is attempting to access the internet and, if it is not one it trusts, will alert you and let you allow or block that program. This can help prevent leaks of personal information, or your computer being taken over to participate in an attack on someone else.

    In my opinion, every computer should be protected by a firewall that lets the user control both inbound and outbound communications. Here are some comments and suggestions:

    1. <LI>Inbound Protection

      <UL><LI>Network Address Translation (NAT). The first line of defense against strangers contacting your computer is to use a router on your network that implements NAT. Here's how it works: your ISP supplies you a numeric address, the IP address, which may look something like 66.27.123.48 (this is a random number, please do not call this number). Your router assigns the computers inside your network private addresses like 192.168.10.2, which are not valid on the internet. When you send out a request for a web page, your computer uses your private address as the return address, and your router substitutes the address assigned by the ISP, and sets a unique port number so that it knows which computer in your network should get the response. As far as the rest of the world is concerned, you might have one computer or a million, all it knows is the address of your router.

      How does this help? When a stranger sends a packet to your router, it is very unlikely to match the port the router has assigned to any of your computers. First, it would just be dumb luck to guess a number like 32324. Second, most packets will target ports associated with specific "services" (like port 25 for a mail server), that the NAT program will not assign to any computer. Thus, when a packet comes in, it won't match anything, and the router will just delete it. Because there are computers all over the world spewing random packets, trolling for a victim, NAT will filter out a huge amount of potential problems.

      There are exceptions to this pretty picture. If you participate in online gaming, or operate a web server from inside your network, or allow remote access, you may allow your router to pass through some of the traffic that otherwise would be blocked. Also, it's always possible that NAT will fail for some reason, and the router will forward the packet to one of your computers. And, of course, if there is spyware (or p2p file sharing software) on your computer broadcasting your computer's contact information to others, the NAT program will happily allow two way data transfers because it was initiated from inside the network. For all of these reasons, while NAT is a great start, one should not rely only on NAT.

      (Note: if you purchase a firewall appliance, it may take the place of the router in the above story.)

      <LI>Router Firewall. Some ISPs supply routers that have a built-in firewall program, such as the 2Wire HomePortal. These firewalls try to balance protection and functionality: block too little and there's no point in using it, block too much and the user probably will just turn it off. If you do plan to open your network to others, you probably will need to adjust some settings in the router's firewall. Otherwise, for the same reasons that NAT alone will not protect you, you will want to add protection that works on your own computer.

      <LI>Software Firewalls: Windows XP. Windows XP was the first Microsoft Windows OS to have a built-in firewall. The Internet Connection Firewall offered very few featured and limited customization; it probably isn't fair to call it useless, but because it was not turned on automatically, and because free firewalls from other companies offered so much more, it got little use. In Service Pack 2 (SP2), Microsoft completely overhauled the built-in firewall, which now will come on early in the process of starting up the operating system (unless you turn it off). The Windows Firewall provides much more flexibility and is centrally administrable, so it may find significant usage inside corporate networks. For home users, though, who tend to "try out" more programs, especially "free" advertising-supported programs, Windows Firewall is not enough protection. Like a router firewall, Windows Firewall is not very concerned about connections initiated from your computer. However, there is one very handy feature: if you start a program (such as a game), the firewall will detect when the program wants to set itself up as a server to receive connections from other computers and will open the port designated by the program only temporarily, while you are actively using it. But Windows Firewall is not designed to stop programs from send packets out, and as far as I can tell from various documentation, cannot be configured to do so on an application-by-application basis.
    <LI>Outbound Protection

    <UL><LI>Software Firewalls: Third Parties. Pioneered by ZoneAlarm, this category has grown by leaps and bounds. There are now many free and many paid software firewall programs. I have only tried two of them myself (ZoneAlarm Pro and Outpost Firewall Pro), but the Lounge is a great resource for information about the pros, cons, foibles and frustrations of these products. Here are links to manufacturer information for some of the most frequently discussed products:

    Important: As noted in a post further down in this thread, never try to run more than one software firewall (counting all Microsoft and third party products) at a time.[/list][/list]
    <table border=1 cellspacing=0 cellpadding=5><td width=20%>Manufacturer</td><td width=40%>Free Product</td><td width=40%>Paid Product</td><td valign=top>Agnitum Ltd.
    Nicosia, Cyprus</td><td valign=top>Outpost Firewall 1.0
    Feature Comparison vs. paid version</td><td valign=top>Outpost Firewall Pro 2.5 US$40
    (Comparison with Windows Firewall (PDF))
    (competitive upgrade 50% off)</td><td valign=top>Internet Security Systems
    Atlanta, GA, USA</td><td valign=top>N/A</td><td valign=top>BlackICE PC Protection 3.6 US$40 direct
    (Downloadable trial, ver 3.5)</td><td valign=top>Sygate, Inc.
    Fremont, CA, USA</td><td valign=top>Sygate Personal Firewall 5.5 (aka "SPF")
    Feature Comparison vs. paid version</td><td valign=top>Sygate Personal Firewall PRO 5.5 US$40
    (competitive upgrade 20% off)</td><td valign=top>Symantec Corp.
    Cupertino, CA, USA</td><td valign=top>N/A (but may be inexpensive when bundled with Norton Antivirus in one of Symantec's suites)</td><td valign=top>Norton Personal Firewall 2005 US$50 direct
    (2004 version available at retail for US$33+)
    (competitive/upgrade US$20 rebate, look for link in the Symantec Store or at retail site)</td><td valign=top>Zone Labs LLC
    San Francisco, CA, USA</td><td valign=top>ZoneAlarm 5.1
    Feature Comparison vs. paid version</td><td valign=top>ZoneAlarm Pro 5.1 US$40 direct
    (MSRP US$50, retail prices and packaging vary widely)
    (competitive $30 rebate for $70 Firewall+Antivirus suite)</td></table>
    Note 1: Free products typically are limited to a non-business environment, but you should check the manufacturer's license agreement for details.
    Note 2: Symantec and ZoneAlarm also offer bundles of firewall plus antivirus, which may or may not be a better value than combining two different products.
    Note 3: Trend Micro's PC-cillin Internet Security 2005 integrates a firewall with an antivirus product. This firewall historically has not had as strong features as the dedicated products listed above, but the suite as a whole gets good reviews and offers a competitive rebate of US$25 (PDF). If you use PC-cillin and choose to install a different software firewall, make sure to disable the PC-cillin firewall!

    Stay safe!

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Software Firewall: Why use it, Where to get it

    I've added it and freshed up some of the links. I think ISS has finally gotten religion on outbound traffic, so it should score much better now on "leak tests" than it did a couple of years ago (e.g., Steve Gibson's here or PC Flank). However, I haven't surfed for up-to-date test results.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •