Best Firewall in your Experience?

[BlueDevilTide]

I currently am using Zone Alarm Pro 6.5. I've used Comodo Personal Firewall and really enjoyed it, but I wanted try to something new for a change. Also, Comodo often hung up with one of its executables using 100% CPU for a long, long time under normal surfing conditions.

I like Zone Alarm Pro thusfar but after seeing the recommendation at the top of the Thinkpads.com for NOD32, I switched to it after using AVG Free for a long, long time. (One of the best free software suites I've ever used, btw. My recommendation if you don't want to spend anything.)

So, with the homerun the NOD32 suggestion was, I figure you guys know your security software! So I'd love your thoughts on a firewall. A forum search turned up largely empty/inconclusive.

I appreciate your thoughts. Thanks a bunch.

[RealBlackStuff]

I was a long time (since May '03) fan of Agnitum's Outpost Pro on my main PC. However, with every new version, they included more bells and whistles, which caused minor to major problems. Although many customers begged Agnitum to KEEP it being a firewall only, they insisted on adding more bloat.

I had a Service Ticket running since middle of November 2006, which has yet to be resolved! Outpost interfered with (free) AVG updates to the point that I had to switch it off to let AVG update!

Their current version 4 is SO fraught with bloat and problems, that I decided to cancel my subscription, throw Outpost in the bin, and look elsewhere.

On my other PCs/laptops, I never installed Outpost, because it can be rather daunting to set up and maintain properly. It really is way too complicated for an average user.

I am since very happy with the free Comodo, that you don't seem to like. We have no problems on any of our 6 PCs/laptops whatsoever!

Before Comodo came along, on all others I used the Sygate free FW until Symantec ballsed it up. Then I changed that to the Kerio free FW, until they too were gobbled up. Their new owner (Sunbelt) currently still supports Kerio, but for how much longer?
I never liked Zonealarm, because of its resource hunger and the way it enmeshes itself in the registry. I've never tried Tiny.
And of course I won't even discuss the bloatware that comes with names like Norton/Symantec/McAfee and the like.
I must be demented, have had a frontal lobotomy, and acquired Alzheimers and CJD, before I let any of that junk near my babies!

So where does that leave you? Try http://www.firewallleaktester.com/

(PS: I do not intend to start any flaming war)

[ronbo613]

I've never had any problems with ZoneAlarm, although when using NOD32 and Firefox, I don't think it gets used much.
NOD32 is a quality AV program. There is a great tutorial here on how to get all the settings right.

[BlueDevilTide]

Thanks for the suggestions. That NOD32 tutorial was an excellent one...among the best tutorials I've seen. Thanks especially for that.

As for Comodo, I certainly loved it quite a bit, but after seeing some leaktest results (http://www.firewallleaktester.com/tests_overview.php) I thought about going to a paid program for more security. Among free firewalls, I thought it was an excellent program, however. Not quite in AVG Free's league as a virus scanner, but definitely a very good program in its own right.

While Comodo seemed like a lesser resource hog, it would hang up my computer now and then and that really bothered me. I couldn't find a solution either. Thusfar, Zone Alarm Pro has been problem free, and its active spyware solution and Identity Theft protocols are also good for piece of mind.

I welcome any more suggestions or thoughts! Thanks.

[RealBlackStuff]

If you like comparisons, here is some more food for thought:
http://www.matousec.com/projects/window ... esults.php

(Comodo does quite well there, by the way)

[Kyocera]

And of course I won't even discuss the bloatware that comes with names like Norton/Symantec/McAfee and the like.
I must be demented, have had a frontal lobotomy, and acquired Alzheimers and CJD, before I let any of that junk near my babies!

Interesting way of putting it but I agree, my job is troubleshooting networking issues, and what I am finding these days is even the most basic user's in the office environments are sick to death of the intrusive nature of McAfee Security Suite and the comparable Norton Internet Firewall/AV suite. I never, never ever have any complaints about the Norton Corporate Version though. People are hungry for information on this nowdays because they feel like prisoners in the McAfee/Norton Maximum Security prison that make their basic computer experience miserable.

[carbon_unit]

Personally I like hardware firewalls. Even a cheap Linksys router is better than a software firewall.
If you want something really tough go get an old 500 mhz computer, slap a couple nics in it and put this on it: http://www.ipcop.org/
The disadvantages to this is that it is not very portable and it does not work for dial up.
Still it is something to keep in mind for your main internet connection.

[wadswerth]

Hardware firewalls are the way to go, and they dont hog any resources on your computer whichh is nice too, a network instructor i had once said that software firewalls let the wolves come right to the henhouse, a hardware firewall is like having a fence to keep the wolves away, ive been using a linksys wireless router/gateway for a while now and its done fine by me

[gator]

Personally I like hardware firewalls. Even a cheap Linksys router is better than a software firewall.

I agree 100% - even a cheapo linksys router will make a kickass firewall. But if you want to use a s/w firewall, my vote is for comodo - very powerful and doesn't nag like Zone alarm

[BlueDevilTide]

I actually use a Linksys WRT54G router with DDWRT-micro flashed onto there. I got the dreaded V7 which doesn't have as much memory, but it definitely works fine.

Anyhow, I have the "SPI Firewall" active in its Security settings...is that what you guys are talking about?

[Purcy]

May I please ask a question here, I didn't want to start a new thread for this since it is related;

I use Zone Alarm (free) software firewall and also use an ActionTech DSL Modem/Router/AP which I have my laptop hardwired to. My question is that I checked the configuration pages for the router and see that it shows the firewall for the router is set to OFF; there is also LOW, MEDIUM and HIGH settings. It says that if I have it set to OFF:

"If Off is selected in the "Firewall" screen, firewall filtering is based on the basic NAT firewall."

I am not sure what NAT firewall means, but I am wondering if I manually set the firewall to LOW, can I still use my Zone Alarm softwall firewall. Zone Alarm automatically shuts off the Windows Firewall, since it says two software firewalls are counter-productive. Thanks for any help.

[RealBlackStuff]

NAT stands for 'Network Address Translation'.
This allows for your router to have your one external IP address (from your ISP) translated into multiple internal IP addresses for your network, normally starting with numbers like 192.168.xxx.xxx.
A hardware firewall works independently from any software firewall, and the two do not bite/interfere with one another.
You'd be best advised to switch your router's firewall ON. Try the highest setting that allows you to still surf comfortably.
If you go into your manual, you can probably 'hard-code' the MAC-addresses of your own PCs/laptops in your router's setup, so that only those are allowed access to the internet.
If you have a wireless setup at home, this would prevent any drive-by or other access from e.g. your neighbours using up your bandwidth.

The Windows-XP firewall only works against INcoming traffic, and is therefore mostly useless. Any other software FW will switch off the Windows FW. A router's FW does NOT interfere with/switch off your software FW, on the contrary, they beautifully compensate one another.

[Purcy]

Thank you so much for your quick reply. I just went into my router pages and for the Firewall settings if you switch it to LOW (it is now on OFF) I get a list of things that will be allowed in and the only thing they have checked to allow in is DNS; I do not know what any of the other things are, but some have the name Microsoft in them; I guess the only thing to do is set it to LOW and see how functional my internet is, right?

edit: here they are -

Service Port In Out
NETBIOS-SSN 139
DNS 53
EPMAP 135
PROFILE 136
NETBIOS-NS 137
NETBIOS-DGM 138
MICROSOFT-DS 445
SNMP 161
LDAP 389
MICROSOFT-GC 3268

[carbon_unit]

Purcy, If you are just surfing all those things can be off. They have to do with networking 2 or more computers at home so you can share files between them.

BlueDevilTide, I also have a wrt54g with dd-wrt on it. the SPI firewall is good. It stands for "Stateful Packet Inspection". Google will tell you more about SPI.

[Purcy]

carbon unit, yes I am the only one on our network, aside from my Axim PDA which I use wirelessly on that network; but no need to share files. My firewall though did default to having the DNS checked to let in and out, so I guess I will leave that checked.

I really appreciate the help.

[Techgurl]

I prefer the Kerio personal firewall to the Comodo. I had problems with the Comodo crashing when I tested it.

[dr_st]

I like Kerio too.

To me, hardware and software firewalls are for completely different purposes. None of the desktop computers on my LAN runs any firewall, because I completely trust my router. However, on my laptop, which I frequently connect to foreign networks, I run Kerio. Not so much to protect me from internet hackers (I do trust my institute firewall too), but to protect me from other potential hackers on the same LAN. Way too many times I found that using a simple IP scanner I can locate other computers on the network and access all their shared files. I wouldn't want anyone doing that to me.

[Purcy]

I just wanted to say, that I learned a lot from this thread.

Thank you

[carbon_unit]

Way too many times I found that using a simple IP scanner I can locate other computers on the network and access all their shared files. I wouldn't want anyone doing that to me.

Me too, that is why I password protect my shares.

[ronbo613]

This thread has also given me reason to think. While the ZoneAlarm works fine on my desktop PC, I might try Comodo on the Thinkpad if it uses less resources than ZoneAlarm would.
I'm currently using the Windows firewall on the Thinkpad and wondering if even that would do the job. Since I started using Firefox and NOD32, I can't recall even having a firewall alert.

[Purcy]

I cannot validate this statement but have read that the Windows firewall only protects the Microsoft things onboard, so I believe your search for an alternate software (or hardware) firewall is good.

[dsigma6]

I've been a Comodo user since I stumbled upon their website before I ever heard it mentioned...I don't like hearing about the leaks posted above, but I'll pretend I didn't see that.

edit:...wait, Comodo scored highest...YAY!!

[acasto]

I use Shorewall (iptables frontend) on my Thinkpad, and almost always have some type of hardware device on the local network. For that I will use anything, but prefer something like m0n0wall.

[Temetka]

My wifi router has a built in NAT in it, but I will probably swap it out for a Linksys unit with an SPI in as well. I also run AVG and Xp firewall. When booted into Linux I have the SeLinux firewall running.

To date I have received no virii or trojans with this setup in about 2 years. Some spyware from my niece visiting myspace (which is now perma-blocked in my router).

I am looking at the WRT54GS model. I haven't been impressed with the WRT300N models. No replaceable antenna.

[tvsjr]

SELinux is NOT A FIREWALL. SELinux provides mandatory access control, based on the least-privilege, using kernel security modules.

My choice of firewall would be any of the Cisco ASA line... from the 5505 for home use to the 5540s in the data centers.

[Temetka]

Yeah. I was way tired last night. Sorry about the confusion.