Firewall Recommendation

Topic

New Reply

Hi all,

After long sticking to Zone Alarm, and having been a rather passive and apathetic FW user, I wanted to hear other Loungers’ opinions.

A search reaching back to as far as 2004 yielded two results:
Post 1: on Comodo Firewall getting a high rate.
Post 2: Jeff’s Starpost, mentioning Agnitum, ISS, Sygate, Symantec, Zone Labs.

I’m looking for a alternative. Which would you recommend? If any of you has tried a FW software other than ZA, would you please share your experience?

Thank you in advance.

Reply | Quote

Replies

I’m sure you’ll get many recommendations, but can ANYONE give substantive evidence or examples where the FREE built-in Windows firewall has failed to provide adequate protection ??? There are all sorts of articles decrying the inadequacies of the Windows firewall, but I’ve yet to read any concrete examples where a computer has been placed at risk by using this firewall.

Reply | Quote

Hi John, at least in earlier versions, the Windows firewall did not stop outbound connections by untrusted programs; it did not offer program control. This creates a gap in which undetected spyware could communicate to its master. Of course, with good antivirus and anti-spyware, the gap should be small, but a program control firewall can help plug it — at the cost of annoying you with lots of permission requests.

Reply | Quote

Hi Jefferson,
Of course you’re correct regarding outbound connections. I guess my post was more a question than a statement. Assuming one has the proper defences in place (hardware firewall, up-to-date AV protection, up-to-date spyware/malware protection), is anything more than a rudimentary software firewall (such as the Windows firewall) really required? Overkill though, I suppose, is the better option.

Reply | Quote

I used the Windows XP firewall for 4 years in combination with up-to-date anti-virus and anti-spyware protection for years and never had a problem. The only reason that I don’t use it at the moment is that I upgraded my anti-virus software, and the new version came with a firewall that automatically turns off the Windows firewall. So in my experience, a basic firewall if sufficient if your other security software is up-to-date.

Reply | Quote

Good morning.

“… the new version came with a firewall that automatically turns off the Windows firewall”

Is it just my paranoia showing, or am I right in thinking that a firewall that can be automatically turned off by another piece of software doesn’t inspire confidence?

kbr

Reply | Quote

That’s why a) you need security software and you should be careful when downloading and installing software from the internet.

Reply | Quote

> “… the new version came with a firewall that automatically turns off the Windows firewall”

You should only have one software firewall, and one antivirus program, running on a PC. So turning off the Windows firewall is standard practice when another software firewall installs itself.

BATcher

Plethora means a lot to me.

Reply | Quote

“You should only have one software firewall, and one antivirus program, running…”

That’s not in question: my point was that the Windows firewall can so easily be turned off by another peice of software, without even a by-your-leave, never mind a warning.

As for which is the best firewall/AV/Anti-spyware…etc, I firmly believe that a large part of one’s preference is governed by familiarity and the “comfortable-with” factor: I have ZA Pro and, although I seasonally upgrade to v.7.x, it is a given that I will revert to v.6.1.7.4 within a very short time, even going so far as to restricting that to the “free” configuration, simply because it is familiar and comfortable.

Having said that, it would be nice to have firewall and anti-spyware versions of AV-Comparatives available.

Cheers,
kbr

Reply | Quote

> > “You should only have one software firewall, and one antivirus program, running…”
> That’s not in question: my point was that the Windows firewall can so easily be turned off by another piece of software, without even a by-your-leave, never mind a warning.

Quite reasonably, I suspect that it believes that if you want to install the new firewall, then you would be aware that the old one must be turned off.

If it surprises you that installing a new firewall will turn off the Microsoft one without warning, you would be appalled at what Microsoft and other software installations do under the covers in an equally cavalier fashion! You may well be too young to know what used to happen in the early days of AOL, which pretty well took over your complete machine…

BATcher

Plethora means a lot to me.

Reply | Quote

“You may well be too young…”

Nicest thing that’s happened to me all week!

Cheers.

kbr

Reply | Quote

[indent]

---

can ANYONE give substantive evidence or examples where the FREE built-in Windows firewall has failed to provide adequate protection ???

---

[/indent]
I got a malware attack that installed a mass-mailer on my PC. Fortunately, it happenned whilst we were temporarily on a dial-up connection, so it was quickly obvious that there was something going on and I could break the connection manually.

Installing Zone Alarm gave me the program control to block the unauthorised outbound traffic. It also gave me the program name and path so that I could remove the software.

Reply | Quote

I like Outpost Free Firewall – so much so that I bought the Pro version. Really though, I probably only use the features of the free version anyway. I’ve had very little in the way of annoyance mail from them over the years.

Alan

Reply | Quote

Please answer this. Why are you required to first enter your email address in order to get the download link?

I noticed that the release date is 3002, 4 years ago. A lot of waters passed over the dam since then.

Reply | Quote

Gloria,

>>I noticed that the release date is 3002, 4 years ago

Please forgive me….I couldn’t resist.
That date is 994 years from now. A REAL BETA!

Reply | Quote

That’s what I get for being in a hurry. You are so right, a real beta for sure. Their mistake is more serious than mine, don’t you think? Some one either can’t count or made a mistake typing, maybe I’ll apply for the position of proof reader.

Reply | Quote

I would not bother with the Free version of Outpost Firewall. ZoneAlarm and Comodo are more full-featured and more up-to-date for the same price.

I did use the paid version of Outpost Firewall Pro for three years when my primary machine was a laptop. Good program.

Reply | Quote

Thank you Jscher, I agree with you. I have decided to use Zone Alarm Pro, I bought it in January so all I have to do is install it again. I can’t remember why I removed it, but I’m going to try it again.

Reply | Quote

> Please answer this. Why are you required to first enter your email address in order to get the download link?

No idea… it’s not my download link. Why not e-mail them and ask?

Alan

Reply | Quote

Please answer this. Why are you required to first enter your email address in order to get the download link?

So they can send you some of their very important promotional SPAM.

Reply | Quote

You know Doc, that crossed my mind and that’s why I refused to enter the information.

Reply | Quote

I can’ give you an example of any security issues with Windows firewall, but I can tell you that I found it to be not user friendly (and almost got my head chopped off by my wife and stepdaughter) when I installed it on their computers. The problem was that no matter what I did, most of the time they had trouble either accessing the INTERNET and or couldn’t play any of their on line games. I was looking for something that they could use that was easier to use than ZA which I have used for years. I finally gave up on Windows and installed ZA on both of those machines as well, and while they gripe about the warnings sometimes, I just smile and tell them that the program is doing its job and to READ. It would take something really spectacular to make me switch away from the ZA Suite.
Just MHO

Reply | Quote

I hope ZA inspires such loyalty in me.

Reply | Quote

I’ve used the paid version of ZoneAlarm (Internet Security Suite) this past year, and I liked Outpost Pro better. However, if I wanted a free product, I would try Comodo and see how it compares with ZoneAlarm. The extra features sound very interesting, and once you’ve trained two firewalls, it is not so annoying to train a third one.

Reply | Quote

Hi Diegol

Is it fair to assume that you already have a hardware firewall? If not, that’s the first thing I’d get before worrying about which software firewall…

BATcher

Plethora means a lot to me.

Reply | Quote

Hello BATcher,[indent]

---

Is it fair to assume that you already have a hardware firewall? If not, that’s the first thing I’d get before worrying about which software firewall…

---

[/indent]No it’s not. Why would I want a piece of hardware? My home user needs are very simple, to the extent that I believe I could manage without a firewall at all (but again, I’m not very literate in firewalls).

I do feel more comfortable using ZoneAlarm because it lets me control which programs connect to the internet. What I do not like about ZoneAlarm is that some of its system files tend to bloat, making ZA take forever to launch in my old machine (it was an old version I was using; the problem may well have been solved by now). I believe this should not happen in my new PC, but if there is a better alternative, why bother guessing?

Reply | Quote

Post deleted by ccs

Reply | Quote

Avast! does not have a firewall in it. (At least the free edition does not, which I use. I don’t think the paid one does either.)

Ian

Reply | Quote

> Why would I want a piece of hardware?

Because you get a hardware firewall with all routers (wired or wireless) that I’m aware of, and having a hardware firewall means that you have screened out perhaps 95-99% of all the attacks that would otherwise have to be dealt with by a software firewall. Indeed, I have heard it argued that if you have a hardware firewall you don’t really need to bother having a software firewall, just the usual antivirus and antispyware which is always required. Me – I’d use both.

You can have minutes of fun reading the results from Googling “hardware software firewall”, or similar search string.

BATcher

Plethora means a lot to me.

Reply | Quote

[indent]

---

Indeed, I have heard it argued that if you have a hardware firewall you don’t really need to bother having a software firewall, just the usual antivirus and antispyware which is always required. Me – I’d use both.

---

[/indent]I agree that the best thing about an external device that uses NAT (network address translation) is that the mindless probes of Internet zombies bounce off before they reach your computer, so you reduce the possibility of your software firewall making an error or crashing, and reduce processor cycles that would be consumed by examining all of that junk traffic.

However, hardware-based firewalls cannot implement outbound access control by program, so if you wish to have this feature to supplement your antivirus and anti-spyware defenses, you should add a software firewall.

Reply | Quote

[indent]

---

Because you get a hardware firewall with all routers (wired or wireless) that I’m aware of

---

[/indent]But I don’t have a router or am planning to buy one… I just don’t need it.
[indent]

---

and having a hardware firewall means that you have screened out perhaps 95-99% of all the attacks that would otherwise have to be dealt with by a software firewall. Indeed, I have heard it argued that if you have a hardware firewall you don’t really need to bother having a software firewall, just the usual antivirus and antispyware which is always required.

---

[/indent]If the converse is true, then if I have a software firewall I don’t need a hardware firewall and can therefore save a few bucks. As my needs are very simple, I’m unwilling to shell out a cent when there are free alternatives.

Reply | Quote

Your needs may be simple. BUT what is your data worth? Layered security is the best way to go these days. A hardware firewall provided by a router can dramatically lessen the load on your system. A very substantial percentage of attempts to access your system will be stopped by the hardware and not have to be handled by the software. Several years ago when I first installed a router at home I had only one PC but noticed a tremendous number of hits in my ZA log. After I installed the router that number dropped by at least 90%. My system became much more responsive and let me put off buying a new system for a while longer.

Joe

--Joe

Reply | Quote

Joe, thanks for your comments.

I might have spoken out of ignorance, but what I intended to mean is that in my past experience, I survived 8+ years with only a software firewall and without a problem (no intruders and having control over which programs connect to the internet). I didn’t know the advantages of hardware FWs you mention.
This said, I’m still unwilling to get a hardware FW. I’d rather use a software alone.

Reply | Quote

Probably the biggest advantage of using the combination of Hardware and Software firewalls is that this presents two layers for the hacker to break through.

Every software product has bugs, and most of them have security bugs – this includes firewalls. If somebody discovers a way to break through your firewall it could take the software vendor a few weeks to discover that this has happened and release a patch. During that time your hardware firewall would prevent the hackers from getting to your PC.

This same argument applies to people who think a hardware firewall is sufficient. It isn’t really hardware, it is software running on the router and it too could be compromised. The software firewall will keep you protected until a firmware fix comes out for your router.

So we get back to the original question “How much is your data worth?”

StuartR

Reply | Quote

[indent]

---

So we get back to the original question “How much is your data worth?”

---

[/indent]Two pints of lager, and a packet of crisps sounds about right .

But seriously, I’m going to jump on one bandwagon for a moment, and gracefully jump to the other afterwards.

At home, I have a mixed OS network. ALL the Windows boxes have ZoneAlarm (Free) installed and running, along with the other anti-badguy packages in various forms. My Linux installations, have no anti-virus, firewall, or anti-spyware (save for Firefox plugins) installed. The Windows PCs are used by various people, so I can not trust everything to be decided correctly, with safe computing in mind. The Linux PCs, are used by me personally – and I feel safe enough in my choices on those installs to not have software locally installed to monitor for those things.

I do however, use my ISP’s gateway (modem, whatever they call it these days), as a router. It’s designed to use NAT over both wired and WiFi connections.

Diegol, perhaps there is a happy medium here for you to consider. There are Linux distributions out there (Distrowatch.org Firewall listing) that will run on an old PC with two network cards. Wouldn’t cost you anything to give it a try outside of the price of a bank CD or DVD.

Reply | Quote

I’ve had some complicated days that prevented my posting earlier. I want to thank you for all your thoughtful recommendations.

I solved my FW needs (temporally) about 10 days ago. This is what I did (what I remember):

I tried the software in this order: Agnitum Outpost, Comodo, ZoneAlarm.

To be honest, I don’t remember what made me remove A.O.

As regards Comodo, it didn’t seem very user friendly at first at least. It was learning something I didn’t have time to check; what’s more, other less computer-savvy Windows users use my PC and they were frustrated to be constantly prompted by alerts. The fact that they were left without a decent help desk (that’s me) worsened things, and I decided to postpone it for when calmer waters come. I do remember that settings in Comodo were global for all users, ie, if I grant a certain program access to the Internet with my user, the setting will also apply for other users. I didn’t like this, because there’s the risk that another less informed user accepts something I wouldn’t (and maybe I won’t even notice this change if the user tells Comodo to remember the setting).

So I provisionally came back to the simple ZA which I already know. I think I checked and ZA’s settings are global for all users too (not quite sure though), but I cannot keep investigating any more right now. I plan to switch to Comodo in 6 month’s time or so.

Again, thank you!!!

Reply | Quote

If you are using Vista, I’d recommend that you strongly consider using the Windows Firewall. It does have outbound protection. It is a bit hard to get to – Control Panel | Sysatem and Maintenance | Administrative Tools | Windows Firewall with Advanced Security. There is also a third party program Vista Firewall Control : Sphinx Software which gives you a GUI interface to the Windows Firewall.

Joe

--Joe

Reply | Quote

Hello, Joe.

I’m not using Vista but XP — forgot to mention that.

I appreciate the wealth of replies to this thread. I realized that my first post might have discouraged ZA users to comment on their experiences with ZA and / or how it’s better than other FW software. I’d be interested in reading your reasons too. Besides, that’d complete the thread for future FW wants reference.

Thank you.

Reply | Quote

What I like about ZA Free is that it is not difficult to access the logs – which makes it easier to add an IP Address to the trusted zone.

This has simplified managing access between PCs on our home network – if one PC can’t connect to another one; just view the logs on both, identify the IP address for the connection that’s been rejected and mark it as trusted on each PC.

I’ve been roped in to helping to set up my brother’s home nerwork which is based around the (paid for) MaAfee Security Centre; Unblocking access on McAfee is much less simple.
YMMV

Reply | Quote

Hi, I’ve just dumped Comodo Firewall 3 in favour of Online Armor. I had problems with the Comodo Firewall crashing when I switched off the computer. It’s very early days with Online Armor but I have a good feeling about it – the same one I used to get when using Sygate. I’m using the Free edition of Online Armor at the moment and it includes some hips protection. If it works out well I might even end up buying a subscription and completely replacing ProcessGuard which I’m still using.

Hope this helps,

Chris (Hunt)

Reply | Quote

(Edited by jscher2000 on 16-Mar-08 13:07. Changed link tag from wiki syntax to Lounge syntax.)

I use Comodo Firewall on my computers, I find it very easy to use and have only ever had one problem with it. There was a compatibility issue with Vista and Windows update which caused some updates to fail, but Comodo very quickly released an updated version which solved the problem.

Reply | Quote