PDA

View Full Version : Firewalls



gyrlwriter
12-23-2002, 10:18 AM
:unsure:
Ok...I need some help...
I'm trying to find a good firewall to work with XP...that search led me here, looking for an older version of Zone Alarm. But really, I don't know what I'm looking for. In fact, I'm wondering, do I really even need a firewall, it's not like there is anything "important" in my computer...I don't have naked pics or anything personal...So I'd appreciate any input on firewalls - the good, the bad, the ugly...what works well with XP (free is best!) Anybody out there have any recommendations???
Thanks for your help...it's greatly appreciated!
Mandi

epp_b
12-23-2002, 04:13 PM
Yes, ZoneAlarm is usually pretty good. Check the system requirements, though. Don't use Norton IS fireware, though. It's buggy and doesn't interact well with Windows Explorer. If you use DSL or Cable, get a firewall, right away! If not (56k, dial-up, whatever), it's not as much of an issue. But, regardless, it's always a good idea to protect your computer from unwanted visitors by means of a firewall -- even if you don't have anything extremely important on it.

OldVersion.com Admin
12-23-2002, 04:31 PM
Windows XP comes with a built in firewall as well. Might want to give that some consideration.

zack
12-24-2002, 06:08 PM
You don't need a firewall. This is absolute nonsense. It makes absolutely no difference at all if you are on cable or are on dialup. The notion that everyone needs a firewall is just hype from symantec, network associates, Zone Labs, etc. By default, nobody is going to be able to get into your computer. Only way is if they somehow installed a trojan that grants them access.

All you really need is an Anti-Virus program. You don't even need that if you practice safe computing. Anti Virus software will get rid of almost all trojans, in effect shutting down a potential intruder's access to your computer.

If you want a firewall, I can NOT recommend any software firewall. These can be disabled fairly easily by a malicious program. Get yourself a hardware router designed for cable/dsl internet access. Most of these come with 4 port switches and have NAT and are perfectly effective as a firewall. You can open and forward ports as needed, and most have filtering capabilities as well. I recommend a Netgear RP114 (if you can still find it) or the (plastic) RP614. A hardware firewall is the most secure option as it goes between your computer and internet connection. No software can get around it.

OldVersion.com Admin
12-24-2002, 06:24 PM
Originally posted by zack@Dec 24 2002, 07:08 PM
You don't need a firewall. This is absolute nonsense. It makes absolutely no difference at all if you are on cable or are on dialup. The notion that everyone needs a firewall is just hype from symantec, network associates, Zone Labs, etc. By default, nobody is going to be able to get into your computer. Only way is if they somehow installed a trojan that grants them access.

All you really need is an Anti-Virus program. You don't even need that if you practice safe computing. Anti Virus software will get rid of almost all trojans, in effect shutting down a potential intruder's access to your computer.

If you want a firewall, I can NOT recommend any software firewall. These can be disabled fairly easily by a malicious program. Get yourself a hardware router designed for cable/dsl internet access. Most of these come with 4 port switches and have NAT and are perfectly effective as a firewall. You can open and forward ports as needed, and most have filtering capabilities as well. I recommend a Netgear RP114 (if you can still find it) or the (plastic) RP614. A hardware firewall is the most secure option as it goes between your computer and internet connection. No software can get around it.
Well, it is true that firewalls are usually not necessery, however you make it seem as it's rather difficult for people to hack into a computer. It's not, not with Windows. Especially for people that do not update their computer. If someone wants to harm you badly enough, they will. Whether it's a DoS attack (some may consider that 'kiddy scripts' but they are highly effective and rather of an annoyance) or whether someone attempts to completely root your access. They can just scan for open ports with a simple program, then search for known exploits that can be completed on those ports. Software firewalls will help you stop it, but hardware firewalls are much more effective, as you pointed out.

Your computer is always vulnerable, it is more stealthy with a software firewall, and even harder to crack with a hardware one. However, it can be penetrated if a hacker willing enough and diligent enough to hack you. You should password protect the administrator account, and be weary at running FTP, or web servers. If you are just a normal non-poweruser a firewall may not be required. It depends on whether you are willing enough to take the risk. I would just recommend turning on the firewall that is built into Windows XP, make sure you configure it properly with the ports you should open (ask yourself whether you use AIM and open the port for 'direct connection' and etc).

Simon
12-25-2002, 12:38 PM
A software firewall will, as some of you have pointed out, are not absolute protection against hackers, especially not if you have no AV program and so no protection against trojan horses that you could get by e-mail. BUT, it is still a good idea to have one, for one good reason: if someone wants to try and get into a system just for the hell of it and does a port scan if you've got a software firewall, is s/he going to try for the poor newbie's system with no security patches and most ports left open, or you, with automatic bad packet deflection and stealthed ports?

BTW, if you find that you have some problems with zonealarm (some people do), try Agnitum Outpost http://www.agnitum.com/products/outpost/ (it's free).

Mecka Car
02-08-2003, 10:24 PM
Hello All.

Speakng of firewalls..

Is there any firewall software that will run on Windows 3.11 platform? I tried older versions of Zone alarm from the site, but they do not appear to install, nor to run properly.

I know that 3.1 does not have the concept of registry like 9x does, but I would feel safer on line with DSL with firewall protection,

Thanks.

Guest
02-09-2003, 07:36 AM
Okey, lets sumarize: You do not need a firewall to protect your comp if you do not have anything of importance stashed in it. Well, it's true... But (and it is a big but) what if someone gets access to your comp and uses it to store files with illegal content or uses it as a nod in a dos-attack? Would you like to be part of something like that? Do not think so. (and this is not mumbo jumbo - it can happen, and is likely to happen! The easiest way protect yourself from this is to have a firewall, but if you do not want one - use something that can meassure your connection so that you can see if your comp is transmitting data when you not use any services.

igor
02-10-2003, 02:22 PM
This is an argument that has no right answer. Even the most secure servers (Pentagon, FBI, etc.) that have dozens of professionals in charge of security still get hacked. On the other hand, there are numerous regular home computers that use absolutely no protection, but have never been attacked.

A firewall is a security measure. If you lock the door to your house, you not decreasing the chances of being robbed by a lot, but most people still do it.

- Igor

YUorME
02-24-2003, 07:34 PM
if you find that you have some problems with zonealarm (some people do), try Agnitum Outpost http://www.agnitum.com/products/outpost/ (it's free).

This piece of software is really something! It has so many features and is probably one of the easiests software firewalls to use. (ZoneAlarm is the easiest but its becoming buggy) It also includes ad blocking, content (porn etc.) blocking, popup blocking and some malicious script protection as well. it also detects trojans by constantly checking your internet accessing programs so it displays a warning every time the program changes. Considering it free, its a great piece of software to get.

The address is again: http://www.agnitum.com/products/outpost/Outpost Firewall (http://www.agnitum.com/products/outpost/)

The Muffin Man
03-06-2003, 11:23 AM
The fact of that matter is, you DO need a firewall. Here are some reasons:

1) You may have spyware on your computer, which slows down
your internet connection, especially those with dialup

2) Some hackers litterally scan the internet, searching for vonerable computers to break into and destroy...or use for a DDOS attack on another
server.

3) Your computer may contain infomation like name/address/phone# that
people are very intrested in for the purpose of identity theft.

4) You might acctually have something important in your computer
like a companies list of stock reports or...something.

So there. I have a firewall for reasons 1,2 and 3. By the way, my firewall
is ZoneAlarm Pro. The one you pay for is a lot better than the free one.

icemanx
03-14-2003, 05:15 AM
Guys remember now microcrap err soft do not take hackers to court no is because if they break in they HIRE them to work for them so then that they stay Safer for later on when someone else tries to hack into microsoft

its been like that for ages

so unless you want agrovation of the firwall I wouldnt bother just use a good antivirus and trojan remover


have a nice day

catch me on Efnet - #cracks and #serialz

peppycomputer
05-28-2003, 09:19 PM
:huh:
This post intreged me, I read the responses to the post and watch the flow in the answers. You all together have the right ideas and are on the right track, No a fire wall is not necessary? That counts on what you do on the computer and if you leave it online all the time. a fire wall is a short term protection anyone who has any abilities to hack will get in. A firewall allows you to safely work your computer on a net and give you advantage.
Nothing is safe on your computer, if you leave it on line. I had a freind who always left msn on line at all times, 24 hours a day. He never thought that would be a problem! Never believe that some one will not find that you are on line 24 hours aday. He learned the hard way. Me had firewalls and was assuming that he was safe.
Dos was mentioned and I still feel that many of you do not understand that you attack Dos you attack the whole computer. Your basics for the commands of your computer are Dos. That said, you will find that someone who attacks Dos, knows that he or she can affect your computer come and go as pleases and 99% of the time you will never know it. If i was to look into your computer i would be only interested in what version of Dos you run. I would only pull your dirctory and find out what you had, I would find your passwords, i would find your back doors. If you were encrypted i would decrypt. every pass word you have in your system is there. for me to find. I have a saying," You can shut the front door,lock it and dead bolt it. If you do not do the same to the back door I will come in. If you bolt the back door I will come in the side door. If you got the doors bolted securly then I have "windows" to open and enter. I have a roof and i have a basement. Do not tell me I can not find away in.
If you have somthing of importance I will break the lock, If you are my play ground Then I will be there when you are not and maybe when you are. I can play in Dos while you are surfing and you will never know.
Dos is the Heart, windows is the covering, like love, affect the heart, you will either smile or frown.
Use your protection, But remember that I can get around anything you have because you left me the KEY. :(

Fishbait
05-29-2003, 03:06 AM
You definately do need a firewall. Most machines that get hacked are not to destroy or steal data. PC's are mostly hacked to use as a warez site. If I drop an ftp server onto your machine, put it under the recycle bin with a /com directory early in the path, you probably will not even know it is there. You also won't be able to remove it without formating unless you know the complete path name to the server (which you won't find unless the hacker gets sloppy and leaves a log file exposed). The best free hardware firewall is Ipcop. it will install on a 486. I have installed it for a few companies on P90's. Once installed, you can remove the keyboard, mouse, cd, floppy and monitor and administer it from another PC. It can be used with dialup, isdn dsl or cable. There is lots of free support in forums available (as with most Linux based products). You can download it from http://ipcop.org/cgi-bin/twiki/view/IPCop/WebHome. And, as I said, it is free.

locustfurnace
05-31-2003, 05:23 PM
Originally posted by peppycomputer@May 28 2003, 09:19 PM

Dos was mentioned and I still feel that many of you do not understand that you attack Dos you attack the whole computer. Your basics for the commands of your computer are Dos. That said, you will find that someone who attacks Dos, knows that he or she can affect your computer come and go as pleases and 99% of the time you will never know it. If i was to look into your computer i would be only interested in what version of Dos you run. I would only pull your dirctory and find out what you had, I would find your passwords,
:) thats not what they were meaning when they wrote DOS, which means Disk Operating system, ie Dr. DOS, Caldera DOS, MS DOS, PC DOS, FreeDOS, OPEN DOS, TandyDOS,
what they are referring to is DOS - Denial of Service.
DDOS - Distributed Denial of Service.

there is too many letter meanings for the same things in Computing!
it can be comfusing.

pertaining to firewalls, I am using Frazierwall.

one can easily build one. which I have, out of an old 486, running a Pentium Overdrive - 82Mhz, 20 megs RAM, no Hard disk, only a 1.44Mb Floppy Drive, 2 Nics. and a write protected (plastic tab protection) floppy.

it also can do DMZ if needed for web servers, mail servers, whatever ya run on your DMZ.
and there are many others that run from a CD-R. and can provide VPN and much more.

buy an old comp from a comp show and turn in into your firewall, router.
Under a heavy load on my Firewall (82Mhz), which is dowloading at 2.5kbps on my connection, the load on my firewall is only 0.22%, thats not even a full 1%, so dont think you cant use old equpiment for a multipurpose, multi-user firewall.

The_Muffin_Man
06-02-2003, 07:06 PM
Okay, it is established. If you do not use a firewall or use a flawed firewall (such as WinXP firewall or BlackICE), then you are risking the data on your computer. The more you are online, the greater the risk too. Now, when you go shopping for a firewall, what should you get? Well, personally, I would get a hardware firewall, software firewall and an ANTIVIRUS PROGRAM, ensuring maximum protection.


Most routers of today use Stateful Packet Inspection to give hardware firewall security. This gives the protection that most users will be satisfied with, but they are not as secure as software firewalls. Someone can still get in will some more effort, and let us not forget the danger of trojans and spyware which will not be stoped by a router. That is where a good software firewall like ZoneAlarm Pro or Sysgate comes in. They add a final layer of protection in firewalls.

But wait! Software firewalls can be defeated too by a virus or trojan, because they are on the hard drive. So, you need an antivirus program (or a lot of selectivity in downloads) to prevent against that.


------------------------------------------------------------------------------------------------
Now here is where I bash M$ a little...
------------------------------------------------------------------------------------------------

Now doesn't that just plain suck? Having to buy a software firewall, hardware firewall and antivirus program for maximum protection? Yes it does. But...this really only applies to Windows Users. Thats right, use a mac, get your chances of being hacked/recieving spyware reduced 80%. And they say Windows is cheeper. Don't believe me? Most general hack attempts on home users are an attempt on NetBIOS...that is Windows Networking. Oh, and is Xupiter compatible with Mac OS? Didn't think so...


*I have never used IPCop but it seems to be for linux machines too. Fishbait said that is is a hardware firewall, but, you can download it? Okay...

locustfurnace
06-02-2003, 11:45 PM
Ip cop, can be downloaded, and it is either burnt to a CD-r or run on a dedicated machine.
if it runs on a CD-r, then it would be the similar to a hardware firewall.
in the sense that the config files cant be modified. you might be able to get around it, but a person would then only have to reboot the system.
since you can not write to the CD-r once it has been burnt, it would not permit anyone to install a trojan. if some did manage to "install" it, it can easily be eliminated with a reboot of the system, since if someone DID plant a trojan, it would only exist in RAM, it could not be placed onto the CD-R.
and updating a system is simple. just burn a new CD, reboot the firewall. and all ready to go.
sure it wont be exactly the same as a hardware IC, EEPROM programed chip Firewal, etc. etcl. but will cost much less.
and since your OS does not exist on the same IP address as the firewall. which the firewall would be using a reachable IP adress. and the OS on an unreachable IP address, it does add some more protection by being on an ip address of 192.168.x.x or 10.x.x.x.
which is a much better step up from a software firewall run on the same system as the OS.
and can be built by anyone.

yea, only Windows users have a Virus problem, dont see many virii for *Bsd's, Linux, Solaris, BeOS, QNX., Plan9, Inferno OS.

The_Muffin_Man
06-05-2003, 01:03 PM
I have read some reviews on IPCop and it seems to be a very good program. However, it is not a hardware firewall. Just because you put it on a CD-R doesn't make it a hardware firewall and just because it is hard to delete doesn't make it a hardware firewall either. There is no such thing as a piece of hardware that you can download. yeah, so it is good, but stop calling it a hardware firewall now.

locustfurnace
06-06-2003, 04:30 AM
I said performs similar, not is.
but besides that. a question about Hardware firewalls

How does a hardware firewall work?
does it use silicon chips, Diodes, resisters, triacs, zeners, SCRs, ICs, caps, tansistors etc, to do its filtering?
which would be Electronic materials, (hardware)

or does it use an EEPROM, RAM, PRAM, which permit Flash upgrades, like a MB's BIOS?
which would be Software programmable. (software)

Since I cant find any schematics online to see PCBs of a firewall, i can only guess it will use some sort of programmable chip. which is Software that programs the chip. the same goes for Embedded appliances, they are hardware, but they rely on software to be programmed into a chip. such as my Visara MTX 1783 thinclient, it has an embedded OS; QNX, on a chip. no matter what it is still software running the hardware appliance.

an example of a real Hardware device would be something like an oscilloscope, which generally are made from electronic parts, and then there exists Software which can turn a PC into a oscilloscope.

or a hardware CD player, compared to a software based player.

would i upgrade the firewall by soldering in new coponents, or download a flash upgrade?

last time I "upgraded" my AOR2700 to permit voice recording i installed a chip.
to eliminate birdys i had to solder higher ohm resistors, new caps, not install new software.

since I don't know. amd I am asking for a example of a Firewall built without programmable (software) chips. and one built with only diodes, resistors, etc filtering.

The_Muffin_Man
06-06-2003, 08:36 AM
http://www.esoft.com/?source=overture

^^^Theres your hardware firewall, with other good stuff as well

whocudathowtit
06-06-2003, 01:45 PM
Hi !,

Go here :-- http://grc.com/dos/drdos.htm Read through that article. Afterwards consider " Do you want your machine taken over in this fashion, so some hacker can attack other net users". I don't, so I use a firewall to help avoid that situation. The pro's and con's of which firewall to use is another vast subject.
Do yourselves and everyone else a favour get a firewall. :D

The_Muffin_Man
06-09-2003, 01:00 PM
Yeah, I read that a long time ago. I also read the one where his server was shut down by a 13-year-old script kiddie. The only thing that killed his connection was the fact that he couldn't contact his ISP fast enough to filter out the false packets. Of course, the government wouldn't help him either. :rolleyes:

That is why you need a software firewall. You need to prevent against trojans like the ones implemented to attack Steve Gibson.