Hi I have tried a few different firewalls and tested them with Gibson Research Shields Up. Up to now, the Windows built in firewall seems to perform best. Am I missing something here as Windows Firewall doesn't seem to get a good reception around here?
Ian
That is basically the way I feel about it. I have tried a number of different firewalls and have experienced everything from massive slowdown of the system with some and over intrusiveness from others. Sygate Personal Firewal, which I have used for around 18 months, just crashes and shuts down as soon as it starts. This was following a Sygate recommended update. Anyway, I now have AVG, Spybot S & D, Spywareblaster and Windows Firewall. Should be OK!! Thanks for the input.
Ian
"Ian Pollard" wrote in message news: snipped-for-privacy@4ax.com...
I'm assuming you're a home user. If you are sure of your ability to secure the computer and if you are sure of your ability to make certain that it never catches anything nasty, or if there is someone else to take care of the security for you, then the Windows firewall is fine. If you are not 100% sure of this then you need an external firewall. This means that nearly everyone who uses an Internet connected Windows PC at home must have an external firewall. The simplest type of external firewall is a NAT router which we all know is not a real firewall but it's much better than nothing and boxes with outbound filtering are no longer very expensive. An external firewall cannot be compromised by malware on your PC but it is still important to make sure that no malware gets on the PC. A NAT router won't stop your computer being instructed to download a trojan from a dodgy site and it won't help with making sure that the configuration of your computer is as secure as it can be. Stay away from P2P file sharing unless you know exactly what you're doing and have an isolated PC to use which can quickly be restored from a clean image if necessary. You need a virus scanner far more than you need a software firewall on a Windows PC. A few other adware/spyware analysis and prevention tools are also a good idea. Don't use Internet Explorer whatever you do. Use an alternative such as Firefox. Make sure you have all updates from Windows Update. If you want a cheap external box and don't want to have to think too much about its configuration then get one of these
Jason
Jason, while I still recommend a router with NAT, you should be aware that there is an exploit for Linksys routers with certain firmware that can be compromised when the user visits a website with a malicious script - the script will access the router at the default IP/password and change settings to let the hacker into the router.
Users that entered a non-default password and/or that don't use the default subnet are not subject to this form of compromise.
Even with the above exploit, the NAT routers from any vendor make a great first line of defense for home/soho users.
I don't doubt that at all. I've never set one up with a default password and without checking for the latest firmware. In fact I've never set anything up with defaults, password or otherwise. Always change it and keep detailed records which no-one else can possibly access.
Thanks for pointing that out.
SNMP is another example of a default which few people change. Any box running software connected to the Internet requires the user to be aware of software (firmware in this case) updates and to install them as required. Unfortunately phrases such as 'flash the firmware' do tend to generate blank stares sometimes. So do phrases like 'where are the setup and password records'?
I will confess that I've been known not to use an external firewall with a Windows PC, but I have more than one IP address, and I would never let anyone else use the same PC, well not for very long, and if giving advice to anyone else I would never recommend that they do this because in most cases it would result in a spambot after a few days.
Jason
It depends on the people and their personal opinion. In my opinion (;-) the windows firewall is all you need. The other PFWs do mess up your system, slow it down and promise a long list of additional security "features" that you either won't need or that won't work reliably like the application control of outgoing traffic which can be easily circumvented but still people think it is good to block outgoing traffic of some applications instead of either deinstalling it if they don't like it or just configuring it properly...
If all you want is a proper shutdown of your ports, the windows firewall should be your choice. The alternative would be to shut down all unnessary services which can be difficult at times... Since I am using only the windows firewall my computer is really fast again...
Gerald
Your just as likely to get slowdowns and problems from AVs as well as firewalls .Whilst outgoing application control may not be 100% foolproof ,it is nevertheless extra security.In my opinion the same logic that you are applying could apply to your AVG.Antivirus apps can also cause slowdowns and its resident scanner also slows down your system (especially if its set to scan all files).Would you risk using that as just an on demand scanner?,and turn off its resident scanner?.Some would , and some dont use either a firewall or an av full stop.Personally id use both ...with outbound filtering on the firewall. me
To me it all boils down to one thing - if you use MS's firewall you have to say you TRUST MS to secure your machine without any holes/exploits.
As we all know, the MS firewall can be controlled pragmatically without the user knowing about it. The MS firewall also came with a hole right out of the box (which was patched).
When it comes to security I'm very, forgive the expression, anal, about it. For a home user I would always want at least a border device like a NAT router, then quality AV software, a non-IE browser and non-OE/Outlook email client, and then to lock the computer down as much as possible - including not letting the user run as Administrator under normal use of the system. I would also install AdAwareSE and WallWatcher - between these two products you get most of any new spyware and also get to see all inbound and outbound traffic so that you can determine if your network is still secure.
At the router I block outbound connections "to" remote ports 135 through
139 and 445 and several others, but those are the main ones.An added measure, for people that run QuickBooks or other financial software, or keep their identity on the computer, would be to install something simple for them to manage, a personal firewall like ZoneAlarm. I would trust ZA over anything that MS produces, even their ISA server.
I have yet to have a compromised system using the above methods for home users.
I agree with Gerald when he says it depends on the people and their personal opinion. If someone wants to run with a particular configuration then I see no reason why I should argue as long as they understand the risks. After all I've been known to run with a public IP address and no firewall box. So if someone else understands the risks and still wants to do it then that's fine with me. If they don't understand the risks then they are probably going to take my advice and get a minimum of a NAT box. The PC I'm sitting at has no firewall software. (But not a public IP in this case.) It does have AVG but I have found that AVG does seem to live up to its claim of low system resource use. I never notice it except when it gets updates. This PC isn't on all the time so I can't schedule updates overnight. AVG has never found anything anyway. I prefer to know what is in the system and not to add anything unless I trust it to have no possible malicious or dubious intent. That way I can be reasonably sure that there is nothing in the system that a personal firewall failed to notice. I trust very little with a web browser and I'm not quick to click on links posted on Usenet, although I do post links myself sometimes. I do not say that personal firewall software is never useful but I don't use it myself. These are just my opinions.
Jason
I generally don't need the resident scanner. It's no real use. When I have a file in question and stored it for a couple of days and let the scanner run over it. Despite of that there is little you can do. The impact of even your resident scanner is not that big as the PFWs. There are hooks in the system that are called when files are created or accessed for instance. This is normal Windows operation. AV scanners usually don't consume 75% of your CPU.
PFWs integrate deep into the system, make many modifications that break compatibility with many applications and cause problems. The "extra security" requires generally a lot of user interaction and knowledge which most people do not have. What is the answer if "svchost.exe" wants to access the internet? "Always deny"? Or "allow" as recommended? What if the next time the same svchost.exe pops up and now the recommendation is "deny"? You allowed it the last time, how would you know that this svchost.exe is a virus??
No PFW does tell you frankly that is works only in 75% of the cases. No PFW tells you that you still have to be as careful as without the PFW additional features. Most PFWs require a lot of knowledge from the user. And there is the irony: as long as people don't know they will quickly misconfigure the PFW. Once people do have the knowledge and experience, well, they don't need these features anymore because they know how to behave (most at least do)
Yes, but how many people have problems with the outbound filter? It denies some access to something they want access right now. Most of the people are quickly able to report: "it works if I turn off the PFW. What can I do?". I never have to turn off the XP SP2 firewall, but turning off a PFW seems to be standard problem solving method for PFWs. When I had NIS I often had to do so, too, because sometimes it was unclear if it was an application problem or some of the zillions complex rules in various different places of NIS that misfired. And if you know real firewall operations NIS firewall rules firing can sometimes be more than a miracle...
The outbound filtering is one of the best excuses for people not to care about security on their computer. Full stop.
Gerald
I respect your views Gerald but disagree so I wont debate with you as we have two opposing views but would like to clarify one thing.My firewall (with outbound application filtering)consumes less than 1% cpu power.I think id be pretty upset with an app that used 75% too and would get rid of it .Ive tried many over the years and never found one using that sort of consumption,though like any software ,conflicts are possible.While i accept your views your generalization is your personal opinion.For example your comment that "the impact of your resident scanner is not that big as the PFWs ,is your opinion and not a factual statement.My Av resident scanner utilizes more memory and cpu cycles than my firewall.Thats a fact.I havent had experience using NIS, though i have heard that it is a resource hog. me
I do.......My computer is a p3 733 w98 machine thats 5 years old .
It is opinion...As ive already mentioned my firewall uses less resources than my AV.Look n stop or kerio 2.1.5 uses far less cpu and memory than most Avs .
Your sense of "general truth" may apply to your personal experiences ,but not mine.
I dont know...Perhaps some users of those products might comment on thier resource usages. me
Your computer is probably just a couple of weeks or months old. High-speed machine, lots of memory, lots of CPU power, cache, fast hard disc. PFWs are like Windows version: with each upgrade you need a new computer... Try running a PFW on something with less than 1 GHz...
It is not opinion. It is observation from experience with various computers I've seen myself as well as many reports from other people in Usenet and elsewhere.
That's is a fact for your installation on your computer. It is not a fact in the sense of general truth. The latter we can only approximate by using experience or other considerations. It may be that for your computer your PFW runs faster as your AV. But it also depends on your scanner configuration, for example. If you scan any file for example that it slows down dramatically although it does not make really much sense to have TXT, MDB or other files scanned for each and every access. Your PFW may run low on if it has nothing to do. Are your connected directly to the internet or do you have a NAT router inbetween? Directly on the internet the PFW is usually extremely busy to block all those "attacks" on unused ports, etc.
Those with NIS say Avast is one, too. Those with Avast say...
Gerald
And you are running the 2005 version? If you do, I would call that a miracle that I have never seen before... Also, do you tried the difference if you uninstall the PFW?
Again, your's is your opinion and your experience which may not match with the general experience. I conclude from the experiences I have seen and it is thus not any more just my opinion. It is a fact that they cause a lot of problems and consume much CPU. You use Kerio 2 so you are not updated to the current state of the art. 5 years ago PFWs were not that intrusive and they had to work with the computers that were made at that time. Try upgrading to Kerio 4...
But you only consider your personal experience, I conclude from many experiences with many computers from many people. If I would put together a study and publish it and would say that in 90% they consume much CPU power, would it then be enough? An opinion is based on personal, generally unsystematic thoughts and believe...
Yeah, I loved to hear them, too. The problem is generally, that people accept the speed of their computer with PFW as they do not have a comparison to another computer without and most people don't make benchmarks test with and without PFW installed...
Gerald
Ahh i see now...my opinion and experience is just that , whereas your opinion and experience matches the general experience (in your opinion).Its a fact that that kerio 2.1.5 and look n stop uses less cpu and memory than practically all avs with a resident scanner.Before suggesting anything else perhaps you should do some retests yourself.I will continue to advise posters to use an outbound application firewall rather than one without,and im sure you will continue to advise the opposite. respectfully. me
This is _your_ _personal_ experience with just your _own_ computer. It is one single example you are giving from all possible out there. I have my experience plus more first-hand and second-hand knowledge about problems that occur. From the people I know almost everyone has had some severe problems and slowdowns with PFWs and almost everyone started sooner or later to frequently turn it off and on because some applications did not work. So my "opinion" is not based on one problematic computer that I have but it is based on statistical facts. If 75% of my friends have had problems with PFWs this is not just my personal opinion anymore. The group may be not representative for the overall general internet population but I believe it is fairly average anyhow.
You know _one_ example, _one_ computer. This is just your personal experience. I never doubted that there are cases in which a PFW does run fairly well. Maybe you are lucky with your old version and your old computer on your old Windows.
I base my advice and opinion on PFWs on a much larger number of people and computers. This is statistically and shows that there are in general more problems than times it works fine and without severe penalty (at least after some time). This is not just opinion any more.
If you knew people that take some new miracle drug and you see that 75% of the people get sooner or later severe health problems due to this drug (O.K. let's assume you know that it is linked), isn't this something totally different than someone saying "I take it for years and I feel well"? The one thing is a statistical observation. The other is just one personal experience with no indication with which percentage problems will appear in general.
For a comparision you have to elaborate which version you compared. You have a very old version of Kerio. I suspect any newer version of any AV scanner, Kerio or others, will bring your machine down quickly... And, my Windows XP SP2 firewall does definitively consume much less cpu and memory than any other PFW or AV.
This would just add one test-case to the rest of the observations and would not shift it that dramatically...
Gerald
Well, I am connected to Skype right now that generates a lots of connections. Also now running Yahoo messenger. And Thunderbird writing this, Firefox also open.
Sygate 5.5 2710 free consumes 0 to 2, sometimes 3 percent of CPU, but most time 0. When no new connections are made, it is zero. I have disabled Wireless Zero Configuration service I would have known none without SPF.
In general outbound controlling firewall teaches also it's user. I agree with Gerald about it taking a learning phase that is propably a too steep for many user's. For them XP SP2 is just fine.
Avast 4.5 free consumes zero percent the time it is not checking any. It has running email/newsgroup shield, the standard resident shield like normal firewalls. Also the new webshield and also instant messenger shield, p2p network shield and the network DCOM attack shield. It is running on default settings.
My system AMD Athlon 2400, 512 MB is over 2 years old. System requirements for Win XP are quite steep to give you some consideration.
My fw and av won't consume much CPU for any configurations running otherwise fine with XP. And they won't consume RAM either much. After running for a day, surfing sites, chatting etc, SPF is taking 8700 kB and Avast 25480 kB for all it's processes and GUI.
Kerio 2.1.5 firewall engine version is dated 30 april 2003 (less than 2 years old)...the drivers version 3 created 15 april 2002 (less than 3 years old) so please again, dont generalise about 5 years ago.The point is that it has outgoin application filtering, and doesnt use 75% cpu usage that you seem to suggest all application firewalls consumes.Perhaps your inability to configure NIS properly , reflects your opinion that ALL application firewalls cause problems. me
I use Sygate at home, but i also tried to use it on a server at one time. At home it works fine, but it still consumes ~12MB of memory, and even using a single simple UDP application it uses 3-5% CPU on my Athlon 3200+. On the server, handling lots of UDP/TCP traffic, it went totally bananas and used
80-100% CPU power during heavy traffic. All in all i tend to agree that PF's are POTENTIAL resource hogs, but im pretty confident that it is just a matter of implementing them properly.PT
There is sure something wrong with your firewall. Read my post below with a slower computer using Sygate. The new 5.6 version was released only to be recognized by the XP SP2 security center, and there was implemented something that should not be there. There is no known security fixes in that. Sygate has never had such poor reviews than after that revision. Maybe now even your system is so corrupted that you cannot get the trusty 5.5 2710 to work?
Or have you not uninstalled all the previous firewalls. Some remnants in registry?
Is SPF allowed to be used on the server edition windows?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.