Best Firewall

To expand on that (and I agree for the most part) you may wish to look into a Cisco PIX, SonicWALL, etc... an alternate solution is a dedicated machine running linux/*nix of some variety setup strictly as a firewall... although I'm personally a fan of dedicated specialized equipment when it comes to networking equipment.

-- Shadus

In article , hplayer03 wrote: :Just wondering what was the best Free or Purchased Firewall?? ie. :ZoneAlarm, Norton, Sygate...

The archives of the discussion here of 2 weeks ago can be found at

In particular, quoting from my answer of the time:

We'll need to know your set of metrics (measurement functions that assign specific numeric values), and the weighting function used to project from the measurement list into a final score. The decision of which is the "best" is dependant on what you mean by "best".

I understand the arguments against software firewalls and pro hardware firewalls, but these units currently range in price from US$1000 to more than $15000. There are a few between $600 - $999.

Not exactly attractive to the home broadband user.

If the arguments for hardware firewalls are so compelling, it seems Cisco, Sonicwall, and others would be developing low cost hardware firewall solutions for non-commercial home users. What they might lose in high margins on expensive units, they could regain in volume of sales of low cost home user-oriented boxes.

Until there are sub $100 dollar hardware firewalls, people are going to go for the perceived protection of software firewalls, whether real or not.

"hplayer03" wrote in news:1125582451.330193.249720 @g47g2000cwa.googlegroups.com:

Hey, download the trial ware and find the one that fits your needs. No one can tell you what's the best and you must figure it out on your own based on your needs.

Duane :)

Just wondering what was the best motor vehicle?? i.e. BMW M3, Toyota Prism, Hummer H2, White Freightliner...

It depends whether you want to go racing, or haul a hundred refrigerators across the state.

Now, if you'd care to define your problem a little more specifically, you might get a more specific answer. Then again, if you are asking about a "personal" firewall for some version of windoze (note that you didn't even bother mentioning your operating platform or O/S), all you might get is the usual flame war equivalent to which beer is better.

Old guy

Those are not firewalls. They're "Personal Firewalls", products one doesn't need.

Yours, VB.

In article , J. E. Durbin wrote: :If the arguments for hardware firewalls are so compelling, it seems :Cisco, Sonicwall, and others would be developing low cost hardware :firewall solutions for non-commercial home users. What they might lose :in high margins on expensive units, they could regain in volume of :sales of low cost home user-oriented boxes.

Cisco doesn't do -any- "low cost home user-oriented" devices, not under their own brand name. Cisco's support organization isn't equipped to handle masses of questions from people who expect practically-free support.

Cisco does make some inexpensive devices under it's Linksys brandname, that it markets as "firewalls". Linksys support is third-world call-center, last I heard... be sure to have your Windows re-install discs ready so you can follow the script.

J. E. Durbin wrote in news: snipped-for-privacy@4ax.com:

dedicated

What? You can go get a refurbished/used low-end one for $100 or less that will have a full 90 day warrantee and support on them.

Duane :)

I just spoke with Linksys tech support today. The tech I spoke with was located in the Phillipines. He did walk me through setting up my router (after changing cable modems) and was helpful and polite.

I find that the 24/7 aspect of Linksys tech support is worth a lot.

Louise

Where? If you don't know a lot about firewalls (I'm using Sygate at the moment), would a hardware firewall be difficult to set up?

TIA

Louise

louise wrote in news: snipped-for-privacy@news-server.nyc.rr.com:

There have been some posts providing links for Watchguard units made to me. Unfortunately, I didn't keep them. I sure if you got on the phone with Watchguard sales they could point you in the right direction. And I would suspect the same with other brands such as Sonicwall and others.

The units are plug and play like the Linksys you talked about in your other post and need little configuration on your part. You could look at the WG Firebox III SOHO 6 or 6tc line. If you're working with a Linksys router they are not much different than that just more powerful in the rules that can be set. Most of the rules for service like HTTP HTTPS, SMTP, etc etc have already been configured for you. You just have to enable them when needed, along with being able to make your own custom rules too when needed. It's a piece of cake.

Duane :)

thanks - I found the user manual online and I'm going to attempt to comprehend it :-)

Louise

I suggest that anyone buying a second-hand firewall appliance reset it to the factory defaults before using it as a precaution.

Andrew

On 2005-09-01, J E Durbin blabbed:

I paid 230$ for my cisco pix 501. I don't consider that an abhorant ammount for a firewall for my home network. It also lets me open a vpn to my place of work and use their network just like i'm sitting there.

Anything is better than nothing, so a software firewall isn't a bad plan. Again I mentioned a really low cost solution, build a pc for $150 on pricewatch, install linux, and tweak it up. Shrug, takes time and learning something about security and networking, but it's cheap.

The real problem that keeps home users from using hardware firewalls is they require configuration and if something involves more than "plug in" and "turn on" most home users "tune out".

Absolutely. Excellent advice there, you generally have to upgrade the firmware a bit also if it's a refurb/older unit.

Take your hands away from the keyboard, back away from the computer for a moment and try to remember what you were like before you became a techie. Also try to realize that the average home user of today won't even install a PFW. In fact, they will plug their PC directly into the cable or DSL modem and have never heard of a router.

Next come up with a way to convince a 79 year-old user or Joe the mechanic and his wife Marge the waitress that they need to spend another 50 bucks for a router and $100 - 300 + a $100/year subscription fee for a mystery box that, as far as they can tell, should have been part of the PC they already paid good damn money for.

Got an answer the average, non-techie, user will understand?

But they will sit there and play with a PFW solution and wonder why things are not working with the bloat ware in them. ;-)

Duane :)

I have been a techie since 1971 when I first enter the Information Technology field so it's a moot point.

With all the news about exploits dealing with the Windows O/S, I doubt that there are too many that don't know about using some type FW solution. Not in today's socity and environment and the Windows O/S being attacked on a routine basis. And if they don't know they don't know and they need to learn and learn quick.

Where does $100 a year come into play? It's certainly not on a Linksys, D-Link, Belkin etc router I have seen that you have to pay for firmware upgrades. The last time I looked and used Tech Support for the Linksys NAT router I owned, support was free for the registered device.

Now for the FW appliance I own, I am certainly not paying some $100 subscription fee to keep the firmware update and have support as I have not continued with the subscription. Now if I need to renew it because I need to update the firmware due to some exploit or a feature I want to add to the existing firmware, then I'll pay the fee. If it's not broke don't fix it by continually doing firmware upgrades, IMO for no reason. However, I would say that is applicable to FW appliances and not NAT routers for home usage where the firmware can be left static.

That's their problem. Maybe, they should not be on the Internet. I have some

80 year old users too that had machines that were given to them and all they did was have the machine exploited on a routine basis exploit after exploit after exploit, until they finally said they didn't want to be bothered with a computer and dumped them. ;-)

There is nothing they can do. They can throw all the crap ware they want on the machine, and if they don't understand it, they don't understand it. If the don't know how to protect the O/S, then the don't know how to do it. If they don't know how to implement safehex practices or use tools like Firefox or Thunderbird or other solutions other than MS's solutions, they don't know how to do it.

My first advice would be to anyone would be to get a cheap NAT router and put it in front of the machine as a start. It is a plug it up and go device that needs little configuration on the user's part and provides instant protection from the Internet. It's a standalone device that cannot be exploited easily or mis-configured like something that's running with the O/S on the computer.

Duane :)

You mean the same way OpenBSD has for years?

Agreed, and Microsoft has no excuse for taking this long to finally take security seriously.

You don't have to dump the PC to dump Windows. This is exactly why I flame people for saying "PC" when they really mean "PC running Windows".

That said, I do trust Apple more than Microsoft, which is not really saying much. In some ways dealing with Apple is worse, because they are the single source for Macintosh/iMac hardware, you can't just go to a clone shop if you think Apple charges too much.