Firewall newbie! Which free one??

I suggest using the following parts for a firewalling concept:

• work & surf as a normal user (not as an administrator)

• use trustworthy software (don't use the internet explorer for surfing the internet & OE for reading e-mail)

• keep your system & software up-to-date

• backup your data (your system) periodically

• don't offer services you don't need

These are the main points.

• if you are unsure about software and files you got, use a virusscanner

• you may also block unwanted traffic with a spam filter (in combination with a virus scanner) for mail & with a adware blocker for web traffic (privoxy, proxomitron or adblock+ f.e.) & a packet filter like the xp firewall or ipfw (BSD, windows 2k) or netfilter.org (iptables)

A good think is to separate these parts from the working machine to a purpose-built "Bastion Host" (gateway, "hardware" firewall,...)

• you'll inspect your system with some tools from sysinternals.com (only for windows) and your network traffic with the help of sniffers (wireshark, former known as ethereal) and/or intrusion detection systems like snort.

The precise configuration depends on what you're doing and what you want.

HTH Are some points missing? Wolfgang

So what all this comes down too is that you are basing all of your ideals on what others have told you because you don't have any means to prove or disprove them.

Windows firewall is just plain crap, it permits applications to make exceptions without notification, something most of the PFW solutions don't allow for.

It hasn't has to do with ideals, it's a fundamental conclusion in using networks (particularly using IP connections).

Thomas showed you a proof (of concept) and you ignore it? Did you disprove the PoC "breakout-wp"?

Exceptions for inbound or for outbond traffic? The windows firewall can block inbound traffic, but neither this tool or other tools can't completely control outbound traffic (unless you block *all* traffic completely).

See above.

Wolfgang

Leythos schrieb:

Why did I know you=B4d say that? Is it really necessary to know every bit by name in order to be able to judge very basic concepts? Isn=B4t it enough if the proof is there - and I even gave you the links.

Regards Thomas

Yes, I ignored it, as it doesn't prove what I was talking about - stop thinking application detection, think PORT detection. It doesn't matter what apps get out, all that matters is what ports are being used and if you can see them.

Again, I don't care about App detection, only traffic detection. The POC has nothing to do with port detection.

Windows XP Firewall and all the others fail at app blocking/detection, and those really have nothing to do with knowing if your computer is communicating with anything else - think PORTS ONLY.

And stop thinking about apps, think only of ports.

See traffic not apps.

Ok, lets take it from your angle:

1) Windows XP does not make an effective firewall because it permits=20 user applications to control it 2) Third-Party firewalls may let user applications control it, so it's=20 not effective 3) Windows XP Firewall does not provide for ANY real-time traffic=20 display, so it's useless. 4) Most PFW solutions provide for real-time traffic display (and I'm not=20 talking about apps, just traffic), so they are better than XP Firewall.

Show me where the specific statements I've made a incorrect.

--=20

snipped-for-privacy@rrohio.com remove 999 in order to email me

I've used the freebie Zone Alarm for the past 5 years. It works.

If you listen to all the boobs in this group you will still not be able to figure out which firewall to use.

Leythos schrieb:

agree. Windows XP does not make any firewall at all. It includes an inbound packet filter that may be part of a firewall and may just as well be not.

I assume you are talking about so called personal firewalls. If so, correct. For me, a firewall that deserves this name is more than just a software product running on the host to be protected.

It seems to be pretty effective when it comes to blocking incoming traffic. I would not call it a firewall, but it is doing ok for this specific purpose.

No. They show the traffic they can detect. As an example they will not display any traffic that $malware tunnels through your browser because for them browser traffic is legitimate. After all, you allowed IE to access the net - or maybe Firefox :-)

See my comments on 4)

regards Thomas

There have been too many occasions where I had to diagnose the contrary.

You didn't read one thing I typed correctly. If you had read correctly you would have seen that I don't use any firewall with outbound protection. Oh, and anyone who gives credibility to a spyware supporter needs to wise up quick.

Go f*ck yourself boy, you're a *clown*.

Duane

One other thing, you should have your mama take your computer away from you. You don't deserve one. Now, you go stand in your corner in the crib and play with all your toys.

Duane

Awww...poor wittle Duane has his panties in a twist. MISSION ACCOMPLISHED!

Awww poor little Garrot aka 007-Carrot Spyware Secret Agent. He's always on the lookout for the nasty *developer* that wrote some software that's going to steal 007-Carrot Spyware Secret Agent's sole.

But why did 007-Carrot Spyware Secret Agent install the software in the first place? He's the one that went paranoid after he installed the software on his little computer has he sat there in the corner of his crib.

The boy's mama said, "you should listen to your mama you never do, therefore, you installed the software from the evil and nasty developer and it's your problem. I should tell you daddy and let him beat your ass again. Maybe you'll listen to somebody for once.".

As 007-Carrot Spyware Secret Agent stood in the corner of his crib and watched his mama walk away pissed, Little Carrot aka 007-Carrot Spyware Secret Agent said under his voice, "go f*ck yourself and daddy too, because I am 007-Carrot Spyware Secret Agent and it's my crib."

There is no moral to the story.

It's just everyday life in the crib for Garrot aka 007-Carrot Spyware Secret Agent.

Thank ya thank ya very much. Thank ya thank ya very much!

EOR ;-)

Duane :)

You misunderstood what I said again - REAL_TIME MONITORING - there is nothing to see in Windows Firewall for ports being used.

Wrong, again, they show traffic, some of them, by port, not application. I don't care what uses IE, permitted or not, as I don't care about possible application control, again, it's about what ports are in use ONLY.

Stop thinking application control, think port control only.

Which would be the same for Windows XP firewall. In the wrong hands any PFW is a bad as the user running it.

Duane, once again you have a reading comprehension problem. Where did I say I installed any of the software mentioned? I don't have any of the "spyware" mentioned installed any any of my PC's. Remedial reading class

101 for you, sonny. The point I am making, that you fail to comprehend, is that the surreptitious behavior of those programs can be controlled with a firewall like Kerio but not with the XP firewall. Wake up and smell the coffee.

Then get a port monitor.

Leythos schrieb:

What is real time monitoring? Once your monitor shows you something, this has happened in the past. You cannot do anything about it any more.

And what do you think is it that uses ports. Maybe applications?

I have never thought about application control. I was actually trying to explain that this cannot work.

Regards Thomas