I moved to Online Armor mainly because Comodo was asking me about files I did not recognise. It seems OK thus far. However Shields-Up spotted port 0 as being closed, but went on to say port
0 is never used. Can anyone explain? And while I'm here, whatever happened to PCflank and is there anything similar?
If on WinXP or Vista, steer away from any 3rd party software firewall programs; They are useless to say the least. Stick with the built-in application.
Yeah, the "cool" firewall from Microsoft is the best firewall there is (especially for hackers).
The fact that port 0 doesn't exist should be your first clue as to Shields-Up's technical competence.
Nonsense. Software firewalls are an important part of your security (unless you're doing all your online work in a sandbox or VPN, which is significantly more complicated for the average user).
ShieldsUp! is an excellent tool to test your system. If you get something that you don't understand, go to grc.com forums. The people are extremely helpful.
If its reports are still as misleading as they were in the past, then it still can't replace a decent port scanner.
cu
59cobalt
They aren't an important part of my security. In fact they aren't part of my security at all. Because there's no reason at all to use them.
If you think you need a firewall to shield open ports, the Windows Firewall is absolutely sufficient. If you want sensible monitoring of connections: install Port Reporter.
cu
59cobalt
It left port 135 open too, so it's gone.
By the way, here's a little info about port 0 and why it is mentioned:
Windows firewall is inbound only.
Are you using Windows, cobalt?
Are you even understanding what he is saying?
Yes, I understand what he's saying. However, this thread started with someone who is using Online Armour and had a question about port 0. Cobalt's immediate response was to get rid of any 3rd party firewall on XP or Vista. That isn't exactly the best advice, considering he doesn't know anything about the user's system or experience. Is Jim S behind a router? Does he know anything about security? Is he the only user of the computer? To just make a blanket statement about not using a 3rd party software firewall and stick to the one built into windows is just wrong.
Port Reporter is a nice tool, but all it does is log information. And it isn't exactly for the novice.
The reason I asked whether he is using Windows is because the vast majority of people I encounter who reject software firewalls outright are *nix users.
Tell news. Outbound control doesn't work reliably anyway, so why would I want to rely on it?
Sure I do.
cu
59cobalt
Which is exactly what it's supposed to do.
Neither are logs/messages of the various personal firewalls.
cu
59cobalt
Log files isn't usually the primary reason someone uses a software firewall.
Rather than continue this back & forth, why don't you just share exactly how an average Windows user on an internet-connected computer can fully protect himself?
One reason I hear rather frequently is that personal firewall would tell people what's going on on their systems. Logfiles exist exactly for that purpose.
Because there is no "one size fits all" solution. A good starting point would be:
- Think before acting.
- Never be root. Use an administrator account only for administrative tasks. Use a normal user account for everything else.
- Configure software that requires admin privileges for non-admin tasks to run with limited user privileges [1].
- Keep your operating sytem and all of your softwar up-to-date. Automatic updates help.
- Don't provide services you don't want to provide [2,3]. Or use the Windows Firewall to block inbound connections.
- Disable autostarts for removable media (via gpedit).
- Use AV software to prevent known malware from being executed by mistake.
- Don't use IE, at least not without locking it down tightly. Better use Firefox/SeaMonkey with NoScript or Opera, as they are easier to secure.
- Before installing software think twice about whether you really need it. Less is more.
Additional steps could be:
- Use sandboxed environments (preferrably virtual machines) for evaluating software.
- Revoke "execute" permission from caches and temp directories.
- Use Software Restriction Policies to allow only whitelisted software to be executed.
- ...
[1]
How about nmap-online.com?
ShieldsUp! might actually be a decent port scanner, if it weren't used to spread Gibson's gross misunderstanding of networking concepts.
The problem with ShieldsUp! isn't the actual results of the scan, but Gibson's interpretation of them. For instance: there is no such thing as "stealth" in TCP/IP.
cu
59cobalt
That all sounds great. But I said for the average Windows user. Do you really expect aunt Esther to understand how lock things down through the registry and group policy editor? Or figure out how to set up a VPN?
I agree with everything you recommend. But executing several of those steps is well above the knowledge level of the average Windows user. Hence, software firewalls as a simpler, reasonably secure alternative to add to the OS updates, more secure browser, AV, etc.
Thank you. I'll give nmap-online a try.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.