Hi there,
I am looking for an freeware replacement of Tiny Personal Firewall. I want to restrict which program should get access to the net and set up some rules.
Ahh yes I know there is a windows firewall, its not good enough. Zonealarm is way to annoying...
So any recommendations?
Thanks in advance!
Eh... nothing at all?
Yes, many people want that. Doesn't mean that it could actually work.
Why not? Well, except for your not realizable wishes.
ZoneAlarm is also totally broken and insecure.
Rethink your security concept. And get rid of Tiny Personal Security Hole ASAP.
Believe me, I know what I am doing.I don't want to set up a classic Security Frameworkwith DMZ and so on, because I don't have the ressources and time.
I also want to prevent access to the net of malicious Software (like Spyware and Trojans. So if I want to surf via Port 80 the Spyware would also get trough this rule. Correct if I am wrong but how else should I prevent it?
Tiny Personal firewall is the most flexible firewall I have seen. I use it on my computer network, because it works the best.
It's no firewall, it's a host-based packet filter. And it's as unflexible as any other "personal firewall" bullshit, you usually cannot even refer to TCP flags and states.
Well, beside the vulnerabilities, DoS and inflexibility?
No, because if you would, you'd never even imagine to install Tiny Personal Firewall.
Well, you cannot achieve this by installing a crappy host-based packet filter which promises application control.
Not running any malicious software?
But you can do things with it that hardware appliances have not learned yet. Can your hardware appliance filter by application? I can tell Tiny to allow certain connections on the HTTP proxy, while blocking them on the Socks proxy, quite handy in the heydey of Kazaa. By blocking port 80, plus ports 1000-5300 on the Socks proxy, while allowing the HTTP proxy to use port 80, I could stop Kazaa where hardward firewalls would fail. I have two seperate programs runnign Socks and HTTP proxies on my network, so this is possible with Tiny. No hardware firewall could do that, since its seperate from the network gateway machine.
When I had networking courses in college years ago, they did not teach about TCP "state", only by address and port number. It was also drummed into us from day ONE, that Bill Gates is GOD when it comes to computing. The way I was taught to do things is the Microsoft standard. That is what you will get from just about any college graduate.
No, and it doesn't have to.
Yes, you can tell it a lot. Malware doesn't care.
And if KaZaA was malicious, it'd have no problem to circumvent your little scheme.
Yes, a hardware firewall would not f*ck up the computer if it got hacked, and couldn't be hacked if the computer was f***ed.
Well, you shouldn't expect to much from such basic courses. Fine, could we please get back to serious firewall concepts which simply do require in-depth knowledge about TCP/IP and networking to achieve any real security?
BTW, someone posting on the Usenet with Outlook Express wants to tell us something about security? :-)
Just as a sidenote:
Actually, windows firewall can be rendered useless by any code that wants to punch holes through it - it doesn't have to be "malicious", just install AOL sometime to see how many holes it puts though it.
Wasnt it the same company that developed the windows firewall that you promote, that also developed outlook express?. me
Outlook Express is what 99.9 percent of all Windows users use to read and post news.
If you really believe that blocking outbound access for spyware or trojan horses would give you security then you most definitely don't know what you're doing.
Prevent the Spyware from getting installed/run in the first place?
- Don't use an admin account for day-to-day work.
- Use NTFS, and adjust the default filesystem permissions (regular users do NOT need to create files/folders either in %ProgramFiles% or %SystemDrive%\\).
- Use Software Restriction Policies.
- Keep your operating system and each software you're using up-to-date.
- Use AV software and update it regularly (preferrably on a daily basis).
- Avoid Internet Explorer and Outlook (Express) like the plague. Use Mozilla, Opera, Firefox/Thunderbird or other browsers/mail clients instead.
- Don't install software you don't trust.
cu
59cobalt
Yeah, right. Last time I checked (version 6.0.140) Tiny didn't filter ANY traffic AT ALL in the default configuration. Plus, it had at least one interactive service running with SYSTEM privileges, thus making it susceptible for shatter attacks. Not to mention that it installed a boatload of drivers and services:
Registry-keys created: 1694 Registry-values created: 2283 Directories created: 32 Files created: 382 Drivers installed: 8 Services installed: 5
Of all personal firewalls I have tested Tiny is the one I'd LEAST recommend.
cu
59cobalt
Wrong, about 60%, based on what I've seen in headers, use a web interface without realizing it's Usenet, others use Outhouse, and about
10% use a Usenet client program not packaged by MS.
And Outlook Express is what 0.1 percent of security-competent people users use, because it's already hard to read and even harder to post on Usenet or via eMail.
If you believe in your ability/advice of not letting malware getting installed in the first place ,why do you advise the use of up to date AV software? me
Im quite surprised by the total lack of any USEFUL information from people who obviously think they are experts. @ Sebastian Gottschalk - Security isnt about total protection, its abot risk MANAGEMENT, and yeah while personal software firewalls arent the best you can get theres times when its just not practical to use anything else but them, and something is better than nothing.
I OTOH am not surprised at all by the total lack of understanding from people who obviously are anything but experts.
Security is about assessing and MITIGATING risks in a RELIABLE manner. Which is exactly where personal firewalls fail.
Wrong.
cu
59cobalt[snip]
Allow me to quote Mr Leythos:
'I wonder why the group trolls don't build a response that clearly tells people how to secure their entire computer system without the use of third-party tools...... Oh, wait, I already know, it's because you can't secure a computer against all that people are exposed too, and nothing they rant about really helps the nontechnical user because they don't ever tell the user how to do anything - they just rant about how third-party solutions are bad, windows firewall good, grunt.'
'If they put half as much energy into building a FAQ that could be posted every month, they might actually be helping people, but they appear to be to stuck on how important they think they are than to spend real time helping real people.'
Geo
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.