Best Cheap Firewall
 

Anyone have any recommendations for a good inexpensive firewall? Either hardware or software as I am running cable modem and windows XP pro

Get Zone alarm its free and Its a decent firewall

I've been very happy with Agnitum Outpost firewall. I've gone through the rounds (Zone Alarm, Norton, a couple others) and Outpost is the only one that gave me level of control I liked. Check it out, there's a free version of it.

i'll second Outpost. Zone Alarm is nice, but it's got some bugs that can occasionally make your computer act weird.

I use Sygate Personal Firewall. Works well for me.

If you want to be secure get yourself a little 4 port router from netgear or dlink for about £40

http://www.netgear.com/products/prod...odID=131&view=

read the manual and set aside 4-5 hrs for install and setup and you will never regret it.

there is no real substitute.

Ive used Outpost and Zonealarm and it seemed that Outpost performed better but acted really wierd on my system. Zonealarm has run perfectly and does the job for me.

NAT really isn't a firewall - it doesn't help the fact that you've got the machine unprotected - it just hides it behind another IP. The best firewalls are stateful and have some kind of mechanism to check packets for known-bad signatures (ie: Code Red packets).

Windows XP Service Pack 2's firewall is much improved over the original Internet Connection Firewall, but (for obvious reasons) most people wouldn't want to upgrade to a beta service pack of their OS.

I run Xp home and used to run Sygate, however it made my system take forever to startup. I switched to Zone Alarm (and made no other changes) and my computer started up much much faster again. Sygate worked well for me, as does Zone Alarm both are free, the startup time was the only reason I switched.

ZoneAlarm is your friend. ZoneAlarm Pro is like a friend, but more like a lover you can't ever see yourself leaving.

If you have a spare machine knocking about (who doesnt :) ) you could look into installing OpenBSD as your gateway and using its firewall (pf) . Which among other things alows you to improve the speed of your ADSL Cconection

Zone Alarm is good, and free.
Zone Alarm Pro is great! But it isn't free. Although, it was for me. ;)
I never see stupid pop-ups, and I never get anything installed on my PC that shouldn't be there. I couldn't imagine not having ZAPro on my PC.

I use Sygate. It works well, and it's free.

Excellent recommendation - I do that myself. Unfortunately, it does require a fairly good knowledge of UNIX before you can set up something like that - so it's not really applicable to most people

That's not entirely true. There IS no route to internal machines from outside, except for explicitly forwarded ports. NAT allows internal machines to connect out transparently by proxy, but there's no way for Code Red or anything else to make its way to a machine on the internal network.

The reason you'd want to do it with a little router rather than a whole machine running a firewall is because there's nothing to hack in a little router. If I can crack a firewall box, I'm in the internal network. I can't crack a little home router because there's not really any OS there to crack. I mean, there's an embedded OS there, but I couldn't pull a shell on it. What answers on the IP that my cable service assigns is a router that doesn't respond on any port (except for a couple I've explicitly forwarded).

None of my internal machines have firewalls of any kind, and I've never been touched by Code Red, Messenger pop-ups, or anything else like that.

Granted it may seem a bit daunting, but as long as the person doing it takes their time and is able to read a web page it should not be too hard.

The OpenBSD FAQ and man pages are great. A typical install takes about 30minutes to set up and have a firewall running.

ratbastid speaks the truth.


I figure that pretty much covers it. :D


Hardware firewalls are much more secure that software ones and are resonbly inexpensive. They are easy to setup and are worth it.

I had my new wireless router set up and was surfing the net from upstairs ina matter of hours, and I went with the advanced configuration.

ZoneAlarm cause it's FREE. Have it on both my machines and it is easy to work with. I bought McAfee to install on my home machine but it was a pain to install and kept causing lockup problems. Never could get it to work right so pulled it and put ZoneAlarm on. No problems since.

I almost had to format because of the McAfee lockups. System Restore was turned on thankfully...I seriously would have had to format my PC because of an ANTIVIRUS program if I couldn't have rolled back. That program is the definition of bloatware.

-Lasereth

:) i'm all for hardware... and follow in ratbastids steps.

You don't need to get a shell to bypass a firewall. Assuming there are no bugs in their network stack, and no forwarded ports, though, it'll be very difficult to break through. It's a bad assumption to make that no non-routable packets will hit the external interface of a NAT router, by the way.

For this reason and others, NAT has nothing to do with security. A firewall, on the other hand, does.

It just so happens that every consumer "router" device has firewall functionality. :)

I know most of you are probably going to dismiss my points, but I thought it deserved mentioning anyway.

Gotta agree about getting a router. Cheap, small, upgradable firmware... It protects well from the outside, but ZoneAlarm (or something like it) protects well from some rouge program (virus, trojan, auto-updates, etc.) within the computer sending something out without your permission

Fair enough. It's true, I wouldn't put Fort Knox behind a Linksys broadband router. But it's plenty good enough for my house, IMO.

You got me there. And you're exactly right--it's not a function of NAT that there's no upstream route, it's a function of the relatively simple firewall built into the router.

Now why would you say that? I was guilty of a bit of oversimplification in my post, but I'm never above being corrected.

Well, I was gonna make similar comments as oberon, but he beat me to it while I was away for the evening.

I've seen a fair number of routers with security flaws, and if you can compromise the router, you can then get into the machines inside.

Of course, the best firewall is to - instead of a cable going to your router - put a loopback plug in your NIC. Ah, security. You won't have any of those damned hackers getting at you now, oh no you won't. The internet will be a bit limited, though.

i use kerio personal firewall .. excellent piece of software , more stable than sygate

ratbastid: Just like you said, it's not really all that important as a home firewall. So why worry too much, eh? :)

I only wanted to enlighten the ignorant.

Pragma: The best firewall is to disconnect all the cables from your computer. Kinda defeats the purpose, though. ;)

Ah, but with a loopback plug, you'll have a link light - you'll THINK you're connected :D

For anyone who is interested in checking your network for security.. This is a slow port scan that will check your firewall/connection for any vulnerabilities.

http://www.dslreports.com/secureme_go

You'll need to register, but it's worth the few seconds it takes.


-SF

Zone Alarm Pro.. Free and works well.

Sygate Personal Firewall, its free from thier website :D