Astrocloud

Anyone have any recommendations for a good inexpensive firewall? Either hardware or software as I am running cable modem and windows XP pro

cj22009

Get Zone alarm its free and Its a decent firewall

Moskie

I've been very happy with Agnitum Outpost firewall. I've gone through the rounds (Zone Alarm, Norton, a couple others) and Outpost is the only one that gave me level of control I liked. Check it out, there's a free version of it.

__________________
Greetings and salutations.

shakran

i'll second Outpost. Zone Alarm is nice, but it's got some bugs that can occasionally make your computer act weird.

sailor

I use Sygate Personal Firewall. Works well for me.

__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws."
--Plato

Jonah Hex

If you want to be secure get yourself a little 4 port router from netgear or dlink for about £40

http://www.netgear.com/products/prod...odID=131&view=

read the manual and set aside 4-5 hrs for install and setup and you will never regret it.

there is no real substitute.

__________________
"Bother" said POOH as he was sold to the Americans.

ToolBag

Ive used Outpost and Zonealarm and it seemed that Outpost performed better but acted really wierd on my system. Zonealarm has run perfectly and does the job for me.

__________________
Jesus was a ruffies victim!

Dan 3:20

Pragma

NAT really isn't a firewall - it doesn't help the fact that you've got the machine unprotected - it just hides it behind another IP. The best firewalls are stateful and have some kind of mechanism to check packets for known-bad signatures (ie: Code Red packets).

Windows XP Service Pack 2's firewall is much improved over the original Internet Connection Firewall, but (for obvious reasons) most people wouldn't want to upgrade to a beta service pack of their OS.

__________________
Eat antimatter, Posleen-boy!

cj2112

I run Xp home and used to run Sygate, however it made my system take forever to startup. I switched to Zone Alarm (and made no other changes) and my computer started up much much faster again. Sygate worked well for me, as does Zone Alarm both are free, the startup time was the only reason I switched.

nanofever

ZoneAlarm is your friend. ZoneAlarm Pro is like a friend, but more like a lover you can't ever see yourself leaving.

__________________
I'm leaving for the University of California: Santa Barbara in 5 hours, give me your best college advice - things I need, good ideas, bad ideas, nooky, ect.

Originally Posted by Norseman on another forum:
"Yeah, the problem with the world is the stupid people are all cocksure of themselves and the intellectuals are full of doubt."

txd

If you have a spare machine knocking about (who doesnt ) you could look into installing OpenBSD as your gateway and using its firewall (pf) . Which among other things alows you to improve the speed of your ADSL Cconection

sixate

Zone Alarm is good, and free.
Zone Alarm Pro is great! But it isn't free. Although, it was for me.
I never see stupid pop-ups, and I never get anything installed on my PC that shouldn't be there. I couldn't imagine not having ZAPro on my PC.

Bill O'Rights

I use Sygate. It works well, and it's free.

__________________
"I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires." - Susan B. Anthony

"Hedonism with rules isn't hedonism at all, it's the Republican party." - JumpinJesus

It is indisputable that true beauty lies within...but a nice rack sure doesn't hurt.

Pragma

Excellent recommendation - I do that myself. Unfortunately, it does require a fairly good knowledge of UNIX before you can set up something like that - so it's not really applicable to most people

__________________
Eat antimatter, Posleen-boy!

ratbastid

That's not entirely true. There IS no route to internal machines from outside, except for explicitly forwarded ports. NAT allows internal machines to connect out transparently by proxy, but there's no way for Code Red or anything else to make its way to a machine on the internal network.

The reason you'd want to do it with a little router rather than a whole machine running a firewall is because there's nothing to hack in a little router. If I can crack a firewall box, I'm in the internal network. I can't crack a little home router because there's not really any OS there to crack. I mean, there's an embedded OS there, but I couldn't pull a shell on it. What answers on the IP that my cable service assigns is a router that doesn't respond on any port (except for a couple I've explicitly forwarded).

None of my internal machines have firewalls of any kind, and I've never been touched by Code Red, Messenger pop-ups, or anything else like that.

txd

Granted it may seem a bit daunting, but as long as the person doing it takes their time and is able to read a web page it should not be too hard.

The OpenBSD FAQ and man pages are great. A typical install takes about 30minutes to set up and have a firewall running.

God of Thunder

ratbastid speaks the truth.


I figure that pretty much covers it.


Hardware firewalls are much more secure that software ones and are resonbly inexpensive. They are easy to setup and are worth it.

I had my new wireless router set up and was surfing the net from upstairs ina matter of hours, and I went with the advanced configuration.

__________________
I reject your reality, and substitute my own

-- Adam Savage

santafe5000

ZoneAlarm cause it's FREE. Have it on both my machines and it is easy to work with. I bought McAfee to install on my home machine but it was a pain to install and kept causing lockup problems. Never could get it to work right so pulled it and put ZoneAlarm on. No problems since.

__________________
When all else fails, QUIT.

Lasereth

I almost had to format because of the McAfee lockups. System Restore was turned on thankfully...I seriously would have had to format my PC because of an ANTIVIRUS program if I couldn't have rolled back. That program is the definition of bloatware.

-Lasereth

__________________
"A Darwinian attacks his theory, seeking to find flaws. An ID believer defends his theory, seeking to conceal flaws." -Roger Ebert

Cynthetiq

i'm all for hardware... and follow in ratbastids steps.

__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not.

oberon

You don't need to get a shell to bypass a firewall. Assuming there are no bugs in their network stack, and no forwarded ports, though, it'll be very difficult to break through. It's a bad assumption to make that no non-routable packets will hit the external interface of a NAT router, by the way.

For this reason and others, NAT has nothing to do with security. A firewall, on the other hand, does.

It just so happens that every consumer "router" device has firewall functionality.

I know most of you are probably going to dismiss my points, but I thought it deserved mentioning anyway.

__________________
"There are finer fish in the sea than have ever been caught." -- Irish proverb

meembo

Gotta agree about getting a router. Cheap, small, upgradable firmware... It protects well from the outside, but ZoneAlarm (or something like it) protects well from some rouge program (virus, trojan, auto-updates, etc.) within the computer sending something out without your permission

__________________
less I say, smarter I am

ratbastid

Fair enough. It's true, I wouldn't put Fort Knox behind a Linksys broadband router. But it's plenty good enough for my house, IMO.

You got me there. And you're exactly right--it's not a function of NAT that there's no upstream route, it's a function of the relatively simple firewall built into the router.

Now why would you say that? I was guilty of a bit of oversimplification in my post, but I'm never above being corrected.

Pragma

Well, I was gonna make similar comments as oberon, but he beat me to it while I was away for the evening.

I've seen a fair number of routers with security flaws, and if you can compromise the router, you can then get into the machines inside.

Of course, the best firewall is to - instead of a cable going to your router - put a loopback plug in your NIC. Ah, security. You won't have any of those damned hackers getting at you now, oh no you won't. The internet will be a bit limited, though.

__________________
Eat antimatter, Posleen-boy!

cradeg

i use kerio personal firewall .. excellent piece of software , more stable than sygate

__________________
*****************************
For every human problem, there is a neat, simple solution; and it is always wrong.
******************************

oberon

ratbastid: Just like you said, it's not really all that important as a home firewall. So why worry too much, eh?

I only wanted to enlighten the ignorant.

Pragma: The best firewall is to disconnect all the cables from your computer. Kinda defeats the purpose, though.

__________________
"There are finer fish in the sea than have ever been caught." -- Irish proverb

Pragma

Ah, but with a loopback plug, you'll have a link light - you'll THINK you're connected

__________________
Eat antimatter, Posleen-boy!

saltfish

For anyone who is interested in checking your network for security.. This is a slow port scan that will check your firewall/connection for any vulnerabilities.

http://www.dslreports.com/secureme_go

You'll need to register, but it's worth the few seconds it takes.


-SF

Jephree

Zone Alarm Pro.. Free and works well.

__________________
When's the next good swell in SoCal?

Spyder_Venom

Sygate Personal Firewall, its free from thier website

__________________
The local track whore