Is nvidia firewall sufficient?

[IanWorthington]

Is this the right forum to ask firewall-related questions in?

I've just installed a new epox 8rda6 nforce2 motherboard which comes with a built in hardware firewall. Just for good measure the installation package also ships with Norton Internet Security. Also I'm running XP SP2 which has its own firewall.

Are not three firewalls two too many? But the NVIDIA blurb pagë suggests that it alone is not sufficient:

"VIDIA Firewall technology may be used as a powerful baseline policy enforcer. For full protection, users should augment the protection of the NVIDIA Firewall with leading antivirus and intrusion detection software, which will help them achieve the best total PC security solution."

But if I have to turn on one of the other ones (and I've always prefrerred Kerio or ZoneAlarm in the past over NIS) how do I stop them interferring without giving me configuration nightmares? And should it be MS's firewall or Kerio/ZA?

Any thoughts?

ian
...

 

[Micronaut]

Yes, three's too many. It's actually 2 too many.

1 hardware (blocks incoming usually - for residential routers)
1 software (to control outbound software as well, but XPSP2 doesn't do that - it just looks like it does).

Usually 1's enough if you surf carefully. Use 2 if you surf pr0n (and a serious anti-spyware tool or 2)

 

[IanWorthington]

Actually, now you'vew said it the ADSL modem has a NAT router/simple Firewall in it too, so that makes four!

So I think I turn off the MS firewall, ditch NIS, and install Kerio.

Any merit in leaving the nvidia turned on?

 

[thunderroller]

ya this is enough

 

[JackMDS]

You should get a Cable/DSl Router.

Why? DSL PPPOE and Cable/DSL Routers.

Then add to it Software Firewall.

Why? Basic Protection for Broadband Internet Installation.

You might as well use the nVidia as the software Firewall.

Add to it an Antivirus program, and Microsoft AntiSpyware.

Currently, as far as my Experience shows (this could be different in the future according to new releases of software and free availability of the current ones).

The Best Free Security suit for Windows might be.

Upgrade your Windows XP to SP2. and then use.

1. Kerio v215.

Kerio is very easy to configure, it is light on resources, and does what need to be done.

Kerio has a newer version of the Firewall; do no get tempted stick with the above it is a better product.

2. AntiVir Personal Edition.

AntiVir has very high rating for detecting Virus, and does better then other Antivirus program blocking Trojans.

3. Microsoft AntiSpyb1

It was judged by many independent reviewers as the best of its kind.

Example: http://www.windowssecrets.com/050127/

The above three are running active in the Background, and have to be installed on all of the computers.

:sun:

 

[Micronaut]

I recommend Trend Micro's AV solutions or AVG.

I'm not a fan of software firewalls on workstations (I deal with domains a lot).

 

[mbf]

The nVidia firewall would probably be enough if it would work correctly. As it stands there are too many bugs in it. Some of them have been corrected or at least attempted to be corrected as of late with the new nForce 6.53 driver package being the best of the bunch.

The problem for you though is that according to nVidia the release is Athlon64- and nForce4-specific (even though it works on my nForce3 250gb-based board). Several key components for earlier processors are missing though, like the memory controller driver and also the GART driver. You might want to try a mix'n'match approach though.

Personally I use a combination of Kerio 4 and the nVidia HW firewall because of the latter's shortcomings.

Best of luck to you!

Regards,
mbf

 

[IanWorthington]

Thanks mbf.

May I ask how you've chosen what the HW firewall should protect against and what to leave to Kerio?

ian
...

 

[mbf]

Originally posted by: IanWorthington
Thanks mbf.

May I ask how you've chosen what the HW firewall should protect against and what to leave to Kerio?

ian
...

Well, I'm using 3 "modes". Normally, I'm using both the HW firewall (with app manager) and Kerio. When I'm using some sort of P2P I only use Kerio, since the HW firewall simply cannot function with that sort of traffic (a major bug in my book!). Finally, when I'm gaming I'm only using the HW firewall since it won't cost me any performance CPU- and resource-wise. As for my HW firewall ruleset I've created it based on the Medium ruleset with some modifications. I'll gladly pass it along if you (or anyone else) is interested.

Best regards,
mbf

PS: You might want to have a look at this thread for a description of most of the problems with the nVidia HW firewall. Some of those bugs have been corrected, but just as many remain.

 

[InlineFive]

I actually don't like Kerio very much. It's interface is too glossy and it throws a lot of unneede features at you which you have to upgrade in order to use. I would suggest using Sygate firewall instead.

 

[JackMDS]

Originally posted by: PorBleemo
I actually don't like Kerio very much. It's interface is too glossy and it throws a lot of unneede features at you which you have to upgrade in order to use. I would suggest using Sygate firewall instead.

We are talking about Kerio v215. You probably tried the "New" Kerio Free which IMHO Sux.

:sun: