which firewall?

[TOOCOOL]

everybody seems hot on zone alarm but i have been using this ONE because it seems to use less resources! and we all
know why that is a big +. It will be great if some of our sharper knives could confirm or deny this! and does it actually work as well as zone alarm (it did pass shields up)

 

[Robor]

K... I've gotta put a personal firewall on my mom's PC before she picks it up tomorrow. I've got zone alarm downloaded but haven't installed it yet. Should I? I had BlackICE on there but after reading that article I guess it wasn't doing much.

Here's what I want...

Good protection, no knowledge needed. If she's prompted for questions my phone's gonna ring. Not normally a problem but mom works night shift so sometimes she doesn't realize when she calls "normal" ppl are alseep!

Edit - This machine will be running the SETI@Home client (duh! ) but I don't care if the firewall is good and uses more resources. I just want mom protected and trouble free.

Thanks!

Rob

 

[soni]

Robor..

Go with ZoneAlarm...

Just remember to set up seti to get internet access..

I just installed it yesterday, and it works as a charm..
But you have to try all the programs that might go on the internet/localnet :frown:

Thats the only problem with the setup..

otherwise it's nice, problemfree, and i haven't had any problem with ressources..
6MB Ram and 0.02 sec CPU since last startup (14 hours ago)

 

[TwoFace]

I've heard mostly good about tiny, but I would test it yourself first. At least with shieldsup and leaktest (also from grc). The theory being that Shields-Up (down until further notice btw ) tests at least a few of the incoming ports while LeakTest checks for programs ability to reach the internet un-authorized.

We know that ZA will ask for authorization for any given program that connects to the internet. With the recent attacks on GRC I'm tempted to take all my machines off the internet and portscan the livin' begeezus outta them locally to make sure they're not "tricking me into a false sense of security"... still haven't done so tho' mostly due to the fact that I don't know how nmap (free portscanner running under *nix) works.

I know there are alot of on-line security scanners like GRC (I've tested at least two-three including grc) but still I would feel more comfortable scanning all ports myself. At least subject tiny or whatever firewall you chose to install to a couple of these before you install it, that's my opinion.

As for your mom Robor, ZA at least isn't hard to operate as I'm sure you know... The dialog boxes are straight forward and easy to understand... basically after a few minutes use all programs that need to connect to the internet should've done so and she should be fine denying further requests to connect to the internet.

Hope I could shed at least a little light, or if I simply made the situation worse you have my apologies.

With love and respect your fellow TA member

Two-FaceMy stats:
RC5
OGR-25
Seti
Gamma Flux

 

[LANMAN]

Ah.. Twoface, you beat me to it.. :|

Nice to see someone is on top of things!

--LANMAN

 

[Nohr]

I've been using Tiny Personal Firewall since December (after using Zone Alarm for half a year) and I love it. It uses far less cpu time than Zone Alarm does. My computer's been up for about 10 hours and Tiny's used 46 seconds worth. If I remember correctly that would've been more like 5 minutes (if not more) with Zone Alarm. Also it's very secure. It's passed all the tests at grc.com as well as dslreports.com with flying colors. I also like that it's a lot more configurable. Rather than just saying "yeah, let that program through to do whatever it likes", you can restrict it to certain ports, ip addresses, protocols, and directions.
However, if I needed to install a firewall on my mom's computer I'd probably use Zone Alarm just because it works well and is a lot more user friendly (for newbies anyhow). For techie type people like myself I think Tiny's software is much better for my needs.

 

[mechBgon]

I just checked my system out of curiosity to see how much CPU time ZoneAlarm is taking, and after 12 hours of uptime it still says 0:00:00.

 

[Nohr]

Perhaps they fixed the CPU usage thing with the newer versions. I think the last version of Zone Alarm I used was 2.4.

 

[Assimilator1]

I was using v2.44 of ZA it used very little cpu time ,about 2% peak which includes vsmon & minilog ,v2.66 is about the same.This is on a PIII 650 @ 820

 

[Viztech]

While we are on the subject, how about the Macs?
I was just talking to my sister about her new IMac, and need to get it assimilated and protected.

viz

 

[Splork]

I'm running blackice defender...where's that article on how it's not protecting my machine? I've had no problems with it for over a year now. In fact, I love it!

-sp

 

[Wiz]

I need to know: Will ZA or Tiny work on the machine I use for ICS?
I have one W2k Pro box connected to my cable modem and then it is sharing the connection to my LAN on it's second NIC.
McCrappie personal firewall told me it wont work after I bought it - so there went $ down the drain. I've been reluctant to try anything else since.
Of course McCrappie PF is good for when I want to shut down all traffic - it's easier than reaching over and unplugging the LAN from the cable modem - just turn on the Firewall and all traffic stops!

So if ZA or Tiny work with ICS that would be cool, anyone know?

 

[RaySun2Be]

The newest version of ZA should work. I was using it with a similar setup until I bought a Linksys cable modem/router/switch.

Make sure the ICS is established first, load the firewall. Under the Security tab, there should be an advanced button. Click on that. It should show a list of the 2 NICS/network IPs. Uncheck the Internet connection NIC to remove it from the local zone, and make sure the local network NIC is checked to set for the Local Zone. If it still is giving you problems, add the IP range & subnet of your local network using the ADD button.

 

[Nohr]

I use Tiny on my main computer (Win98) with the internet connection and NAT software. I've got two other Win98 computers on the network which access the internet through my main system. It works perfectly. I find the best thing to do is to add the ip addresses for the other networked machines to the "Trusted Addresses" list (192.168.0.1-192.168.0.255 for example), and then make a rule that will allow trusted addresses in and out to any ip with any protocol.

 

[Wiz]

Ray & Nohr, thanks guys, I'm taking notes! I just downloaded tiny and will install it now.

 

[Viztech]

Nohr-

That defeats part of the purpose of the firewall. An installed trojan can then establish a connection to the Internet without prompting you at all. That was what happened to me when I got hacked last year using a NetBUS variant.

That is why so many Enterprise solutions just shut off all ports but port 80, or allow other traffic only with an administrative logon.

The more and more I think about it, a personal firewall software installation on each computer is the best answer for what most of us do.

I see this warning at the ZDNet download page for Tiny.

<< Tiny Personal Firewall will not function properly if it is installed on a computer using WinRoute or Microsoft Internet Connection Sharing. >>



viz

 

[SpaceWalker]

I think remember reading in Gibson's site that Tiny has a problem running in NT and Dual system's. I was using ZoneAlarm too but when I upgraded to ZonAlarmPRO, My computer would lock up as soon as i would go online. I uninstalled it and went back to ZA but the problem is still there. So now I'm using Norton Internet Security 3.0. It's a little harder to use than ZA but the time I spent with ZA paid off in setting up N.I.S..

 

[Wiz]

I saw on the Tiny website that it's newest version &quot;Now works with ICS&quot; so maybe they have some new fixes. I will install it and see what I think.

 

[cpars]

After reading about all this , maybe i had better pay a visit to tiny's site also

 

[Nohr]

<< That defeats part of the purpose of the firewall. An installed trojan can then establish a connection to the Internet without prompting you at all. >>



Well, it still alerts me when a program is trying to connect to a remote ip, as well as when a program exe has been replaced. It also passed all those security tests so I must've done something right.

 

[Assimilator1]

Splork
Better keep your fingers crossed that you don't get hacked then! ,that's all thats stopping it - good luck!

 

[Wiz]

Ok, I got it installed and configured. I had to go back to Tiny's site and look up in the FAQ about how to set it up so my LAN could get access. Now it's all running great!
Hard to tell if it is protecting anything though - what do you guys suggest as a test?

 

[Nohr]

I'd suggest Shields Up at grc.com, but it's temporarily down. Check out the Tools section of dslreports.com for the Port-scan and their Full Security Scan.

 

[Viztech]

<< make a rule that will allow trusted addresses in and out to any ip with any protocol. >>



Nohr- I'm not trying to nit-pick here, but if the Bot, Trojan, NetBUS or Sub7 was already installed on your ICS client (with a trusted IP address) it's communiction out to the 'net would then be allowed, and subsequent communication would be allowed back in on the ports that the Trojan would leave open for return communication. This is similar to how a game, telnet or even the dnet client works due to the 2 way communication that is needed.

Am I on the right track here?

viz

 

[Nohr]

Perhaps I stated something incorrectly, I'm certainly no expert with networking and internet protocols and such and very well could've. When Tiny comes across an unfamiliar program that wants internet access, it's always warned me and asked for a course of action. I'm sure it's still quite secure. Now I'm kind of curious as to what exactly adding an ip in to the trusted addresses list does. Before I set up that list and rule, Tiny would keep warning me about how various windows components wanted to connect to 127.0.0.1, which is just my computer obviously. Rather than set up a bunch of separate rules for each one, I just set up the one rule that would take care of all of it. Same for my network when other computers were accessing my system for various reasons, as well as DNS servers.

Anyway, not sure how much sense that all makes.. hope it somehow explained what's up.