[OT] Which firewall is good..?!

[Xtrician]

Im using 2 years with Sygate Personal Firewall Pro and he do is job great, but is company not released new version and there is a new firewalls with new technology, like Kerio Pesonal Firewall Pro..

I Dont know if its recommend to download him.

What you say peoples?!

[Sheepdog]

If you are able to read german you can here read why you don't need personal firewalls.

And here you will get a description how to make your Desktop PC secure without any firewall.

sheepdog

[deus-ex]

Im using 2 years with Sygate Personal Firewall Pro and he do is job great, but is company not released new version and there is a new firewalls with new technology, like Kerio Pesonal Firewall Pro..

I Dont know if its recommend to download him.

What you say peoples?!

This OT thread is a bit off topic in the plugins section if i may say so.


If you are using Sygate Personal Firewall Pro i presume you are a legal registered user hence you should be informed by Sygate company already. Why would you want to switch to another product that easy if you payed money for a license?

Anyway, should'nt you already know, Seagate recently was bought (or swallowed, you decide) by Symantec giving them the opurtunity to add good Firewall applications to their portfolio ...since their own products... (well, i leave you with that).

Kerio recently anounced that they ceased further developement of their Firewall products (due to financial reasons if i remember right).


Conclusion:
Follow Sheepdogs advise and pay a visit to aforementioned pages. For the english version of Sheepdogs first link go here.


Regards,
deus-ex

[Xtrician]

2Sheepdog
Please tell me in few words why im not need to use personal firewall?!

Im not have router or lan.
im using a normal ip and i have the WinXP Firewall but he block only incoming traffic.
Personal Firewall's block the outgoing traffic .. for example if someone see your PC Desktop of download files.

I Think its recommend to use it if you not have lan\router.

Edit: Im now know to read german, only english and the english translation of this section not available:
Sry. Actually no translation available.

So say me in few words why im not need it.

[Wilhelm M.]

Well, in recent months I have read many reports about the "uselessness" of PFWs and I tend to believe those reports. But: my PC is part of a university network and the administration demands that every computer must have installed a PFW. So I have Tiny PFW installed.
On the other hand, I have experienced a major problem with the shutdown of Windows services. There are also many many tips and tricks on the net how to shutdown unnecessary services to make the PC more secure and to save memory etc. I have tried some of the tips and they seemed to work well. But at one time I observed that the automatic Windows Update stopped working. And since then - though tried a lot of things - I could not bring that thing to work again. I could only re-install the entire system, but I don't like that idea . So every tip and trick has its problems.

[deus-ex]

For who are concerned: Sygate/Symantec news


Regards,
deus-ex

[Balderstrom]

Just because a FW hasn't updated itself in time doesn't make its previous version irrelevant. I still use Kerio PF 2.1.5 from April 2002
And before that was using its previous version "Tiny PF" 2.0.15b - before the developers split. The current "Tiny" is nothing like what its parent was. Tiny/Kerio was the first that would block outgoing traffic, checks MD5 signatures on programs you set rules for. And allows the most robust rules around, unlike most people's perrenial favorite "Zone Alarm" which gives almost no end user control.

I generally don't see much improvement in software over time, beyond the filesizes doubling or quadrupling every year. The one exception is likely Opera which has kept a fairly static filesize and added features galore.

Tiny from 2001, rar'd up to 1.2 megs, and Kerio from 2002 which has the same engine and no new functionality is 1.9 megs
The current Kerio at version 4 is 7.5 megs, and I highly doubt they've added that much code in 3 years.

[Wilhelm M.]

Yes thats a good point! My (old) Tiny reports all changes to installed programs and this is not nothing. Maybe the PFW is not really good at blocking intruders but still it reports net-relevant activities of unknown or updated programs. So PFWs cannot be simply useless.

[Sheepdog]

For the english version of Sheepdogs first link go here.

The part belonging to firewalls is unfortunately not yet translated. That's Why I did not point to the article.

sheepdog

[Balderstrom]

Yes thats a good point! My (old) Tiny reports all changes to installed programs and this is not nothing. Maybe the PFW is not really good at blocking intruders but still it reports net-relevant activities of unknown or updated programs. So PFWs cannot be simply useless.

Not keep out intruders? All my ports are stealthed except 445, and will fix that on my next Win2K install. And except for DHCP and a few UDP rules, theres no inbound traffic permitted.
And if yer really paranoid setup a linux firewall on an old 286/486/P-I PC

[Sheepdog]

Im not have router or lan.
im using a normal ip and i have the WinXP Firewall but he block only incoming traffic.
Personal Firewall's block the outgoing traffic .. for example if someone see your PC Desktop of download files.

Incoming traffic:

Windows activates by default a bunch of services that are not needed by most of the users. These services react to data packeages that arrive over the net (LAN or Internet). If you have disabled all unneccesary services those data packages are simply ignored.

The firewall requests to Windows to pass those packages so it could detect whether it is a damaging package or not. But until this package arrives the firewall software it passes through many system software components that already may be vulnerable for those packages.

Outgoing traffic:

The Chaos Computer Club demonstrated in a very impressing way how to avoid the 'protection' of a firewall. Through the address bar of the Internet Explorer are received commands from the remote PC. And the program to do so was about 20 lines code.

So if you are permitting any program (e.g. your browser or mailclient) the connection to the internet it is pretty easy for any program to connect to the internet via those 'leaglly' permitted programs without your knowledge.

Firewall rules:

If the personal firewall asks you if you want to permit or deny a connection it makes your system insecure.

First it is very simple to make a script that always automatically permits the connection - even vbefore you will see popup the dilaog.

And then, what happens usualy when a user tries to go to a certain website:

A windows pops up that asks you if you want to allow the conection by xyz.
The advanced user will deny the connection. So he will get no access to the desired site. So he will next time permitt the connection and the system is infected.

Or even the rules of the firewll. It is easy to manipulate the file that contains those rules and to create one that allows the xyz.exe to connect on every port to the internet.

The firewall gives you a false feeling of security where no security is. YOu should deactivate those services you don't need, install regularly the security patches provided by microsoft and run regularly a up to date virus scanner on your system - if possible from a clean boot CD (e.g. BartPE or Knoppix or similar).

sheepdog

[Balderstrom]

Well I wont completely disagree with you, but your using the words "Easy" in so many places is misleading, and using IE in the example...
If it were that easy, we'd all have virus riddled PC's. And I've never been infected with any virus. And only had forced download/desktop replacement/screwups when using IE.

And up until earlier this year was on the so called "insecure" windows 98

Now if that club could make that happen in Opera, would give it more credence.

And I'm not 100% sure, but from what I know of Kerio, is it differs from most all other firewalls, in that it underlies the Operating System in many key places - even to the point of Harddrive access -- When my Sata drives were overheating I would get Error popups in Kerio heh.

[Hacker]

Wilhelm M.,

But at one time I observed that the automatic Windows Update stopped working. And since then - though tried a lot of things - I could not bring that thing to work again.

Enable Automatic updates and Background intelligent transfer service. (I think there was a third service that needed to be enabled, too, but can't remember which one it was, sorry.)

HTH
Roman

[Xtrician]

2Sheepdog
There is something in your words but im not sure you right 100%.
If you have some intresting in Backdoor trojans like Subseven etc you know why you need a firewall.

Im work with this stuff, i can to control my Internet and if you say that Firewall's give you a false alert its not right.
Its show you information you need too.

Im not use a Personal Firewall if i have Lan. But im not have it.

Of course if i remove my firewall nobody hack me or something but he show me information about incoming traffic, this is something too.

and you cant to say that Personal Firewall not nedded today to a millions peoples and big companys like McAfee, Kaspersky, Symantec, etc..

I know that Windows Firewall its enough, but not exactly.
3 Years im using Kaspersky, Sygate, Firefox, Thunderbird.
and one bit of something not insert to my PC without my tools.

So in last words:
LAN Users: PF Not needed.
Internet Users: PF needed.

[Hacker]

Xtrician,

If you have some intresting in Backdoor trojans like Subseven etc you know why you need a firewall.

If Subseven can be caught using a firewall then it's not well programmed.

Roman