Best freeware firewall?

[Fedz]

This "stealth" nonsense is relying on security through obscurity which
is not a good idea. People need to try to understand that a big green
light on some fancy-looking "security" web site is not a sign that
you're adequately protected.

GRC was given as an example. You can use any friend or any port scanning
site and see for yourself that using xp firewall alone and or no firewall
and or router ...etc then yep you're showing you're their - open to see for
anyone who cares to scan your IP (PC) and plenty do it - whether it be a
zombie on someones elses pc reporting back open ports or someone in person
- no matter it shows you are their!

You can easily just stealth yourself and not even respond to anything, you
don't even exist - simply by having a stealth firewall eg: agnitum outpost
firewall.
Along with this secondary feature it is also a rule based in/out firewall,
has md5 in case any progs on your pc get jumped on by viruses, spyware
....etc - easy and simplistic for the masses.

or you can risk it for biscuit!!

http://groups.google.co.uk/group/comp.security.firewalls

give more expert and or reliable advice.

 

[Aaron]

This "stealth" nonsense is relying on security through obscurity which
is not a good idea. People need to try to understand that a big green
light on some fancy-looking "security" web site is not a sign that
you're adequately protected.

Agreed. If I were you guys, I would always listen to guys who digitally
sign their post, with GnuPG no less. They tend to be techno geeks who know
their stuff.

 

[FTR]

In the groups opinion, what is the best freeware firewall for single PC
use please?

Regards,
John.

I used the free zonealarm and have upgraded to a pro version when I got
a broadband access with dynamic ip. The ZA forum is just excellent, very
helpful.

A firewall is just necessary, as is a antispayware & antivirus
Frank

 

[Craig]

In the groups opinion, what is the best freeware firewall for single PC
use please?

Regards,
John.

John;

Before you install a firewall, I urge you read up on what they can and
cannot do. A firewall is a security concept, *not* a software package.
Two well-written starting points are:

http://www.interhack.net/pubs/fwfaq/firewalls-faq.html
(especially 2.3, 2.4 & 6.1-.5)

http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.en.html
(English translation of de.comp.security.firewall newsgroup faq)

Lastly, for an argument *against* personal firewalls, check this out:
http://www.fefe.de/pffaq/, especially "Why don't they improve security?"
The author's stand against increasing complexity is a good point to
keep in mind as you go forward.

But I haven't answered your question directly. I use ZoneAlarm version
5.5.094.000 and it works well for me. But I don't use it as a security
prophylactic.

hth,
Craig

 

[Conor]

Agreed. If I were you guys, I would always listen to guys who digitally
sign their post, with GnuPG no less.

So the opinion of someone who uses software written by someone else
becomes superior to two and a half decades worth of experience?

 

[elaich]

In the groups opinion, what is the best freeware firewall for single PC
use please?

"The group" has no opinion, as you can see from all the bickering this
thread started. This tiresome question comes up at least once or twice a
month here. Why don't you just Google this group for "firewall" and see all
ther conflicting opinions you dig up?

 

[Aaron]

So the opinion of someone who uses software written by someone else
becomes superior to two and a half decades worth of experience?

Who exactly are you talking about?

 

[Conor]

Who exactly are you talking about?

Many contributors to this group.

 

[Fedz]

Agreed. If I were you guys, I would always listen to guys who
digitally sign their post, with GnuPG no less. They tend to be techno
geeks who know their stuff.

Sarcasm?

Firewalls and encryption have no connection but, firewalls and steg could
do

Steg being data hidden in files = stealth
firewalls = stealth mode.

I use GnuPG so my view must be correct by theory

I would like to add that one is not replying on stealth for security and
this wouldn't exactly give a firewall in itself. With rule based in/out and
md5 ...etc does provide a firewall but stealth in itself can't - it's just
an added extra (secondary).

You can however turn off stealth in Agnitum Outpost if (not) required.

 

[John]

win.ntli.net:




"The group" has no opinion, as you can see from all the bickering this
thread started. This tiresome question comes up at least once or twice a
month here. Why don't you just Google this group for "firewall" and see all
ther conflicting opinions you dig up?

Thanks to everyone for all your suggestions.

Regards,
John.

 

[David]

Spot the moron who believes what he has read on GRC.com

Hey ****wit, have you ever considered how the hell the scanner knows
its there when it is supposed to be invisible?

Because _you_ advised the site of your address when you contacted the
site in the first place. That is the address that is tested.

You're ****ing not you clueless ****tard unless you're on dialup.
Anyone with NAT involved is completely protected from inbound
connections.

Next you'll say they're not, just confirming how little you know.

As opposed to you showing how little you know.
--
David
Remove "farook" to reply
At the bottom of the application where it says
"sign here". I put "Sagittarius"
E-mail: justdas at iinet dot net dot au

 

[Ric]

So? Let them attempt away... if a hacker is determined to get into my
machine
he will (if he is good) whatever the type of firewall I have.
So the firewalls do not protect you from hackers but from stupid viruses and
spyware that attack ports.

There is a general fear of the public that hackers are out to get them.
There is a simple question. Why you? Out of the million users around the
internet, do you actually think there is a hacker for everyone and he is out to get
you?

Why not you? One IP address is as good as another.

"Dutch police have arrested three people for building a worldwide
zombie network of more than 100,000 PCs used to launch internet
attacks on companies and to hack into bank and Paypal accounts."
http://www.theregister.co.uk/2005/10/07/dutch_police_smash_zombie_network/

These people were targeted as IP addresses, not individuals.
They want control of computers, it's not usually personal.

And even if there was, what do you have to hide?

Everyone's got something to hide, at least fdisk, format, del,
regedit, sysedit etc for windows users.

Ric

 

[Ric]

GRC was given as an example. You can use any friend or any port scanning
site and see for yourself that using xp firewall alone and or no firewall
and or router ...etc then yep you're showing you're their - open to see for
anyone who cares to scan your IP (PC) and plenty do it - whether it be a
zombie on someones elses pc reporting back open ports or someone in person
- no matter it shows you are their!

You can easily just stealth yourself and not even respond to anything, you
don't even exist - simply by having a stealth firewall eg: agnitum outpost
firewall.

By accepting but not responding to packets your computer gives itself
away. When a computer receives a reset (RST) packet it should not
respond. If you send a few resets to google with:
hping -V -R www.google.com
you should get no reply, indicating that the host has received the
packets but not responded, and is therefore alive.

If google was down you should receive host unreachable messages,
because the packet can't be delivered. A packet with the reset flag
set can be compared to an email in that it is usually either silently
delivered or returned as host unknown. You can't silence the routers
around you, they know you are there.

The online scanners i've tried used very basic TCP scans that any
software firewall can defeat. What's needed is online versions of
tools like nmap or hping.

Ric

 

[Craig]

By accepting but not responding to packets your computer gives itself
away.

Ric;

Thanks for that write-up. Good eye-opener.

Craig

 

[Conor]

Because _you_ advised the site of your address when you contacted the
site in the first place. That is the address that is tested.

So why does it report Stealth instead of no connection? Seriously, it
does.

As opposed to you showing how little you know.

I know enough to make a living out of it.

 

[David]

So why does it report Stealth instead of no connection? Seriously, it
does.

Sheesh. Because your browser reported that there should be a
connection there. If the site testing cannot find that connection it
must be stealthed or concealed. They use the word "Stealth" because
thickheads would complain that the software can't find their site, it
says "No Connection" and I know the address is there because I am
connected to the internet by that address.

I know enough to make a living out of it.

Must be a pretty poor living. Sheesh! Talk about a thick head.
--
David
Remove "farook" to reply
At the bottom of the application where it says
"sign here". I put "Sagittarius"
E-mail: justdas at iinet dot net dot au

 

[Aaron]

Sarcasm?

Firewalls and encryption have no connection but, firewalls and steg
could do

Steg being data hidden in files = stealth
firewalls = stealth mode.

I use GnuPG so my view must be correct by theory

Well maybe, but since you didn't digitally sign this post, how do I know
you are you?

I would like to add that one is not replying on stealth for security
and this wouldn't exactly give a firewall in itself. With rule based
in/out and md5 ...etc does provide a firewall but stealth in itself
can't - it's just an added extra (secondary).

See what I mean? All the people who use GnuPGP think stealth isn't
useful.

 

[Fedz]

Well maybe, but since you didn't digitally sign this post, how do I know
you are you?

Even if I did digitally sign it proves nothing!
Anyone can create a key using any username/email address then sign posts
using that key - it shows no prove what-so-ever tbh lol
Now if emailing that's different as you'd communicate using the keys email
address - so if someone is responding on that address then it must be
theirs (within reason).

See what I mean? All the people who use GnuPGP think stealth isn't
useful.

Not all - as not all GnuPG users are here! I know it's useful and so does
any right minded thinking person(s) - no reason why it wouldn't - anyone
scanning you doesn't even know you're their - no reason to attack someone
if they not responding - it's that simple - honestly

Why you think the worlds governments play a big thing on stealth!

 

[Fedz]

Well maybe, but since you didn't digitally sign this post, how do I know
you are you?


See what I mean? All the people who use GnuPGP think stealth isn't
useful.

I'll give a hyperthetical anology:

* Stealth:
My site is full of pictures (software screenshots) and also full of
software (.exe/.zip)
Now any one of them images and or software files could have hidden data
within them - that I had hidden in them.

If you can't see it and you don't know it's their you wouldn't bother to
try and extract any hidden data in it - would you?

* Non-stealth:
Now if I had a load of linked encrypted files their ending in .gpg/.pgp
then you can see and would know they are their and encrypted - you can then
(if this is your thing) try and brute force the decryption of them - you'd
know to attack them.

 

[Ric]

I'll give a hyperthetical anology:

* Stealth:
My site is full of pictures (software screenshots) and also full of
software (.exe/.zip)
Now any one of them images and or software files could have hidden data
within them - that I had hidden in them.

If you can't see it and you don't know it's their you wouldn't bother to
try and extract any hidden data in it - would you?

That's security through obscurity, not stealth. Stealth in this case
means ignoring incoming packets instead of replying to them.
If your firewall ignores an incoming connection instead of blocking it
how does that improve your security?

Have a look at:
http://www.mimisbrunnr.net/~case/ipsorcery.html

"IP Sorcery 2.0.9 Development is a network troubleshooting and
firewall testing tool. The program works by generating custom
"packets" and sending them to a target host. Thus testing the
authenticity of firewall rules and host verification. IP Sorcery is
the only known packet generator with a Graphical User Interface
written for Linux/BSD."

From the README:
"Usually you can tell if a port is denying access if there is no
response to any packets you send at all.
Try probing with an ACK to see if the port is blocked. If not
(ie it will return RST if it's alive, it will return nothing if it's
fully blocked, or sometimes an ICMP port unreachable)
If the ACK probe is successful try a No flag probe or a FIN probe."

Ric