Firewall hardware vs. software

[Anthony Giorgianni]

Hello All

A friend of mine just got XP and stepped up to a cable modem.

The question came up:

What's better .....

1) XP's firewall
2) A separate software firewall (Sygate/Zone Alarm). My Google search seems
to indicate that these are better than XP's because they block outgoing as
well. True?
3) A hardware firewall. She looked into this. A salesperson told her that's
a DSL router. Is a hardware firewall and DSL router the same thing or are
they different?

Thx


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.

 

[Carey Frisch [MVP]]

Frequently Asked Questions About Internet Firewalls
http://www.microsoft.com/athome/security/protect/firewall.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

------------------------------------------------------------------------------------------------------------------


| Hello All
|
| A friend of mine just got XP and stepped up to a cable modem.
|
| The question came up:
|
| What's better .....
|
| 1) XP's firewall
| 2) A separate software firewall (Sygate/Zone Alarm). My Google search seems
| to indicate that these are better than XP's because they block outgoing as
| well. True?
| 3) A hardware firewall. She looked into this. A salesperson told her that's
| a DSL router. Is a hardware firewall and DSL router the same thing or are
| they different?
|
| Thx
|
|
| --
| Regards,
| Anthony Giorgianni
|
| The return address for this post is fictitious. Please reply by posting back
| to the newsgroup.
|
|

 

[Lanwench [MVP - Exchange]]

Hello All

A friend of mine just got XP and stepped up to a cable modem.

The question came up:

What's better .....

1) XP's firewall
2) A separate software firewall (Sygate/Zone Alarm). My Google search
seems to indicate that these are better than XP's because they block
outgoing as well. True?

True, but I find that if people aren't very computer savvy, all the
notifications/popup questions tend to confuse them - I prefer hardware
appliances that can be preconfigured & the PC knows nothing about it.

3) A hardware firewall. She looked into this. A salesperson told her
that's a DSL router. Is a hardware firewall and DSL router the same
thing or are they different?

A router may contain a firewall, or may not. A firewall is generally also a
router. Check out the NetGear FR114p or one of the comparable Dlink/Linksys
boxes - but make sure it isn't just a NAT box that "acts like a firewall".

 

[jch]

"Lanwench [MVP - Exchange]"

True, but I find that if people aren't very computer savvy, all the
notifications/popup questions tend to confuse them - I prefer hardware
appliances that can be preconfigured & the PC knows nothing about it.


A router may contain a firewall, or may not. A firewall is generally also a
router. Check out the NetGear FR114p or one of the comparable Dlink/Linksys
boxes - but make sure it isn't just a NAT box that "acts like a firewall".

My NAT router serves me well as the only "firewall" protection I have and
need.

 

[Geoff Lane]

A friend of mine just got XP and stepped up to a cable modem.

The question came up:

What's better .....

1) XP's firewall
2) A separate software firewall (Sygate/Zone Alarm). My Google search seems
to indicate that these are better than XP's because they block outgoing as
well. True?
3) A hardware firewall. She looked into this. A salesperson told her that's
a DSL router. Is a hardware firewall and DSL router the same thing or are
they different?

I use ZoneAlarm and a hardware router.

They do slightly different functions so work well together.

Software FWs can block individual programs which I do not think
hardware FWs can do.

The only reason I use two is that I always used ZoneAlarm before I got
an ADSL router with FW and since I use that ZoneAlarm never picks up
any problems.

Geoff Lane

 

[Steve Shattuck]

What's better .....

1) XP's firewall

2) A separate software firewall (Sygate/Zone Alarm). My Google search seems
to indicate that these are better than XP's because they block outgoing as
well. True?

3) A hardware firewall. She looked into this. A salesperson told her that's
a DSL router. Is a hardware firewall and DSL router the same thing or are
they different?

Both.

 

[jch]

I use ZoneAlarm and a hardware router.

They do slightly different functions so work well together.

Software FWs can block individual programs which I do not think
hardware FWs can do.

The only reason I use two is that I always used ZoneAlarm before I got
an ADSL router with FW and since I use that ZoneAlarm never picks up
any problems.

Geoff Lane

What router with FW are you using?

 

[Bruce Chambers]

Greetings --

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms, or any other kind of indication, to tell you that it is
working, though. Nor is it very easily configurable. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

Now, if you use a so-called hardware firewall, which is most
likely just a router with NAT, it's still a good idea to use a 3rd
party software firewall. Like WinXP's firewall, NAT-capable routers
do nothing to protect the user from him/herself. Again -- and I
_cannot_ emphasize this enough -- almost all spyware and many Trojans
and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. Most antivirus applications do not scan for or protect you
from adware/spyware, because, after all, you've installed them
yourself, so you must want them there, right?

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


"Anthony Giorgianni"

 

[sgopus]

To each his own, I use a DI604 firewall/router and
zonealarm software firewall. works great for me..

-----Original Message-----
"Lanwench [MVP - Exchange]"
<[email protected]
wrote in message

True, but I find that if people aren't very computer savvy, all the
notifications/popup questions tend to confuse them - I prefer hardware
appliances that can be preconfigured & the PC knows nothing about it.


A router may contain a firewall, or may not. A firewall

is generally also
a

router. Check out the NetGear FR114p or one of the

comparable

Dlink/Linksys
boxes - but make sure it isn't just a NAT box

that "acts like a firewall".

My NAT router serves me well as the only "firewall" protection I have and
need.


.

 

[Alex Nichol]

1) XP's firewall
2) A separate software firewall (Sygate/Zone Alarm). My Google search seems
to indicate that these are better than XP's because they block outgoing as
well. True?
3) A hardware firewall. She looked into this. A salesperson told her that's
a DSL router. Is a hardware firewall and DSL router the same thing or are
they different?

Most routers include a hardware firewall, and I would be *very*
surprised if one for a DSL connection did not have one. Its manual
should have instructions on any configuration it may need.

the Firewall in XP to SP1 level is a basic protection against intrusion;
the one in SP2 (imminently) does it better. It is arguable that you
need no more than that. A firewall like Zone Alarm though is easier to
configure and also catches attempts by malware to 'phone out' - which
neither the system one or the hardware one will do. I would be inclined
to have free Zone Alarm in addition to the router.

 

[Lanwench [MVP - Exchange]]

Most routers include a hardware firewall, and I would be *very*
surprised if one for a DSL connection did not have one. Its manual
should have instructions on any configuration it may need.

Usually just NAT, at best - not a real firewall.

 

[Anthony Giorgianni]

Thank you everyone for the great info. That's exactly what we need to
know!!!

--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.


"Lanwench [MVP - Exchange]"