Best firewall for XP home

[Daniel Prince]

I have decided to dump Zone Alarm because of the yEnc corruption problem
so I need a new freeware firewall.

I run Windows XP home and connect to a cable modem through a Linksys
router. I use Mozilla as my primary browser and Agent for email and
newsgroups. I use Newsplex to combine several news servers into one for
Agent. Newsplex needs to run as a server. No other program needs to
run as a server. I do not use any p2p, icq, or irc programs.

I am something of a power user. Which free firewall would you recommend
for me? Thank you in advance for all replies.

 

[MightyKitten]

I have decided to dump Zone Alarm because of the yEnc corruption
problem so I need a new freeware firewall.

I run Windows XP home and connect to a cable modem through a Linksys
router. I use Mozilla as my primary browser and Agent for email and
newsgroups. I use Newsplex to combine several news servers into one
for Agent. Newsplex needs to run as a server. No other program
needs to run as a server. I do not use any p2p, icq, or irc programs.

I am something of a power user. Which free firewall would you
recommend for me? Thank you in advance for all replies.

If you have any cash, I'd go for a NAT firewall, for example edimaxe's
(www.edimax.com)

If you want to stick with freeware, I guess I would recommand Sygate
http://smb.sygate.com/products/spf_standard.htm

Or kerio (Last freeware version)
http://www.pricelessware.org/2004/PL2004SECURITY.htm#A444
for links

MightyKitten

--

http://www.it-hulp.nl/
http://fotoalbum.it-hulp.nl/

gmx.net is the mailserver of mightykitten
start subject with *ping* or the antispam monster will eat it.

 

[bassbag]

I have decided to dump Zone Alarm because of the yEnc corruption problem
so I need a new freeware firewall.

I run Windows XP home and connect to a cable modem through a Linksys
router. I use Mozilla as my primary browser and Agent for email and
newsgroups. I use Newsplex to combine several news servers into one for
Agent. Newsplex needs to run as a server. No other program needs to
run as a server. I do not use any p2p, icq, or irc programs.

I am something of a power user. Which free firewall would you recommend
for me? Thank you in advance for all replies.

sygate would be an easy one to maintain.All apps by default are set to act
as a server so you would need to untick that option for all other apps.The
only niggle with sygate is the loopback problem where any app that uses a
proxy server/ad blocking proxy in some way would be permitted through the
proxys allowance.If your not using a proxy then no problems , and even if
you are the risks are pretty minimal with layered security.
http://smb.sygate.com/products/spf_standard.htm
me

 

[Thip]

I am something of a power user. Which free firewall would you recommend
for me? Thank you in advance for all replies.
--

Kerio Personal Firewall v. 2.1.5. You'll have to Google for it.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

Or kerio (Last freeware version)
http://www.pricelessware.org/2004/PL2004SECURITY.htm#A444
for links

Just a slight correction -- KPF 2.1.5 is not the last freeware version,
but the last good freeware version. KPF 4.0.x is still free, but many
people dislike it.

 

[J44xm]

["MightyKitten"; Tue, 03 Aug 2004 20:31:33 GMT]

If you want to stick with freeware, I guess I would recommand Sygate

Same here.

 

[imabrowneye]

If you have any cash, I'd go for a NAT firewall, for example edimaxe's
(www.edimax.com)

Hi

I might be wrong (have been in the past), but I understood it that NAT,
isn't a true firewall. Doing tests with my adsl modem (Billion 5100 which
has NAT), if i download GRC.com's leak test and run it I fail every time,
because NAT opens an incoming connection if requested by an outgoing
connection. If i want a port to be opened I need to set the modem up to
allow it (ie, port forwarding). When I do the Shield's up test I pass, but
my ports only show up as closed not stealth (which doesn't worry me) To be
truly secure with NAT, you should still run a firewall which monitors
outgoing connections (Ie: Kerio, Zonealarm etc) so only the programs you
allow, can access the net

Please correct me if I'm wrong

JB


--
Another community announcement from imabrowneye inc.


*-------------------------------------------------------*
" Semper in excremento sum, solum profunditas mutat. "

&

" Eos stupra si jocum nesciunt accipere. "
*-------------------------------------------------------*

 

[MightyKitten]

Hi

I might be wrong (have been in the past), but I understood it that
NAT, isn't a true firewall. Doing tests with my adsl modem (Billion
5100 which has NAT), if i download GRC.com's leak test and run it I
fail every time, because NAT opens an incoming connection if
requested by an outgoing connection. If i want a port to be opened I
need to set the modem up to allow it (ie, port forwarding). When I do
the Shield's up test I pass, but my ports only show up as closed not
stealth (which doesn't worry me) To be truly secure with NAT, you
should still run a firewall which monitors outgoing connections (Ie:
Kerio, Zonealarm etc) so only the programs you allow, can access the
net

Please correct me if I'm wrong

JB

Your observations are right.

The biggest disadvantage is indeed that it wouldn't prevent TCP/IP
connections from the inside.

The advantage is the reduced need to adjust the firewall with each new
program that wants an internet connection.

But having a boxed ('hardware') nat firewall has additional advantages:

- Most Boxed NAT firewalls use a stripped, but very secure linux version on
flashrom. more difficult to bring sown as a software based firewall on your
PC

- I havn't seen a boxed firewall that wasn't network capable, meaning you
can _at least_ plug up to 253 additional network devices on your internet
connection, software on your PC will either only support 1 pc or will have
to youse that specific PC as an router, slowing down network traffice (and
your games er... work of course!)

- Most boxed firewall offer additional stuff. My old edimax can also be
used:
as a DHCP router (and I believe most boxed NAT firewalls can);
as a dns Pastrough service (the firewall will be handeling all DNS request
to the outside)

- Most boxed firewalls have aditional software for filters, making them
closer to the cisco and checkpoint firewall we'd all like to have

I've both an edimax router/firewall and an SMC route firewall. Though the
later has wireless support, I'd like the old edimax more. I've only had to
reset that firewall once (except some screwups in the settings I made myself
) while the SMC has to be resetted about once a month (mostly after an
attack of some form. But since I have the need of wireless, I'll stick to
the SMC for now.

MightyKitten

--

http://www.it-hulp.nl/
http://fotoalbum.it-hulp.nl/

gmx.net is the mailserver of mightykitten
start subject with *ping* or the antispam monster will eat it.

 

[derek / nul]

I might be wrong (have been in the past), but I understood it that NAT,
isn't a true firewall. Doing tests with my adsl modem (Billion 5100 which
has NAT), if i download GRC.com's leak test and run it I fail every time,
because NAT opens an incoming connection if requested by an outgoing
connection. If i want a port to be opened I need to set the modem up to
allow it (ie, port forwarding). When I do the Shield's up test I pass, but
my ports only show up as closed not stealth (which doesn't worry me) To be
truly secure with NAT, you should still run a firewall which monitors
outgoing connections (Ie: Kerio, Zonealarm etc) so only the programs you
allow, can access the net

Please correct me if I'm wrong

Correct, NAT is not a 'true' firewall, but it provides basic protection without
intrusion.

 

[Rich]

Doesn't the Linksys router have firewall capability by limiting what ports
you want open? I am on cable and use a D-Link router as a primary hardware
firewall limiting access to all but the necessary ports and then have a
secondary software firewall that is with PC Cillin AV.

 

[Conor]

I have decided to dump Zone Alarm because of the yEnc corruption problem
so I need a new freeware firewall.

I run Windows XP home and connect to a cable modem through a Linksys
router. I use Mozilla as my primary browser and Agent for email and
newsgroups. I use Newsplex to combine several news servers into one for
Agent. Newsplex needs to run as a server. No other program needs to
run as a server. I do not use any p2p, icq, or irc programs.

I am something of a power user. Which free firewall would you recommend
for me? Thank you in advance for all replies.

Sygate Personal Firewall (free) has been fine for me.

 

[John Corliss]

I have decided to dump Zone Alarm because of the yEnc corruption problem
so I need a new freeware firewall.
I run Windows XP home and connect to a cable modem through a Linksys
router. I use Mozilla as my primary browser and Agent for email and
newsgroups. I use Newsplex to combine several news servers into one for
Agent. Newsplex needs to run as a server. No other program needs to
run as a server. I do not use any p2p, icq, or irc programs.
I am something of a power user. Which free firewall would you recommend
for me? Thank you in advance for all replies.

The best I've seen is KerioPersonalFirewall:

http://www.kerio.com/kpf_download.html

I've tried installing the older version, which I use on my ME system,
onto XP systems with bad results. Although it works, you aren't able
to change the settings and make them stick. Probably something to do
with Microsoft's $#@!?&!! "administrator priviledges" or some other
such BS.

However, when I downloaded and installed the newest version of
KerioPersonalFirewall (4.0.16) and it worked perfectly. Note that this
version drops features after 30 days, but none of them are vital to
the basic functioning of a good firewall.

Now I don't know if running server software might tag you as a
"commercial user" to the program, but it's still worth a try.

 

[John Corliss]

Kerio Personal Firewall v. 2.1.5. You'll have to Google for it.

My observation has been that this version of Kerio, although it works
basically, has configuration problems with XP in that you can change
the filters, but the changes don't stick. The newer version of
KerioPersonalFirewall doesn't have those limitations.

 

[REM]

My observation has been that this version of Kerio, although it works
basically, has configuration problems with XP in that you can change
the filters, but the changes don't stick. The newer version of
KerioPersonalFirewall doesn't have those limitations.

I haven't noticed this. Are you talking about rule settings not sticking?

I might not understand you here.

 

[Hello]

I
sygate would be an easy one to maintain.

I'm still learning about it, but aftry trying 3( a french one called
lookspit, or somesthing like that, kerio, and sygate) I'm staying
with sygate

very easy to get going

 

[Bob Adkins]

I am something of a power user. Which free firewall would you recommend
for me? Thank you in advance for all replies.

Think about waiting a couple of weeks and try out the new, improved XP SP2
firewall.

Bob

 

[MightyKitten]

Think about waiting a couple of weeks and try out the new, improved
XP SP2 firewall.

Bob

Your call, just be sure to have your talismans ready...

iow: good luck!

MightyKitten


--

http://www.it-hulp.nl/
http://fotoalbum.it-hulp.nl/

gmx.net is the mailserver of mightykitten
start subject with *ping* or the antispam monster will eat it.

 

[Bob Adkins]

My observation has been that this version of Kerio, although it works
basically, has configuration problems with XP in that you can change
the filters, but the changes don't stick. The newer version of
KerioPersonalFirewall doesn't have those limitations.

Hmmmm... I had a problem several months back when I first started using
Kerio 2.1.5. I seem to remember a registry setting to increase buffers or
something. <shrug>

Bob

 

[John Corliss]

I haven't noticed this. Are you talking about rule settings not sticking?
I might not understand you here.

That's exactly what I'm saying. My experience is that although the
rule works for the session, when you restart Kerio it has disappeared.
This is only in version 2.1.5, not the 4.0.16 version.

 

[John Corliss]

Think about waiting a couple of weeks and try out the new, improved XP SP2
firewall.

I'll betcha it doesn't filter outgoing.