J
John
In the groups opinion, what is the best freeware firewall for single PC
use please?
Regards,
John.
use please?
Regards,
John.
K
kenny
Use the Xp firewall, Avast antivirus, Adaware, spybot, ms antispyware
The xp firewall is good because it does not bug you all the time and is
automated for many applications.
I hate all other firewalls... if you are sure your pc is not infected, then
you dont need outgoing blocking.
In otherwords your best protection is intelligent computer use, something
that most people demanding "in and out traffic" firewalls are not capable
of.
The xp firewall is good because it does not bug you all the time and is
automated for many applications.
I hate all other firewalls... if you are sure your pc is not infected, then
you dont need outgoing blocking.
In otherwords your best protection is intelligent computer use, something
that most people demanding "in and out traffic" firewalls are not capable
of.
H
Harvey Van Sickle
On 06 Dec 2005, John wrote
Depends how you're defining "best". The minimum should be one that
monitors outgoing as well as incoming threats.
Frankly, from what I've read all of them do the basic business;
the differences have to do with configuration, interface, and other
user-preference aspects, so the best thing to do is to try a few
out and see which suits you best.
(IMO, people get *way* too partisan for and against various
software options. I've used Zone Alarm for many years, and it's
served me well; others prefer the alternatives, but to be honest,
they're really much of muchness in terms of basic functionality.)
Depends how you're defining "best". The minimum should be one that
monitors outgoing as well as incoming threats.
Frankly, from what I've read all of them do the basic business;
the differences have to do with configuration, interface, and other
user-preference aspects, so the best thing to do is to try a few
out and see which suits you best.
(IMO, people get *way* too partisan for and against various
software options. I've used Zone Alarm for many years, and it's
served me well; others prefer the alternatives, but to be honest,
they're really much of muchness in terms of basic functionality.)
F
Fedz
The problem using XP firewall it doesn't have 'stealth' mode - your
computer is viewable by anyone scanning you but, your ports are closed but
they know you're their so could make a good attempt at forcing your system.
If you goto one of the many port scanners on the net, eg:
https://www.grc.com/x/ne.dll?bh0bkyd2
and scan your pc, you'll notice everyone can see yuou are their!
Personally I'd download a small rule based firewall eg: agnitum outpost
(free) that offers stealth mode.
It's quick, easy and simply - offers in/out rule based. You can tell it
what progs to allow out and has md5 in case any of your progs get hijacked.
ad-aware, spybot S&D ...etc is good to use also.
If you have a router, that's better - no need for a software firewall
Kind regards
computer is viewable by anyone scanning you but, your ports are closed but
they know you're their so could make a good attempt at forcing your system.
If you goto one of the many port scanners on the net, eg:
https://www.grc.com/x/ne.dll?bh0bkyd2
and scan your pc, you'll notice everyone can see yuou are their!
Personally I'd download a small rule based firewall eg: agnitum outpost
(free) that offers stealth mode.
It's quick, easy and simply - offers in/out rule based. You can tell it
what progs to allow out and has md5 in case any of your progs get hijacked.
ad-aware, spybot S&D ...etc is good to use also.
If you have a router, that's better - no need for a software firewall
kenny said:
Kind regards
K
kenny
So? Let them attempt away... if a hacker is determined to get into my
machine
he will (if he is good) whatever the type of firewall I have.
So the firewalls do not protect you from hackers but from stupid viruses and
spyware that attack ports.
There is a general fear of the public that hackers are out to get them.
There is a simple question. Why you? Out of the million users around the
internet,
do you actually think there is a hacker for everyone and he is out to get
you? And even if there was, what do you have to hide?
Some top secret documents of experimental aircraft noone else should see?
If you DO have something no one should ever see.. unplug your computer from
the internet.
PS. it is not the computers that are the problem. Hackers use HUMANS (the
users) as the
most venerable link into getting inside systems. So if you want a good
firewall, you must put a firewall on YOURSELF!
Kenny www.computerboom.com
machine
he will (if he is good) whatever the type of firewall I have.
So the firewalls do not protect you from hackers but from stupid viruses and
spyware that attack ports.
There is a general fear of the public that hackers are out to get them.
There is a simple question. Why you? Out of the million users around the
internet,
do you actually think there is a hacker for everyone and he is out to get
you? And even if there was, what do you have to hide?
Some top secret documents of experimental aircraft noone else should see?
If you DO have something no one should ever see.. unplug your computer from
the internet.
PS. it is not the computers that are the problem. Hackers use HUMANS (the
users) as the
most venerable link into getting inside systems. So if you want a good
firewall, you must put a firewall on YOURSELF!
Kenny www.computerboom.com
A
Adam Piggott
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Stealth" is merely a false sense of security. If a port is closed, that
is, no program is listening at it, it cannot be "forced".
GRC is not a security web site, it is a marketing buzzword and
scaremongering site.
Good advice
Although if you have a router you should also make sure you set an
administrator password and check that it can't be remotely managed from the
Internet. If it's wireless, then switch off the wireless if you're not
using it, otherwise make sure you use WPA security and a complex password.
Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDlX+t7uRVdtPsXDkRAsc/AJ9gA6aljlcfK8dqGeM8xz7OV/2qjwCfZwWH
VwncJuaOb6GoAoSQeMBYJuw=
=4sC2
-----END PGP SIGNATURE-----
Hash: SHA1
"Stealth" is merely a false sense of security. If a port is closed, that
is, no program is listening at it, it cannot be "forced".
GRC is not a security web site, it is a marketing buzzword and
scaremongering site.
Personally I'd download a small rule based firewall eg: agnitum outpost
(free) that offers stealth mode.
It's quick, easy and simply - offers in/out rule based. You can tell it
what progs to allow out and has md5 in case any of your progs get hijacked.
ad-aware, spybot S&D ...etc is good to use also.
If you have a router, that's better - no need for a software firewall
Good advice
Although if you have a router you should also make sure you set an
administrator password and check that it can't be remotely managed from the
Internet. If it's wireless, then switch off the wireless if you're not
using it, otherwise make sure you use WPA security and a complex password.
Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDlX+t7uRVdtPsXDkRAsc/AJ9gA6aljlcfK8dqGeM8xz7OV/2qjwCfZwWH
VwncJuaOb6GoAoSQeMBYJuw=
=4sC2
-----END PGP SIGNATURE-----
F
Fedz
The fact remains with just using XP firewall you are viewable to anyone
scanning your pc. If you have an always on connection and or dedicated
IP - your IP remains the same for XX days, months, years and so the
person(s) know exactly which IP to come back too - it's like advertising
you're their but my door is closed but how closed are they? With ever
increasing vulnrabilities of OS, software ...etc.
Have a firewall eg: Agnitum Outpost free then nobody even knows you are
their (stealth), security of a rule based in/out firewall plus md5 in
case a virus/spyware hijacks a prog on your pc - all this and more for
the less than a 2mb file that uses very little resources is plain and
easy to use ...etc.
The choice is yours
scanning your pc. If you have an always on connection and or dedicated
IP - your IP remains the same for XX days, months, years and so the
person(s) know exactly which IP to come back too - it's like advertising
you're their but my door is closed but how closed are they? With ever
increasing vulnrabilities of OS, software ...etc.
Have a firewall eg: Agnitum Outpost free then nobody even knows you are
their (stealth), security of a rule based in/out firewall plus md5 in
case a virus/spyware hijacks a prog on your pc - all this and more for
the less than a 2mb file that uses very little resources is plain and
easy to use ...etc.
The choice is yours
F
Fedz
Better to be not seen than seen, to anyone scanning your IP (PC) it
looks like you don't even exist.
I ain't bothered about grc it was an example - goto google and their are
many more sites (anyone can on a remote system) that can scan your IP
(PC) and all will result the same so we have the fact you are viewable
to anyone but yep your closed but, they know you're their.
Why show everyone you are their when you don't have too.
K
kenny
not all people have a static IP!
The people with static ips and cable connections are still the MINORITY!
And as I asked again.. why you?
The people with static ips and cable connections are still the MINORITY!
And as I asked again.. why you?
F
Fedz
kenny said:
The question should be asked to the masses that IP / port scan specific
/ random IPs, IP ranges, networks ...etc - the ones that do it day in,
day out from all over the world.
What they looking for - Open ports? known and or unknown Vulnrabilities?
C
Conor
Yeah and for alot of people, the only thing they'll be talking to is
the router. NAT does a good enough job.
C
Conor
Spot the moron who believes what he has read on GRC.com
Hey ****wit, have you ever considered how the hell the scanner knows
its there when it is supposed to be invisible?
You're ****ing not you clueless ****tard unless you're on dialup.
Anyone with NAT involved is completely protected from inbound
connections.
Next you'll say they're not, just confirming how little you know.
F
Fedz
Irrelevant about the site - use any port scanner or scan my ports site.
Same result
You obviously can't read/understand correctly - if you have xp firewall and
or no firewall (inc. router ...etc) and scan yourself you're viewable to
anyone.
Ha! i've come across bigger and better than you in my many years on the
internet - try harder wannabe!
*plonk*
F
Fedz
Yes if you have one ...etc but if just xp firewall or no firewall then ...
Go figure!
D
David
The point was that if the hacker does not know you are there he will
not even try. That is why stealth is vital and, apparently, it is not
available from the XP firewall.
--
David
Remove "farook" to reply
At the bottom of the application where it says
"sign here". I put "Sagittarius"
E-mail: justdas at iinet dot net dot au
A
Adam Piggott
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Which is when they find the admin interface running on port 80 with no
password set. Or one of the various router vulnerabilities that leave all
sorts of undocumented services running which allow Nasty Things.
NAT is not the be-all and end-all. NAT, a firewall, checking the router
settings and firmware and having someone [who knows what a real port scan
is] do a port scan is another few steps toward better protection.
Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDlZst7uRVdtPsXDkRAonhAJ9UCT3wuG9Mnr0I3ue2RP1rX+Xh2wCgiXMU
H/q47+9DKSr/bbuIqaQCrHI=
=oM1A
-----END PGP SIGNATURE-----
Hash: SHA1
Which is when they find the admin interface running on port 80 with no
password set. Or one of the various router vulnerabilities that leave all
sorts of undocumented services running which allow Nasty Things.
NAT is not the be-all and end-all. NAT, a firewall, checking the router
settings and firmware and having someone [who knows what a real port scan
is] do a port scan is another few steps toward better protection.
Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDlZst7uRVdtPsXDkRAonhAJ9UCT3wuG9Mnr0I3ue2RP1rX+Xh2wCgiXMU
H/q47+9DKSr/bbuIqaQCrHI=
=oM1A
-----END PGP SIGNATURE-----
A
Adam Piggott
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm afraid not. A lot of "hackers" are automated zombie computers that just
blindly scan ranges or random IP addresses. Or real people doing the same.
This "stealth" nonsense is relying on security through obscurity which is
not a good idea. People need to try to understand that a big green light on
some fancy-looking "security" web site is not a sign that you're adequately
protected.
btw - I just tested a Windows XP SP2 machine with the XP firewall against
grc's Shields Up and it reported that the computer did not respond to the
evil "Ping" request. However, using Windows' ping utility, or a proper port
scanner, it's kinda obvious that it is responding to pings. If this site
can't even figure out something so basic I'd really have a re-think about
how effective such a service is.
Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDlaB87uRVdtPsXDkRAtJ+AJ0VRTsM4/J1Uqb6PORQczvKttC3RACeNozn
pnRpF1cnI9bsy3INkANHhnk=
=hLwh
-----END PGP SIGNATURE-----
Hash: SHA1
I'm afraid not. A lot of "hackers" are automated zombie computers that just
blindly scan ranges or random IP addresses. Or real people doing the same.
This "stealth" nonsense is relying on security through obscurity which is
not a good idea. People need to try to understand that a big green light on
some fancy-looking "security" web site is not a sign that you're adequately
protected.
btw - I just tested a Windows XP SP2 machine with the XP firewall against
grc's Shields Up and it reported that the computer did not respond to the
evil "Ping" request. However, using Windows' ping utility, or a proper port
scanner, it's kinda obvious that it is responding to pings. If this site
can't even figure out something so basic I'd really have a re-think about
how effective such a service is.
Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDlaB87uRVdtPsXDkRAtJ+AJ0VRTsM4/J1Uqb6PORQczvKttC3RACeNozn
pnRpF1cnI9bsy3INkANHhnk=
=hLwh
-----END PGP SIGNATURE-----
P
Peter Seiler
kenny - 06.12.2005 13:32 :
kenny, Fedz and others, is it really necessary reposting always
fullquoting again and again? Only a recommendation to think about a
little. THX.
kenny, Fedz and others, is it really necessary reposting always
fullquoting again and again? Only a recommendation to think about a
little. THX.
C
Conor
How the **** are you behind a NAT router with no port redirection?
C
Conor
You mean like every router from a $20 cheapy is configured as.