Like Rich M. I'm very frustrated with the firewall software available today. I've tried ZoneAlarm, Norton, Sygate and others. One of the worst I have tried was Comodo firewall. Sygate is ok, but it does bother me to always approve of it to allow certain programs to access the web after I already did this multiple times. I would like to try Aromor2net, but have not given it a trial run yet. The gui looks fairly nice and easy. Most of all - I want a firewall that will perform well and not ask me over and over again if I want to allow certain programs to access the web. I want to do this ONE time and get it done! What firewall programs do you guys like and what price are they??

...and why am I a Junior Member??

Like Rich M. I'm very frustrated with the firewall software available today. I've tried ZoneAlarm, Norton, Sygate and others. One of the worst I have tried was Comodo firewall. Sygate is ok, but it does bother me to always approve of it to allow certain programs to access the web after I already did this multiple times. I would like to try Aromor2net, but have not given it a trial run yet. The gui looks fairly nice and easy. Most of all - I want a firewall that will perform well and not ask me over and over again if I want to allow certain programs to access the web. I want to do this ONE time and get it done! What firewall programs do you guys like and what price are they??

...and why am I a Junior Member??


I think this software has a rating system based on logons to forum and number of posts. My guess is over 100 posts it goes to senior but Adam will have to answer this one.

John the only one I even mildly liked that didn't screw with my network was Tiny Firewall. I found an older free version but was reminded it was several years old.
I finally decided they were either so irritating, or blocked network or browsers, I am using XP firewall. With hardware router and XP firewall, I feel safe enough. On my Windows 2000 machine I use Premedius firewall which at least doesn't annoy me...try it:
http://www.primedius.com/PersonalFirewall.htm

In regards to the post count and titles - it seems like the system DIDN'T in fact import the old posts and thus didn't allow us to keep our post counts. I am going to contact vBulletin however I do not know what we can do in this aspect to fix this (if we can import the old posts at this point).

Well, before I begin, I would like to thank the Academy for my designation as Senior Member(Lackey) as opposed to Junior Member(Sidekick). I surmise that this is more in deference to my age and repeated nonsensical posting rather than any useful knowledge I may posess. But, as Mother always said, never turn down a compliment, even if you don't deserve it.

I still use ZA and haven't any complaints. In fact, I recently discovered that the app that was dragging down my browsing and overall system performance was the latest Adobe Reader. I dropped this turkey and loaded Foxit, a simple .pdf reader , and it was like discovering that I'd been driving along with the parking brake on. Foxit does the same as Acrobat or whatever they call it now without all the snooping and updating Adobe seemed to be doing.
Well, as to the new format, Shucks! I was just reaching the bend on the learning curve on the old one! Oh well, seems ok so far.


RAK (Egad! No Spellcheck yet! I'm EXPOSED!) P.S.Hey, the first time I went to profile, I was Senior Member. Now I'm back to Sidekick! Oh, it was fun while it lasted. Please disregard the above

Well Rak, we may agree politically most of the time, but we will part company here. I have always said "Give me a good virus in preference to ZA any day of the week!" or like my hero Monk said last Friday "I'd rather get sucked out an airplane window than....." use Zone Alarm.

But... from following various forums related to the game Red Orchestra and the ZA mess that crashes it ... nobody has a good recomendation for a better alternative. Seems each has its own quirks and annoyances. All the small companies have been eaten up by the big one and choices of something new and better are slim.

I think I started something with the Junior Member thing. Frankly, I'd rather just be called a member. Junior, Senior...
I really like the new format. It is great. I find myself using the site much, much more.

I'm going to give the Primedius free firewall a try. I used the edit feature to add this last paragraph. I really like how quick the feature worked. The new features, functions and format of the board are top notch!

Oh, I don't mind it, Joe; makes me feel like I'm 40 again. But my profile did say Senior this morning. Should have screen-caputured it. As for firewalls, I'm just tired of chasing my tail. I'll stick with ZA until it turns on me.

RAK

Well, I have found that most firewalls play such havoic with networking that using a firm hardware firewall in the router, making sure NAT is enabled, and keeping the service packs up-to-date with Microsoft / antivirus works on the expanded end.

As for popup blocking - I sold RichM on Admuncher a few months ago and he has loved it. $25.00 per machine (discount for more than 4 systems) once and you are provided updates with no hassles. I am on my 3rd year of using it and not one subscription renewal YET.

Now you have me wondering. If I use XP's firewall and the hardware firewall with my Netgear MIMO wirless router do you guys think that is safe enough? One of my concerns is protecting the laptop I use that is networked to the wireless router. I can't use the XP firewall because my stupid IT Unit from work has it turned off. The Administrator rights don't allow me to change this firewall setting.

John,
That is all I have ever used and remember, I am an eBay addict!!!!

John,

You might want to check out the M$ knowledgebase about not changing the XP firewall. There were some postings on my tech organization group about that a few months ago and there is a registry key that needs to be changed to allow the firewall to be accessible.

I don't have the key available right now - busy with several business moves (ugh).

The problem...
A NAT router is a 90% effective shield against unauthorized probing from the outside.
There is ALWAYS probing going on from thousands upon thousands of machines in BOT networks run by scammers and spammers.
The focus of these attacks has change in the last few years. Now, they are looking to steal your money! The days of the script kiddie and curious hacker have given way to criminal gangs who want your credit card and pin numbers.

Exploits are being found in software, of every kind, not only Windows. Adobe, Flash, media players ... you name it, people are finding exploits to abuse it to get in your machine. It's no longer a virus that says "Ha,ha, I farkled your machine.", it's a rootkit that never announces it keylogged your credit card number and two months from now you get a WTF credit card statement.

There are over 6000 ports, I forget the exact number, and any one of them is a hole in the screen door where the bugs sneak in. Allowed Windows processes routinely open a hundred or so common ports to traffic whether you want it to or not.

A firewall, behind a NAT router, is essential to close those gaps and keep those ports closed and silent so they don't become the target of the BOT networks constant searching.
That gets you up to the 99% secure mark.
Even with the NAT router, I still see blocked inbound attempts in my ZA logs now and then because something I was using was holding a port open and visible. As EVERYTHING you install these days wants to call home...
You have no idea how many programs use and hold open some port for that purpose. As fast as the bad guys find them, they start pinging them looking for an exploit that lets them inside.

The last 1% security risk comes from inside your machine.
A one way, inbound only ie: Windows firewall, does not prevent what's inside from calling out.

The things that get in usually happen because you (inadvertantly) let them in. DL from a malicious web site, something you installed that had a piggyback, an email attachment, rootkit, keylogger, malicious HTML or ActiveX .... 90% of this stuff is now coming from legitimate web sites that have been invaded and silently spread malicious code via the web. The website is usually not aware of it and it hides deep in their web code.

These are well hidden and hard to spot. Even the best AVs have problems detecting rootkits. These new threats are so clever and sophisticated that it can take a while for AVs to catch up on their signatures when they are discovered. The importance of a good AV can not be understated but even the best AVs are still not perfect.

Your bi-directional software firewall is the second line of defense to alert you to something bad inside calling out, without your permission.
Like law enforcement, it's only after the crime that investigation starts tracking the attacks after they have been noticed.

None of the firewalls are perfect. They all tend to have their own form of PITA. Choose one (two way) that does the best job with the least annoyance. Program and port control access is essential along with a good alert system.
The better the firewall, the more likely it is to annoy the crap out of you by constantly blocking and asking permission. Things may not work and programs may crash or fail to communicate because of it. It takes time and much patience to get it all adjusted just right.
Problem is, you can't just turn it off and leave the doors unlocked as the burglars will be around tonight to rattle your doorknob.

I just got a new game, a game I really want to play, but ... oops... it won't get along with Zone Alarm. Thousands of people who bought the game are having a hissy. Tripwire and Zone Alarm are working round the clock to solve the glitch. Until they do, they say uninstall Zone Alarm ....

Ain't going to happen! I refuse to open up my system and network to attack for the sake of a $25 game!

PAY ATTENTION TO THIS !!!
In 48 hours, while I was restoring daughter's machine, it was connected to the router, with internet access and no firewall, it picked up half a dozen items that were flagged and snagged by Nod32 as malicious!
This machine scanned perfectly clean before it crashed so I know there was nothing present before that time.
And, that was with a NAT router and minimal time downloading a few things off the web that I needed for the restore and only visiting what I would consider 'safe' sites.

If you want to run barefoot in the park ...

Oh, I don't mind it, Joe; makes me feel like I'm 40 again. But my profile did say Senior this morning.

RAK

Same here, RAK.......now how in the world did they find out I got a face lift? This Patriot Act business is just going too far!

Lina

Now you have me wondering. If I use XP's firewall and the hardware firewall with my Netgear MIMO wirless router do you guys think that is safe enough? One of my concerns is protecting the laptop I use that is networked to the wireless router. I can't use the XP firewall because my stupid IT Unit from work has it turned off. The Administrator rights don't allow me to change this firewall setting.

John,
I would not rely on the XP firewall. I had a similar situation to Doug's where I had done a clean install of XP, downloaded driver updates and visited a few other legit sites before installing Sygate and Nod32 (but behind a NAT enabled Router), and to my surprise had picked up a few "nasties" along the way (was confirmed with PcCillin too).
Keep in mind that Sygate is no longer available (and does not run on Vista), but is still a viable alternative for W9x and XP to not having a software firewall or the XP firewall.
I've been testing Tiny Firewall and so far so good, and will likely use it once Vista is released.

I like the Primedius Firewall, but it sure could be improved. When you open a program that wants to access the web Primedius prompts you with a small window asking if you want to allow the program to access the web. It also includes a small check box to 'remember' the setting. Well, this doesn't work. When you run the same program again - you have to go through the same process with Primedius again. This is a gripe I have with most of the firewall programs. I did learn that you have to click on the Primedius icon in the system tray and select 'Show Configuration Panel.' Then, if you grant certain programs access to the web the setting is saved. It shouldn't be this difficult!

Well, I went to remove Primedius firewall and had some issues with the PC afterwards. I had to use JV16 to clean everything up and the PC seems ok now. It was strange. I removed Primedius firewall using the Add/Remove feature in Control Panel, but the program would still run when I restarted the PC. I had to manually remove the firewall and cleanup everything with JV16. Now I'm very hesitant to even install another firewall and I'm just using the Windows XP firewall. With all of the really crappy firewall software out there I think I'll just stick with the Windows XP firewall for now. I did almost try Webroot's decktop firewall, but would like to obtain other's experience with it before giving it a try.

By the very nature of a firewall, it grows roots through your system as it must integrate with all the numerous Windows processes that open,close, and listen to various ports and all the networking processes, whether you have a network or not.

Like everything else these days, the makers figure you are theirs for life and will never take it out or replace it with something else. The uninstall usually leaves much to be desired and they fail to uninstall completely or clean up after themselves. All the 'hooks' it establishes with the processes don't get cleaned out.

Even if you do get it mostly cleaned out, one little scrap left behind can mean something that won't work or conflict with the new one you put in. I am very leary about trying new ones for fear it will leave something behind that can't be scrubbed away without considerable work or XP repair.

I've been watching various blogs for firewall news.
Seems most of the little ones have been gobbled up by the big ones. Few pure firewalls are being made as everything is now some type of integrated security suite. If you want their firewall, take their AV and spyware software with it or else.
A lot of them stalled out further development for fear Vista will introduce a 'real' firewall and make them unecessary.
(Me thinks the current XP one way firewall was an appeasment of the third party builders until MS decides to wipe them out altogether else why didn't MS include a true and full function firewall?)

Reviews all over the blogs are not showing anything outstanding over the big names. ZA and Symantec have the market for now and I doubt we'll see anything impressive until Vista is on the shelf.

Well, after removing Primedius Firewall I'm using the Windows XP firewall now. The system is so much quicker I can't believe it! Web pages load quicker. In general, my PC is so much quicker I can't believe it. For now, I'm giving this a try and don't plan to install another crappy firewall that hogs the system without really being needed.

Well, after removing Primedius Firewall I'm using the Windows XP firewall now. The system is so much quicker I can't believe it! Web pages load quicker. In general, my PC is so much quicker I can't believe it. For now, I'm giving this a try and don't plan to install another crappy firewall that hogs the system without really being needed.

John I'm with you. I was happy with Premedius until I noticed a drain and on 2 pc's the browsers were blocked and I couldn't get them on the internet at all.
Tiny I found annoying, and it eventually shut down 1 pc on network so out it went too. Especially since it was there during the rootkit incident, and served no purpose at all except adding more intrusion messages that it could not deal with anyway.

Rich, I know how practical and wary you are about surfing on the web. If the Windows XP Firewall and the hardware firewall of my Netgear Wireless Router are good enough for you I feel secure not using another software firewall. Frankly, I've always thought the risk issue was way over done. I just cannot believe how much quicker the web pages load and the PC performs in general. The difference is very noticable.

So, is the opinion of the firewall experimenters here that Windows XP Firewall is presently the preferable firewall? Does the above firewall provide information as to programs, access, server & trusted sites, etc? I am presently using Zone Alarm as my reference. No router at this time.

Lesser of all evils John, and I'm sure the resident paranoids will never agree to that statement!

Lesser of all evils John, and I'm sure the resident paranoids will never agree to that statement!

John and Loop,
XP firewall is better than not using a software firewall, but I prefer a firewall that provides inbound and outbound security.
My tests with Tiny Fw shows it does provide adequate protection, but as Rich mentions, it does use more system resourses and is not as easy to configure as Sygate.
I'll be revisiting Kerio firewall which was bought by Sunbelt Software- new versions (free with limited features, paid full feature) are avaliable at http://www.sunbelt-software.com/Kerio.cfm

Rob

Kerio used to get some good reviews. Let us know your results!

I gave Kerio a quick try and it seemed to be easy to set up and use. However, all of the firewalls except the one included with Windows XP seem to really have a drag on the system. When I removed Sygate and then Primedius for the XP Firewall I cou'dnt believe the boost in speed on my PC! Pages load so much quicker I can't believe it. I'm fairly satisfied with the XP firewall and the hardware firewall included with my wireless router. I frankly believe all of the security hype of needing individual software firewalls is over done.

The debate....

XP firewall does a good job for INBOUND protection from all indications.

The problem lies in OUTBOUND protection, those applications that like to call home, which XP does not filter as it is inbound only.

Providing, all other security is top of the line and you don't expect anything to invade and get inside the system, the one way XP firewall isn't half bad.

But... if something gets in... the OUTBOUND protection of third party firewalls is going to be the alert siren when it attempts to call home.

Keep in mind, Windows holds OPEN or listens to quite a few PORTS. All of the STANDARD WINDOWS PORTS are the ones used by various malware to communicate with their demons that have gotten inside and are looking to establish communication.

If you don't have a NAT router, with port forwarding, it is easy to see the huge number of PORT PINGS to standard Windows common ports looking for an open window and a means to connect with their hidden counterparts residing in your machine. The bad guys know the way into your house and Windows Firewall isn't a very good sentry or guard dog as it will accept these probes from the outside to 'standard' Windows communication tools.

Take a standard Windows port 3389 used for Remote Desktop and Remote Assistance that runs under svchost and Generic processes for Win32 Services. XP routinely 'listens' for communication to this port under a common Windows Service.
A trojan that utilizes Port 3389 has clear sailing through an open door. You won't be alerted to an unknown .exe calling home. And... there are over a hundred standard ports that Windows can listen to!

Unless Vista impliments a 2 way firewall and port filtering...
No way, no how!~

I'm not as worried about outbound contact. Norton AV '06 would alert me on worms or trojans. The XP firewall and the hardware firewall with my router are fine with me. I think alot of this panic is manufacturered by the firewall industry.

Well, I went back on my word and I'm trying Webroot's Desktop Firewall. The program sets up easy and I like the prompts to allow access to web sites. I do however notice the speed to web sites is slower than when using just the XP firewall. I'll give this a trial run, but already feel like removing it.

I had Webroot Desktop Firewall installed for about 30 minutes and already removed it. I still can't believe how much these firewall programs slow the system. Web pages take much longer to load and overall the PC is impacted. I'll stay with the XP Firewall for now until the software industry gets there act together and develops a good quality firewall that isn't bloatware.

John,
I recommended Premedius and am doing so well with it on my Windows 2000 pc's where I need to have one, and I just realized it runs like a horror show on XP. It drags, and even closed my browsers and I couldn't even open them till I
uninstalled it.

Man, I'm really learning my lesson with installing these firewalls and then removing them. Every time I remove one of them it messes something else up! I had to remove and reinstall my Epson R300 printer when I removed Webroot's Desktop Firewall. I'm satisfied with just running the Windows XP Firewall now. I'm tired of running Jv16 to clean up after the mess every firewall makes. They sure can make a mess once you remove a firewall.

That's OK I am replacing mobo in unit one so I have bench machine at router and Premedius blocked all browsers in Windows 2000 on this pc...so out it came. This is really getting old. There currently is no firewall I can find that doesn't block network or block all the browsers and this is on 2000 pc that has no native firewall to fall back on. What a bunch of crap. I will put Sygate back as I have to have something.

I feel exactly like you, Rich. I have tried every signel firewall out there. Kerio, Sygate, Norton, Webroot, Ignitum, etc. I don't like any of them. They bog the PC down, aren't dependable, require constant attention and tweaking and are a pain in the a_s in general. Then, when you opt to remove some of them they cause havoc to your PC's OS. I have had to reinstall my printer and straighten out other stuff after removing Comodo, Webroot and ZoneAlarm. At this point I'll risk it and just use the XP firewall.

I'm presently using zone alarm & may consider removing it in favor of Windows XP firewall. I do not have a router and/or additional wireless attachments or a hardware firewall.This is my only computer. Any opinions or suggestions concerning the above would be appreciated.

Loop, this starts to be a personal preference type of thing just like other computing preferences. Some people just want the super most secure system and wear a belt and suspenders. I use a good quality antivirus and keep the updates current. I also use a quality spyware remover. I would like to also have a good quality firewall that would monitor all incomming and outgoing web access. Once I find one that doesn't bog down the PC I'll use it. I'm so disgusted with the firewalls available. For now, I'm sticking with the Windows XP firewall.