Posted: 10/25/2004 5:27:04 AM EDT
| I just got a new machine (nothing special), and I'm wondering what you all use for software firewalls. Any reccomendations? |
|
I'm still using Norton...version 2003. The 2004/2005 versions have more add-on's/popup blockers/online activation with Norton, which is probably why I haven't put them on my own machines. I use them on stand-alone test machines at work though. Zone Alarm is pretty straightforward. Security-wise, it's as good as any. And the non-Pro version is free! The protection is the same from the non-Pro to the Pro version, but the Pro version has add-on's that aren't related to the firewall. Another recommendation is Tiny Personal Firewall. Not sure if TPF has been updated in awhile, but last I heard, it was a solid performer. McAfee seems to have a solid product too...protection-wise. But from the different versions I've run, I absolutely can't stand their interface. BlackICE Defender isn't quite a firewall...it's an "intrusion detector." I don't recommend it for firewall duties. In addition to all that, if you're on cable/dsl, a $20 router (probably with a $20 rebate too) will add a measure of "firewall-like" protection from unsolicited packets from ye olde Intarweb. Routers say they have a firewall, but it isn't a true firewall. But I still recommend them (in addition to a software firewall) as they're good at what they do. |
|
Software firewalls are snake oil, crap, SHIT... Get it? If you *really* want to run one, the one that comes with Windows is just as useless & innefective as the others, so go ahead, use it... But in the end, the only firewall worth it's salt is the hardware kind... |
|
My software firewall works just fine (stock OS X firewall with a shareware controller). Use this site to check your firewall: www.grc.com/x/ne.dll?bh0bkyd2 Avoid any kind of intrusion detection or "scanning the scanner" stuff. Neither one will tell you anything useful. What kind of connection do you have, and how do you plan on using it? Always-on broadband connections need much better protection then dialup connections that are only on for an hour or two at a time. |
*shudder*
Not a true firewall, but they provide a measure of security. Most hardware firewalls start around $500-600 and go way up from there. |
Close! I got special NFR pricing on my PIX 501 - $450 w/3DES and 10 IKE peers (if I recall correctly).  How do some folks live without the ability to establish IPSec VPN tunnels with other IPSec devices or clients, anyway? |
Wow. I better than that (bandwidth shaping, detailed logging and intrusion detection, essentially unlimited IKE peers, VPN over either IPSec or PPTP, unlimited firewalling capability) with a $300 PC and OpenBSD.... |
Ya, I know. For a while I had one of my RedHat boxes performing VPN duty. It was older than dirt, and it died. I got reimbursed for the PIX. Either way works for me. |
Are there hardware firewalls that will allow application-specific access rules? |
Yup. |
|
I tend to stay away from Symantec produts such as Norton after learning that they were antigun. www.wmsa.net/prohibition/symantec.htm I sent an email to them about a year ago asking about their policy and received no response. Ed |
checkpoint costs several thousand for a license.... (unless they have a home user version for several hundred..  )
|
|
www.smoothwall.org Use that old POS you have laying around to run this. |