a good firewall

Hay /comp/,

What's your favorite firewall program?
I have zonealarm and IMO it is not so great.
After tweaking it to allow minimal traffic to/from my computer, it ran fine for months until all of a sudden it started giving me Generic Host Process Blocked messages from various DNS caches from my ISP. 

Outpost Free, Kerio 2.1.5 Free, and Sygate Personal Firewall Free.

They all have their better or worse pay counterparts. I'd stay away from Kerio Pro, though, it's an alpha mess. Through my long firewall journeys, I use Outpost Pro cracked. It's clean, simple, in-depth logging, and the "Active Content" plugin which blocks potentially malicious scripts is good if you visit a lot of bad sites. Other than the plugins, though, it's about the same as Outpost Free, except with 16MB more memory usage (OPF is 2MB!) But it really comes down to personal taste.

ipchains

Like >>3 says. If you're looking for a secure firewall, windows software firewalls aren't it.

What's with the Unix elitism on here? I know it feels really cool to set up an OS just to firewall, but a) that's a total waste of time, b) not everyone has a spare computer, and c) a 15 dollar router with a software firewall is a lot more practical than running an entirely different computer 24/7 tacking onto your electric bill just because it's cool. You don't need security like that... Unix users, kings of inpracticality.

>>5 The underlying archetechture (sp?) of Unix tends to be more solid, and therefore more trustworthy. With a lot of windows firewall solutions there's a not-unearned distrust that someone can simply get around your firewall by using the right trojan. Go to a site like one of the 'last measure' sites and if you're using windows *bam*, you're 0wned.

With Unix that doesn't happen, the base OS is much more secure.

I'm just explaining why the prerence exists; if you need to use windows you need to use windows; but most people consider it flaky from top to bottom with regards to security.

What does that have to do with using ipchains?

>>5
It's not elitism, it's simple reality. Believing a software firewall protects you is ignorant. I advise you to read the following:

http://www.securityfocus.com/infocus/1839
http://www.securityfocus.com/infocus/1840

As for windows versus unix... well, unix has good seperation between user and root. While windows can do this, nobody does, because it is really, really painful.

I know my threats and I know what protection I need. I don't work in a corporate environment and I don't need a mainframe with specific entry-exit details. Believing you need a hardware firewall with corporate security is not only ignorant, it's pathetic. Once again, Unix users take the necessity and practicality factors and burn them to the ground.

>>8
it is elitism. and it is ignorant.

the thread starter is asking for a firewall software for windows and here comes the leet0rs

>>9
And once again Windows users continue to be responsible for the global spam epidemic by refusing to secure themselves.

>>10
it is elitism.

Yes, it is (bite me). How does this change anything?

it is ignorant.

Oh, so sorry: http://dictionary.reference.com/search?q=ignorant

>>12
sucker.

>>13
retard

Let us not forget that alot of these Software firewalls like to break TCP/IP protocols. And if you are running windows 98 they don't fucking stop me from opening null sessions in telnet. Now stfu and get a router/firewall or a VPN/firewall you cheap cunt.

>>15 so you're saying if you have a router/firewall you don't need a software firewall, and if you don't have a router/firewall you're fucked even with a software firewall.

Am I right?

>>14
lol stupid idiot

>>16
I run a Counter-strike and a Counter-Strike: Source server both straight out of my home through a D-link router/firewall. Alot of angry script kiddies and hackers have been banned from both servers, I have had not one problem. I had to replace my router/firewall with a HUB and both servers got a serving of blackICE Both servers got hacked hard.

So yes, you are still fucked if you use a software firewall.

>>17
moron

>>16
If you're running with a software firewall, you might as well run the machine naked anyway. Software firewalls only give the illusion of safety, even though they're probably only adding additional holes to your system.

Really, if you don't have a hardware firewall, your best bet still is:
a) Don't use Internet Explorer
b) Don't use Outlook
c) Scan all downloaded applications
d) Keep all your software up to date

I've run an XP box like this for several years as well, and never had issues.

I use Sygate Personal Firewall Pro for my windows os. Quite a nice firewall for windows.It's low on resources and high on power, but can be difficutl for someone who doesn't know much about firewalls at all.
>>20
Your not so right about Software firewalls, but your system practices are good enough. But depending on your IP and your system's location, there is a chance that you are a small target anyway. If your on a College Dorm network, like I am,your almost constantly attacked and scanned. Hardware firewalls can only do so much. IPchains are powerfull, but a pain to set up. I use 2k though. XP is too flawed prone for my tates and it has UPnP and built in blue tooth support. Not thankyou.
You have to be proactive aobut your security and unless you properly set up and use a firewall, wheather it be a soft or hard, it is worthless. One good way to secure your system is not allowing the Kernel net acess. If your not on a network where you log in, it has no reason to be there. Also go into the services and dissable things like "remote access" and change your DCOM to TCP/IP only. Also most Modern Network cards can be set up to block certain types of communication on a hardware level. There are alot of tools avalble to secure your system. You just have to use them

>>21
No, I stand by what I said. Software firewalls are no different than other services or daemons, and can also suffer from buffer overflows and other pleasantness. Are you running any services or applications with open ports (other than that damn RPC service. Fuck you Microsoft, fuck you.)?

You're probably not. So you don't need a firewall, because there's nothing to scan. Running one just opens up one more potential vector into your system.

iptables.

A few months ago it struck me that software firewalls are almost entirely useless. They serve two purposes:
1) Block incoming access
2) Block outgoing access

In the first case, if you're on the internet these days you should be behind a router anyway. But you still might not be; there are still people on dialup, or you might be using one of those sucky USB DSL modems European ISPs seem to delight in giving to their customers (IP/USB... eww...), or as in >>21's case, you might be on an untrusted LAN. So we need to block incoming access. Why? Because someone could connect to an unsecure service running on your box. But why would there be services running unless you started them because you want to be a server? Surely no OS would be insane enough to... oh wait.

Second case: we worry that trojans, spyware and whatnot can install themselves and connect to the internet. But wait. How can programs install themselves without root access? Surely no OS... oh. Wait.

>>21 "There are alot of tools avalble to secure your system. You just have to use them"

True. Here's what I used to do when I was running XP:
1) After install, disable the root privileges that are enabled by default on all user accounts.
2) Activate Windows Firewall in the hope that it can protect me long enough to connect to the internet, snatch a copy of Zonealarm and hurriedly disconnect.
3) Install Zonealarm. Disable Windows Firewall.
4) Go to http://www.grc.com/ and download UnPlug n' Pray, DCOMbobulator and Shoot The Messenger.
5) Make my way through like a dozen menus until I find where Windows has hidden the thing that lets me control what services get to run. Disable nearly all of them.
6) Did I miss anything? Oh yeah, GET FIREFOX!

Not so hard right? I mean sure, it requires some knowledge, but if people don't know how to use a computer they should stay off the internet, right? Well, either that or get one that is secure out of the box.

More than likely the people who argue these facts about software firewalls have never been a target, never had to secure themselves from the world wide network. You people need to take control of your own computer security and LEARN a bit more before you slap a simple program onto your ADD/REMOVE program list and think you are fine.

THERE IS NEVER AN EASY ANSWER.