Best firewall for broadband connection?

  • Thread starter Thread starter Kerry Liles
  • Start date Start date
K

Kerry Liles

In addition to a software firewall (I would recommend Sygate - see:
http://smb.sygate.com/products/spf_standard.htm ),

you should also get a NAT-enabled router ... even if you run only 1 PC. The
router offers some firewall-like protection and provides Network Address
Translation (NAT) so that your PC runs on an internal IP address that is not
directly addressable on the Internet. Of course, you would have to configure
and maintain the router, but many of the consumer routers are quite easy to
configure.
 
«What is the best firewall for a broadband connection? Soon I will have DSL
«and think it would be a good idea to have a firewall. Is Kerio firewall a
«good choice? Years ago I used to use ZoneAlarm, but it seemed like it made
«pages load slow.
«
«
«

This one works good for me - link to the newest version (just released)

http://smb.sygate.com/free/product_upgrades.htm (free for personal use)

I have tested this firewall at grc.com (shields up).

ZoneAlarm is reported to have problems with some news readers most
notably with Agent on an XP system.

Also - I recommend that you get a good news reader as OE does not
decode the newer yEnc that is being used in a lot of groups.

The one I use is SuperGravity v2.7 (freeware)


* * * Gravity Web Pages * * *
http://gravity.tbates.org/
http://gravity.tbates.org/super.html
http://mpgravity.sourceforge.net/
http://sourceforge.net/projects/mpgravity (Version 2.7)
http://lightning.prohosting.com/~tbates/gravity/ (Version 2.6)
Note that V2.7 does not include an image viewer.
You may use your favorite or download and install V2.6 first
which uses its own viewer (diplays thumbs and allows slide show)
The latest version has 're-wrap' feature for replies to posts and
advanced filters for sorting binaries (shows complete).

The easiest way would be to download and install v2.6 first in
the default folders but do not run it. Then download v2.7, install
in a different folder than the default 'gravity' then copy the
Gravity.exe to the first install default 'gravity' folder and
have it overwrite the v2.6 exe. Then run the progy for the first time
and set it up. This way you end up with the full feature package.
You can always change the viewer in the 'global options' afterwards
to any other one you like.
 
In addition to a software firewall (I would recommend Sygate - see:
http://smb.sygate.com/products/spf_standard.htm ),

you should also get a NAT-enabled router ... even if you run only 1 PC. The
router offers some firewall-like protection and provides Network Address
Translation (NAT) so that your PC runs on an internal IP address that is not
directly addressable on the Internet. Of course, you would have to configure
and maintain the router, but many of the consumer routers are quite easy to
configure.
Click to expand...
Try Sygate< I use the pro, but I suspect the free ver is a goodin
too.>
When you get your DSL modem, check the specs on it. I have a Westell
that has a built in router.....So, If yours has one, I don't think you
would want to *piggy back* it w/ another router......
FYI, I did a Shields Up test w/ Sygate Pro *off* and got a complete
stealth on all *INCOMING* probes w/ just my router. Now the router
will not deal w/ any out going but it is a nice 1st line of defense
for incoming probes.....
HTH

bLB

=====================================================================
"Always enter your own address into your address book.
That way, if you get a virus that sends out emails, you'll get a copy.
You'll already be infected, but at least you'll know about it."

======================================================================
Free video ID apps

MpegProperties
http://www.medialab.se/mpgprop_e.html

GSpot
http://www.headbands.com/gspot/

MovieID
http://www.geocities.com/cplarosa/movieid/

AVIcodec
http://avicodec.duby.info/
 
Hi Michael. I use Kerio, and Symantec, Pitstop, and Gibson all say that
they cannot get into my computer. I also use the XP firewall.

: What is the best firewall for a broadband connection? Soon I will
have DSL
: and think it would be a good idea to have a firewall. Is Kerio
firewall a
: good choice? Years ago I used to use ZoneAlarm, but it seemed like it
made
: pages load slow.
:
:
 
What is the best firewall for a broadband connection? Soon I will have DSL
and think it would be a good idea to have a firewall. Is Kerio firewall a
good choice? Years ago I used to use ZoneAlarm, but it seemed like it made
pages load slow.
 
Michael said:
What is the best firewall for a broadband connection? Soon I will
have DSL and think it would be a good idea to have a firewall. Is
Kerio firewall a good choice? Years ago I used to use ZoneAlarm, but
it seemed like it made pages load slow.
Click to expand...

Comp.security.firewalls is a good place with knowledgeable people.

Kerio and Sygate are both quite highly recommended - although Sygate (free)
requires IE 5 or higher.
 
«North wrote:
«
«>ZoneAlarm is reported to have problems with some news readers most
«>notably with Agent on an XP system.
«
«Really? What does it do?
«
I have no personal experience with the problem, I have read other
posts stating that yEnc binaries were being blocked on either posting
or download (it was one or the other).

I have used Sygate for quite a few years now and have had no problems.

ANY firewall user needs to go to www.grc.com and run the suggested
testing on their firewall, in particular the 'leak test', which is
a small compiled C++ progy that you download then run from YOUR
machine, it will attempt to 'talk' to the grc website via known
'back doors' in firewalls. Only one passed according to the website
which was ZoneAlarm. I tested Sygate and it also passed ALL tests.

As the post from Kerry Liles points out, anyone with an ADSL or cable
connection should also use a HARDWARE firewall as provided on some
routers. It will NOT stop out going packets but will prevent being
hacked from the outside.

BOTH a good software and a good hardware firewall will make your
machine 'invisible' to any outside attack and immune to a 'backdoor
trojan' trying to send info OUT from your machine.

I personally purchased a SMC Barricade SMC7004VBR and ENABLED the
built-in firewall (NOT enabled by default) and ALSO had to go into
the 'advanced' configuration to set 'ping' to DO NOT RETURN. This
was a PERSONAL choice that did not cost much. I stress the personal
because I am not promoting the product, it simply did the job I wanted
it to do for me.

Anybody using the Internet these days should go to www.grc.com and
read through the info on the site (lots to read). All of the tests
are there to use FREE.

Please do not snip!
 
On 14 Sep 2004 15:10:17 GMT,Rod's cat ran across
the 'puter keyboard and out came...
««
«Snipped in spite of last reamrk quoted
«>
«> Anybody using the Internet these days should go to www.grc.com and
«> read through the info on the site (lots to read). All of the tests
«> are there to use FREE.
«>
«> Please do not snip!
«
«Can you pass this test with your browser open (which we all have sometimes)
«?
«
«http://www.pcinternetpatrol.com/downloads/audit.php
«
«
using an elite proxy?<BG> javascript turned off?<BFG>

I use IE6(+many,many patches) with javascript set to 'prompt' along
with all of the ActiveX scripting controls. I can go to ANY website
and remain 'invisible' very easily. Now, that does not mean that the
website will display correctly and the odd time they will not work
well but I do not have problems with malicious code either!
 
North said:
«>ZoneAlarm is reported to have problems with some news readers most
«>notably with Agent on an XP system.
«
«Really? What does it do?
«
I have no personal experience with the problem, I have read other
posts stating that yEnc binaries were being blocked on either posting
or download (it was one or the other).
Click to expand...

Download. Corrupted.

I've seen this reported, without reference to OS and without reference
to it being a specifically Agent problem...
 
On 14 Sep 2004 15:10:17 GMT,Rod's cat ran across
the 'puter keyboard and out came...
««
«Snipped in spite of last reamrk quoted
«>
«> Anybody using the Internet these days should go to www.grc.com and
«> read through the info on the site (lots to read). All of the tests
«> are there to use FREE.
«>
«> Please do not snip!
«
«Can you pass this test with your browser open (which we all have
sometimes) «?
«
«http://www.pcinternetpatrol.com/downloads/audit.php
«
using an elite proxy?<BG> javascript turned off?<BFG>

I use IE6(+many,many patches) with javascript set to 'prompt' along
with all of the ActiveX scripting controls. I can go to ANY website
and remain 'invisible' very easily. Now, that does not mean that the
website will display correctly and the odd time they will not work
well but I do not have problems with malicious code either!
Click to expand...

But did you pass the test ?
 
Why should I trust an installer that want's to 'phone home' during the
installation process, and fails to continue when I deny it doing so?
Click to expand...

It doesn't install. It's recommended on different securitysites as a test
for your firewall. What do you mean by 'phone home' ? You mean it does what
it's meant for or something else ?
It did prove my firewall worked though, since it alerted me and
enabled me to make that choice.
Click to expand...

How long did you wait ? It tries different times to test your firewall, and
it could take some time. I thought it froze the first time I ran it, while
it was still trying to call out through my firewall. Again, that's what
it's meant for, description is on the page.
 
I ended up going with the Sygate. It has been easy to use so far. Thanks
for the suggestions.
 
It doesn't install. It's recommended on different securitysites as a test
for your firewall. What do you mean by 'phone home' ? You mean it does what
it's meant for or something else ?
Click to expand...

Quoted directly from those pages:

To validate the security effectiveness and the "value" of pcInternet
Patrolâ„¢, go to the following popular security test sites after installation
to see if pcInternet Patrolâ„¢ blocks these simulated programs from sending
data from your computer back to their server:

www.grc.com/lt/leaktest.htm

www.tooleaky.zensoft.com

www.keir.net/firehole.html


There are several other mentions of installation on those pages, but I
won't waste space quoting all of them. Seems clear enough to me.

When I ran the /installer/ my firewall alerted me to an attempt by the
installer to connect to 216.150.224.183 webandnetworksolutions.com, I just
tried it again with the same result. Now maybe webinstaller.exe is only a
stub to then download the remainder of the files required, but that is
nowhere indicated on that site and, apart from not seeing why this is
necessary, how am I to know just /what/ is about to be downloaded? The site
may be a very reputable one, but I've not heard of them, and how am I to
know that?
How long did you wait ? It tries different times to test your firewall, and
it could take some time. I thought it froze the first time I ran it, while
it was still trying to call out through my firewall. Again, that's what
it's meant for, description is on the page.
Click to expand...

I told my firewall to prevent the outgoing call, and the /installer/
promptly stopped and exited immediately. I just tried all this again, only
minutes ago. How should I wait?

Thank you Kerio.

Cheers,

Roy
 
«On 14 Sep 2004 20:47:58 GMT, Rod wrote:
«
«> «>
«>> On 14 Sep 2004 15:10:17 GMT, Rod wrote:
«>>
«>>> Can you pass this test with your browser open (which we all have
«>>> sometimes) ?
«>>>
«>>> http://www.pcinternetpatrol.com/downloads/audit.php
«>>
«>> Why should I trust an installer that want's to 'phone home' during the
«>> installation process, and fails to continue when I deny it doing so?
«>
«> It doesn't install. It's recommended on different securitysites as a test
«> for your firewall. What do you mean by 'phone home' ? You mean it does what
«> it's meant for or something else ?
«>
«
«Quoted directly from those pages:
«
«To validate the security effectiveness and the "value" of pcInternet
«Patrol?, go to the following popular security test sites after installation
«to see if pcInternet Patrol? blocks these simulated programs from sending
«data from your computer back to their server:
«
« www.grc.com/lt/leaktest.htm
«
« www.tooleaky.zensoft.com
«
« www.keir.net/firehole.html
«
«
«There are several other mentions of installation on those pages, but I
«won't waste space quoting all of them. Seems clear enough to me.
«
«When I ran the /installer/ my firewall alerted me to an attempt by the
«installer to connect to 216.150.224.183 webandnetworksolutions.com, I just
«tried it again with the same result. Now maybe webinstaller.exe is only a
«stub to then download the remainder of the files required, but that is
«nowhere indicated on that site and, apart from not seeing why this is
«necessary, how am I to know just /what/ is about to be downloaded? The site
«may be a very reputable one, but I've not heard of them, and how am I to
«know that?
«
«>> It did prove my firewall worked though, since it alerted me and
«>> enabled me to make that choice.
«>
«> How long did you wait ? It tries different times to test your firewall, and
«> it could take some time. I thought it froze the first time I ran it, while
«> it was still trying to call out through my firewall. Again, that's what
«> it's meant for, description is on the page.
«>
«
«I told my firewall to prevent the outgoing call, and the /installer/
«promptly stopped and exited immediately. I just tried all this again, only
«minutes ago. How should I wait?
«
«Thank you Kerio.
«
«Cheers,
«
«Roy
«
«
«
If you are using 'leaktest', the progy is doing exactly what it should do-
try to get around your firewall - hence the use of the word LEAK.

Read the instructions more carefully and try to follow them!
It fully explains what the program does!
 
Back
Top