Free BASIC firewall

[holycow]

I already had one hacker mess up some things in my system, so I want
to install a firewall. I cant use WinXP's built-in firewall because
whenever I try to activate it, I get an error message.. something
about my home network. So I'd like to go to a third party firewall.

A friend gave me ZoneAlarm which came free with his USB modem. I
installed it, but it is so freakin' complicated! While surfing the web
I spend half my time answering questions from ZoneAlarm. I can't start
any web-related program without ZA getting all hot and bothered.

I don't care about ads, popups or cookies. All I want is to keep
hackers from getting into my system. Isn't there maybe a free firewall
with just one setting: on or off???

Is that too much to ask? Thanks.

 

[Steven Burn]

Tiny Personal Firewall (v2.0 - last freeware version)

www.it-mate.co.uk/main_content/security.asp#tinypf

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Steven Burn]

Tiny Personal Firewall (v2.0 - last freeware version)

www.it-mate.co.uk/main_content/security.asp#tinypf

</snip>

One of these days, I'll actually learn not to post when I'm ¾ asleep...... I
don't top post when I'm actually awake (

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Onno Tasler]

A friend gave me ZoneAlarm which came free with his USB modem. I
installed it, but it is so freakin' complicated!

Zone Alarm is already the slimmest PF I know.

Isn't there maybe a free firewall with just one setting: on or off???

Yes, there is: http://www.dumbentia.com/pdflib/scissors.pdf

To be exact: Just installing a "personal firewall" like ZoneAlarm will
not help you much. Safety is a concept, not a piece of software.

My advise: Read the FAQ of <that will give you
a basic overview of how you can protect your PC.

bye,

Onno

 

[Rob]

Tiny Personal Firewall (v2.0 - last freeware version)

www.it-mate.co.uk/main_content/security.asp#tinypf

Try Kerio v2.1.5 instead of Tiny. Kerio is based on the Tiny code and is
better IMHO.
But I would stay away from Kerion v4.x

Do a goodle and grab v2.1.5 of Kerio. It is fasr, freee and works well but
you will need to know something about firewall rules.

If you know very little about firewalls and want to get a firwall up
quickly, try ZoneAlarm free edition.

Rob

 

[donutbandit]

Zone Alarm is already the slimmest PF I know.

You HAVE to be kidding - or, you don't know many firewalls. Compared to
Kerio, ZA is a bloated 400 pound NFL noseguard.

To the OP - I don't recommend ZA, but if you want to keep it, simply turn
off the popups. It doesn't have to bug you to death. Kerio will do the same
thing unless you set the rules to "log" rather than "notify."

 

[Gary]

206590.news.individual.de:

Take everything Onno said to heart.

Also:

Eric Howes' *comprehensive* PC Privacy&Security Site:
http://www.staff.uiuc.edu/~ehowes/

Gary

 

[Onno Tasler]

You HAVE to be kidding - or, you don't know many firewalls. Compared to
Kerio, ZA is a bloated 400 pound NFL noseguard.

Hmm, I cannot believe that - the ZA I tested had an on/off switch. That was it.
Or, perhaps, I am mistaking it for something else.

ZA was this small program with the red/yellow icon in the taskbar, wasn't it?

bye,

Onno

 

[Bob Adkins]

I don't care about ads, popups or cookies. All I want is to keep
hackers from getting into my system. Isn't there maybe a free firewall
with just one setting: on or off???

Windows XP firewall.

Kerio is my fave ATM, which optionally prevents software from phoning home
as well.

I don't like anything about ZA.

Bob

 

[Bob Adkins]

</snip>

One of these days, I'll actually learn not to post when I'm ¾ asleep...... I
don't top post when I'm actually awake (

We know you tried to sneak a nasty top post by us. Fess up!

Bob

 

[Richard Steven Hack]

Hmm, I cannot believe that - the ZA I tested had an on/off switch. That was it.
Or, perhaps, I am mistaking it for something else.

ZA was this small program with the red/yellow icon in the taskbar, wasn't it?

Zonealarm is over 3MB zipped, Kerio 2.1.5 is 2MB zipped. The program
itself is 300K unzipped, the Admin program 500K unzipped. Kerio 4 is
bigger than ZoneAlarm (5MB zipped) but it does a ridiculously large
number of things including blocking Internet ads and tracking program
launching from other programs - which is why I can't recommend it at
least for Windows 98 where it repeatedly crashed on my system.

Kerio 2.1.5 is definitely smaller than ZoneAlarm and completely
unintrusive once you've answered the basic questions about whether
your browser, email program, P2P program, etc. should be allowed to
access the Net.

ZoneAlarm has been described as the AOL of firewalls.

 

[Richard Steven Hack]

A friend gave me ZoneAlarm which came free with his USB modem. I
installed it, but it is so freakin' complicated! While surfing the web
I spend half my time answering questions from ZoneAlarm. I can't start
any web-related program without ZA getting all hot and bothered.

If you install Kerio Personal Firewall 2.1.5, it will initially pop up
questions about each of your Net programs. All you do is click Allow
and also "Make appropriate rule" and it never bothers you again about
that program.

Most firewall programs are designed to block all ports except ones you
allow. Somehow you have to tell them which ones to allow. The
easiest way if for them to ask when something tries to access the Net.

I don't care about ads, popups or cookies. All I want is to keep
hackers from getting into my system. Isn't there maybe a free firewall
with just one setting: on or off???

Is that too much to ask? Thanks.

See above. Firewalls cannot operate on an all or nothing basis. If
you want to access the Net, you have to allow some things through
while blocking others. There are so many ports to be used by so many
different applications that it would be hard for a firewall
manufacturer to know which ones you want to allow and which ones you
don't. I suppose a firewall producer could create one which uses
signature files like virus checkers, i.e., a list of "allowed"
programs like every browser in the world, every email client, etc. and
then ASSUME that if one is calling out that you mean to allow it. I
don't think that's a very secure notion.

 

[Steven Burn]

We know you tried to sneak a nasty top post by us. Fess up!

Bob

hehe ;o)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Steven Burn]

Try Kerio v2.1.5 instead of Tiny. Kerio is based on the Tiny code and is
better IMHO.
But I would stay away from Kerion v4.x

Do a goodle and grab v2.1.5 of Kerio. It is fasr, freee and works well but
you will need to know something about firewall rules.

If you know very little about firewalls and want to get a firwall up
quickly, try ZoneAlarm free edition.

Rob

To be honest, I've tried Kerio before and found it to be a little too
bloated (for want of a better word). I must agree that I can't stand ZA
either mind ;o) (causes more bleedin problems than it solves.....)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Steven Burn]

Hmm, I cannot believe that - the ZA I tested had an on/off switch. That was it.
Or, perhaps, I am mistaking it for something else.

ZA was this small program with the red/yellow icon in the taskbar, wasn't it?

</snip>

ZA is extremely bloated. Not to mention resource hungry. Personally I would
reccomend to anyone even if you paid me.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Steven Burn]

Nah.... AOL's much much better <VBG>

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Bob Adkins]

ZoneAlarm has been described as the AOL of firewalls.

Very well said.

Bob

 

[Aaron]

If you install Kerio Personal Firewall 2.1.5, it will initially pop up
questions about each of your Net programs. All you do is click Allow
and also "Make appropriate rule" and it never bothers you again about
that program.

Most firewall programs are designed to block all ports except ones you
allow. Somehow you have to tell them which ones to allow. The
easiest way if for them to ask when something tries to access the Net.


See above. Firewalls cannot operate on an all or nothing basis. If
you want to access the Net, you have to allow some things through
while blocking others. There are so many ports to be used by so many
different applications that it would be hard for a firewall
manufacturer to know which ones you want to allow and which ones you
don't.

Right. For a firewall to work, the user always has to make some decision on
what to allow and what not to allow, so if you have problems with ZA,
switching to another firewall won't help either.

I guess that's the reason why the built in XP firewall doesn't do outbound
filtering.

With inbound filtering ONLY it's easy enough for the firewall to decide
what to let through to your computer( if it is a stateful packet filter
that keeps track of the state of connections, for example it will allow a
"reply" from a machine connecting from port 80, only if there was a prior
request) so it can work relatively transparently.

However, to decide what to premit outwards is much harder without human
intervention (the computer can't tell the difference between a outward
request by you, or by a automatic process) and would probably lead to too
many support calls to microsoft, so they might have decided to skip this
feature




Aaron (my email is not munged!)

 

[Aaron]

<snip>
|
|Right. For a firewall to work, the user always has to make some
|decision on what to allow and what not to allow, so if you have
|problems with ZA, switching to another firewall won't help either.
|
|I guess that's the reason why the built in XP firewall doesn't do
|outbound filtering.
|
|With inbound filtering ONLY it's easy enough for the firewall to
|decide what to let through to your computer( if it is a stateful
|packet filter that keeps track of the state of connections, for
|example it will allow a "reply" from a machine connecting from port
|80, only if there was a prior request) so it can work relatively
|transparently.
|
| However, to decide what to premit outwards is much harder without
| human
|intervention (the computer can't tell the difference between a outward
|request by you, or by a automatic process) and would probably lead to
|too many support calls to microsoft, so they might have decided to
|skip this feature
|
|Aaron
|
Gets us back to the question of whether it's worth having a firewall
at all. I do. I use Outpost, but I give it so many permissions to
allow this and that I do sometimes wonder...

Why? Surely you know what programs you are using.

I admit all those windows service processes like LSA, gets very confusing,
but google them out and do some reading, decide whether you want them out
or not, in most cases, you can block them without problems.

I suppose, the outwards filtering function is useful, if you are in the
habit of running new programs, and it can tell you if one of them attempts
to "phone home" without warning. For apps that need internet connection
it's more tricky, you need to perhaps put it "under probation" for a while
and do a careful check of where exactly it is connecting to.

The problem, is while this allows you to catch run of the mill spyware
(most of them!), there are many known ways of beating outward filtering
(see various leak tests and various counters), but nothing is 100% perfect
anyway.

Chances are though, what is leaking out is probably some of the browser
addon stuff, like googletoolbar and versious BHOs or stuff that expolit
yourr browser, which to all intents and purposes are seen as browsers to
your firewall. Those will happily connect out, unless you block your
browser


Aaron (my email is not munged!)

 

[Jim Scott]

<snip>
|
|Right. For a firewall to work, the user always has to make some decision on
|what to allow and what not to allow, so if you have problems with ZA,
|switching to another firewall won't help either.
|
|I guess that's the reason why the built in XP firewall doesn't do outbound
|filtering.
|
|With inbound filtering ONLY it's easy enough for the firewall to decide
|what to let through to your computer( if it is a stateful packet filter
|that keeps track of the state of connections, for example it will allow a
|"reply" from a machine connecting from port 80, only if there was a prior
|request) so it can work relatively transparently.
|
| However, to decide what to premit outwards is much harder without human
|intervention (the computer can't tell the difference between a outward
|request by you, or by a automatic process) and would probably lead to too
|many support calls to microsoft, so they might have decided to skip this
|feature
|
|Aaron (my email is not munged!)
|
Gets us back to the question of whether it's worth having a firewall at
all. I do. I use Outpost, but I give it so many permissions to allow this
and that I do sometimes wonder...
--
Jim
---------------------------------------------------------------------
Tyneside - Top right of England
To email me directly:
miss out the X from my reply address
Visit http://freespace.virgin.net/mr.jimscott
---------------------------------------------------------------------