topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 12:09 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Best free firewall for Windows?  (Read 247462 times)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #75 on: January 24, 2008, 06:15 PM »
BTW, something I remembered about outbound protection is that, even if f0dder point about that such ability is useless once your computer has been compromised is a good one, is that thanks to it, you can prevent the malware from sending sensitive information to its creator.
...unless the piece of malware is nasty enough that it evades the firewall/HIPS/whatever.
- carpe noctem

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #76 on: January 24, 2008, 07:33 PM »
true enough, but doing something might help, whereas doing nothing....

target

CodeTRUCKER

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,085
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #77 on: January 24, 2008, 11:29 PM »
true enough, but doing something might help, whereas doing nothing....

target

I wonder... is there any evidence to suggest that some "really nasty malware" actually tries to bulls-eye some AV/firewalls?  Could ZA, etc. have some kind of a footprint that could tell malware "Yoohoo, here I am!"  If there is a substantial possibility, then maybe doing nothing would be better.  Any history to confirm/deny this possibility?

I don't have any knowledge about this, but it was what target wrote that provoked the thought.

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #78 on: January 25, 2008, 12:36 AM »
These are my thoughts only, I have no insights into the mindset of the people that do these things, nor have I seen anything regarding this, but it seems like a logical step for a malware author to take.

Having said that, I guess it would depend on the level of difficulty involved in compromising a given piece of software, and the relative importance of doing so.

Ultimately there are likely to be many (many!) more systems that can be compromised without the extra effort than there are those that need it.  It's also unlikely that the net gain would be worth the effort (these guys <i>are</i> taking the path of least resistance after all)

Target


Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #79 on: January 25, 2008, 01:40 PM »
Yes, some kind of malware can do that. Recently, they discovered a specimen that can break out of a sandboxed environment like VMware and cause havoc in the host machine. If only I could remember where I read about it...

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #80 on: January 25, 2008, 01:49 PM »
Yes, some kind of malware can do that. Recently, they discovered a specimen that can break out of a sandboxed environment like VMware and cause havoc in the host machine.
Wouldn't be so effective if the VM was installed inside a Linux system.  :)

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #81 on: January 25, 2008, 03:04 PM »
Yes, some kind of malware can do that. Recently, they discovered a specimen that can break out of a sandboxed environment like VMware and cause havoc in the host machine.
Wouldn't be so effective if the VM was installed inside a Linux system.  :)

True. most probably. Even with Vista's UAC?

true enough, but doing something might help, whereas doing nothing....

target

That is basically outpost's (and others, of course) developers argument in favor of outbound filtering-protection -- like I said earlier, I find the outbound protection partisan arguments more convincing, but I'm still opened to other explanations as to why inbound would be better-enough.

f0dder ?
« Last Edit: January 25, 2008, 03:06 PM by Armando »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #82 on: January 25, 2008, 07:31 PM »
Well, if you want outbound protection to be effective at all, you can't do with just blocking outgoing traffic - you need a more complete suite that also block injection etc. Suddenly this isn't just a firewall but a fully fledged intrusion detection system. And I'll have to bow my head and mumble that such a thing can be effective - but never just outgoing firewall in and by itself.

I prefer not running that though, and keep on my toes. It's a shame becoming lazy because you think you're protected by a firewall, and not noticing when you've been breached. Also, outgoing firewalls tend to either come with a lot of default rules, or be overly annoying to configure (where some users end up clicking 'yes' without knowing exactly what they're doing). But that's the old regular-user vs. power-user thing.

Personally I still believe that if you end up getting infected in the first place, and you're getting infected from something that's nasty enough to be a problem, it's going to be sophisticated enough to breach whatever software firewall you're running.
- carpe noctem

CodeTRUCKER

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,085
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #83 on: January 25, 2008, 08:48 PM »
Personally I still believe that if you end up getting infected in the first place, and you're getting infected from something that's nasty enough to be a problem, it's going to be sophisticated enough to breach whatever software firewall you're running.

If this is the case and there is evidence that a firewall/AV may be a beacon, then the idea of not using anything begins to at least be worth considering.  This isn't to put words in your mouth, but I think this logic holds up?  Further, then the whole firewall/av industry is a self-aggrandizing entity.  Makes you wonder "who" is actually putting all those "annoyance" virii on the web?  I'm not a "conspiracy theorist" by any means, but neither do I pretend that the Emperor's New Clothes are anything but his B-Day suit. ;)   There is LOTS of money in this business too. Something to think about.
:deal:
 
This also seems to suggest that there is no way to really be safe, any more than it is safe to go for a walk.  As long as the drive-by shooter doesn't drive by while you are walking.  You're safe.  Am I making sense or is my medicine kicking in?
« Last Edit: January 25, 2008, 08:54 PM by CodeTRUCKER »

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #84 on: January 25, 2008, 09:43 PM »
Thanks f0dder. But you do realize of course that most "firewall" do have dll injection monitoring, etc.
It's all good to be a security expert and not be "lazy" but not everyone can be like that (I can't, and I don't consider my self a complete novice among the non programmers) and give their computer that kind of complete attention and dedication (like you suggested).

IMO if "you end up getting infected in the first place" there are still chances that the evil is not going to be sophisticated enough "to breach whatever software firewall I'm running". e.g. : something might be able to bypass my antivirus protection (through email), but then not be able to send info out, or spread to other computers. Anyhow, I realize that this is all abstract and highly speculative, so I'll shut up.  :-[

Makes you wonder "who" is actually putting all those "annoyance" virii on the web?  I'm not a "conspiracy theorist" by any means, but neither do I pretend that the Emperor's New Clothes are anything but his B-Day suit. ;)   There is LOTS of money in this business too. Something to think about.

Maybe, but even if that was the case, even if that was some kind of "conspiracy" etc. (I understand the nuances, don't worry...  ;)), one still has to adapt to these rules and constraints, even if they were artificially created. There are different ways to do that, one being to play it their way, or at least partly -- Comodo is not that expensive BTW...
« Last Edit: January 25, 2008, 09:44 PM by Armando »

CodeTRUCKER

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,085
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #85 on: January 25, 2008, 10:10 PM »
Maybe, but even if that was the case, even if that was some kind of "conspiracy" etc. (I understand the nuances, don't worry...  ;)), one still has to adapt to these rules and constraints, even if they were artificially created. There are different ways to do that, one being to play it their way, or at least partly -- Comodo is not that expensive BTW...

Your're right, we do live in a "real" world and in some sense we have to play the game, but my comment was intended to be directed to the concept of if there is ever enough you can do to be really safe?  Based on what I am reading here, "safety" from serious Bad Boyz in the virii trade appears to be something of a myth, so the ones that suggest being vigilant and doing nothing else do have a strong argument as a valid and operational alternative. 

Thanks for the tip on Comodo. :)

tinjaw

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,927
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #86 on: January 25, 2008, 11:36 PM »
Nothing is perfectly secure. No protective measures are 100% maintenance free. When it comes to computer/network security, it is always a balancing act. You must weigh the hassle required for very restrictive measures versus the risk you are taking by leaving them less secure. Security vs Usability/Accessibility.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #87 on: January 26, 2008, 07:04 AM »
Personally, I feel safe enough with a NATing router and XPSP2 firewall - this keeps me from the annoying drive-by attacks and even if a friend would bring an infected laptop to my place. Since I don't run outbound protection, I'm a bit more likely to notice strange behavior; sure, most malware probably would be detected by most outbound protection, but oh well.

Oh, it's also pretty nice that 64-bit OS adoption has been so low, makes it less interesting for malware authors to target :)
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #88 on: January 26, 2008, 11:25 AM »
I think f0dder and I are in complete agreement, in that an ounce of prevention is worth a pound of cure. e.g. Once hostile code has gained a foothold on a machine the battle has already been lost.

There are 65,536 ports available in the TCP/IP stack and any of them can be leveraged for or against the machine using any number of services that are typically left running. i.e. NetSend Spam and the Messenger Service ... Anybody remember that annoying little game?

In a nut shell, there are really only two ways to hack a computer: Brute Forcing a session open, and Injecting code into an existing session to gain control of it. Any thing else is either a variation on the first two, or an attempt at Social Engineering ... Which is (hacking the user) always the softest attack point in any security scheme. Why go through all the trouble of trying to defeat the locks and alarm systems if all you have to do is knock on the door, smile nice, say hello, and walk right in...!

Simple is best ... and success is results driven.

The latest batch of (direct machine attack based) fast and furious virus development is virtually non existent. Everything coming at us these days is some variation on a soft target user interactive socially engineered knock at the proverbial door. Drive by down loads (to be effective), require that one or more of the following are true:
You have been conned into visiting the site.
The sites server admin had their pants down and let the server get breached.
You were compelled to click on something, or your behind on security updates.
You were running with administrative rights on the local machine, which is required by and for the exploit to gain and maintain control of the machine.


Note: I have to be somewhere so I've got to go now, I'll try to expand on this later ... I'm guessing is fairly easy to guess where I'm headed with it. :)

I'm back...

So... Who is it we're trying to protect "Our Stuff" from? Hackers? The news media has managed to spin that term into a completely useless Pavlovian reflex that has people stampeding into hiding to surrender they're wallets to whom ever wishes to claim that they can protect them from "Evil" (Much like a talisman in the dark ages...). *Snicker*

In the current Internet environment most of the problem children are using Phishing scams. That cleanly puts marketing companies and identity thieves into the same boat as they are both after the same thing, and have the same amount of scruples (e.g. None). The best target is the softest one and the softest one is the user. So unless there is a firewall that operates a third hand that pops out of the desk and slap the user in the head when they click on things that they shouldn't ... Then firewalls are simply not effective in that regard.

Will a software firewall prevent your computer from being a willing zombie participant in a DoS/DDoS attack? Maybe. But mitigating the damage and preventing it are worlds apart. If a Trojan can be prevented from gaining control of your machine in the first place (Privilege Restriction...) there's no need to try and corral it. Most people have home networks these days. Software firewalls get configured to freely allow communication between machines on the local network. So even if the rest of the world is "Protected" from your carefully firewalled stupidity ... Your LAN is still ToasT. <-That is not a solution.

« Last Edit: January 26, 2008, 01:34 PM by Stoic Joker »

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #89 on: January 27, 2008, 12:55 PM »
Just an update - four days on and PC Tools Desktop Firewall is settling in on my system nicely. I've got it more or less trained and it's very inobtrusive and, more importantly for me, very light on resources. Thanks 4WD  :Thmbsup:

PS haven't installed ThreatFire - I've got HIPS protection courtesy of WinPatrol Pro and AppDefend. However, might install it anyway after having (just) re-read the Gizmo article to which CodeTrucker provided a link in an earlier posting in this thread...

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #90 on: January 27, 2008, 01:34 PM »
Darwin,
I was tempted to try it myself but I read somewhere it doesn't have checks for dll injection. You may want to look this up (I'm not sure if it's been rectified in the newer versions) before you make it a permanent fixture.

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #91 on: January 27, 2008, 05:00 PM »
Thanks, Nosh. I still haven't installed Threatfire - not sure if I'm going to bother or not. The problem you are referring to above, does it relate to Threatfire or to PC Tools Desktop Firewall?

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #92 on: January 27, 2008, 05:43 PM »
And in terms of dll injection detection and other (outbound filtering) technologies, it seems to me that Online Armor should be part of anyone's "trying list"...

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #93 on: January 27, 2008, 06:02 PM »
To my understanding Online Armor is $40 once - not "per year"?  :tellme:
If so it really is tempting!  :up:

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #94 on: January 27, 2008, 06:40 PM »
Curt : there's also a free version that should be enough for most.

BTW, those who use comodo should be aware that the “Basic Firewall” installation isn't worth s***. I just found out! I thought that it was AT LEAST doing some kind of outbound filtering, but not at all. Bye bye comodo. I'm installing something else tonight since Comodo's Defense+ doesn't play well with many applications (slows down farr, mostly -- not acceptable...  ;) )

Because I have written in the recent past with an initially positive reaction to Comodo 3’s “Basic Firewall” installation option, I am honor-bound to post this quick message.
I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 does not offer any outbound leak protection whatsoever. The company may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3’s Defense+ HIPS module (which constitutes the “Advanced” default installation mode). Defense+ provides the leak protection for Comodo 3.
The previous generation of the Comodo 2.4 provided anti-leak protection without the new HIPS module.
Not only does this mean that Comodo 3’s optional Basic Firewall mode is no longer a contender in this blog’s firewall evaluation, but if you’re relying on this version of Comodo 3 for your firewall protection, Windows XP users should switch to Online Armor FREE version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.
http://blog.scotsnew...do-3s-basic-firewall

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #95 on: January 27, 2008, 08:26 PM »
I installed Online Armor (free) earlier... Well, all is well... No noticeable slowdowns, all seems to be good. CPU (depending on network activity) and RAM usage are a bit higher than Comodo 3, but it seems to be worth it.

I'll keep testing it, of course, but it's looking good. It's detected every single dll injection etc. on my computer (compared to 0 detection with comodo "basic installation", without defense+).  :Thmbsup:

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #96 on: January 27, 2008, 09:42 PM »
The problem you are referring to above, does it relate to Threatfire or to PC Tools Desktop Firewall?

PC Tools!

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #97 on: January 27, 2008, 10:19 PM »
Nosh : what are you using?

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #98 on: January 27, 2008, 11:03 PM »
Yes! I'd be very interested to know as well... Right, off to trawl through this thread to see if you've already let us know!

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Best free firewall for Windows?
« Reply #99 on: January 27, 2008, 11:10 PM »
nosh - are you still using Sygate 5.6?