Main Area and Open Discussion > General Software Discussion
Best free firewall for Windows?
CodeTRUCKER:
Maybe, but even if that was the case, even if that was some kind of "conspiracy" etc. (I understand the nuances, don't worry... ;)), one still has to adapt to these rules and constraints, even if they were artificially created. There are different ways to do that, one being to play it their way, or at least partly -- Comodo is not that expensive BTW...
-Armando (January 25, 2008, 09:43 PM)
--- End quote ---
Your're right, we do live in a "real" world and in some sense we have to play the game, but my comment was intended to be directed to the concept of if there is ever enough you can do to be really safe? Based on what I am reading here, "safety" from serious Bad Boyz in the virii trade appears to be something of a myth, so the ones that suggest being vigilant and doing nothing else do have a strong argument as a valid and operational alternative.
Thanks for the tip on Comodo. :)
tinjaw:
Nothing is perfectly secure. No protective measures are 100% maintenance free. When it comes to computer/network security, it is always a balancing act. You must weigh the hassle required for very restrictive measures versus the risk you are taking by leaving them less secure. Security vs Usability/Accessibility.
f0dder:
Personally, I feel safe enough with a NATing router and XPSP2 firewall - this keeps me from the annoying drive-by attacks and even if a friend would bring an infected laptop to my place. Since I don't run outbound protection, I'm a bit more likely to notice strange behavior; sure, most malware probably would be detected by most outbound protection, but oh well.
Oh, it's also pretty nice that 64-bit OS adoption has been so low, makes it less interesting for malware authors to target :)
Stoic Joker:
I think f0dder and I are in complete agreement, in that an ounce of prevention is worth a pound of cure. e.g. Once hostile code has gained a foothold on a machine the battle has already been lost.
There are 65,536 ports available in the TCP/IP stack and any of them can be leveraged for or against the machine using any number of services that are typically left running. i.e. NetSend Spam and the Messenger Service ... Anybody remember that annoying little game?
In a nut shell, there are really only two ways to hack a computer: Brute Forcing a session open, and Injecting code into an existing session to gain control of it. Any thing else is either a variation on the first two, or an attempt at Social Engineering ... Which is (hacking the user) always the softest attack point in any security scheme. Why go through all the trouble of trying to defeat the locks and alarm systems if all you have to do is knock on the door, smile nice, say hello, and walk right in...!
Simple is best ... and success is results driven.
The latest batch of (direct machine attack based) fast and furious virus development is virtually non existent. Everything coming at us these days is some variation on a soft target user interactive socially engineered knock at the proverbial door. Drive by down loads (to be effective), require that one or more of the following are true:
You have been conned into visiting the site.
The sites server admin had their pants down and let the server get breached.
You were compelled to click on something, or your behind on security updates.
You were running with administrative rights on the local machine, which is required by and for the exploit to gain and maintain control of the machine.
Note: I have to be somewhere so I've got to go now, I'll try to expand on this later ... I'm guessing is fairly easy to guess where I'm headed with it. :)
I'm back...
So... Who is it we're trying to protect "Our Stuff" from? Hackers? The news media has managed to spin that term into a completely useless Pavlovian reflex that has people stampeding into hiding to surrender they're wallets to whom ever wishes to claim that they can protect them from "Evil" (Much like a talisman in the dark ages...). *Snicker*
In the current Internet environment most of the problem children are using Phishing scams. That cleanly puts marketing companies and identity thieves into the same boat as they are both after the same thing, and have the same amount of scruples (e.g. None). The best target is the softest one and the softest one is the user. So unless there is a firewall that operates a third hand that pops out of the desk and slap the user in the head when they click on things that they shouldn't ... Then firewalls are simply not effective in that regard.
Will a software firewall prevent your computer from being a willing zombie participant in a DoS/DDoS attack? Maybe. But mitigating the damage and preventing it are worlds apart. If a Trojan can be prevented from gaining control of your machine in the first place (Privilege Restriction...) there's no need to try and corral it. Most people have home networks these days. Software firewalls get configured to freely allow communication between machines on the local network. So even if the rest of the world is "Protected" from your carefully firewalled stupidity ... Your LAN is still ToasT. <-That is not a solution.
Darwin:
Just an update - four days on and PC Tools Desktop Firewall is settling in on my system nicely. I've got it more or less trained and it's very inobtrusive and, more importantly for me, very light on resources. Thanks 4WD :Thmbsup:
PS haven't installed ThreatFire - I've got HIPS protection courtesy of WinPatrol Pro and AppDefend. However, might install it anyway after having (just) re-read the Gizmo article to which CodeTrucker provided a link in an earlier posting in this thread...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version