Advice On Firewalls For A Non-techie!

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods

Advice On Firewalls For A Non-techie!

Options

Helen43 View Member Profile	Apr 28 2008, 10:00 AM Post #1
New Member Group: Members Posts: 2 Joined: 24-April 08 Member No.: 205,015	I have two computers- a desktop and a laptop. The desktop is connected via Ethernet cable and the laptop is Wi-fi. They are not networked. A few weeks ago I installed Zone-Alarm firewall on the laptop to try it out and immediately got loads of red alerts flagging up saying my computer was being accessed. I had a look on some forums and there was mention that ping tests cause this and to expect loads of alerts. It scared the c*** out of me and I eventually unintalled Zone Alarm and went back to using the one on Windows and the router one which don't filter outgoing traffic. I am now thinking about having another try with either Zone Alarm or Comodo but wonder if anyone could answer the following: 1. How do I know if these red alerts are actually ping tests? 2. What to I do with my built in firewalls if I download one of these? 3. Is is usual to get loads of alerts? Be gentle with me!

quietman7 View Member Profile	Apr 28 2008, 01:45 PM Post #2
Bleepin' Janitor Group: Global Moderator Posts: 12,550 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	If you choose to use a 3rd-party firewall, you need to disable* the Windows firewall. Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts* that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction. For more information see "The Differences and Features of Hardware & Software Firewalls" and "Choosing a Firewall: Hardware v. Software". Choosing a firewall is a matter of personal preference, your technical experience and what will work best for your system. A particular firewall that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use. A firewall serves two basics purposes: Prevent incoming communications that you did not request from entering your computer and to monitor what programs on your computer are allowed to communicate out. It does this by enforcing an access control policy to permit or block (allow or deny) inbound and outbound traffice. Thus, the firewall acts as a central gateway for such traffic by denying illegitimate transfers and facilitatint access which is deemed legitimate. The goal of the firewall is to prevent remote computers from accessing yours and provide an alert of any unrequested traffic that was blocked along with the IP address. Firewall alert messages are a response to unrequested traffic from remote computers. These alerts are often classified by the network port they arrive on and allow you to see the activity of what is happening on your firewall. The alerts allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer. It is not unusal for a firewall to provide numerous alerts regarding such attempted access. Botnets and Zombie computers scour the net and will randomly scan a block of IP addresses. These infected computers are searching for "vulnerable ports" and make repeated attempts to access them. Your firewall is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there. • Understanding and Using Firewalls • What is a Firewall • How Firewalls Work -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

cb2 View Member Profile	Apr 30 2008, 10:17 PM Post #3
New Member Group: Members Posts: 8 Joined: 16-April 08 Member No.: 203,465	QUOTE(Helen43 @ Apr 28 2008, 11:00 AM) I have two computers- a desktop and a laptop. The desktop is connected via Ethernet cable and the laptop is Wi-fi. They are not networked. A few weeks ago I installed Zone-Alarm firewall on the laptop to try it out and immediately got loads of red alerts flagging up saying my computer was being accessed. I had a look on some forums and there was mention that ping tests cause this and to expect loads of alerts. It scared the c*** out of me and I eventually unintalled Zone Alarm and went back to using the one on Windows and the router one which don't filter outgoing traffic. I am now thinking about having another try with either Zone Alarm or Comodo but wonder if anyone could answer the following: 1. How do I know if these red alerts are actually ping tests? 2. What to I do with my built in firewalls if I download one of these? 3. Is is usual to get loads of alerts? Be gentle with me! If you are a (self-described) non-techie, then I recommend you not consider Comodo Firewall Pro. In addition to the firewall, CFP comes with HIPS that monitors your system's processes (true...you can choose not to activate HIPS during the installation process but it remains installed nonetheless and digs deep into ones system). It's very noisy with lots of pop-up messages. This process settles down after a week or two, but in my opinion a non-techie will have difficulty understanding how to respond to the messages and find the settings options perplexing in spite of the help guides. I've been searching for a simple, two-way firewall to supplement my router. I don't want/need bells and whistles. Zone Alarm has been recommended to me, but the free version comes super-bloated with a security suite that deactivates after a trial period. So I've nixed that option for now. An old version of Kerio has also been recommended, but I worry that it could have security holes in it by now. Another recommendation that I've been given is PC Tools. Still checking that out. For now, my router is my only (hardware) firewall supplemented by Windows Firewall on my XP. If you find a firewall you like, please post back. But I wouldn't recommend taking the leap too quickly before knowing what you're really getting into.

bluesjunior View Member Profile	May 1 2008, 01:26 PM Post #4
Forum Regular Group: Members Posts: 285 Joined: 6-October 06 Member No.: 88,787	I'm nearly 60 a definite non tekkie and have no problems at all understanding or configuring Comodo and would highly recommend it as a Firewall option.

cb2 View Member Profile	May 1 2008, 05:56 PM Post #5
New Member Group: Members Posts: 8 Joined: 16-April 08 Member No.: 203,465	I'm a bit younger than bluesjunior, but found Comodo too confusing and distracting. To each his own. I would suggest the OP take a look at this link to get an understanding of what one has to go through to uninstall Comodo. In my case, I had to do it manually when the program failed to completely uninstall using Windows Add/Remove. What a nightmare. https://forums.comodo.com/help_for_v3/compr...o-t17220.0.html This post has been edited by cb2: May 1 2008, 05:57 PM

tos226 View Member Profile	May 1 2008, 06:51 PM Post #6
Distinguished Member Group: Members Posts: 949 Joined: 21-October 04 Member No.: 3,911	Helen43, The references from quietman7 are really worth reading. When several computers are connected to a router, multicast is in the picture and pinging.Neither is a security threat. ZA alerts because it's its job. Kerio will too. So will Comodo. So will any other firewall worth its beans. That is a function of a firewall. Firewall needs advice how to handle some things. Have you setup ZA properly - based on the alerts, I suspect not, but that's the learning process Have you allowed the router, DNS(s), DHCP server and the local host to be trusted? Have you alloved svchost aka generic host process to be trusted as a server in the trusted zone only? In comodo, or kerio, have you told them what your local network address/subnet is? Your computers ARE networked IMO. The router asks WHO's THAT? other computers answer (or don't, depending on the firewall setting), other computers ask WHO's THAT? as well? So long as it's all local, there's just no issue. You have to permit a firewall to do its job locally between the computers you have, as well, as your ISP provider, which, too, is a private network. How can you tell if ping tests? Read the alert carefully, quote it here if needed. Set alerts to high level, so everything is logged in \windows\ZA.log. Pings are control protocols, you should be able to see ICMP somewhere in the alert text. If you're worried, run the ShieldUp test at grc.com and see that (if?) you're all stealth and totally invisible to the external part of the internet. Subject2: ZA free is fine. But version 7 has gotten bloated with ZA suite features which pose some conflicts for some people. It is easiest to use. Comodo is fine, but making good firewall rules is not all that simple. Shut down Windows firewall. It's nearly worthless. This post has been edited by tos226: May 1 2008, 06:52 PM

Teenage.Zombiee View Member Profile	May 2 2008, 01:55 AM Post #7
Distinguished Member Group: Members Posts: 779 Joined: 25-October 07 From: Sydney, NSW Member No.: 165,216	Hi Helen43 Comodo pro might seem like its very advanced but its really easy to pick up (my 67 year old Grandpa got the hang of it). You can add the applications you trust to the Trusted Applications so you won't be bothered with granting access for applications you already trust. if you are installing something (Comodo alerts you alot when you are installing) you can put it in install mode. or you can simply allow or disallow access. There are many other features but I just described the basics. So give it a go Get Comodo here -------------------- I'D RATHER LIVE THAN LIVE FOREVER!

bluesjunior View Member Profile	May 2 2008, 03:52 PM Post #8
Forum Regular Group: Members Posts: 285 Joined: 6-October 06 Member No.: 88,787	I agree with Teenage.Zombieee Helen43. Comodo is not a problem if you use common sense. Most of the rules are best left to default. In Comodo Firewall rules set your IE7, Firefox or whichever browser you use to Web Browser. Any other Security you have AV, Antimalware etc to Trusted Application. Comodo also have a very helpful forum where your queries will be answered promptly.

« Next Oldest · AntiVirus, Firewall and Privacy Products and Protection Methods · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 7th September 2008 - 06:25 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides