Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advice On Firewalls For A Non-techie!


  • Please log in to reply
7 replies to this topic

#1 Helen43

Helen43

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 28 April 2008 - 10:00 AM

I have two computers- a desktop and a laptop. The desktop is connected via Ethernet cable and the laptop is Wi-fi. They are not networked. A few weeks ago I installed Zone-Alarm firewall on the laptop to try it out and immediately got loads of red alerts flagging up saying my computer was being accessed. I had a look on some forums and there was mention that ping tests cause this and to expect loads of alerts. It scared the c*** out of me and I eventually unintalled Zone Alarm and went back to using the one on Windows and the router one which don't filter outgoing traffic.

I am now thinking about having another try with either Zone Alarm or Comodo but wonder if anyone could answer the following:

1. How do I know if these red alerts are actually ping tests?
2. What to I do with my built in firewalls if I download one of these?
3. Is is usual to get loads of alerts?

Be gentle with me! :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:31 AM

Posted 28 April 2008 - 01:45 PM

If you choose to use a 3rd-party firewall, you need to disable the Windows firewall. Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction. For more information see "The Differences and Features of Hardware & Software Firewalls" and "Choosing a Firewall: Hardware v. Software".

Choosing a firewall is a matter of personal preference, your technical experience and what will work best for your system. A particular firewall that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use.

A firewall serves two basics purposes: Prevent incoming communications that you did not request from entering your computer and to monitor what programs on your computer are allowed to communicate out. It does this by enforcing an access control policy to permit or block (allow or deny) inbound and outbound traffice. Thus, the firewall acts as a central gateway for such traffic by denying illegitimate transfers and facilitatint access which is deemed legitimate.

The goal of the firewall is to prevent remote computers from accessing yours and provide an alert of any unrequested traffic that was blocked along with the IP address.

Firewall alert messages are a response to unrequested traffic from remote computers. These alerts are often classified by the network port they arrive on and allow you to see the activity of what is happening on your firewall. The alerts allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer. It is not unusal for a firewall to provide numerous alerts regarding such attempted access. Botnets and Zombie computers scour the net and will randomly scan a block of IP addresses. These infected computers are searching for "vulnerable ports" and make repeated attempts to access them. Your firewall is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there.

Understanding and Using Firewalls
What is a Firewall
How Firewalls Work
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 cb2

cb2

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 30 April 2008 - 10:17 PM

I have two computers- a desktop and a laptop. The desktop is connected via Ethernet cable and the laptop is Wi-fi. They are not networked. A few weeks ago I installed Zone-Alarm firewall on the laptop to try it out and immediately got loads of red alerts flagging up saying my computer was being accessed. I had a look on some forums and there was mention that ping tests cause this and to expect loads of alerts. It scared the c*** out of me and I eventually unintalled Zone Alarm and went back to using the one on Windows and the router one which don't filter outgoing traffic.

I am now thinking about having another try with either Zone Alarm or Comodo but wonder if anyone could answer the following:

1. How do I know if these red alerts are actually ping tests?
2. What to I do with my built in firewalls if I download one of these?
3. Is is usual to get loads of alerts?

Be gentle with me! :thumbsup:


If you are a (self-described) non-techie, then I recommend you not consider Comodo Firewall Pro. In addition to the firewall, CFP comes with HIPS that monitors your system's processes (true...you can choose not to activate HIPS during the installation process but it remains installed nonetheless and digs deep into ones system). It's very noisy with lots of pop-up messages. This process settles down after a week or two, but in my opinion a non-techie will have difficulty understanding how to respond to the messages and find the settings options perplexing in spite of the help guides.

I've been searching for a simple, two-way firewall to supplement my router. I don't want/need bells and whistles. Zone Alarm has been recommended to me, but the free version comes super-bloated with a security suite that deactivates after a trial period. So I've nixed that option for now. An old version of Kerio has also been recommended, but I worry that it could have security holes in it by now. Another recommendation that I've been given is PC Tools. Still checking that out. For now, my router is my only (hardware) firewall supplemented by Windows Firewall on my XP.

If you find a firewall you like, please post back. But I wouldn't recommend taking the leap too quickly before knowing what you're really getting into.

#4 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 01 May 2008 - 01:26 PM

I'm nearly 60 a definite non tekkie and have no problems at all understanding or configuring Comodo and would highly recommend it as a Firewall option.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#5 cb2

cb2

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 01 May 2008 - 05:56 PM

I'm a bit younger than bluesjunior, but found Comodo too confusing and distracting. To each his own. I would suggest the OP take a look at this link to get an understanding of what one has to go through to uninstall Comodo. In my case, I had to do it manually when the program failed to completely uninstall using Windows Add/Remove. What a nightmare.

https://forums.comodo.com/help_for_v3/compr...o-t17220.0.html

Edited by cb2, 01 May 2008 - 05:57 PM.


#6 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:05:31 AM

Posted 01 May 2008 - 06:51 PM

Helen43,
The references from quietman7 are really worth reading.

When several computers are connected to a router, multicast is in the picture and pinging.Neither is a security threat.
ZA alerts because it's its job.
Kerio will too.
So will Comodo. So will any other firewall worth its beans.
That is a function of a firewall. Firewall needs advice how to handle some things.

Have you setup ZA properly - based on the alerts, I suspect not, but that's the learning process :thumbsup:
Have you allowed the router, DNS(s), DHCP server and the local host to be trusted?
Have you alloved svchost aka generic host process to be trusted as a server in the trusted zone only?

In comodo, or kerio, have you told them what your local network address/subnet is?

Your computers ARE networked IMO. The router asks WHO's THAT? other computers answer (or don't, depending on the firewall setting), other computers ask WHO's THAT? as well?
So long as it's all local, there's just no issue. You have to permit a firewall to do its job locally between the computers you have, as well, as your ISP provider, which, too, is a private network.

How can you tell if ping tests? Read the alert carefully, quote it here if needed. Set alerts to high level, so everything is logged in \windows\ZA.log. Pings are control protocols, you should be able to see ICMP somewhere in the alert text. If you're worried, run the ShieldUp test at grc.com and see that (if?) you're all stealth and totally invisible to the external part of the internet.

Subject2: ZA free is fine. But version 7 has gotten bloated with ZA suite features which pose some conflicts for some people. It is easiest to use.
Comodo is fine, but making good firewall rules is not all that simple.

Shut down Windows firewall. It's nearly worthless.

Edited by tos226, 01 May 2008 - 06:52 PM.


#7 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:09:31 PM

Posted 02 May 2008 - 01:55 AM

Hi Helen43

Comodo pro might seem like its very advanced but its really easy to pick up (my 67 year old Grandpa got the hang of it).
You can add the applications you trust to the Trusted Applications so you won't be bothered with granting access for applications you already trust.
if you are installing something (Comodo alerts you alot when you are installing) you can put it in install mode.
or you can simply allow or disallow access.

There are many other features but I just described the basics.
So give it a go :thumbsup:

Get Comodo here

Teenage.Zombiee is back ! :halloween:


#8 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 02 May 2008 - 03:52 PM

I agree with Teenage.Zombieee Helen43. Comodo is not a problem if you use common sense. Most of the rules are best left to default. In Comodo Firewall rules set your IE7, Firefox or whichever browser you use to Web Browser. Any other Security you have AV, Antimalware etc to Trusted Application. Comodo also have a very helpful forum where your queries will be answered promptly.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users