Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What kind of Firewall Do I need?


  • Please log in to reply
21 replies to this topic

#1 jima

jima

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 11 January 2005 - 08:57 PM

After you read this post, I'm sure you will pause and comment to yourself "this boy is a blithering idiot". But after you chuckle, I hope you will find pity on this idiot and try and answer my firewall questions.

I am completely new to the concept of securing a pc. I've used pcs since Windows 3.1 but for the most part they have always belonged to my employer and I've let them worry about security. I owned a Dell Pentium 1 many moons ago, but before "surfing the Internet" was even a phrase, so I never worried about security then either.

I've just purchased my first pc since 1994 and I do realize the need to secure it. I've installed McAfee Anti-virus and Adaware software. Now I need a firewall to complete the security. I've read the threads on this site and others and still have a couple questions.

My interest in the Internet will be that of the average user. No FTPing, no online gaming (at least for now), etc. Pretty much just browsing the web, and my wife will be using Ebay, buying from clothing retailers and the sort, and legally downloading music. Pretty average stuff. Now I've read that firewalls constantly have warning pop-ups and can become quite nagging. My fear is that it will become TOO nagging for my wife. I can certainly appreciate being secure, so the pop-ups wouldn't bother me to much - but my wife and kids would hate to have to deal with a pop-up every other minute. But if I set the level of security so low that there are no warnings, doesn't that defeat the purpose of the firewall? Is there a firewall where it will allow traffic to and from "normal" websites, but clamp down on unsolicited traffic only? Or am I asking for too much here? And if I get software with a lot of warnings, how do I know which ones to worry about and which ones are normal? I want to own a firewall, not have the firewall own me.

I've read that the Blackice Defender (PC Protection) firewall doesn't necessarily nag all the time unless something REALLY bad happens. This sounds like what I might need. Anybody know of this product? I've heard it works well while running in the backround. Any other suggestions? I've examined Zone Alarm, but apparently this product CAN be fairly unstable. I don't mind paying $40 for a more stable product.

Okay, now that you are done calling me an idiot - anyone still want to help me?

Thanks!

Jiim

BC AdBot (Login to Remove)

 


#2 Underwhelmed

Underwhelmed

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naperville, IL
  • Local time:03:33 AM

Posted 11 January 2005 - 09:25 PM

jima,

Welcome to the forums. Don't think that any question is dumb because anything can be complicated if they haven't been exposed to any answers. Feel free to ask any questions here.

As to your question, Black Ice is good, but it's not the best. For the average user, I would recommend Kerio Personal Firewall. It's free and will protect you online. I use it at home for my Media machine (which does nothing but sit there and records TV) since I just surf occasionally on it. You can always upgrade to the professional version if you want to, but for now, the free version is great.

You are right about Zone Alarm. I can't use it at all because of memory leaks in the program when I'm programming.

Here's the Kerio homepage: Kerio Homepage

Try it out and see what you think.

Steve
Tacos. That is all you ever need know.

My Development Blog

#3 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:33 AM

Posted 11 January 2005 - 09:34 PM

Hi jima and welcome to BC.

First off let me say that no, your not an idiot. An idiot would dash blindly ahead without doing some research first.

There are two types of firewalls. Hardware and software. A hardware firewall would be a device such as a router which sits in the line that connects you to the internet and is generally used with hi-speed connections. It will have at least one port (where you plug in the cable going to your computer) but can have more. This type of firewall can scan the incoming information (packets) and reject those that are unwanted. With this type of firewall your computer is essentially invisible to outside intruders. A hardware firewall filters the packets coming in to your computer but doesn't care what is going out.

A software firewall is a computer program that performs essentially the same function, except that it will examine packets travelling in both directions, in and out.

You mention alerts. You do not see alerts with a router, but you can see them with a software firewall if you wish. Once you become accustomed to seeing these alerts and understanding what they mean there are times when you do want to see them, but in the normal course of things you would simply turn off these alerts. In both cases, on or off, you can choose to have these alerts saved in a log to use for diagnostic and investigative purposes at a later time.

Is there a firewall where it will allow traffic to and from "normal" websites, but clamp down on unsolicited traffic only?



This is a function that they all perform, and the reason that you use them. In the normal course of operating a computer you will have a number of programs that you want to access the internet. You set permissions for these programs the first time that you use them and from then on your firewall remembers these permissions and operates silently.

The alerts come into play when a new or unauthorized program tries to access the internet from your computer or some type of packet tries to enter your computer. A software firewall is user friendly and you quickly become accustomed to what these alerts mean. When in doubt, shut it out. However, you can supress these alerts and view the logs at your leisure.

There are a number of free software firewall programs that are perfectly adequate for the average home user such as yourself and your family. I would suggest you try one or two out and see what you like. I like Kerio Personal Firewall (nice graphics showing your bandwith in and out) and Sygate. They are simple to download and install and are activated when you boot your computer.

I hope this answers some of your questions.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#4 jima

jima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 11 January 2005 - 10:07 PM

Thanks to both of you for answering so quickly and honestly. Sometimes I think some folks in some forums - not here of course :thumbsup: - work for the pay-software companies the way they fawn over the applications.

A couple Kerio questions: Will the product work well with Firefox? Will it uninstall easily if I don't like it for some reason. I've heard some security products are a bear to uninstall if you don't like them.

Thanks also for not getting an "air" because I'm a novice at this. Actually, I'm no stranger to computers, just pcs! I'm a computer application development team lead at a multi-billion dollar communications company, developing computer systems from the ground up using a combination of mainframe, mid-ranges, and server technology. When it comes to my own new laptop though, I know nothing. Sad but true. I'm sure I'll be utilizing this site by asking some more "research" questions.

#5 Underwhelmed

Underwhelmed

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naperville, IL
  • Local time:03:33 AM

Posted 11 January 2005 - 10:14 PM

Not a problem jima.

As to your questions about Kerio, it is based on the activity of your internet and not your browser. It will monitor any internet activity (in and out) regardless of the browser you are using.

Feel free to keep researching!!!
Tacos. That is all you ever need know.

My Development Blog

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:33 AM

Posted 11 January 2005 - 10:14 PM

Kerio won't care if you try to run your dirty socks through it as long as you ok it. :thumbsup:

If you want to uninstall just go to add/remove programs and do it from there. It uninstalls quite well. Now, if you want something hard to uninstall we could talk about ZoneAlarm all night long.

I've always wanted my own mainframe. What do you do with the old ones? :flowers:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 Underwhelmed

Underwhelmed

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naperville, IL
  • Local time:03:33 AM

Posted 11 January 2005 - 10:17 PM

I think Leurgy is trying to build SkyNet! No mainframes for you. :thumbsup:

I keeed I keeed
Tacos. That is all you ever need know.

My Development Blog

#8 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:33 AM

Posted 11 January 2005 - 10:35 PM

Great minds think alike, eh?

We both posted twice within 60 seconds of each other.

Never mind Skynet, I need one of those for my plan for world domination! :thumbsup:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#9 jima

jima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 11 January 2005 - 10:57 PM

Okay, I've have done a bit more research and found that Kerio may be the tool for me, except one review stated that it is "Easy to navigate but some rule defaults can cause trouble" for first time inexperienced users. That's me.

I also found this site that gives instructions on how to configure Kerio.

http://www.dslextreme.com/users/surferslim/tpf.html



Would you guys recommend following this or do you have any different/additional tips on configuring the product? Remember, I don't want to install this and then have problems connecting to my wife's shopping sites - man, would that be a bad scene.

Additionally, the Kerio website states that the free product is a "limited" edition. Does that mean that no free updates come with it? How does one update the product then? Is iit like anit-virus that needs up-to-date .dat files, or no? Will the limited edition get me by? From what you say, it will.

The website states:

Free (unregistered) editions are limited by the following restrictions:

*

It is available for personal and/or noncommercial use only.
*

Web content filtering, including its logs and statistics, is not available (see chapter Web Content Filtering).
*

It cannot be used at Internet Gateways (refer to chapter Preferences)
*

Logs cannot be sent to Syslog server (details in chapter Log Options).
*

Configuration cannot be protected by a password and it is not possible to access and administer the firewall remotely.

What does all this mean? Can someone explain each statement to me (except #1 of course) ?

Thanks!

Edited by jima, 11 January 2005 - 11:06 PM.


#10 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:03:33 AM

Posted 12 January 2005 - 12:52 AM

Perhaps I can try to answer a couple of questions you might have.
First, all firewalls have to be trained about what to allow and what not to allow; most of the time, when a firewall does not know what to do (especially in the beginning) it will flash a popup that provides some information and the options not to allow, allow this one time, and allow always. Once the initial training is done (probably by you), these warning popups should almost completely disappear (which will make your wife a happy camper).

Now, for the exact things the free edition does NOT do, you can refer to the sections that describe what the pay edition does. These appear not to be anything that, if not provided, will make the firewall not do what you want it to do in the first place. Not having it, for example, password protected should pose no problem to the average home user, who would probably never want to administer it from another computer., nor would you probably ever need to send logs.

Hope this helps some,
John
Whereof one cannot speak, thereof one should be silent.

#11 kevlamh

kevlamh

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:Durban, South Africa
  • Local time:10:33 AM

Posted 12 January 2005 - 05:57 AM

Hi there,

I'd just like to add my half-cent's worth! I notice that the replies to your query do not mention the Outpost Free Personal Firewall from www.agnitum.com.

I am using this FW on my PC at home, and in combination with the various other free spyware scanners etc. it does a fine job.

I actually did a "Shields-Up" test of this product at www.grc.com and it provided an excellent result - my PC was totally invisible to the www.!!


It has a limited ad-blocking functionality, but this can be disabled if you use Spyware Blaster and Spywareguard to stop any incoming rubbish.

Just a thought!!!

Regards,

Kev'
Posted Image

#12 jima

jima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 January 2005 - 02:29 PM

Okay, with all of your help I'm beginning to understand a bit better - amazing what talking directly to people can do. Manuals and how-tos are great, but no substitute for talking to live mammals.

jgweed, you mentioned - and I'll paraphrase you here - that I can train a firewall on what to allow and not to allow. Fair enough, but where can I get trained to know what is good and bad? That's the key. I wouldn't know bad "incoming" traffic if it barfed on me. Does anyone know of any good reading I could do to educate myself in a fairly short amount of time?

Thanks.

#13 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:33 AM

Posted 12 January 2005 - 05:49 PM

This site has some good links in it regarding firewalls.

"Bad" incoming alerts are basically all of them. When you have your firewall configured and the programs that you want to have access to the internet are approved they will communicate with no alerts. Say no to any incoming traffic except on rare occasions. I cant think of any time that I have allowed anything in except for perhaps a file transfer using ICQ.

This page shows two typical alerts (albeit ZoneAlarm, but the info is the same). The second one is the most common type. Its a no.

Most incoming alerts deal with lost packets and pings. Lost packets are just that. They were to have been directed somewhere else but for whatever reason have gone astray. Pings are sent usually from your ISP and tell them how much time you are on-line, or if you are currently on-line. They do this for statistical reasons and also to adjust their bandwith according to their subscribers usage. In order for a ping to work, your machine must reply. It will reply if you don't have a firewall. With a firewall, the packet is dropped and no reply given. This is considered "stealth", because when no reply comes from a ping its as though your computer is either not there or turned off.

There will be occasional port scans but they also will be dropped. This would be a hack attempt of some kind and I have seen alerts at the rate of 600 - 800 per hour. Each alert will show the IP address that it came from and the IP address its directed to (Yours) and the port the packet came from and is directed to. A typical home computer has over 65,000 ports and very many of them have specific uses.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#14 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:03:33 AM

Posted 12 January 2005 - 11:36 PM

See also a BC tutorial which may help you:

http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

The best advice I have ever heard, is to "just say no" to every request to allow a packet and see what happens.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#15 jima

jima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 13 January 2005 - 10:53 PM

So if my ISP pings me and I deny it, will it affect my ISP connection? Will they get pissed that I deny their ping?


Amazing! Been reading my a** off on firewalls for two weeks now, and you guys managed to get me to understand more in 10 posts.

I think I've enough to make an informed decision. I believe I will give Kerio a go. Seems like there is enough support out here for it if I need it.



Thanks for taking time to help a dude in need. As you can see, I'm a novice (on pcs anyway) and I'll need your help quite a bit in other discussions as well.

Thanks again for making me feel welcome.

Edited by jima, 13 January 2005 - 10:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users