Personal Firewall

[RCglider]

Originally posted by Camel toe joe
I used to use ZA, bur the way my DSL was set up i didn't feel i needed it because I was behind a router with NAT... which is a big pain in the ass if you can't configure it yourself. Chacal used to teach network security so I'd like to see his input

NAT doesn't stop outbound traffic.

[Evan]

Originally posted by RCglider
NAT doesn't stop outbound traffic.

Right, but it blocks incoming well

[Chacal]

Originally posted by -HaVoC-
Zone Alarm seemed annoying when I ran it. Always asking if I want to give a specific app access. Do you guys find it annoying?

Er... it's the whole purpose.

I still use Norton Internet Security, a year ago when I looked it was the best one, for reasons I don't remember. I'm not current on this.

Whichever one you choose, you should use it WITH a hardware router/firewall that lets you configure NAT, not only block ports. The wide range of prices you see for those routers depends on the features they offer, and you should check those before buying. If you have a FTP server, you'll be disappointed with the cheapest models.

Please don't talk to me about grc.com. There is more than enough hype in the security field already.

[SHWoff]

Originally posted by Evan
Right, but it blocks incoming well

Depends. If you have multiple machines and/or the router is actually performing PAT (also known as NAPT), then it does OK at preventing some inbound connections. A wily hacker can find open ports (because there is no port filtering) and run exploits against those ports. If you are running straight NAT, then all you're doing is converting your inside address to an outside address. All exploits can be run against the outside address....

NAT/PAT and a (well-configured) personal firewall is plenty for the average home user...

I use Norton Products for the most part. Norton Systemworks and personal firewall 2004 is on the home machine. At the office we have one dedicated pc running Norton Internet security pro that functions as the NAT + DHCP server. All of our 10 or so office computers are on a peer to peer network that is mostly secure. I have not had good luck with it but what about Macafee Firewall?:)

[smithpa68]

I use Zone Alarm and a NAT. I actually prefer zone alarm (even though it is not perfect) for some of the reasons people find it annoying.

I LIKE the fact that it pops up even when an executable changes. Like if you patch BF it will pop up even if you previously "allowed" it through. I think that is a good security feature.

It will also let you know about a lot of spyware or call home type software. Then you can track it down and get rid of it.

The combo of a NAT and personal software firewail certainly worthwhile imho.

[Face]

I took (and am taking) the time to really understand Kerio Personal Firewall (free software too ) and I must say I am impressed.

Did you know that when you are on a WindowsXP desktop and press F3 for the search window, XP phones home to Microsoft's websites? Thanks to Kerio for alerting me.

NIS2004 is buggy as all holy hell. I can say this comfortably, b/c I used to work at BBY as a pc tech, and EVERY SINGLE install of NIS2004 would corrupt itself on it's first live update, rendering the program broken, and unable to re-update itself later. NIS2003 and earlier work fine, although they tend to be memory hogs IMO. I've used Zonealarm in the past, liked it well enough.
I just hide behind my router, NAT works fine for me, no problems. I hate software firewalls b/c of the configure b/s (having to assign permissions to everything, etc.).....guess I'm just lazy like that