Firewall software

[DarkSerge]

I'm currently a user of Comodo Firewall. It's been good, but it's not very friendly to my Nintendo WiFi connection - I have one of those USB dongles that allow a Nintendo DS or Wii to connect online. Comodo isn't very friendly to it, I have to make special adjustments to get it to work (not just simply deeming it safe in the application) and with every upgrade they seem to make it harder to get the WiFi to work properly.Anybody recommend some good firewall software (free like Comodo) that might be a little more friendly on the Nintendo WiFi? Especially one that always keeps policies even after upgrades. And maybe one that upgrades a little easier instead of having to basically uninstall and reinstall the software for each update.I was also thinking, how much do I need additional firewall software? I run off of a wired router with a built-in firewall. Perhaps that and the windows firewall might be enough? To be honest, I don't really think I've had any issues in the last few years where a good strong firewall was required to save me from anything. I've always taken good care of my systems and am always free of spyware and other annoyances. (Note: Windows firewall is disabled since I'm running Comodo, so I don't have any problems of two firewalls running at once.) I've been running Comodo for maybe a year or so, and the only issues I've had is simply trying to get the firewall to allow what I want to do. I'm just thinking maybe I'm being too careful to where it's becoming an annoyance.

Edited February 1, 2008 by DarkSerge

[hkspike]

I tried Comodo a while back and found it a total disaster as a firewall around a home network. Further the nag screens would pop up behind game screens that had claimed the whole screen so the nag wasn't visible nor would the game run. While the nag screens might have been comprehensible to the techie who designed them, they served no function at all on a kid's computer. Actually worse than useless as the kids just click ok, particularly as the nags reappear relentlessly; the system doesn't seem to learn.I love your comment that

the only issues I've had is simply trying to get the firewall to allow what I want to do

- doesn't that form the entire basis of what a firewall needs to do for you?I removed Comodo and reverted to Zone Alarm's free version I accept doesn't get the best reviews but I've had no issues; maybe that's because the home network sits behind the firewall on the wireless router.Scot has had some interesting things to say about Comodo 3 of late. Guess I'm still waiting for his definitive answer. Sounds like the answer for the time being is Online Armor. It would be interesting to hear the views of others, particularly OA as a network firewall and how it interacts with kid's games.

[Gary]

Actually worse than useless as the kids just click ok, particularly as the nags reappear relentlessly; the system doesn't seem to learn.

That is one reason I stopped using it. The program never seemed to learn or train itself.

[daveydoom]

I've been using the full Online Armor suite on my main PC since Oct 2007 and I really like it. The firewall has never given me any problems and always remembers my decisions . Another firewall I like is Jetico. The first time I tried it around a year ago (maybe longer) I had lots of problems getting it to remember decisions but they've made some improvements and I don't get those constant nags any longer. I currently have it installed on my wife's PC and my test PC and it's running smoothly. In addition to my software firewalls I'm also sitting behind a SmoothWall router/firewall.

I was also thinking, how much do I need additional firewall software? I run off of a wired router with a built-in firewall. Perhaps that and the windows firewall might be enough?

A hardware firewall is really a software firewall running on a dedicated piece of hardware or specialized device (ie a router) that sits between a modem and a computer or network. A hardware firewall is based on "Network Address Translation" (NAT) which hides your computer from the Internet or NAT plus "Stateful Packet Inspection" (SPI). It can provide a strong degree of protection from most forms of attacks coming from the outside (incoming traffic). Hardware firewalls are easy to configure and can protect every machine on a local or home network. A hardware firewall typically uses packet filtering to examine the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined or user-created rules that determine whether the packet is allowed (forwarded) or denied (dropped) on particular ports. They tend to treat any kind of traffic traveling from the local network out to the Internet as safe which can be a security risk.With a software firewall you have customized control and can specify which applications are allowed to communicate (outgoing traffic) over the Internet from your computer. Programs that are not explicitly allowed to do so are either blocked or else the user is prompted for confirmation before the traffic is allowed to pass. Software firewalls generally offer the best measure of protection against Trojans and worms but they are harder to configure and must share resources with other running processes which can decrease system performance. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system.The Windows XP firewall protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.

• The XP firewall is not a full featured firewall. Normal firewalls allow you to specifically control each TCP and UDP port but XP’s firewall does not provide you with this capability. Instead, it takes a point and click approach to enabling or disabling a few common ports.
• The XP firewall does a good job of monitoring, examining and blocking inbound traffic but makes no attempt to filter or block outbound traffic like most 3rd-party personal firewalls.
• Thus, the XP firewall does not identify which programs attempt to initiate outbound network or Internet communications nor does it block the traffic when suspicious activity occurs.
  • This feature can be helpful in preventing many types of malware attacks that may attempt to open ports or communicate with outside servers without the user's knowledge or consent. It also means that if your system has been compromised, a hacker could use your machine as part of a distributed denial of service attack.

For more information see "The Differences and Features of Hardware & Software Firewalls".

Edited February 1, 2008 by daveydoom

[striker]

This last post from daveydoom should be a sticky. It explains exactly the difference between a hardware fw and a software fw and the place of XPs firewall in this scope.Excellent !

[DarkSerge]

That was a lot of information both interesting and informative.Yeah, Comodo's constant pop-up nag windows have been annoying me ever since the last major upgrade. I definately fight it more than it helps me.When you mention Online Armour, do you refer to the free version they offer?

Edited February 2, 2008 by DarkSerge

[DarkSerge]

I'm now running the free version of Online Armor. I like it so far. It's only prompted me once per program and that's it.

[Laz]

Thus, the XP firewall does not identify which programs attempt to initiate outbound network or Internet communications nor does it block the traffic when suspicious activity occurs.

• [ Comodo 3 does a creditable job of this, and the pop up's annoying as they might be are useful, and diminish in time. Unfortunately it has other problems that make it less than ideal. Flakey logging, and my pet peeve: the ability to alter parameters by all users, not just the admin are major shortcomings in my estimate. To my way of thinking, ZoneAlarm Pro is a superior product, if only it could be had as a standalone. I am looking forward to Scott's comparo conclusions.

[Gary]

ZoneAlarm Pro is a resource hog. IMHO.

[zlim]

Laz, have you tried Online Armor? It was also rated excellent by http://www.matousec.com/projects/firewall-challenge/click on the results and comments link

[Cluttermagnet]

I'm running Online Armor, free edition, on a friend's XP box. I have been very favorably impressed with it. Also, I strongly agree with striker- Daveydoom's post definitely should be stickied somehow. A great 'in a nutshell' tutorial!

[Laz]

Laz, have you tried Online Armor? It was also rated excellent by http://www.matousec.com/projects/firewall-challenge/click on the results and comments link

Thanks for the link, I will have a good look. I'm going to say "bye" to Comodo. When I tried to turn off my computer last night, I was greeted with a message that Comodo could not be terminated.This was followed up by a non-responding application message. To all outward appearences Comodo was active, and there is no telling at what point during the day it crashed. This is not a feature I can admire in a firewall.

[Laz]

ZoneAlarm Pro is a resource hog. IMHO.

I agree, although it isn't the firewall portion that's causing it. The firewall on its own would be fine, but the virus checker brings it down. Pity.

[Laz]

Laz, have you tried Online Armor? It was also rated excellent by http://www.matousec.com/projects/firewall-challenge/click on the results and comments link

Tried it, love it, bought it. The "Banking mode" and "Safer Surfing" features alone are worth the price of admission as far as I'm concerned.To date, the program works well with Spyware Doctor, which is another bonus. I'm glad you made the suggestion. Thank you.