Okay... In preperation for my upcoming DSL service, I went out and purchased a D-Link DI-704P Firewall/Router/PrintServer.

Now I know that the router has a built-in hardware firewall, and in most respects it should do me just fine. (has the ability to block/allow ports, set the network as "un-pingable", uses NAT, etc.)

However, as an extra precatution I was considering a software firewall as well. I have been looking into either ZoneAlarm Pro 4.0, or the Sygate Pro 5.1 firewalls.

Which, in your opinion, is the better choice? Do they both offer the same features and bang for your buck?

Well, there is the free version of zonealarm, which offers some good protection.

I use zonealarm myself; the 3.0 pro version. I like zonealarm because it is fully configurable and stealths all known ports on your computer. It also gives you the ability to authorize whcih programs on your computer are allowed to access the internet.

I have never used the sygate or symantec personal firewalls so I can not comment on how well they compare to zonealarm. If they do the same as zonealrm at protecting your computer I'd go with the cheapest out of them.

Edit://
https://grc.com

This site is a great security site. They have a secure online program called Sheilds up which will attempt, in a secure zone, to connect with ports on your computer. Your firewall should block the sites attempts to gain access to these ports. After it tests your firewall it will give you a summary of what ports if any it was able to contact.

I have used zonealarm before just because it was free. It did a good job to be a free firewall, it was kind of annoying to me though to go through the settings to allow various programs past, but it did it's job, I wa suprised at how many attempts it would block in a night.

I also use Zone alarm and would recommend it for your system, even the free one thats available. Its a good idea that you intend to use another firewall as well with the built in one with your dsl hardware as this would help stop trojan horse's from entering your system.

Another vote for Zonealarm Pro.

I have used various software firewall package's, and in my opinion this is the best of the bunch.

I agree with Bad_Karma, have a good look at http://grc.com Its a great site. It has some other applications that come in handy. :aol:

I have ZoneAlarm Pro. Originally bought ZoneAlarm Pro (last latest version). Upgraded to ZA 4.0

zonealarm...and pc-cillin as ur antivirus

Since we're on the subject, how foolish am I for relying on my Linksys router to protect me. I also run NAV, check for updated definitions daily, and scan twice a week.

I used to use Zone Alarm (the free version) several years ago, but ran into a spell where on about every third boot I would lose all internet access.

I do use the XPpro firewall, too.

Am I OK, or just lucky?


Prof:nudge:

Zone alarm get the protection job done but its pretty annoying. I pretty much stoped using it because it caused my computer to freeze so many times. Most full screen games would lock up when the stupid thing went to ask me if I wanted to grant the program access to the internet. I figured as long as I don't go handing out my IP to people I don't want to have it, I should be pretty good.

Slick, I know older releases would do that, but version 4.0 is rock solid so far. The biggest thing with having ZA is the outbound protection.

I am paranoid about people getting into my PC, so I've got just about every program you could think of on there. Linky router to start, ZA 4.0, Norton AV, TrojanHunter, Ad-Aware, SpywareBlaster, Script Sentry, and Spybot S&D.

Oh, and I use Norton AV as well.

In my opinion Sygate is a better product... I also have Norton firewall as well. I dont use any of them..

And well never been hacked never dos attacked, never been syn flooded etc..

Tek

Yea, your chances of getting hacked on a user PC are slim unless someone specificly targets you.

If you are going to use a hardware firewall / router, check with your ISP's tech support if they recommend any manufacturer. I found out the hard way that some ISP's gear is not always 100% compatible with all routers. After putting in 2 D-Link DI-604's for a client, and having 2 months of spotty service, one of the tech guys at the cable ISP's said "Uhhh, I think I remember the engineer's saying something about a time-out incompatibiity with some D-link routers...."

We switched to the Linksys routers, and had no problems since. Meanwhile, the D-link 604's work great at 4 locations for another client...on a different cable ISP! So, the hardware at one ISP may be different from the next. Check with them before spending $50+ on a hardware router.

PS - I prefer the Linksys router anyways, so I recommend it if you wish to go the hardware route.

Dexter...

Slick said
Yea, your chances of getting hacked on a user PC are slim unless someone specificly targets you.

I disagree pretty strongly with this, Slick... Unprotected "home" PCs are usually the first to be attacked since they are the easiest/most vulnerable for the script kiddies to find. They'll scan a whole neighborhood's worth of IPs and find every unprotected computer they can, so they can install IRC zombies on there and use the poor computer as a platform for DDOS attacks. It happens way more often than you think.

Once in a while a customer brings in their home computer to me and I often find a trojan as a result of "home computer" syndrome.

Slick said
Yea, your chances of getting hacked on a user PC are slim unless someone specificly targets you.

I totally agree with Primesuspect, Slick. I just ran a quick scan on my cable subnet, and then picked 5 of the active computers on the subnet to run basic port scans. Even on the simple short scan, 3 of those 5 had open ports, even the obvious Windows networking 139 port open. I didn't bother trying to see if they had basic username security, and I bet if I did a full port scan (not approved by most ISP's, by the way...) there would be all kinds of open backdoors and trojan shares.

Don't kid yourself into thinking someone will only hack you if they have a grudge against you. There are all kinds of "kiddie hackers" out there these days who love to find open ports, set up a trojan, and then start using your computer to run their own FTP or download from from Peer-to-Peers on to your hard drive, eating up your bandwidth instead of paying for their own.

Broadband connection + no firewall = stupid. Plain and simple.

I use Norton Internet Security, it's comes with a lot of bagage, but it does the job of keeping your computer safe and so much more. However all that comes at a price.

And yes, Prime' is right, basically anything plugged into the 'net is at risk. To go without a firewall in this day and age would be fool hardy to say the least.

Cheers

Tiny Personal Firewall V2

I never really liked Zone Alarm but if you guys say the latest version is good, I guess I'll try it again.

Tiny Personal Firewall is free, has a more professional interface, more advanced options and generally works better, I would give that a look too.

NS

I have never been hacked. Plus what vernabilities are they going to get into. Granted, Windows XP is pretty insecure I have all the security patches and a few 3rd party things that disable UPnP and such. I also have netbios disabled.

blackice was always good to me...but not as customizable as zonealarm

Dexter said


There are all kinds of "kiddie hackers" out there these days who love to find open ports, set up a trojan, and then start using your computer to run their own FTP or download from from Peer-to-Peers on to your hard drive, eating up your bandwidth instead of paying for their own.
[/B]

To set up the trojan on the users system the server file needs to be executed. In my experiences (or my assumptions :p), its not that easy to remotly execute something unless some of there are some major unpatched security problems with the OS or other programs running.

Bascially, if you are behind a router, you dont need a firewall because everything stops at the router unless you specifically forwarded the port to your PC. Then if you forwarded the port then having a firewall would be pointless because the only ports it could block would be the ones that you have explicitly let through.

Havnt run a Virus scanner or Firewall for years. Keep an AV installed to scan the occasional file though, just incase.

NS

I myself am a fan of Norton Internet Security.

Every tech-based (read: unbiased by the ZA habit) review I've seen states that Sygate's firewall offers better protection than ZA. Even the free version of Sygate beats out ZA's free version and Symantec's pay version.

Blackhawk said
I never really liked Zone Alarm but if you guys say the latest version is good, I guess I'll try it again.

Yes it is much better. Its Internet Vector Service doesn't quit for no reason anymore.

I like norton's latest firewall -- it seems to not use very many resources and you CANNOT beat how easy it is to use.. I especially bought it for my computer-stupid family :D

I've never been too fond of zonealarm, but i havent used that latest version either.

Hey SuperDucky... What part of the mitten are you from?