Recent articles (in, among others, the Wall Street Journal) have screamed about the urgent need for firewalls at home. My question: How seriously do I take this? I have an incredible simple system: just a cable modem with file and printer sharing turned off. Do I really need ZoneAlarm or Norton Internet Security or etc.? My system tray is filling up for chrissake.
By Jeff Lackey on Tuesday, August 7, 2001 - 04:46 pm:
Your choice, but for my systems (with cable modem) I run Zone Alarm. I've used Black Ice and some others, and Zone Alarm seems to be the sweet spot for me. I intercept a lot of probes, etc. Probably none of them would do me any harm. But being pretty familiar with the hacker world (using today's terminology for hacker) I feel a lot safer with teh firewall. Zone Alarm also catches anything that tries to access the internet from your computer. While this is intended to catch virii and the like, it's interesting to see the various programs that want to go out to the internet for one reason or another (without telling you.)
By Jason_cross (Jason_cross) on Tuesday, August 7, 2001 - 05:13 pm:
Zone Alarm is Good Stuff. Particularly if you have an always-on internet connection or are connected through your dialup modem for more than 4 hours a day.
Head to grc.com and take the "shields up" test thing, too.
Now that I'm running Windows XP at home, I'm using their built-in firewall. So far, my system's security hasn't been compromised, but then, it never was before either. But at least it hasn't screwed up any programs.
Firewalls are one of those things that nobody sees the value of until they're hacked or something, and then it's all of a sudden the most essential thing in the universe. It's like backing up your data, scanning for viruses, etc. Easy to ignore until it's too late.
By Thierry Nguyen on Tuesday, August 7, 2001 - 05:30 pm:
Zone Alarm is neat in that I always see what weird ports are being scanned by hackerish goobers. I only turn it off when I play games (I notice AO was having issues with it).
My ex-roommate and I noticed a preponderance of Port 111 scans lately. Must be some new weird trojan or somethin'.
By William Harms on Tuesday, August 7, 2001 - 07:15 pm:
I would recommend that you use a firewall. I've used BlackICE, ZoneAlarm, and Sygate's personal firewall, and they all do a nice job of blocking scans. (And best of all, Sygate's prog and Zone Alarm are free for personal use.)
In the two years I've had a cable modem, I've had around ten serious attacks on my system--in one instance BlackICE was completely annihilated by the attack. Pretty scary stuff, especially if you keep detailed financial and personal records on your PC.
Beyond that, it's nice to see what programs are trying to access the Internet. Windows regularly tries to send out information (especially when you're installing new software), and a program like ZoneAlarm will let you block those apps and DLLs from sending out information.
By Jason McCullough on Tuesday, August 7, 2001 - 07:15 pm:
I wouldn't trust Gibson of grc.com's too far, seeing how he has this on his site:
'The Distributed Denial of Service (DDoS) attacks also highlighted the serious threat posed by Microsoft's ill-advised decision to include full raw socket support in the Home Edition of their Windows XP operating system platform.'
Yes, how dare they include a feature on every unix release in the last twenty years. Microsoft should be in the business of determining what kind of packets I send, not my ISP! Pssh.
By Rob Funk (Xaroc) on Tuesday, August 7, 2001 - 08:26 pm:
I personally use an SMC hardware DSL/Cable router and that acts as a firewall. I won't say nothing is getting through but I would wager it works better than most of the software solutions.
That being said I have used Zone Alarm before and it is good. Black Ice just plain sucks and costs money, not a good combo. The other one I have used that I really liked even better than ZA is Tiny Personal Firewall. It is very flexible.
You can get it here if you are interested.
By Michael Murphy (Murph) on Tuesday, August 7, 2001 - 11:24 pm:
I also use a hardware firewall/hub, and really like it. Not only does it let me connect several computers (great for LAN parties), but it also acts as a firewall, and the "experts" I've talked to said that hardware firewalls are about 150 times more effective than software firewalls. Just FYI.
I think the one we have is about sixty-five bucks. Not bad for a 10/100 hub plus firewall.
By timelhajj on Wednesday, August 8, 2001 - 11:08 am:
So Murph, let me ask you. Do you need multiple IPs to get more than one computer on the Internet? If you wanted to publish a web page on one of the computers, how would that work? Are you able to open up incoming connections from the Internet?
By Jeff Atwood (Wumpus) on Wednesday, August 8, 2001 - 11:49 pm:
Getting one of the home routers using NAT gives you *MOST* of the benefits of a firewall, though they're technically not the same thing.
I strongly recommend the $99-$149 hardware solutions over the $20-$50 software packages.. they're a much better long term solution, plus you get an ethernet switch/hub and other nifty features "for free".
"Yes, how dare they include a feature on every unix release in the last twenty years. Microsoft should be in the business of determining what kind of packets I send, not my ISP! Pssh."
I agree, he's gone way WAY off the deep end on this particular issue. If we don't solve it at the source of the problem (eg the ISPs) there's no point in doing it at all.
By Michael Murphy (Murph) on Thursday, August 9, 2001 - 12:34 am:
Do you need multiple IPs to get more than one computer on the Internet? If you wanted to publish a web page on one of the computers, how would that work? Are you able to open up incoming connections from the Internet?
Thanks Murph. It did get fleshed out in the other thread, but I appreciate you getting back all the same.
By Lee Johnson (Lee_johnson) on Thursday, August 9, 2001 - 11:29 am:
I have a dedicated Linux router/firewall system at home that I built out of cast-off parts. It's been barring the gates of my DSL connection for the last couple of years. Every week, I have it email me a summary of the scan logs. Last week, it logged at least 1800 intrusion attempts; over 1300 of these were from one moron hammering on the port used by Gnutella (the last guy to get this IP address must have been running it.) There were also a lot of hits on port 80 that I assume were scans by Code Red or one of its variants, along with the usual parade of fools looking for trojan ports, etc. Every time a new exploit makes the script kiddie circuit, I invariably see a surge of activity on the affected ports.
Naturally, the firewall drops all of the incoming connection attempts on the floor. It's too bad I can't send a big surge of electricity back up the wire at these losers, but what can you do?
Anyway, this is a roundabout way of saying, yes, people really really should use a firewall of some kind.
By Anonymous on Saturday, August 11, 2001 - 12:36 am:
"...but it also acts as a firewall, and the "experts" I've talked to said that hardware firewalls are about 150 times more effective than software firewalls."
I've been looking into this and I find a lot of people saying a hardware firewall is better but nothing, on the net, that proves it. How is it better? Is it "always on" or something? The only net info I can find on hardware firewalls seems to be talking about those $300+ products for corporations. How are the hardware products from LinkSys, D-Link, etc., "better?"
By Michael Murphy (Murph) on Saturday, August 11, 2001 - 12:46 am:
I believe that their "stopping power," if you will, is far more effective. Basically, if someone hacks into your system, they hack into your router, which holds the IP address, but there is virtually no way that they can get to your computer, so they can't touch your hard drive. On a software firewall, it's actually on your hard drive, so by the time they hit it, they have touched your hard drive. Plus, if it "misses" them, then they have access to all your stuff. With a hardware firewall, they literally can't get to your hard drive, because, like I said, your computer doesn't hold the IP address, the router does. When they find "your" IP address and try to hack into it, all they're getting is your router, not your PC.
By Westyx (Westyx) on Saturday, August 11, 2001 - 09:42 am:
Since a hardware firewall runs only the firewall, there is less chance of something else getting nailed. The 'one task' nature also allows for fewer possible bugs, and the setup options are normally straight forward, and have paranoid defaults.
The same cannot be true for software firewalls - they change more often than hardware ones (new features for instance) so there is more chance of a hole. They are also more complicated to configure, as they have both a) more options and b) are primarily aimed at professionals