Best Firewall

I've given Comodo a try or two over the years. I honestly don't seem to be able to wrap my head around it because it always more or less frustrates me to the point that I just uninstall it. Everybody raves about how great it is, but in the few times I have posted questions on this very board with regards to the problems that I had, the diehards weren't really able to give me much help. Example: Comodo Firewall question

For me personally, I just use the built-in Windows firewall as well as my Linksys router as the NAT firewall on the outside. The reasons for my choice is to keep things simple. I rarely have a problem of any kind on my computer from a security standpoint. And I don't really care much if my installed applications make a few outbound connections to check into the mothership. As far as I can tell, nothing bad has come from it. My virus scanners hardly ever squawk about anything, malware bytes scan always come back 100% clean...and I also use Spyware Blaster (but I'm unsure if it helps me at all...since I never get into anything). Most of my security measures are common sense. I don't click random links, I don't click on crap in facebook, I don't use pirated software, i don't search for serial numbers or key generators, I don't use peer to peer applications, I don't pirate games and I don't scour the net looking for porn sites to visit. And I also use opendns for my DNS servers and have a fair amount of stuff blocked from there.

seekermeister said:

Your opinion means nothing to me

If you don't care about opinions then you should not have posted a question on a public forum filled with opinions. And I already told you, if you want a full-blown firewall that is the best then the best is a hardware firewall at the furthermost edge of the network.

Second, I never ranted.

seekermeister said:

Your opinion means nothing to me, so if you simply feel like wasting your and the readers time, go ahead and rant.

He may have been a bit blunt on his response, but I cannot say that I completely disagree with Logicearth's stance on the use of software based firewalls.

An external NAT firewall (router) is your best line of defense, and will stop that script kiddy who doesn't have much skill. And those with the skills are most likely focusing their efforts elsewhere (like bringing down the Playstation network). You really do want your firewalls on the perimeter of your network (at the edges), you don't want go get people all the way into your actual PC.

I don't want to come out and say that those who take the time to protect any and all outbound connections are wasting their time...but I do believe that in most cases their efforts to lock down their systems are mostly an exercise/drill...which isn't ever really necessary. So, I'd rather suggest to people that their time may be spent better in other areas as long as they have a hardware based firewall...like a NAT based router keeping most things away.

seekermeister said:

@pparks1,

It would seem that we have similar attitudes about the subject...at least to a degree. However, I don't have all that much confidence in my router's firewall, because even with it, I have had occasions when my software firewall would squawk about attempted port scans. If the router firewall was really doing it's job, that shouldn't happen.

If that's the case, I would think about getting a different router, stat!! Unless you have configured your router to allow port forwarding, or you have your PC configured in a DMZ..you better NEVER get a port scan from the outside to your PC. if you did, it could be because your PC made an outbound connection to something nefarious, and a NAT based router would allow return traffic from that address. Aside from that, unless the router has an entry in it's NAT table...it better be dropping/rejecting all of those incoming packets.

I seriously doubt you had a port scan from outside your network. A port scan would not have made it to your computer unless you specifically configured your router to do so. Your public IP does does not point to your computer, rather to your router. Any port scan attempted on that IP would scan your router, not your computer.

Turning off the firewall on your computer and going to Shields Up! can easily prove otherwise if your router is improperly setup. https://www.grc.com/x/ne.dll?bh0bkyd2

seekermeister said:

That may be true, but my router is a Cisco E3000, which is supposed to be a top-line router.

I have read good things about it.

seekermeister said:

If it can't handle the job, I'm reluctant to spend more time and money looking for another.

This isn't a hard job, any router that does NAT translation should be blocking this...100% of the time.

seekermeister said:

If your hypothesis about it being due to a response to an outbound connection is right, that only reinforces the importance of a software firewall that does controls outbound traffic.

To some extent, but looking at it another way...you might also want to evaluate the types of software that you install and use on your on your computer. If it's something like malware well then you obviously didn't put it there on purpose. But I don't know if I've seen much malware that opens up outbound connections to then allow port scans. Best case scenario they get a port listing of open ports, but are then blocked when they try to establish an inbound connection to those ports. I just don't see what the gain would be.

If this were me, I would do the following
1). Look at outbound logs on router? See if you are making outbound connections to same IP addresses that are getting flagged as doing the port scans.
2). Since this is a wireless router, be sure you don't have somebody leaching off your connection? Turn of ESSID broadcast, shut off DHCP functionality, use obscure network range in private range, enable MAC address filtering, use something like WPA2 with a horribly long security key.
3). Double check that your PC isn't sitting in a designated DMZ port. (I've seen this countless times)
4). Double check that you don't have a range of ports being forwarded by your router somehow. (less likely than above)
5). Call Cisco/Linksys and see if they have any known firmware issues, or bugs, or obscure configuration settings which could allow this problem.

Without a doubt, your situation would have me very concerned. But I wouldn't necessarily turn to a software firewall on my PC as my first line of defense to prevent it from happening....I'd rather figure out why the first line of defense products are not working.

I'm checking out at this point for the night, as it's 4:22am where I am and my kids will be up in about 4 hours.