Best Firewall

[FranzB]

To Seekermeister: That's exactly what is said under "Firewalls" of the link given
above.

 

[pparks1]

I've given Comodo a try or two over the years. I honestly don't seem to be able to wrap my head around it because it always more or less frustrates me to the point that I just uninstall it. Everybody raves about how great it is, but in the few times I have posted questions on this very board with regards to the problems that I had, the diehards weren't really able to give me much help. Example: http://www.sevenforums.com/system-security/149611-comodo-firewall-question.html

For me personally, I just use the built-in Windows firewall as well as my Linksys router as the NAT firewall on the outside. The reasons for my choice is to keep things simple. I rarely have a problem of any kind on my computer from a security standpoint. And I don't really care much if my installed applications make a few outbound connections to check into the mothership. As far as I can tell, nothing bad has come from it. My virus scanners hardly ever squawk about anything, malware bytes scan always come back 100% clean...and I also use Spyware Blaster (but I'm unsure if it helps me at all...since I never get into anything). Most of my security measures are common sense. I don't click random links, I don't click on crap in facebook, I don't use pirated software, i don't search for serial numbers or key generators, I don't use peer to peer applications, I don't pirate games and I don't scour the net looking for porn sites to visit. And I also use opendns for my DNS servers and have a fair amount of stuff blocked from there.

 

[seekermeister]

While you are entitled to your opinion, it seems unnecessary to attempt to impose it by using denigrating comments. You can call it nonsensical, paranoia or anything else that you like, but it shall not influence me in the least.

Understand something, I setup firewalls for a living, for large corporations that actually have something to protect and keep secret. If you cannot handle my "opinion" oh well, deal with it. If it bothers you to be called paranoid then maybe you should not do things that make you seem paranoid. I'm not going to coddle you with fluffy bunnies and rainbows.

i would seem that you feel like arguing, but if so, you didn't get my message previously. Your opinion means nothing to me, so if you simply feel like wasting your and the readers time, go ahead and rant.

 

[logicearth]

Your opinion means nothing to me

If you don't care about opinions then you should not have posted a question on a public forum filled with opinions. And I already told you, if you want a full-blown firewall that is the best then the best is a hardware firewall at the furthermost edge of the network.

Second, I never ranted.

 

[seekermeister]

@pparks1,

It would seem that we have similar attitudes about the subject...at least to a degree. However, I don't have all that much confidence in my router's firewall, because even with it, I have had occasions when my software firewall would squawk about attempted port scans. If the router firewall was really doing it's job, that shouldn't happen.

 

[pparks1]

Your opinion means nothing to me, so if you simply feel like wasting your and the readers time, go ahead and rant.

He may have been a bit blunt on his response, but I cannot say that I completely disagree with Logicearth's stance on the use of software based firewalls.

An external NAT firewall (router) is your best line of defense, and will stop that script kiddy who doesn't have much skill. And those with the skills are most likely focusing their efforts elsewhere (like bringing down the Playstation network). You really do want your firewalls on the perimeter of your network (at the edges), you don't want go get people all the way into your actual PC.

I don't want to come out and say that those who take the time to protect any and all outbound connections are wasting their time...but I do believe that in most cases their efforts to lock down their systems are mostly an exercise/drill...which isn't ever really necessary. So, I'd rather suggest to people that their time may be spent better in other areas as long as they have a hardware based firewall...like a NAT based router keeping most things away.

 

[pparks1]

@pparks1,

It would seem that we have similar attitudes about the subject...at least to a degree. However, I don't have all that much confidence in my router's firewall, because even with it, I have had occasions when my software firewall would squawk about attempted port scans. If the router firewall was really doing it's job, that shouldn't happen.

If that's the case, I would think about getting a different router, stat!! Unless you have configured your router to allow port forwarding, or you have your PC configured in a DMZ..you better NEVER get a port scan from the outside to your PC. if you did, it could be because your PC made an outbound connection to something nefarious, and a NAT based router would allow return traffic from that address. Aside from that, unless the router has an entry in it's NAT table...it better be dropping/rejecting all of those incoming packets.

 

[seekermeister]

@pparks1,

It would seem that we have similar attitudes about the subject...at least to a degree. However, I don't have all that much confidence in my router's firewall, because even with it, I have had occasions when my software firewall would squawk about attempted port scans. If the router firewall was really doing it's job, that shouldn't happen.

If that's the case, I would think about getting a different router, stat!! Unless you have configured your router to allow port forwarding, or you have your PC configured in a DMZ..you better NEVER get a port scan from the outside to your PC. if you did, it could be because your PC made an outbound connection to something nefarious, and a NAT based router would allow return traffic from that address. Aside from that, unless the router has an entry in it's NAT table...it better be dropping/rejecting all of those incoming packets.

That may be true, but my router is a Cisco E3000, which is supposed to be a top-line router. If it can't handle the job, I'm reluctant to spend more time and money looking for another. If your hypothesis about it being due to a response to an outbound connection is right, that only reinforces the importance of a software firewall that does controls outbound traffic.

 

[logicearth]

I seriously doubt you had a port scan from outside your network. A port scan would not have made it to your computer unless you specifically configured your router to do so. Your public IP does does not point to your computer, rather to your router. Any port scan attempted on that IP would scan your router, not your computer.

Turning off the firewall on your computer and going to Shields Up! can easily prove otherwise if your router is improperly setup. https://www.grc.com/x/ne.dll?bh0bkyd2

 

[pparks1]

That may be true, but my router is a Cisco E3000, which is supposed to be a top-line router.

I have read good things about it.

If it can't handle the job, I'm reluctant to spend more time and money looking for another.

This isn't a hard job, any router that does NAT translation should be blocking this...100% of the time.

If your hypothesis about it being due to a response to an outbound connection is right, that only reinforces the importance of a software firewall that does controls outbound traffic.

To some extent, but looking at it another way...you might also want to evaluate the types of software that you install and use on your on your computer. If it's something like malware well then you obviously didn't put it there on purpose. But I don't know if I've seen much malware that opens up outbound connections to then allow port scans. Best case scenario they get a port listing of open ports, but are then blocked when they try to establish an inbound connection to those ports. I just don't see what the gain would be.

If this were me, I would do the following
1). Look at outbound logs on router? See if you are making outbound connections to same IP addresses that are getting flagged as doing the port scans.
2). Since this is a wireless router, be sure you don't have somebody leaching off your connection? Turn of ESSID broadcast, shut off DHCP functionality, use obscure network range in private range, enable MAC address filtering, use something like WPA2 with a horribly long security key.
3). Double check that your PC isn't sitting in a designated DMZ port. (I've seen this countless times)
4). Double check that you don't have a range of ports being forwarded by your router somehow. (less likely than above)
5). Call Cisco/Linksys and see if they have any known firmware issues, or bugs, or obscure configuration settings which could allow this problem.

Without a doubt, your situation would have me very concerned. But I wouldn't necessarily turn to a software firewall on my PC as my first line of defense to prevent it from happening....I'd rather figure out why the first line of defense products are not working.

I'm checking out at this point for the night, as it's 4:22am where I am and my kids will be up in about 4 hours.

 

[seekermeister]

pparks1,

Somehow, I didn't get a notification of your last post, and am just reading it.

Without a doubt, your situation would have me very concerned. But I wouldn't necessarily turn to a software firewall on my PC as my first line of defense to prevent it from happening....I'd rather figure out why the first line of defense products are not working.

While I understand your intent, and don't find fault in it, I must add that it isn't a matter of relying on a second line of defense. I consider both lines of equal importance. However, I must admit that I am less familiar with the router's settings, and have only been using what was initially set when I first got it. Therefore, I shall review them and see what I can find.

 

[pparks1]

I consider both lines of equal importance.

And that is the important part, if you consider them both as necessary then by all means implement both. For myself personally, I haven't ever found myself in a situation where having a more robust firewall on the Windows side would have alleviated any issues. More often than not, when I have played with more complex windows firewalls, they have simply broken internal network communications that I use and I have spent time and effort trying to get them configured to allow what I want to run...all the while...they never really stopped any external threat..which was the whole point of having it in place. If I didn't have a hardware based firewall on my router, than without question I would have a stronger security stance on the PC itself, but I have found my router to be completely effective and stopping the unwanted traffic.