Software Firewall

Craig321 · 13 Jan 2011 at 00:21

Hi,

I've been using Comodo for years as it lets me know when anything is going in/out and asks me what I'd like to do regardless of what it is.

Is this still the best firewall around for that functionality? Is there anything better these days?

Yes I know the built in firewall is good enough etc etc.

Running Windows 7 x64

Thanks.

ncjok · 13 Jan 2011 at 02:56

With regard to the general question of "is there anything better these days?" then I share the following opinion:

Why do you want to restrict outbound traffic? It provides very little security, if a piece of malware is on your machine and able to attempt outbound connections you're already hosed. If you allowed the malware to install itself with admin privileges the malware can reconfigure the firewall and go to town. If you were smart and running with limited privileges when the malware installed itself it can scan the firewall rules to see what is allowed, and piggy back on one of those applications. For example, you'd want to allow your browser to open outbound connections, right? Its not very hard to write malware that will use the default webb browser to upload stuff.

I am not saying that outbound filtering provides zero security, only that its provides very little. In my opinion its not worth the hassle, you would be better off investing the effort in customizing outbound rules into more effective countermeasures like figuring out how to get all of your programs to run without admin privileges, installing patches, or updating antivirus and antispam software.

I had to borrow this from the technet forum as I don't think I could be quite as concise at almost three a.m.

Philtor · 13 Jan 2011 at 08:20

Zone alarm seems to be very popular although I must agree with the points made in the post above.

KIA · 13 Jan 2011 at 11:19

I agree with ncjok.

Router + Patched Windows + Patched software + MSSE + Windows Firewall + common sense = pwnsauce.

Weazle · 13 Jan 2011 at 11:53

I use:
Windows Firewall + up-to-date Windows + NOD32 Anti-virus + broadband gateway router + my head (eg. mouseover links before clicking them)

Windows firewall does a pretty good job of blocking incoming malicious connections ..... 99% of trojans, etc are the faultof a user as it occurs if you're browsing dodgy websites or opening dodgy attachments.

anything I don't mind · 13 Jan 2011 at 12:56

peerblock + pfsense hardware firewall.

peerblock is not a firewall it is a blocklist software. So if a ip is not in your list then it won't be blocked.

I get so annoyed with software firewalls popping up every time i initiate a new connection and find that it does not realy help that much. because most of the time people just enable the connection anyway...

KIA · 13 Jan 2011 at 16:21

peerblock is a waste of time imo.

Craig321 · 13 Jan 2011 at 17:54

ncjok said:
With regard to the general question of "is there anything better these days?" then I share the following opinion:

I had to borrow this from the technet forum as I don't think I could be quite as concise at almost three a.m.

fluff said:
I agree with ncjok.

Router + Patched Windows + Patched software + MSSE + Windows Firewall + common sense = pwnsauce.

It's not the security I'm wanting, I just want to control what goes out, and would like to know what actually does go out.

Security isn't an issue at all, I'm well aware of all that and have adequate defences in place, but I still want to control what goes out of my computer.

philtorrens said:
Zone alarm seems to be very popular although I must agree with the points made in the post above.

I've not heard much good at all from Zone Alarm users - apparently it interferes. A lot.

Craig

KIA · 14 Jan 2011 at 17:19

Are you running Windows 7? If so, you'll have awesome control over outbound traffic.

Rocker · 14 Jan 2011 at 17:29

ncjok said:
With regard to the general question of "is there anything better these days?" then I share the following opinion:

I had to borrow this from the technet forum as I don't think I could be quite as concise at almost three a.m.

Although I agree with the statement from the technet forum to an extent, I also believe that filtering outbound traffic does provide a fair amount of security (obviously not as much as inbound) but it can alert you to things. The comments made are very arguable.

Pho · 14 Jan 2011 at 17:31

For inbound use your router. For outbound Vista/Windows 7 + Windows 7 Firewall Control will give you pop-up notifications to block outbound connections. It uses the built-in firewall (Windows Filtering Platform) from Vista/W7 so uses a tiny amount of memory (~3MB).

Their site looks rubbish, but it works quite well.

Rocker · 14 Jan 2011 at 17:36

Does Windows firewall incorporate program monitoring? I talking about things like, program component monitoring, program launch/executing etc. Where that, if the program (say IE) is allowed to access the internet, if the executable is changed (update applied or malware injected) the firewall can detect a change and asks for permission again?

d_brennen · 14 Jan 2011 at 17:47

fluff said:
I agree with ncjok.

Router + Patched Windows + Patched software + MSSE + Windows Firewall + common sense = pwnsauce.

Pretty much this. I don't run AV myself though.

ncjok · 14 Jan 2011 at 17:49

Craig321 said:
It's not the security I'm wanting, I just want to control what goes out, and would like to know what actually does go out.

Out of curiosity could you elaborate on why you require this functionality?

Rocker said:
Although I agree with the statement from the technet forum to an extent, I also believe that filtering outbound traffic does provide a fair amount of security (obviously not as much as inbound) but it can alert you to things.

Do you have a couple of examples of things you've blocked that were surreptitiously attempting to make outgoing connections? Things which you considered a security breach, perhaps, as opposed to a simple nuisance.

Craig321 · 14 Jan 2011 at 17:55

fluff said:
Are you running Windows 7? If so, you'll have awesome control over outbound traffic.

Yup, and I know. Still doesn't do what I want it to though

Pho said:
For inbound use your router. For outbound Vista/Windows 7 + Windows 7 Firewall Control will give you pop-up notifications to block outbound connections. It uses the built-in firewall (Windows Filtering Platform) from Vista/W7 so uses a tiny amount of memory (~3MB).

Their site looks rubbish, but it works quite well.

I'll check it out, thanks.

ncjok said:
Out of curiosity could you elaborate on why you require this functionality?

Do you have a couple of examples of things you've blocked that were surreptitiously attempting to make outgoing connections? Things which you considered a security breach, perhaps, as opposed to a simple nuisance.

I have my reasons for wanting to know if a program is connecting to the internet or not. Obviously I don't need to worry about the usuals (Outlook, Firefox, etc etc.), but I use a lot more than that.

Craig.

KIA · 15 Jan 2011 at 13:23

d_brennen said:
Pretty much this. I don't run AV myself though.

Ditto, I recommend it because the vast majority need it.

Azuse05 · 15 Jan 2011 at 13:31

fluff said:
peerblock is a waste of time imo.

Always has been, but the placebo effect is strong