# which firewall is the best ?



## mariner (Aug 11, 2004)

i m using the sygate personal firewall but still i find that some nasty applications do find their way in.inspite of using nav 04,ad aware se,spyubot SAD anf sysmech.


which cud b the best firewall?

presently using IE 6.0 and soon migrating to mozilla firefox !


----------



## sreevirus (Aug 11, 2004)

applications like adware and spyware make their way into the system thru the browser...the firewall cant stop those applications from coming into ur system because u have allowed the browser to communicate with the internet...yes, the softwares u mentioned can stop them from loading in ur pc to a certain extent, but not always.....but u can stop these programs from accessing the internet using the firewall [atleast this is to the best of my knowledge(heard this from some another source) ofcourse i cud be wrong(someone please correct me if so)] 
and u can stop many of these programs from installing in the first place using programs like javacool software's spywareblaster and spywareguard. use a combination of Spybot SnD(1.3) and Spywareblaster and keep updating.

as far as firewalls r concerned, ZoneAlarm is the best according to popular opinion (i'm also usin it and its doing a fine job for me).
but u can try other firewall softwares like blackice and tinyfirewall personal which i heard r also good.


----------



## sohummisra (Aug 11, 2004)

yup zone-alarm is probably the best although you'll get annoyed at the number of programs that are trying to access the net! it also slows (my) computer down quite a bit, if you don't have lots of RAM. but its the best in my opinion. can get it from zonelabs.com


----------



## infra_red_dude (Aug 11, 2004)

i find mcafee d best......zonealarm uses a lot of sys resources.....


----------



## theraven (Aug 11, 2004)

actually firewalls block certain ports which specific *ware/viruses use
hence preventing an attack
and again im not sure either .. so waiting for confirmation 
and i agree ... its zone alarm for me !


----------



## mahidhar (Aug 11, 2004)

Go to the following site and find out how good your firewall is.

Symantec Security Check

You can even post your results and we'll know whose firewall is best.


----------



## NikhilVerma (Aug 11, 2004)

ofcourse it will show that norton has the best firewall!!!

Isn't there any neutral site...


----------



## sohummisra (Aug 11, 2004)

why would symantec say that norton is best?


----------



## Saud Hakim (Aug 11, 2004)

Zone - Alarm is  the Best.!
Nothing gets better than it.

Used to  use it when i had  broadband.


----------



## sreevirus (Aug 11, 2004)

here r my results....not bad....check em out

*img.photobucket.com/albums/v242/sreevirus/securscan.jpg
*img.photobucket.com/albums/v242/sreevirus/stats.jpg


----------



## techno_funky (Aug 11, 2004)

if u have no money to spend on a GENUINE firewall
ZONE ALARM 
is the best


----------



## EinSTeiN (Aug 12, 2004)

No money no ads Zone alarm is the best..


----------



## walking-techie (Aug 12, 2004)

zone alarm is the best .. but it eats up a lot of resources

u can opt for other options like

tiny firewall
sygate firewall
norton internet security
..


----------



## mariner (Aug 12, 2004)

well guys this is te result fm symantec

Your Results:  
Port Description Status 

ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer. :STEALTH


21 FTP (File Transfer Protocol). FTP is used to transfer files between your computer and other computers. Port 21 should be open only if you're running an FTP server.:OPEN  


22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server.:STEALTH  


23 Telnet. Telnet can be used to log into your computer from a terminal anywhere in the world. This port should be open only if you're running a Telnet server. :OPEN   


25 SMTP (Simple Mail Transfer Protocol). A protocol for host-to-host mail transport. This port should be open only if you're running a mail server.:STEALTH  


79 Finger. Finger is an Internet utility that allows someone to obtain information about you, including your full name, logon status, and other profile information. :STEALTH 


80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server. :OPEN   


110 POP3 (Post Office Protocol). Internet mail servers and mail filter applications use this port. This port should be open only if you're running a mail server. :STEALTH 


113 Ident / Authentication. This service is required by some mail, news, or relay chat servers to allow access. A stealth result on this port could cause performance problems.:STEALTH  


119 NNTP (Network News Transfer Protocol). A service used by News servers to distribute Usenet articles to newsreader applications and between other servers.:STEALTH  


135 Location service (loc-srv). This port is used to direct RPC (Remote Procedure Calls) services to the appropriate dynamically mapped ports. Hackers can use this to determine which port is used by several Windows services. This port should not be visible from the Internet.:STEALTH  


139 NetBIOS. NetBIOS is used for Windows File & Print sharing.  If port 139 is open, your computer is open to sharing files over the Internet.  Other components of NetBIOS can expose your computer name, workgroup, user name, and other information. To learn more about preventing connections to your NetBIOS ports, see: NetBIOS Information and Configuration Instructions  :STEALTH


143 IMAP (Internet Message Access Protocol). IMAP is a sophisticated protocol for electronic mail delivery.  This port should be open only if you're running an IMAP server. :STEALTH 


443 HTTP over TLS/SSL. A protocol for providing secure HTTP communication. It should be open only if you're running a Web server. :STEALTH 


445 Windows NT / 2000 SMB. A standard used to exchange Server Message Blocks, and can be exploited in multiple ways, including gaining your passwords. :STEALTH 


1080 SOCKS. This protocol allows computers access to the Internet through a firewall.  It is used when one IP address is shared among several computers.  Generally this protocol only allows access out to the Internet.  However, it is frequently configured incorrectly to allow hackers to pass traffic inwards through the firewall.:STEALTH  


1723 PPTP (Point-to-Point Tunneling Protocol). This service is used for virtual private networking connections. :STEALTH 


5000 UPnP (Universal Plug and Play). This service is used to communicate with any UPnP devices attached to your network.:STEALTH  


5631 pcAnywhere. This port is used by Symantec pcAnywhere when in host mode. :STEALTH 


so what  do i do about items 21,23 and 80 ?


----------



## EinSTeiN (Aug 12, 2004)

But security : system resources .. which one will you choose?
I think todays sstem can handle the resources needen for zone alarm.
mine is just an amd 1800+ but zone alarm runs fine on it.


----------



## cooljeba (Aug 12, 2004)

I use Nortorn Firewall. I think it's cool. My other fav's are Sygate Personal Firewall .
..:: peace ::..
Jeba


----------



## aadipa (Aug 12, 2004)

Norton Internet Security


----------



## aadipa (Aug 12, 2004)

also check ur firwalls at

*grc.com/x/ne.dll?bh0bkyd2

check for common ports and messenger spam

do put ur results here


----------



## anusoni (Aug 12, 2004)

well i just shifted to SUSE Linux, so now i'll now see how to configure the firewall inside it.


----------



## anusoni (Aug 12, 2004)

i just tested myself using the link aadipa gave, and i am glad to say my computer is suppose to be a real stealth machine according to that link !


----------



## Deep (Aug 13, 2004)

I use my all time fav Norton Internet Security..

no problems at all :d

Deep


----------



## mariner (Aug 13, 2004)

well guys  i m still waiting for ur responses on hjow to close ports 21,23 and port 80 as these seem to be the trouble makers.


----------



## Deep (Aug 13, 2004)

mariner said:
			
		

> well guys  i m still waiting for ur responses on hjow to close ports 21,23 and port 80 as these seem to be the trouble makers.



atually this test will work properly only if you ave Public IP, i.e. with IPs other than 172.16.x.x, 10.x.x.x,172.168.x.x

anyways to cross check these ports... do this..

in IE write this 

For Port 80: *127.0.0.1/
For Port 21: ftp://127.0.0.1

for Port 23

Start - Run - Telnet

in the new window write *o 127.0.0.1* it should *not* show 

"Connecting To 127.0.0.1...Could not open connection to the host, on port 23: Connect failed"

if it shows above message then it means you dont have port 23 open..

and for port 80 it should say page cannot be found or something..
21 should say something like unable to connect..

lemme know what happens after u do above things..

Deep


----------



## rock_ya_baby (Aug 13, 2004)

mariner said:
			
		

> well guys  i m still waiting for ur responses on hjow to close ports 21,23 and port 80 as these seem to be the trouble makers.



You can easily do that using a firewall..

If you dont have / want to use it then you can try > portblocker

Just run it, it automatically blocks the ports that u've mentioned (by default)


----------



## anishcool (Aug 13, 2004)

Hey i am using sygate (v 5.5, build 2156) with the latest updates and avg. If you keep updating your firewall just like ur antivirus it will work much better. By the way zonealarm is crap as the free edition takes too much system resources and has a very childish and non-geeky interface. if you can pay Rs.1500 mcafee is great. norton is not bad as well but just too expensive.


----------



## mariner (Aug 13, 2004)

ok guys i got the following from symantec today

How to close ports that should not be open 

Situation:
You ran Symantec Security Check or a similar type of security scanning tool and the results indicate that certain "well known" ports are open. "Well known" ports can include any port from 0 to 1023, but the most commonly used ports are 23, 25, 80, and 110.

Solution:
"Well-known" ports are generally reserved for services such as email, Web services, Internet protocols, and so forth. If a security scanner indicates that some of these ports are open and you are not running services related to those ports, then an unknown process - like a Trojan - may be running on your computer.

To correct this situation, run the current version of an antivirus program to detect and eliminate the Trojan, and then install Norton Internet Security or Personal Firewall and re-scan your computer to confirm that the suspect port is now closed.

The following table identifies ports that should not be open unless you are running services (servers) relating to them. If any of these ports are reported as being open, then a component of a service or server may be running on your computer. An example of a service or server component running on your computer is INETINFO.EXE from Microsoft. This component is used to run the Personal Web Server feature of Windows. 

Port Service Type of Server Description 
23 Telnet telnet server allows another computer to log into yours 
25 SMTP mail server email protocol that sends mail out 
80 HTTP web server web protocol 
110 POP mail server email protocol that receives mail 

To determine if INETINFO.EXE is running on your computer, follow one of these procedures:

Windows 95/98/ME/XP 

Click Start then Run. 
Type MSCONFIG in Open box. 
Click OK or press the Enter key. The System Configuration Utility screen will appear. 
Select the Startup tab. 
See if INETINFO.EXE is running. If you do not need this feature running, uncheck the box then click OK. Reboot your computer and run Symantec Security Check again.

Windows NT/2000 
Open the Task Manager by right clicking the Task Bar. 
Select Task Manager. 
Click the Processes tab. 
See if INETINFO.EXE is running. If you do not need this feature running, you must remove the Internet Information Services (IIS) feature from the Add/Remove Windows Components in the Control Panel.

going to try out the same and will post results


----------



## Deep (Aug 13, 2004)

u shall read what i had said in my post..

regards
Deep


----------



## mariner (Aug 13, 2004)

ok deep i did what u said and got the following results

port 80 : cannot be found
port 21 : windows cannot access this folder.make sure u have typed the file name correctly and u have the permission to access this folder
          details: a connection with the server cannot be established
port 23 :connecting to 127.0.0.1....cud not open connection to the host,on port 23 connect failed.

ok so tell me
1.does it mean that my pc is safe ?
2.and if it so than why do symantec and shields up tell me that my pc is at
 gr8 risk?


----------



## Ashis (Aug 14, 2004)

zone alarm is the best .. but it eats up a lot of resources

u can opt for other options like

tiny firewall
sygate firewall
norton internet security
..[/quote]

I have Used Zone Alarm & I find it slows down the net speed!


----------



## Deep (Aug 14, 2004)

mariner said:
			
		

> ok deep i did what u said and got the following results
> 
> port 80 : cannot be found
> port 21 : windows cannot access this folder.make sure u have typed the file name correctly and u have the permission to access this folder
> ...



it means that these ports are already blocked on ur machine..
the reason why norton showing those ports open coz it was checking the IP address of your ISP not yours..

you must have having IP address with 172.16.xx or 10.x.xx.xx or 192.168.xx.xx

to cross check it 

start - run - command - write ipconfig

it should show ur ip address

and then go to www.whatismyip.com

it should show the IP address of your ISP..if both are same then you have public IP and otherwise your IP address is private..

about ur 2nd question...
answer is in my above explanation...it's chekcing ur ISP's IP address..no need to worry..install firewall like Norton  Internet Security or any other u prefer..shall solve your problem

Deep


----------



## mariner (Aug 14, 2004)

pk deep thanks a ton for ur help.my ip does start with 192.xxx.......

so if my isp's ip is being checked and the ports r found open then
will it effect my pc ?

i think i will stick to sygate PF for some time and change to another
when i upgrade in early next yr.

many thanx


----------



## anishcool (Aug 14, 2004)

yup thats right deep. most of the ISP's like sancharnet provide public ip's. ok does anyone know where to report hackers? Using the built in Whios utility in Sygate i got down to a site who was port scanning my comp. I really want to destroy them. Any answers ?


----------



## pantheratigris (Aug 15, 2004)

Norton Internet Security


----------



## aadipa (Aug 15, 2004)

anishcool said:
			
		

> Using the built in Whios utility in Sygate i got down to a site who was port scanning my comp. I really want to destroy them. Any answers ?


NOT ALL PORT SCANS ARE HACKING ATTEPTS


----------



## Deep (Aug 15, 2004)

aadipa said:
			
		

> anishcool said:
> 
> 
> 
> ...



yup totally agree with aadipa..

first findout the port number and google for port number and see what could be the reason..

do some search like this...

your port number + hack or your port number + spyware etc..

Regards
Deep


----------



## vswizard (Aug 16, 2004)

Kerio Rocks.. and is the best one around


----------



## anishcool (Aug 17, 2004)

thanx a lot i did find out the site through google. ok is there any way u can block all the ports on ur comp(i use sygate)does sygate block all the ports and secure the pc ?


----------



## bhalchandra (Aug 17, 2004)

hey man if u r going for zone alarm then make sure u have 512 MB of memory because pc will die on 128 mb as it very much resorce hungry
Otherwise go for mcafee personel firewall
njoy...............


----------



## mariner (Aug 17, 2004)

yes with lots of help from deep n other guys i found out that my sygate PF is really doing a gr8 job.

so i think anish it shuid be doin the same for u .

Sygate the best


----------



## Deep (Aug 17, 2004)

anishcool said:
			
		

> thanx a lot i did find out the site through google. ok is there any way u can block all the ports on ur comp(i use sygate)does sygate block all the ports and secure the pc ?



actually u really cant block all the ports...coz some services require certain ports to be opened...

so no need to worry about the ports unless you find something suspicious things going on..

for better security..check ur machine in every 15 days with Ad-Aware and may be virus scan once a month..

Regards
Deep


----------



## busyanuj (Aug 17, 2004)

mariner said:
			
		

> i m using the sygate personal firewall but still i find that some nasty applications do find their way in.inspite of using nav 04,ad aware se,spyubot SAD anf sysmech.
> 
> 
> which cud b the best firewall?
> ...



try *Black Ice*. 

IMO, it does a decent job.


----------



## prathapml (Aug 18, 2004)

Windows Firewall in WXP SP2 is more than enough for most purposes. But in corporate networks, that's not exactly what you'd be using - it was designed for the newbie and home-users, and fulfils its mandate perfectly.

If I had to buy a firewall, I'd use ZoneAlarm 5.1 Security Suite. A complete firewall+identity security+antiVirus solution. info


----------



## freshseasons (Sep 2, 2004)

Zone Alarm is the best But But BUT ....how u configue its access attempt is the most important thing...i think the permission u give for programme to acces net is the most important thing ...Which firewall comes latter...Coz with ur permissions u can make even the strongest firewall weakest and viceversa


----------



## it_waaznt_me (Sep 2, 2004)

Zone Alarm for me ...


----------



## vswizard (Sep 3, 2004)

KERIO .. rocks


----------



## pradeep_chauhan (Sep 3, 2004)

well i am a bit late to join in this thread but i would like to share my setup(please by no way it is the best / ideal setup) ok so here goes
1. went to a secondhand pc dealer "big apple" got a p3 machine for rs 4000/- without monitor mouse keyboard
2. load fedora and config dialup and iptables.
3. patch it to main machine running xp sp2
4. load putty on windows machine
5. dialup to inet (or any unsecure network) on the p3 machine
6. enjoy safe and secure existance behind the p3 machine

This setup has served me well till date .
regards pradeep


----------



## luckyrocker (Sep 12, 2004)

*My test results*

If you can pay then 
1) Agnitum Outpost 2.1 Firewall is "the" best.
2) Look 'n' Stop pro
or else

Kerio
Zone Alarm
Sygate

Go here to check which one of the free versions is the best.

*www.pcflank.com/art21.htm

IMHO free versions of all firewalls are useless. You can check how much protection you get from your firewalls (free or paid) by performing some leak tests. There are a total of 8 leak tests that can be performed. I have tested McAfee, Norton, Agnitum Outpost(free and Paid), Sygate(Free and Paid), Zone Alarm (Free and Paid).Out of these I list in descending order of score, when i tested them:

1) Agnitum Outpost 2.1 8/8
2) Kerio Pro                 7/8
3) Look 'n' Stop Pro 2   6/8
4) Zone Alarm pro       6/8
5) Sygate Pro              6/8
6) McAfee Pro              4/8
7) Norton                    3/8


Of all these the free versions of the firewalls were not nearly as good as the paid versions.
Only 
Kerio,
Zone Alarm
Sygate 
provided any kind of security.

In any way whenever you install any firewall i suggest you test them using the leak tests, and come to your own conclusion as to which is the best.

luckyrocker


----------



## luckyrocker (Sep 12, 2004)

*also*

Also i've been using outpost for a long time and nothing gets past it without me knowing of it, and i do mean nothing, no crack dialers, no spyware buttons in explorer .... and the like.


----------



## pradeep_chauhan (Sep 12, 2004)

dont be so sure, to check if it does something naughty open a net connection without the fiewall start a ethernet sniffer like ethereal and start capturing the outgoing packets now start the firewall and see if it generates any outgoing traffic. i was using zonealarm for the past four years and was shocked to find that zonealarm initiates a self connection to its home server on startup.


----------



## luckyrocker (Sep 12, 2004)

*so does outpost*

..so does outpost,norton, Mcafee...


----------



## pradeep_chauhan (Sep 12, 2004)

So  do you think this is what a perfect fire wall should do ? I dont think so. Any software connecting to the outside world without specific permission from the user SHOULD be blocked. Take a tip from iptables the most secure firewalls are build using these. Moral of the story is that the firewall is a guarding angel, someone you trust you dont expect it to cheat on you.


----------



## rajendra99 (Sep 13, 2004)

The firewall that came with WinXP SP2 has made my surfing very difficult. Only the trusted sites open. Earlier I used ZA. Can I uninstall this SP2 firewll & install ZA 5.1? No problem on RAM, I got 1 GB.


----------



## luckyrocker (Sep 13, 2004)

*sure*

of course not... that is not wot a "perfect" firewall should do. But we don't live in a "perfect" world. Guardian Angel or not we seem to forget that these are commercial tools that get the commercial software firms their bread and butter, and for them feedback and information are important tools. Why do you think companies like sygate, zoneLabs, Agnitum...etc release free versions for their software?it's definitely not for the good karma.

Sure iptables is a great foundation for a firewall but even iptables is not "perfect" so to speak.. I do luv the project none-the-less, I only wish more commercials firms would implement it.
*www.netfilter.org/security/index.html


----------



## pradeep_chauhan (Sep 13, 2004)

please please it seems i have hurt your sentiments carry on doing whatever you want. Have Fun.


----------



## luckyrocker (Sep 13, 2004)

*lol*

lol...  
wot was tht all about...
i m juz sharing wot i know ..
no hard feelings here.. :roll:


----------



## theraven (Sep 13, 2004)

@rajendra
just disable the inbuilt firewll from the security centre in the control panel and install zone alarm


----------



## esumitkumar (Sep 15, 2004)

ZONE ALARM


----------



## Ashis (Oct 22, 2004)

Honestly,
Windows Firewall is Good.
A good balance:- Security & Browsing Speed.


----------



## sidewinder (Oct 22, 2004)

Zap is best but i cant use it .I use sygate.I miss the ad blocking function of zap a lot.Can u guys suggest me a soft that can block web ad s


----------



## allajunaki (Oct 22, 2004)

Da Best Security , Unplug from all networks...! 

On a more serious note SP2 Firewall is good enough.... I used to use ZoneAlarm... But i was impressed by the sp2's built in firewall... (Totally Revamped , nothing like the original XP firewall). what i laiked the most is the option to selectivly open ports apart from Application permission that is available in sp2....

So if u dont have SP2 and have lots of hardware to spare, then go for zonealarm. other wise update to SP2


----------



## xenkatesh (Oct 23, 2004)

Zone alarm i trust it!


----------

