Question:
Which is the best Firewall? What are the advantages of having a firewall as opposed to not having one?
?
2007-06-13 05:50:49 UTC
What does Firewall do which is not done by Antivirus? If we dont have a firewall will that harm my computer? Is there any userfriendly firewall? I have used couple but unable to understand it always tells me some IP address is trying to connect. I believe this helps against hackers. Please help
Fifteen answers:
anonymous
2007-06-13 05:55:16 UTC
LOL if u install any firewall it will apear that ip is trieng to acces your computer but its upto you to allow or block,i suggest norton firewall (example:kingdoms had walls to protect against attacker and enemies so its the same but to protect against hackers.)
anonymous
2007-06-13 07:59:36 UTC
Some basic Firewall info:



Firewalls exist to manage and decrease the attack surface exposed to threats.

Firewalls exist as a layer on a same box or a separate box altogether.

Firewalls on the same box protect only that box from all others while a firewall on a separate box can protect many boxes (your private network).

Firewalls come in two basic architectures, IP filtering and Proxy. Think of IP filtering as similar to a window screen which lets specified traffic through without real inspection. Proxy firewalls terminate the original traffic on one side and creates new connections on behalf of the original traffic to the final destination, and this "terminate and re-create" permits the Proxy firewall to do deep inspection and analysis of the traffic, possibly denying traffic based on content and faulty packets.



Especially in the case of an IP filtering FW and less so but still possible with a Proxy FW, it is only a "first layer" of defense. A potential exploit is a threat only if it reaches a target Service (functionality) on your machine, and today this is considered the most important way to protect your machine, called "hardening" -- And that generally means that you keep your machine fully patched as well as turning off unnecessary Services.



So, what is the best Firewall?

There isn't, because there are so many types of firewalls with different features, designed to protect in many ways.



But, in general the "best" firewall is an appliance that doesn't run on one of your normally used machines, is a Proxy, runs on an OS with a good repuation, can be and is regularly patched, produces tons of logging, has good tools for analyzing your logs, applies some AI to help analyze the logs, properly alerts you of issues, recommends actions when an issue is recognized...



And, you'd probably be paying over $30,000 for the "best" firewall whatever that might be. For a home user, you'll probably have to compromise, but still evaluate based on the featureset I suggested no matter how little it might cost.
Mike10613
2007-06-13 05:57:55 UTC
A firewall basically helps prevent hackers getting in. I found f-secure the best - it told me the IP address of the **** hole trying to get in or port scanning me. But now I have a firewall built in to my wireless router and the XP firewall and so far that seems enough. There is a free one called Blackice you can search for - that was good - but kept giving me an alarm every time I got a port scan - it got a little annoying after a while.
NETILIAN
2007-06-19 06:51:58 UTC
These days do not think even to go to internet and not having firewall. The best is hardware firewall usually build in inside routers. Get a router for $50-$70 and proper configure it and then you can use the firewall that comes with windows. That what I use and have no problems and you will not need to install or buy other software. Software firewall will slow down you PC.
James
2007-06-13 05:58:40 UTC
The best firewall believe it or not is free, it's Comodo firewall.



http://www.personalfirewall.comodo.com/



It scores the best against leak tests, zone alarm is not bad, but it's reputation is overblown



http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php



Firewalls block inbound and outbound network connections.



To put it simply, when you go on the net, and say use Internet explorer to visit yahoo.com, your web browser will send information in "packets" to the yahoo server, which will respond and send back information to display the page.



A firewall sits in between and decides what to allow in and what to allow out.



It is easy to see why firewalls should control what is allowed in. You don't want hackers to get in.



But it is also important to control what is allowed out (outbound control), for example you don't want a worm or virus to steal your credit card number and then send the information out.



Unfortunately, using firewalls is a bit tricky. Generally you don't need to configure what your firewall allows in (don't ask) , most homeusers except those using P2P will nto need to configure their firewall to allow inbound connections.



You will need to allow outbound connections however. Look at the prompt and see if you recognise the application requesting. For example if you are using internet explorer, then obviously it must allow outbound.



I don't know what brand of firewall you are using, some might require that you set what port, what ip, which is perhaps too hard for you.



Some firewalls like Norton have a built in whitelist so it recognises what is good and automatically allows it to work without prompting.. you might want to try those.



PS this is an overly simplified explanation and is not 100% accurate but it is good enough without going into tedious details.
Life won't Stop Nor Should U
2007-06-13 06:06:49 UTC
Zone Alarm is to the best of my Knowledge

freely available and user friendlyAntivirus works on malicious scripts harms your computer and may or may not spread to others.

Firewall blocks the malicious script progra,ms softwares to steal info corrupt or do any harmn by/from internet

So firewall is a malicious traffic monitor

same as immigration officials.

Yes firewall is must to get away from hackers

IF it says some ip address is trying to connect you need to learn what is it.

it could be a program it could be simple browsing/downloading, else trust your firewall it indeed is an hacking attempt
mynamesnotjohn
2007-06-20 14:17:46 UTC
A firewall basically blocks ports. The advantage is having control over the type of content used on your computer while on a network. A quick made up example..... A program named WebPhone uses ports 1052 thru 1490 to allow voice communication over the web. With a firewall if you block ports 1052 thru 1490 WebPhone cannot pass data thru those ports resulting in no voice communication via WebPhone software. Lets say a company has a small network with minimal bandwidth and employee computers c, d, and x are hogging it using file sharing programs. Block all ports used by the file sharing programs to free up bandwidth on the company network.
stuart
2007-06-13 06:03:21 UTC
A firewall is a pro which filters connections, and if its not a proper ip address it will "ask" you if; A) you know what it is? and B) if you want to allow it to connect. & Norton Firewall is the best, however it will slow you computer down thow, but its worth it
nhprodigio
2007-06-13 05:56:17 UTC
A firewall protects your computer because it stops most outside programs from accessing your computer. The easiest one I have found is the one that comes with Windows XP and the AOL firewalls(they're easy to turn on and off, and easy to modify.
Terryc
2007-06-13 06:27:27 UTC
Not having a firewall allows any computer that can work out your current IP address to directly attack you.



With Windows OS, it can be a disaster because there are a lot more vulnerabilities discovered and Microsoft takes far too long to respond qand often their fixes do not solve the problem.



With Linux, it is less of a problem because it isn't as open to outside connections as Microsoft OSs and requires a lot more skill to use the vulnerabilities. Also, the Linux community is a lot more open and responds with fixes extremely fast. The fact that just about all Linux software and applications are open source, means that anyone can work out a fix and share it around.



Some firewalls can run applications that check stuff like email for viruses, etc, but a firewall can not run an application to detect spyware.



A good firewall can also run applications to watch your own network and report what computer and application made attempts to connect to what IP address, e.g spyware phoning home.





To me,the best firewall is a seperate L:inux computer running one. I do not currrently have a preference between the different preconfigred roll-out offerings.



Hey, I've had thirty years in IT. I know what I'm doing. I also run my own mailer, webserver, etc, etc, etc.



By talking about what I do, I'm trying to show you wat to look for in a good firewall. Things will be definitely simpler if you are just talking a computer that just surfs the web and picks up mail from your ISP.





The first thing my firewall does is decide if I even want to answer the door. I can build up a long list of UIP addresses that send virus, wors, trojans, etc and tell my firewall never to answer their knocking.



I can also build up a list of web trawlers that are know to trawl through my website and suck off all the email addresses to spam them. I can add to that list, all the IP addresses that have sent me spam in the past.



Most prepacked firewalls have restrictions on the number and range of IP numbers you can block.



By writing my own rules, I can decide how little or how much I block or allow.



E.g, i might block all IPs assigned to Russia because of russian hacker activity. My firewall would just not talk to the in any way shape or form. I'd pprobably add all IPs assigned to Nigeria and all IPs assigned to XYZ Company in Florida USA that is know to allow customers to send spam.



Firstly I do not want them trolling my website and secondly, I'm not interested in any mail from them, so I block them totally.



I might then allow every one else to look at my webserver. which is port 80.



I might have multiple webservers on different ports, like 8080 which I only open to places I am currently working, or 5670 which may only be open to relations who are working on my family tree with me.



Then I might invoke a service that tells me if this IP, that wants to connect to my mail server, has been reported as sending spam. If it has, then I'll block it. If it hasn't then I will allow it to start talking to my mail server on port 25.



Note, some mail servers that I mgith run, can also be configured to report IP numbers that sent spam and automatically add them to the blocked list.



I might have it set up so I can check home mail from outside customer sites, but instead of using the common POP3 port of 125, I'd use something else and reject all pop3 on port 125 as hacking attempts.



Perhaps I run a peer to peer server, but I want to restrict the servers/seeds that can actually talk to me on the calling port. I can do that with my own firewall rules.



Once you understand how to write firewall rules, it isn;t that hard. They just collect over time and look complex.



It really is a series of IF then, If then that stops being tested as either it is rejected and allowed.



Probably far more than you wanted to know.
anonymous
2007-06-20 17:14:16 UTC
zone alarm is the best its free and it protects you from hackers and its easy to use and you get regular updates so you can stay protected also keep service pack 2 on there because it will protect you from bugs people have found to screw with your computer and you get windows xp firewall but that isnt as effective as zone alarm
anonymous
2007-06-13 10:47:29 UTC
Cisco fire is the best one and it protects the hackers from logging into our network servers . It also acts a anti virus also like protect us from opening the **** sites also.
lucia x
2007-06-13 09:26:55 UTC
most virus are spread through IE. IE is not a safe browser. you should use a more secure browser to protect your PC from virus.



i recommand you to use firefox with Google toolbar. firefox can block any any popup and disable any virus and adware, spyware on webpage, so, firefox is much safer than IE browser. as you know, most of virus spread throught internet and webpage.



besides, firefox is much smaller than IE, so it run faster than IE.



download firefox for free, Just have a try:



http://www.163flash.net/firefox/



Good Luck
XRAYDELTA1
2007-06-18 13:25:30 UTC
I have had great results with Kaspersky..It is a little more technical than Norton or Macafee but it tells me when I am being attacked
PBcompanies.com
2007-06-13 05:56:29 UTC
it keeps things from getting in...and helps keep things from getting out... as for user friendly... most are... you just need to know what it is telling you.... if something is trying to access your computer and you did not invite it to come in...then block... if you asked it to come in then allow.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...