Whats a Good Windows Firewall (if there is such a thing)

Posted on 2003-02-27
Medium Priority
Last Modified: 2013-11-16
Whats your favorite/securest windows firewall software? Id prefer to hear from someone that has alot of experience implementing software firewalls on windows machines (i know that hardware and linux firewalls are better)
Question by:davidh_

Accepted Solution

NEOsporin earned 80 total points
ID: 8037766
I use both at my job. Software is good, I recommend ZoneAlarm. While linux and Bsd do make for some good firewalling, cisco has a lot to offer as well, when considering hardware FW's. ZoneAlarm has one certain advantage over what other firewalls for the windows OS. Although i am sure that the others have caught on by now. ZA can block programs and services, that is disallow a program from accessing the network card. It can also permit such an action. When you first set ZA up, you'll get alot of questions, should i (za)allow this process to access the netowrk, should i allow this program to access the network? That's good, once you have allowed the programs and services that you use everyday, or most of the time, you will only see alerts that you specify you want to show up on the screen. Za alos can block cookies, pop-up windows and quite a bit more. it keeps good logs of the activity, but only of the actions it took on the disallowed list, port,network's,programs. That's all you'll need for the most part. There isn't much of a preformacne hit from having it installed, that I have found. Blackice, is more of an IDS system, and will recognize "hacker" or "malicious" activity, but i'd rather have hard fast rules, and not rely on "intuitive" applications.
kinda old.. http://www.cnet.com/software/0-352108-8-9717159-1.html

XP has some firewalling capabilities, but they aren't much.
Your going to probly hear from a lot of people on this one!

Expert Comment

ID: 8037818
It blocks ports too :) There are some freebies out there, and they do work, however i do not know if they have the additional ability to block a service or program...

Very good price for a very good product, IMHO. We'll hear from others on thier thoughts as well. But please, DO NOT rely on us, most if not all the FW's you'll find have a trail version, and if you can't figure out how to use a certain piece of software, then it will not protect you if you can't set it up:( None that I researched were all that difficult, and work muck like the hardware FW's i used for years. GUI's are always nice. "Security is not a program, it's a process" <--neo's mantra. There is plenty more to do to be secure, but a firewall is your 1st line of defense.

Expert Comment

ID: 8038356
Although zone alarm is a good firewall, your security is probably the most important part of your computer. I decided this after losing everything from a cracker who opened up a box and talked to me on dial up. I downloaded all the freeware firewalls, kerio (previously tiny), zone alarm, sygate, norton. I tested the firewalls apart and together. This way you find which one you find ez to setup, and you see the errors and warnings each firewall gives for programs. After you feel you see which firewalls ignores your used programs for ex. (media player), which firewall crashes for no reason, and which firewall catches the most intrusions while in the hackers lounge of some chat room daring them to get you. Buy the updated, upgraded, or corp. version of the firewall. I bought norton, although bulky and sometimes a real pain it has never failed me, and I run a second freeware firewall in which I change every time I log on. Just start the service I want to start today but usually kerio freeware.
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!


Expert Comment

ID: 8041530
I agree, nothing better than "Best Practices" I never accept mail, or chat with someone/something I don't know. Again- "Security is not a program, it's a process" Anti-virus software helps too- I use McAfee, and once I turned on heuristic's, I've never had a problem, even from new viri.
LVL 33

Expert Comment

by:Dave Howe
ID: 8042725
Its very much a horses for courses thing

if you want a simple firewall with a minimum of user misconfigurable *grin* parts, then ZA usually fits the bill; it allows filtering per application, with crude in/out control

if you want something you can play with, then I personally prefer kerio (which has a huge range of options) but sygate and outpost are equally popular.

Don't touch symantec's offering with a bargepole though :)

Expert Comment

ID: 8049547

Expert Comment

ID: 8049553

Expert Comment

ID: 8075721
Checkpoint on Solaris. Not cheap, but it works well.

Expert Comment

ID: 8078263
my chose is : http://www.agnitum.com/products/outpost/

Filters the viruses, worms, and trojans out of your emails;
Puts your computer into stealth mode, making it invisible to crackers; and
Blocks attacks and intrusions from hackers.
  Prevents sending your personal information to the bad guys;
Blocks web sites' attempts to gather information about your browsing habits; and
Guarantees peace of mind from invasion of your privacy through the Internet.
Protects your children from illegal, inappropriate web sites; Allows businesses to control the content that is allowed to be viewed by employees; and Offers complete flexibility for power users who want to fine-tune their firewall protection. Looks similar to Windows Explorer so you'll have almost no learning curve; Runs under All* Windows systems on Any Internet connection with Any** applications; and Updates its information frequently using a special utility, to ensure that you are protected against new attacks.

Expert Comment

ID: 8125732
I'm not sure if you are talking about personal firewall or gateway firewall - I'll assume the latter.

My background is Gauntlet (Unix and NT), FW-1 (Unix and NT)and PIX . Can't count the number of implementations I have done - but lots. FW-1 is the market leader and they deserve it - they will soon be toppled by Netscreen but will probably keep the title for OS-based firewalls.

8 months ago I started with a new company who partner with Symantec and they immediately sent me to get certified in Symantec Enterprise Firewall, which used to be called Raptor and was an Axent product. I have found it to be an excellent firewall on all versions.

I like FW-1 a lot as well - comparing FW-1 to SEF is oranges and apples as SEF is an application proxy which is inherently more secure. Unfortunately with a proxy firewall there is a performance hit so you really need to look at the purpose the firewall is going to serve. We often deploy 2 of each in HA with the SEFs protecting the internal network and the FW-1s protecting the DMZs.

Gauntlet NT was crap and it's dead anyway - so I'd be looking between SEF (high security) and FW-1 (high speed.)
LVL 58

Expert Comment

by:Pete Long
ID: 9779415
Firewalls (Hardware or Software?)

Software Firewalls

The basic version is still free!
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.

HardWare Firewalls

Cisco PIX
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise


Expert Comment

ID: 9954271
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: NEOsporin {http:#8037766}

Please leave any comments here within the next seven days.

EE Page Editor

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question