Whats a Good Windows Firewall (if there is such a thing)

Posted on 2003-02-27
Medium Priority
Last Modified: 2013-11-16
Whats your favorite/securest windows firewall software? Id prefer to hear from someone that has alot of experience implementing software firewalls on windows machines (i know that hardware and linux firewalls are better)
Question by:davidh_
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

NEOsporin earned 80 total points
ID: 8037766
I use both at my job. Software is good, I recommend ZoneAlarm. While linux and Bsd do make for some good firewalling, cisco has a lot to offer as well, when considering hardware FW's. ZoneAlarm has one certain advantage over what other firewalls for the windows OS. Although i am sure that the others have caught on by now. ZA can block programs and services, that is disallow a program from accessing the network card. It can also permit such an action. When you first set ZA up, you'll get alot of questions, should i (za)allow this process to access the netowrk, should i allow this program to access the network? That's good, once you have allowed the programs and services that you use everyday, or most of the time, you will only see alerts that you specify you want to show up on the screen. Za alos can block cookies, pop-up windows and quite a bit more. it keeps good logs of the activity, but only of the actions it took on the disallowed list, port,network's,programs. That's all you'll need for the most part. There isn't much of a preformacne hit from having it installed, that I have found. Blackice, is more of an IDS system, and will recognize "hacker" or "malicious" activity, but i'd rather have hard fast rules, and not rely on "intuitive" applications.
kinda old.. http://www.cnet.com/software/0-352108-8-9717159-1.html

XP has some firewalling capabilities, but they aren't much.
Your going to probly hear from a lot of people on this one!

Expert Comment

ID: 8037818
It blocks ports too :) There are some freebies out there, and they do work, however i do not know if they have the additional ability to block a service or program...

Very good price for a very good product, IMHO. We'll hear from others on thier thoughts as well. But please, DO NOT rely on us, most if not all the FW's you'll find have a trail version, and if you can't figure out how to use a certain piece of software, then it will not protect you if you can't set it up:( None that I researched were all that difficult, and work muck like the hardware FW's i used for years. GUI's are always nice. "Security is not a program, it's a process" <--neo's mantra. There is plenty more to do to be secure, but a firewall is your 1st line of defense.

Expert Comment

ID: 8038356
Although zone alarm is a good firewall, your security is probably the most important part of your computer. I decided this after losing everything from a cracker who opened up a box and talked to me on dial up. I downloaded all the freeware firewalls, kerio (previously tiny), zone alarm, sygate, norton. I tested the firewalls apart and together. This way you find which one you find ez to setup, and you see the errors and warnings each firewall gives for programs. After you feel you see which firewalls ignores your used programs for ex. (media player), which firewall crashes for no reason, and which firewall catches the most intrusions while in the hackers lounge of some chat room daring them to get you. Buy the updated, upgraded, or corp. version of the firewall. I bought norton, although bulky and sometimes a real pain it has never failed me, and I run a second freeware firewall in which I change every time I log on. Just start the service I want to start today but usually kerio freeware.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 8041530
I agree, nothing better than "Best Practices" I never accept mail, or chat with someone/something I don't know. Again- "Security is not a program, it's a process" Anti-virus software helps too- I use McAfee, and once I turned on heuristic's, I've never had a problem, even from new viri.
LVL 33

Expert Comment

by:Dave Howe
ID: 8042725
Its very much a horses for courses thing

if you want a simple firewall with a minimum of user misconfigurable *grin* parts, then ZA usually fits the bill; it allows filtering per application, with crude in/out control

if you want something you can play with, then I personally prefer kerio (which has a huge range of options) but sygate and outpost are equally popular.

Don't touch symantec's offering with a bargepole though :)

Expert Comment

ID: 8049547

Expert Comment

ID: 8049553

Expert Comment

ID: 8075721
Checkpoint on Solaris. Not cheap, but it works well.

Expert Comment

ID: 8078263
my chose is : http://www.agnitum.com/products/outpost/

Filters the viruses, worms, and trojans out of your emails;
Puts your computer into stealth mode, making it invisible to crackers; and
Blocks attacks and intrusions from hackers.
  Prevents sending your personal information to the bad guys;
Blocks web sites' attempts to gather information about your browsing habits; and
Guarantees peace of mind from invasion of your privacy through the Internet.
Protects your children from illegal, inappropriate web sites; Allows businesses to control the content that is allowed to be viewed by employees; and Offers complete flexibility for power users who want to fine-tune their firewall protection. Looks similar to Windows Explorer so you'll have almost no learning curve; Runs under All* Windows systems on Any Internet connection with Any** applications; and Updates its information frequently using a special utility, to ensure that you are protected against new attacks.

Expert Comment

ID: 8125732
I'm not sure if you are talking about personal firewall or gateway firewall - I'll assume the latter.

My background is Gauntlet (Unix and NT), FW-1 (Unix and NT)and PIX . Can't count the number of implementations I have done - but lots. FW-1 is the market leader and they deserve it - they will soon be toppled by Netscreen but will probably keep the title for OS-based firewalls.

8 months ago I started with a new company who partner with Symantec and they immediately sent me to get certified in Symantec Enterprise Firewall, which used to be called Raptor and was an Axent product. I have found it to be an excellent firewall on all versions.

I like FW-1 a lot as well - comparing FW-1 to SEF is oranges and apples as SEF is an application proxy which is inherently more secure. Unfortunately with a proxy firewall there is a performance hit so you really need to look at the purpose the firewall is going to serve. We often deploy 2 of each in HA with the SEFs protecting the internal network and the FW-1s protecting the DMZs.

Gauntlet NT was crap and it's dead anyway - so I'd be looking between SEF (high security) and FW-1 (high speed.)
LVL 57

Expert Comment

by:Pete Long
ID: 9779415
Firewalls (Hardware or Software?)

Software Firewalls

The basic version is still free!
Zone Labs offers a complete range of firewall products, from the free ZoneAlarm, to the comprehensive protection of ZoneAlarm Plus, to the ultimate privacy and security tools in ZoneAlarm Pro.

Black Ice Defender
BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connections for suspicious behavior.

Symantec's Norton™ Personal Firewall
Keeps hackers out and personal data in. It makes robust firewall protection easy by automatically hiding your PC on the Internet and blocking suspicious connections. Norton Personal Firewall also protects your privacy by preventing confidential information from being sent out without your knowledge.

McAfee Personal Firewall
Personal Firewall places a barrier between the Internet and your PC, helping to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Every time your computer is probed or attacked, you get detailed reports and clear follow-up options.

HardWare Firewalls

Cisco PIX
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defense against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise


Expert Comment

ID: 9954271
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: NEOsporin {http:#8037766}

Please leave any comments here within the next seven days.

EE Page Editor

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month11 days, 16 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question