Fog Creek Software
Discussion Board




Norton Personal FireWall


Does anyone use this software ?

Does it protect well ?

Can you check all the craps he has blocked/stopped/destryoed ?

Snacky
Sunday, September 21, 2003

I've also looked into a software firewall to complement my hardware firewall.  From what I gather on the net and from Magazines, ZoneAlarm Pro and the Sygate firewall are better choices.  Having used none of them yet I don't have personal experience, but I'm leaning towards ZoneAlarm at the moment.

Not to say the Norton product isn't also fine, it just seems to be third in a pack of 10 or so out there.

Snotnose
Sunday, September 21, 2003

I brought a little cheap switch; being nat, it is quite affective as a firewall too, for anything I plug into it.  I wonder at what price-point personal firewall licenses and physical natting switches meet?

i like i
Sunday, September 21, 2003

I use the free edition of Zone Alarm. Can't see any reason for paying out money for anything else

Stephen Jones
Sunday, September 21, 2003

Kerio (originally Tiny Personal Firewall), ZoneAlarm, and Sygate can be used for free for personal use.

Personally, I prefer to use NAT-capable, stateful hw-based firewalls between the WAN link and the host acting as gateway, if any.

Frederic Faure
Sunday, September 21, 2003

I use Norton's software firewall.  It came free from my ISP.  I've been pleased with it.

Brian
Sunday, September 21, 2003

"I wonder at what price-point personal firewall licenses and physical natting switches meet?"

I wonder why we need to add the word "point" to "price"?  I keep hearing "price point" more and more often, when the word "price" would work just as well.

Your English teacher
Monday, September 22, 2003

I love my Sygate Personal Firewall.

Not only does it keep things out. It keeps things in.

Jack.

Jack of all
Monday, September 22, 2003

Im going to be the black sheep in the bunch, and say I was displeased with the software firewalls I tried. I tried Zone Alarm, and its default settings was to warn for all port accesses. This resulted in it being to talkative, popping up warning dialogs to no end.

I would take a cheap hardware firewalling router over software firewalls any day of the week.

If I were to hardware firewall a modem dial up I would probably go with Linux and make an old 486 or somesuch into a packet filtering router with a modem on it.

Hardware solutions is much much more transparent, and less annoying.

Patrik
Monday, September 22, 2003

But for laptops, software firewall travels with you. We have a hardware firewall in the company, but additionally we've installed software firewalls to all laptops so that people wouldn't get infected when they're home and then bring the virii back to the office in their briefcase.

I'm playing with the different ones all the time. I like ZA for clueless people, because it's so easy to show them how it works, but I also like Norton's Personal firewall. Next I'm going to install Sygate and Kerio to a couple of computers, just to see what they're made of.

Antti Kurenniemi
Monday, September 22, 2003

I use a software firewall called "AtGuard" and have been quite happy with it.  I use it in conjunction with a DSL router with a built in firewall.

MSpudbury
Monday, September 22, 2003

I think AtGuard mutated into the Norton software, nut I'm not sure.


Monday, September 22, 2003

not "nut", but "but"! doh!


Monday, September 22, 2003

I have used it on my home Win98 machine for 2 years now. Works like a charm. Very easy to use.

DJ
Monday, September 22, 2003

>> its default settings was to warn for all port accesses

I thought that was a feature.  It might be annoying to get the dialog once for each app you run, but you don't have to get it more than once.
The only time it was really a hassle was for games like Quake, which take over the whole screen (so the dialog doesn't render correctly).

Brian
Monday, September 22, 2003

To the person who said, paraphrased, "my software firewall blocked all ports and always put up popups.  I'll take a hardware firewall any day".

You don't think the hardware firewall is blocking all ports as well?  You can go into the software firewall's config and open/close specific ports, and you can also make it quit doing the popup thing.  If it's set up correctly, the popup is A Good Thing (tm), it's warning you of a potential problem.

(you can also open/close ports on hardware firewalls, BTW).

Snotnose
Monday, September 22, 2003

I guess this would be me...

>You don't think the hardware firewall is blocking all ports
>as well? 

Ah, well, yes. Thats like the while point of it all. What I said was that a hardware firewall does this more transparently
so it interrupts me and annoys me less.

I beg to differ on the point that popups can be a good thing <tm> since it interrupts what Im currently doing instead of just refusing to do something silently.

Firewalling should be done silently.

>(you can also open/close ports on hardware firewalls
>BTW).

Doh! You missed the point.

Patrik
Monday, September 22, 2003

I'm a bit surprised by the people saying that you should have a hardware, packet, separate firewall instead of software, personal firewall. Because it isn't a choice between the two, you need both.

You need the big, packet firewall on the edge of your network to protect your network against the nasty stuff on the internet, sure. But you also need the software firewall on every computer in your network to protect your the computers on your network from each other. Because, if you're running anything more than the most trivial network, eventually something will get in.

Belt and suspenders. It's not a choice between them.

Bill Tomlinson
Monday, September 22, 2003

>Belt and suspenders. It's not a choice between them.

I was referring to a small setup; like a home network or something, where I would say an "edge-firewall" would
suffice.

I have yet to experience corporate networks with software firewalling on each machine, to protect against eachother.

If I had someone telling me I needed a personal firewall on my corporate machine I would bitch, since constant interruptions from software firewalls kills productivity (But thats another story).

A more compelling way to do it, would be to subnet and route the private BIG LAN <tm>, and setup filters in between subnets.

One size fits all firewalling doesnt work very well in huge LANs since the servers need different traffic to be allowed to them.

PS. Sorry for being completely off-topic :-)

Patrik
Monday, September 22, 2003

For corporate laptops, CheckPoint has an interesting VPN Client/FireWall (which is either of SecuRemote or SecureClient, can't remember which.)

Basically, it's a FireWall that caches it's rules from the last time it pulled them from the Management Console and it also enforces minimum standards such as AntiVirus version and so on.

Now, I've only seen the Dog and Pony show and the demo/description at the OPSEC developers conference 18 months ago (ie: just when the FireWall-1 NG suite was released.)

Saruman
Monday, September 22, 2003

> I tried Zone Alarm, and its default settings was to warn
> for all port accesses. This resulted in it being to talkative,
> popping up warning dialogs to no end.

I may be missing something here, but I have ZA installed, and the only warnings I have are when an unauthorized app tries to access the net.

All other warnings are logged, but I get no popup.
--
"Suravye ninto manshima taishite (Peace favor your sword)" (Shienaran salute)
"Life is a dream from which we all must wake before we can dream again" (Amys, Aiel Wise One)

Paulo Caetano
Tuesday, September 23, 2003

Paulo,

Maybe my trial version of ZA was misconfigured. I wouldnt know, but my point was it was too annoying with the popups, not if the default settings caused all these popups.

However I ran alot of non-standard network stuff on my computer back when I tried it, like Oracle Net8 traffic and things. ZA became upset to the point where I got totally annoyed and uninstalled ZA.

Im not saying its a poor product; Im saying it did not suit my needs when I tried it out.

Patrik
Tuesday, September 23, 2003

> Maybe my trial version of ZA was misconfigured. I wouldnt
> know, but my point was it was too annoying with the
> popups, not if the default settings caused all these
> popups.

Point taken :)

I never ran into any problems with ZA because I either connect to the Web and ZA is on, or I connect to my "home LAN" (a direct cable between two PCs), and ZA is off. I never needed to connect both at the same time. which is a Good Thing (tm).

--
"Suravye ninto manshima taishite (Peace favor your sword)" (Shienaran salute)
"Life is a dream from which we all must wake before we can dream again" (Amys, Aiel Wise One)

Paulo Caetano
Tuesday, September 23, 2003

Dear Patrik,
                  All you do is tick the box not to show the alerts again.

               

Stephen Jones
Tuesday, September 23, 2003

*  Recent Topics

*  Fog Creek Home