FreewheelinFrankI appreciate that if you don't need to set up advanced rules, the Windows firewall is fine, but I still prefer a firewall with outbound control.I don't mind rules, but I want functionality... so until I find something that fulfils my needs, Windos Firewall coupled with avast!'s shields, it is... (and various anti-spyware stuff)
Although I've never had a Trojan infection, can I guarantee that I never will in the future? Not 100%, no. Even a knowledgeable user can make a mistake, like this chap:I've dealt with a few, not on my machine, but on the machines of computers I administer... the main reason for infection is the user.. mostly...
I understand the reasoning that once a Trojan has system access, it can do anything it wants, including terminating any other application, in practice this can be difficult if an application is designed to prevent itself being terminated. We have seen on the forum how difficult it can be to remove malware that doesn't want to go and tries to protect itself. Third party firewalls at least make an effort to protect themselves from deletion, whereas the Windows firewall seems to be easy to bring down.I think it also depends on what sort of other security measures one has, if one simply has nothing, (especially a problem among home users) or one never runs, updates, scans with, or pays any attention to what one has, including windows updates, then it is relativelly easy to infect...
I remember once, I had this nice older lady asking for my help, and after a long time of persuading, I managed to convince her to instal: AVG Free, Zone Alarm Free, Spybot, Ad-Aware & Crap Cleaner... (she had nothing, and her automatic updates were not switched on) Upon scanning with AVG, over twenty Trojans, were discovered, never mind that Ad Aware picked up and so on, and Spybot was very useful for removal, it took me a day to clean out her machine, and then, despite that, it took me a long time to convince her that even using them once a week, and making sure they were updates, was worth her time...
Here's empirical proof from an anti-virus test: a Trojan on a system with Windows firewall brought it down easily, but a Trojan on a system with a third party firewall resisted being brought down and prevented the Trojan downloading more malware.I can agree, that it might be easier for a Trojan to disable a third party firewall, but nowadays, third party firewalls are also under attack, they are protected with passwords and so on, as a concequence.. and common ones are probably specifically targetted. As quickly as users wisen up, hackers do as well...
It ignored several Trojans, one of which successfully disabled the Windows firewall, allowing potential attackers remote control of the system.
Yes, but sounds to me that the guy was only relying on his firewall, and had nothign else going on... anything can be penerated, but it is what happens after that, that matters more, almost... which is one of the reasons I am in love with avast! as it scans my processes, as well...
At the moment I use ZA, which I don't think has IDS, but it does protect itself from attack and it keeps an eye on outbound traffic. It has little impact on my less-than-up-to-the-minute system and it's free.
Zone Alarm, is something I used for a year, though others have had experience with it that is positive, mine was not... I agree, it is good software, but I found it to be flexible, non-intuitive, and it presumed too much, while failign to protect me... (I had a Pro version)