Author Topic: XP's Firewall - Good? Bad? Ugly?  (Read 16995 times)

0 Members and 1 Guest are viewing this topic.

Rain

  • Guest
XP's Firewall - Good? Bad? Ugly?
« on: September 27, 2006, 03:36:45 AM »
Is it good enough?

I used to use Zone Alarm Anti Virus, (it sucketh - imho anyway) so I am used to a more, interactive Firewall... I downloaded a XP Log analyzer from 2brightsparks, and as I ran it, I was not sure if I should scream, or laugh, or? Over 30 000 entries and my head asplode... I know it does not block outbound traffic, but when I tested it on a site that checks for a tight inbound computer, it passed just fine... I have also closed the Plug & Play and turned DCOM off, after I checked its patches...

Anyway, I am wondering, is the combination of avast! Anti-Virus Pro, and XP Firewall, (what is it called again, Internet Connection something or other) good enough? Do I need a firewall, other than XP's own?

I like the look of: SoftPerfect Personal Firewall, which is a rule based firewall... It looks simple enough...but I would like opinions from people who have used avast! longer than I have... (which is a grand total of three or four days)
« Last Edit: September 27, 2006, 03:38:46 AM by Rain »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #1 on: September 27, 2006, 03:59:59 AM »
I like the look of: SoftPerfect Personal Firewall, which is a rule based firewall... It looks simple enough...but I would like opinions from people who have used avast! longer than I have... (which is a grand total of three or four days)
I haven't used it or tested it...
Anyway, I always suggest Comodo, Kerio, ZoneAlarm, Sygate... in this order, more or less.
Check these sites before:
http://www.thefreecountry.com/security/firewalls.shtml
http://www.firewallleaktester.com/tests_overview.php
The best things in life are free.

Rain

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #2 on: September 27, 2006, 04:15:57 AM »
I like the look of: SoftPerfect Personal Firewall, which is a rule based firewall... It looks simple enough...but I would like opinions from people who have used avast! longer than I have... (which is a grand total of three or four days)
I haven't used it or tested it...
Anyway, I always suggest Comodo, Kerio, ZoneAlarm, Sygate... in this order, more or less.
Check these sites before:
http://www.thefreecountry.com/security/firewalls.shtml
http://www.firewallleaktester.com/tests_overview.php

Hmmm, well Zone Alarm is out for me, I tried them (both free and pro) for a year, and was deeply disapointed, Comodo, and Sygate are too system hoggish... Maybe Kerio...

However,  do I need anything, I mean aside from XP's and the 8 Webshields from avast!, (not talking about anti spyware stuff like ad aware or spybot and stuff like that but the actualy connection to the net part) or is avast! enough? (with the XP firewall)

Thanks!

EDIT: Thanks for the link, I am also liking the look of Ghost Wall... ifI have to pick a firewall aside from XP's, that is...
« Last Edit: September 27, 2006, 04:26:35 AM by Rain »

martosurf

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #3 on: September 27, 2006, 04:37:28 AM »
Hello,

I tried them all -I mean all the firewalls- and time after time I back to WinXPsp2 built-in.
Sure I miss the outbound protection... but hey! I know which apps are running in my PC because after all I installed them... yeahh, of course it bothers to me a little that MS Word, for example, "phones home" from time to time, because why in the hell a word processor needs to phone home???

Right now I find avast! Pro with sp2 firewall an excellent combo, they both leave little -very little- system footprint so I'm very happy with them. I haven't had any virus/malware episode from a very very very long time...

I also run background Spybot's TeaTimer which gives me an extra layer protecting Internet Explorer and registry -and also has smaller system load than AdAware's solution.

By the way, rather than IE6sp2 I browse internet with OperaUSB 9 and since few days with Torpark too.

Regards,
Martín

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #4 on: September 27, 2006, 04:50:22 AM »
Comodo... too system hoggish
Are you sure? Did you test last Comodo version?

However,  do I need anything, I mean aside from XP's and the 8 Webshields from avast!, (not talking about anti spyware stuff like ad aware or spybot and stuff like that but the actualy connection to the net part) or is avast! enough? (with the XP firewall)
Well... I think a firewall is necessary (NetShield of avast is not enough).
For me, XP firewall is not enough (maybe if you have a well configurated hardware firewall...).

of course it bothers to me a little that MS Word, for example, "phones home" from time to time, because why in the hell a word processor needs to phone home???
MS Word phone home? Why? Are you sure?  ::) ???
The best things in life are free.

dk70

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #5 on: September 27, 2006, 04:55:23 AM »
As you say it passes tests as well as any other firewall. Practically zero overhead and has increased security on internet 1000 times, at least with SP2. Say thanks to Windows Firewall.

You dont absolutely need outbound control. If you use a lot of cracks and warez and cant be bothered to check out "stability" first then may be. If you have some control over input you wont be any safer with outbound control. Which can be hacked anyways. Seeing all those popups and stats might make you feel safer though.

One who seemed like he actually knew a bit about firewalls said that unless user is on top of things and understand rules and such, he/she should use outbound control. Potentially risky and safety is practically zero if you just click around and is annoyed. I think that is very true. You must know firewall like you do notepad.

Some will even say having any software based firewall is false protection - lets just say that picture is not black and white and there is no way you are NOT safe with no outbound control. Many a security guide/freak will say that, Windows Firewall is crap, get Zonealarm or whatever. In many cases those people might as well be talking about a football team or a game - have little to do with real issues.

I would chose Kerio btw, but dont use firewall - only router so hardware based. Got to have inbound control for sure but need for outbound can be questioned. I somehow doubt a software firewall will save computer security if you actually have a real need for outbound  8)

Not enough - then forget about the internets and look closer at system security, browser security perhaps also. Windows Defender keep an eye on system changes and alert you. Much more relevant than outbound control. If whatever hurts computer is clever enough firewall wont even notice, security watching programs might. Stuff like Antihook http://www.infoprocess.com.au/antihook.php there are more like this. Not for everyone. If I were paranoid I would definitely use Antihook type of beast, now I settle for Windows Defender. Runs very smoothly and is free, even more useful for active IE user.

Rain

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #6 on: September 27, 2006, 04:59:21 AM »

I also run background Spybot's TeaTimer which gives me an extra layer protecting Internet Explorer and registry -and also has smaller system load than AdAware's solution.

By the way, rather than IE6sp2 I browse internet with OperaUSB 9 and since few days with Torpark too.

Regards,
Martín

Thanks for the breakdown on the XP Firewall thing...

I use Firefox & Opera, have no use for IE, I only use it when MS pushes an update, and I am impatient to get it... so for automatic updates... otherwise I have it disabled...

I have Prevx Pro as well, it protects my shell/kernel/registry/memory, etc. with an iron rule... and I do have some resident little things just hanging out... Spybot's Imunisations, for example, and Spyware Blaster, they barely raise a KB of a footprint...

As for MS Word, calling home, yeah, also PowerPoint, and Excel, and so on, Frontpage, what is with that anyway? I used to have my Zone Alarm configured to stop them, but Zone Alarm was a failure imho, so...

Thanks for the advice and the feedback!

Rain

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #7 on: September 27, 2006, 05:02:21 AM »
Comodo... too system hoggish
Are you sure? Did you test last Comodo version?

However,  do I need anything, I mean aside from XP's and the 8 Webshields from avast!, (not talking about anti spyware stuff like ad aware or spybot and stuff like that but the actualy connection to the net part) or is avast! enough? (with the XP firewall)
Well... I think a firewall is necessary (NetShield of avast is not enough).
For me, XP firewall is not enough (maybe if you have a well configurated hardware firewall...).

Yes, I have tried Comodo, no like... but eh...

I am still pondering the firewall issue...so I do appreaciate the advice very much...

Rain

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #8 on: September 27, 2006, 05:14:27 AM »
As you say it passes tests as well as any other firewall. Practically zero overhead and has increased security on internet 1000 times, at least with SP2. Say thanks to Windows Firewall.

Yes, it seems to be ok, still deciding though.. of course...

You dont absolutely need outbound control. If you use a lot of cracks and warez and cant be bothered to check out "stability" first then may be. If you have some control over input you wont be any safer with outbound control. Which can be hacked anyways. Seeing all those popups and stats might make you feel safer though.

I am terribly boring, I am a writer, so mostly my computer acts as a typewriter for me, which I use to check email with and interact on forums like this... probably a hangover from the good old days, I have beenonline since 1992... the bling of the net is fun, but I never really got into it...

One who seemed like he actually knew a bit about firewalls said that unless user is on top of things and understand rules and such, he/she should use outbound control. Potentially risky and safety is practically zero if you just click around and is annoyed. I think that is very true. You must know firewall like you do notepad.

I like highly user interactive software, I want to know what is going on, and so on... can't use Photoshop to save my life, but I will play in the Windows System File, and do no damage...

Some will even say having any software based firewall is false protection - lets just say that picture is not black and white and there is no way you are NOT safe with no outbound control. Many a security guide/freak will say that, Windows Firewall is crap, get Zonealarm or whatever. In many cases those people might as well be talking about a football team or a game - have little to do with real issues.

Zone Alarm failed me twice.. once, when it was unable to eradicate a Java based piece of garbage, that installed itself into my Java Cache, (yay for Crap Cleaner) and another time, when it allowed a Trojan in, and was unable to remove it.. I only use webmail, do not have MSN Messenger, and I dont do peer 2 peer, games or porn, so... I think the Trojan came during an almost two week period, where Zone Alarm did not update, and many users were left to their own devices...

Another curious thing, Zone Alarm, when it scanned my machine, scanned between 75 000 and 100 000 files, avast! Scanned close to 250 000... I am impressed...

I would chose Kerio btw, but dont use firewall - only router so hardware based. Got to have inbound control for sure but need for outbound can be questioned. I somehow doubt a software firewall will save computer security if you actually have a real need for outbound  8)

Yeah, I prefer to have my fun by trying to keep them out, it is my petite obsession.. and I enjoy it...

Not enough - then forget about the internets and look closer at system security, browser security perhaps also. Windows Defender keep an eye on system changes and alert you. Much more relevant than outbound control. If whatever hurts computer is clever enough firewall wont even notice, security watching programs might. Stuff like Antihook http://www.infoprocess.com.au/antihook.php there are more like this. Not for everyone. If I were paranoid I would definitely use Antihook type of beast, now I settle for Windows Defender. Runs very smoothly and is free, even more useful for active IE user.

I only use Firefox and Opera, though i do have Torpark on a flash stick... as for things to monitor my system, I have something very powerful and grumpy as hell, called Prevx Pro... it maintains an iron rule on my system core/shell/memory/and other critical areas, and any changes that it monitors, have to ask it, and subsequently me, for permission...

SpywareBlaster, offers some resident protection for Firefox, which is why I have it, and Spybot offers some for Opera, which is mainly why I have it...

Of course, I do use Ad Aware, and Crap Cleaner, and read my Hijack This logs like they are fascinating works of fiction... ;)

Thanks for your advice!

dk70

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #9 on: September 27, 2006, 07:23:50 AM »
I dont think there is any chance of you getting infected, outbound control or not  8) Really, security is about your use of computer than how many tools you run. And of course keeping OS updated. Many of those scary stories you hear about are based on user errors, not updated OS or no control at all over P2P inputs, Received files. Even if you install/test shareware it is not that easy to be infected with very harmful malware. Risk is minimal if sources are known.

If you like to play with this why dont you rush out and download at least all freeware firewalls. Ive done that before and couldnt care less for outbound, heh. Some looks cool but are buggy as h..., others are boring and strangely put together but seems 100% stable. Some get support/updates others die slowly. A business with few winners. Eventually only 1 called Microsoft! Note that BSOD can happen, firewall digs deep into OS so if incompatible with whatever computer might just give up. Test carefully.

Well IE user or not you have it on hd. In your Winamp, in your RSS reader and so on it pops up. Malware can still misuse engine so Firefox/Opera browsing is no gurantee of anyting but of course less risk during browsing. I have IE7 RC1, totally different beast. Also a good browser for the less demanding. Good entry level. No need to change if you are not into powerbrowsing so if not spoilt by some extension goodies you could split up with Firefox... Less to worry about.

Windows Defender is probably not meant to be used as tool number 4 or 5 or just coexist with other deep diggers. Conflicting security applications is not good. A very good tool anyone can figure out, like with Windows Firewall general security level will go up, ie. updates comes directly with Windows Update. MS has blown for so long about this I can hardly take them seriously, speed in recognizing and dealing with problems is essential and MS has been zzzzzzz, but Defender is a good free product. Only a beta2  but seems very stable for most. If you have some not so techie friends give them Defender, almost foolproof.

You probably know this place http://www.wilderssecurity.com/ Search for your testing object, might save you some time.
« Last Edit: September 27, 2006, 07:26:02 AM by dk70 »

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #10 on: September 27, 2006, 11:11:01 AM »
I appreciate that if you don't need to set up advanced rules, the Windows firewall is fine, but I still prefer a firewall with outbound control.

Although I've never had a Trojan infection, can I guarantee that I never will in the future? Not 100%, no. Even a knowledgeable user can make a mistake, like this chap:

http://www.pcadvisor.co.uk/blogs/index.cfm?entryid=389&blogid=4

I understand the reasoning that once a Trojan has system access, it can do anything it wants, including terminating any other application, in practice this can be difficult if an application is designed to prevent itself being terminated. We have seen on the forum how difficult it can be to remove malware that doesn't want to go and tries to protect itself. Third party firewalls at least make an effort to protect themselves from deletion, whereas the Windows firewall seems to be easy to bring down.

Here's empirical proof from an anti-virus test: a Trojan on a system with Windows firewall brought it down  easily, but a Trojan on a system with a third party firewall resisted being brought down and prevented the Trojan downloading more malware.

Quote
It ignored several Trojans, one of which successfully disabled the Windows firewall, allowing potential attackers remote control of the system.

http://www.computershopper.co.uk/labs/220/anti-virus-exposed/products.html

Quote
The anti-virus scanner missed four of our Trojans. But when one tried to contact the internet the firewall stopped it.

http://www.computershopper.co.uk/labs/220/anti-virus-exposed/products.html

Will I ever be dumb enough to run a Trojan? I hope not! But I'd want my firewall to put up some kind of resistance if I ever did.

I used to use Kerio (until it mysteriously stopped running on my system). I used to like the fact that it had IDS, even with the free version. I'm not sure how effective it was, as it never seemed to be updated. (With Symantec, the IDS database was updated every week or so- an excellent firewall appart from the huge subscription fee, the huge update fee, and the fact that support is immediately dropped if you don't upgrade.)

Kerio IDS allowed users to protect themselves from the recent VML attack, although only by borrowing a BleedingEdge Snort signature:

http://sunbeltblog.blogspot.com/2006/09/snort-signature-for-vml-exploit-works.html

At the moment I use ZA, which I don't think has IDS, but it does protect itself from attack and it keeps an eye on outbound traffic. It has little impact on my less-than-up-to-the-minute system and it's free.

And you can't argue with that!

EDIT: seems Sunbelt have updated the program to include IDS updates:

Quote
Enhanced the update check capabilities to update language files and IDS rules.

http://sunbeltblog.blogspot.com/2006/07/new-versions-of-kerio-sunbelt.html
« Last Edit: September 29, 2006, 04:38:36 PM by FreewheelinFrank »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

dk70

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #11 on: September 27, 2006, 07:24:41 PM »
Anyone can get unlucky but this guy.

1. Disabled his Antivirus
2. Went to a site he knew was "bad"
3. Downloaded a brand new, and so impossible to verify, crack
4. Did not test crack but just ran it.

Conclusion is unless you are in control of incomings do run some active shield and if cracks etc. then check with more than 1 AV.

That outbound notifies him about traffic is of course nice but far away from real problem and not a solution. Not like he didnt know at that point. He ended up reinstalling OS. Windows Firewall is also not of much use in this situation, too much to ask. Windows Defender might have helped a lot. More than AV even, hard to say if it would have picked up trojan.

So he is IT professional and Administrator of something, just shows why it is so great Microsoft have picked up interest for security and has made them part of OS, more or less. The geeks will have special tools and advanced setups, the not so geeky often nothing - MS to the rescue with Windows update etc. Go away Symantec and friends... Tons of people turn it off and use SP1 or no SP at all. That is still big problem.

Good of him to write the story. Many more like him but most dont like to speak of own "mistakes"  8) Overconfidence is better word - or too long since in touch with real disaster.

Be careful about stats, of course trojans targets Windows Firewall as first thing.  Besides that there are more than a few circulating, some might go after 3rd party firewalls as well. Empirical proof is a big claim with AV, firewalls and such things. There will be a million exceptions and ifs. At the end of the day most is really up to content between right and left ear or good practices. Defining use is good start - this ADM use cracks and go to bad sites - act accordingly and there will be no trouble.

dk70

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #12 on: September 27, 2006, 07:57:29 PM »
About the number of files scanned you should be aware that many files are in fact archvies or compressed so AV must have the ability to look inside. Avast can check 7zip files for example. If Mozilla decided to plant a virus into your next Firefox download Avast might see it, other AV will not - since they use 7zip compressing for their exe-files. Avast is probably lacking in other areas but pretty good with archives. So if you disable real time scanning you better be sure scanner can actually look inside or there could be a surprise when you run ie. a selfextracting exe-file. This is why number of a complete scan will differ, unlikely to exactly match that of other AV.

Some files are encrypted or whatever, no way to check them - more reason to be very careful about what to install and/or run active shield. I dont run active AV-shield, potentially a gigantic mistake - I must always remember and set up ways of dealing with incoming. Can never beat shield though, must not be overconfident/stupid, but not all go to crack sites. My less than clever sister have Avast running with all lights on. Reason is I dont trust her  8)

Rain

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #13 on: September 28, 2006, 12:28:21 AM »
dk70

I dont think there is any chance of you getting infected, outbound control or not  8) Really, security is about your use of computer than how many tools you run. And of course keeping OS updated. Many of those scary stories you hear about are based on user errors, not updated OS or no control at all over P2P inputs, Received files. Even if you install/test shareware it is not that easy to be infected with very harmful malware. Risk is minimal if sources are known.

Yes, and I like computer security, so for me it is interesting to figure it out, and learn how, and protect and so on...   Also, I am as I said, boring, it would not occur to me to use P2P, I could care less... So in many ways, I am probably not a high risk user, but my computer is configured like I am expecting an attack... 20 years of martial arts, maybe?

If you like to play with this why dont you rush out and download at least all freeware firewalls. Ive done that before and couldnt care less for outbound, heh. Some looks cool but are buggy as h..., others are boring and strangely put together but seems 100% stable. Some get support/updates others die slowly. A business with few winners. Eventually only 1 called Microsoft! Note that BSOD can happen, firewall digs deep into OS so if incompatible with whatever computer might just give up. Test carefully.


I have tried Zone Alarm, AVG w/Firewall, MacAfee, Symantec, Comodo, Jetico, and GhostWall... Some of these on my own machine, others on machines that I administer...  GhostWall was intriguing, but it made no sense, and I am not in the mood to figure it out right now so maybe another day...

Well IE user or not you have it on hd. In your Winamp, in your RSS reader and so on it pops up. Malware can still misuse engine so Firefox/Opera browsing is no gurantee of anyting but of course less risk during browsing. I have IE7 RC1, totally different beast. Also a good browser for the less demanding. Good entry level. No need to change if you are not into powerbrowsing so if not spoilt by some extension goodies you could split up with Firefox... Less to worry about.

Again, I am boring as hell, RSS and Winamp are things I obviously have, but I do not use them... and I always pay attention to what is going on on my computer... I have setup things, that are seperate from the Task Manager, and therefore not potentially corrupted if my OS gets corrupted, with which I can monitor just about everything.. so that is good...

Windows Defender is probably not meant to be used as tool number 4 or 5 or just coexist with other deep diggers. Conflicting security applications is not good. A very good tool anyone can figure out, like with Windows Firewall general security level will go up, ie. updates comes directly with Windows Update. MS has blown for so long about this I can hardly take them seriously, speed in recognizing and dealing with problems is essential and MS has been zzzzzzz, but Defender is a good free product. Only a beta2  but seems very stable for most. If you have some not so techie friends give them Defender, almost foolproof.

I am not impressed by Windows Antispyware/Defender... not at all...

I use Prevx as my primary AntiSpyware, it has already justified its existance, particularly during the Windows image bug earlier in the year, a contaminated image slipped pas Zone Alarm (spit on Zone Alarm) and Prevx bore down on it like a grand piano dropped from a skyscraper... among other things, of course...

From the publisher:

Prevx Pro is new generation, must have intrusion prevention security technology - with no need for signatures.

Only Prevx Pro prevents the execution of zero-day email virus attachments MyDoom, Bagle, SoBig, Netsky and Beagle were all blocked by Prevx technology before they were even recognized by other security vendors.

And Prevx Pro is also proven to stop Internet worms, Trojans and hack attacks. It provides a comprehensive and critical last line of defense; immediately protecting your computer against all of these sophisticated, new attacks attacks that other security measures fail to stop.

It s a fact that firewalls can t block virus infiltration. And anti-virus software is always one step behind the latest threats, leaving PCs open to new, previously unseen attacks. So, with traditional spyware tools failing to prevent the installation of spyware onto PCs, it s no wonder PC users have to regularly scan, detect and clean their computers.

Prevx Pro is easy to use and you ll be protected against malicious intrusions capable of crashing your system, stealing confidential information, tracking your browsing behavior or hijacking your PC and slowing down your Internet connection.

Prevx Pro works by protecting the areas of your computer most likely to be targeted during an attack including your PC s memory, file system, operating system, registry and programs. Prevx Pro stops spyware attacks that change the IE default Home Page and install malicious browser helper objects or toolbars. It also stops the installation and execution of in-memory/buffer overflow attacks; tactics commonly used by Internet worms and for hack attacks.

Potentially harmful behavior is blocked and you are notified via a pop-up alert asking if you want to allow or deny the activity. If you are uncertain what to do, you can Get Advice by accessing our comprehensive online database of threats. Here you will be able to see the percentage of fellow users who ve previously allowed or denied the specific security event you are experiencing. Prevx Pro users can also create, edit and maintain their own black and white application lists; minimizing the number of false-positive alerts. If you should need further help, Prevx Pro users receive free, priority email customer support 24/7 and 365 days a year.


You probably know this place http://www.wilderssecurity.com/ Search for your testing object, might save you some time.


Yes, still need to think about that... I liked it, the Ghost Wall, but I must learn to use it, before I instal it, not after...

Rain

  • Guest
Re: XP's Firewall - Good? Bad? Ugly?
« Reply #14 on: September 28, 2006, 12:38:02 AM »
FreewheelinFrank

I appreciate that if you don't need to set up advanced rules, the Windows firewall is fine, but I still prefer a firewall with outbound control.

I don't mind rules, but I want functionality... so until I find something that fulfils my needs, Windos Firewall coupled with avast!'s shields, it is... (and various anti-spyware stuff)

Although I've never had a Trojan infection, can I guarantee that I never will in the future? Not 100%, no. Even a knowledgeable user can make a mistake, like this chap:

I've dealt with a few, not on my machine, but on the machines of computers I administer... the main reason for infection is the user.. mostly...

I understand the reasoning that once a Trojan has system access, it can do anything it wants, including terminating any other application, in practice this can be difficult if an application is designed to prevent itself being terminated. We have seen on the forum how difficult it can be to remove malware that doesn't want to go and tries to protect itself. Third party firewalls at least make an effort to protect themselves from deletion, whereas the Windows firewall seems to be easy to bring down.

I think it also depends on what sort of other security measures one has, if one simply has nothing, (especially a problem among home users) or one never runs, updates, scans with, or pays any attention to what one has, including windows updates, then it is relativelly easy to infect...

I remember once, I had this nice older lady asking for my help, and after a long time of persuading, I managed to convince her to instal: AVG Free, Zone Alarm Free, Spybot, Ad-Aware & Crap Cleaner... (she had nothing, and her automatic updates were not switched on) Upon scanning with AVG, over twenty Trojans, were discovered, never mind that Ad Aware picked up and so on, and Spybot was very useful for removal, it took me a day to clean out her machine, and then, despite that, it took me a long time to convince her that even using them once a week, and making sure they were updates, was worth her time...

Here's empirical proof from an anti-virus test: a Trojan on a system with Windows firewall brought it down  easily, but a Trojan on a system with a third party firewall resisted being brought down and prevented the Trojan downloading more malware.

I can agree, that it might be easier for a Trojan to disable a third party firewall, but nowadays, third party firewalls are also under attack, they are protected with passwords and so on, as a concequence.. and common ones are probably specifically targetted. As quickly as users wisen up, hackers do as well...

Quote
It ignored several Trojans, one of which successfully disabled the Windows firewall, allowing potential attackers remote control of the system.

Yes, but sounds to me that the guy was only relying on his firewall, and had nothign else going on... anything can be penerated, but it is what happens after that, that matters more, almost... which is one of the reasons I am in love with avast! as it scans my processes, as well...

At the moment I use ZA, which I don't think has IDS, but it does protect itself from attack and it keeps an eye on outbound traffic. It has little impact on my less-than-up-to-the-minute system and it's free.


Zone Alarm, is something I used for a year, though others have had experience with it that is positive, mine was not... I agree, it is good software, but I found it to be flexible, non-intuitive, and it presumed too much, while failign to protect me... (I had a Pro version)