Archived from groups: comp.security.firewalls (More info?)

I am interested to know which type of firewall is adequate for a home
PC, I have been recommended to use either Norton Personal Firewall
2004 or McAfee Personal Firewall, are these appropriate or can anybody
recommend suitable alternatives.

Thanks for any help.

Neil

Archived from groups: comp.security.firewalls (More info?)

On 2 Jun 2004 03:49:32 -0700, Neil Mort wrote:

>I am interested to know which type of firewall is adequate for a home
>PC, I have been recommended to use either Norton Personal Firewall
>2004 or McAfee Personal Firewall, are these appropriate or can anybody
>recommend suitable alternatives.

I use ZoneAlarm Pro Ver 4.5.594.000 there is also a free version.
ZA Ver 5 has just been released and has received a mixed reception.
http://download.zonelabs.com/bin/f [...] story.html
--

Chris Bee

Archived from groups: comp.security.firewalls (More info?)

Neil Mort wrote:

> I am interested to know which type of firewall is adequate for a home
> PC,

Simply configure your system properly and you don't need any suspisious
third party so called 'firewall' software.

http://www.ntsvcfg.de/ntsvcfg_eng.html

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

Archived from groups: comp.security.firewalls (More info?)

Bumblebee wrote:
^^^^^^^^^

Who?

> I use ZoneAlarm Pro [...]

I don't. And you don't need either. But besides obtaining a real name you
need to read: http://www.ntsvcfg.de/ntsvcfg_eng.html

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

Archived from groups: comp.security.firewalls (More info?)

In article <c9kf6j$3o9$1@news.shlink.de>, wolfgang@shconnect.de says...
> Neil Mort wrote:
>
> > I am interested to know which type of firewall is adequate for a home
> > PC,
>
> Simply configure your system properly and you don't need any suspisious
> third party so called 'firewall' software.
>
> http://www.ntsvcfg.de/ntsvcfg_eng.html

Which doesn't happen in the real world for most users - most of them can
barely follow instructions let alone configure their machines to work
properly.

Anyone with a home PC should get a border device, a NAT router, and then
run quality Anti-Virus software on their machine. These two things alone
will prevent more problems that most of the other solutions combined.

One more thing, if you set the internet explorer "Internet" security
settings to HIGH you are less likely to have problems while browsing
sites that may contain malicious code. Setting the security setting for
the internet zone to HIGH has it's own issues, but it's easy to work
with.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

"Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
news:c9kf6j$3o9$1@news.shlink.de...
> Neil Mort wrote:
>
> > I am interested to know which type of firewall is adequate for a home
> > PC,
>
> Simply configure your system properly and you don't need any suspisious
> third party so called 'firewall' software.

I'm sorry but that is complete bollocks. The vast majority of computers
users can hardly configure their computers to print let alone configure the
operating system to make it secure. Even if they could they would be unable
to maintain it in the correct state.

Your advice is bad, wrong and downright unhelpful.

If you think your system really is secure, post your public IP address :-)

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

> Anyone with a home PC should get a border device, a NAT router,

Unneccessary, as long as the sytem does not offer any services.

> and then run quality Anti-Virus software on their machine.

What for? To realize that this 'quality Anti-Virus software' will either
produce false positives and that a certain period exists, during which the
system is vulnerable due to the fact, that the scanner lacks the virus
pattern?

> These two things alone
> will prevent more problems that most of the other solutions combined.

One thing prevents them all: a secure configuration of the OS and a skilled
user.

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

Archived from groups: comp.security.firewalls (More info?)

Mike wrote:

>> Simply configure your system properly and you don't need any suspisious
>> third party so called 'firewall' software.
>
> I'm sorry but that is complete bollocks.

It is not.

> The vast majority of computers
> users can hardly configure their computers to print let alone configure
> the operating system to make it secure.

The place for complaining about that is the manufacturer of the OS in
question.

> Even if they could they would be
> unable to maintain it in the correct state.

see above.

> Your advice is bad, wrong and downright unhelpful.

You can't secure a system by adding code. Esspecially you can't secure a
system by adding code from third party vendors if you don't have access to
the kernel sources. Mode code means more complexity, thus more
possibilities for errors.

> If you think your system really is secure, post your public IP address :-)

Have you ever looked into the headers of my postings?

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

Archived from groups: comp.security.firewalls (More info?)

On Wed, 2 Jun 2004 13:54:57 +0100, "Mike" <nospam@notherematey.com> wrote:


>> Simply configure your system properly and you don't need any suspisious
>> third party so called 'firewall' software.
>
>I'm sorry but that is complete bollocks.

You're being charitable Mike.

>The vast majority of computers
>users can hardly configure their computers to print let alone configure the
>operating system to make it secure. Even if they could they would be unable
>to maintain it in the correct state.

Quite, to assume that they would just 'know' how to lock down a system
properly is nonsense.

>
>Your advice is bad, wrong and downright unhelpful.


Quite, his assertions in

Message-ID: <c9kin6$480$1@news.shlink.de>


w.r.t the sage advice of implementing defence in depth using a dedicated
router and host based measures are utterly ridiculous.


greg


>
--
"vying with Platt for the largest gap
between capability and self perception"

Archived from groups: comp.security.firewalls (More info?)

Mike wrote:

>
> "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
> news:c9kf6j$3o9$1@news.shlink.de...
>> Neil Mort wrote:
>>
>> > I am interested to know which type of firewall is adequate for a home
>> > PC,
>>
>> Simply configure your system properly and you don't need any suspisious
>> third party so called 'firewall' software.
>
> I'm sorry but that is complete bollocks. The vast majority of computers
> users can hardly configure their computers to print let alone configure
> the operating system to make it secure. Even if they could they would be
> unable to maintain it in the correct state.

You most definitely should not be sorry. Politeness is fine but there are
limits...

> Your advice is bad, wrong and downright unhelpful.

I second that.
--
Mailman

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

> In article <c9kf6j$3o9$1@news.shlink.de>, wolfgang@shconnect.de says...
>> Neil Mort wrote:
>>
>> > I am interested to know which type of firewall is adequate for a home
>> > PC,
>>
>> Simply configure your system properly and you don't need any suspisious
>> third party so called 'firewall' software.
>>
>> http://www.ntsvcfg.de/ntsvcfg_eng.html
>
> Which doesn't happen in the real world for most users - most of them can
> barely follow instructions let alone configure their machines to work
> properly.

True.

> Anyone with a home PC should get a border device, a NAT router, and then
> run quality Anti-Virus software on their machine. These two things alone
> will prevent more problems that most of the other solutions combined.

False. Most (home) users do not need a high-end separate device - a good
software firewall (both Kerio and ZA are free and seem to do a reasonably
good job) is sufficient to keep out various worms and prevent most attacks
against known weaknesses. In any case if you use XP do not rely on the
built-in firewall - it will keep out bad stuff, but not alert you to things
already on your machine.

Good AV is important but not enough. Anti-spyware is at least as important.

> One more thing, if you set the internet explorer "Internet" security
> settings to HIGH you are less likely to have problems while browsing
> sites that may contain malicious code. Setting the security setting for
> the internet zone to HIGH has it's own issues, but it's easy to work
> with.

Good advice. In any case disable ActiveX (assuming you use IE - which is a
BAD idea). Java is optional.
--
Mailman

Archived from groups: comp.security.firewalls (More info?)

In article <c9kin6$480$1@news.shlink.de>, wolfgang@shconnect.de says...
> Leythos wrote:
>
> > Anyone with a home PC should get a border device, a NAT router,
>
> Unneccessary, as long as the sytem does not offer any services.

If you feel that your advice is sound, then post a link that clearly
shows how to "fully secure" a Windows 98, Windows XP Home and Windows XP
Professional system against all viruses and exploits.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

Greg Hennessy wrote:

> w.r.t the sage advice of implementing defence in depth using a dedicated
> router and host based measures are utterly ridiculous.

Well, I could get angry about that, but I keep calm ...

Of course there is nothing wrong with 'defence in depth' and several 'lines
of defense', if done properly and operated by skilled staff. However
telling unskilled users simply to 'set up a NAT device' has hardly anything
to to with 'defense in depth'. Several people giving this advice over and
over again do not get tired claiming that most users are unskilled and
therefore connot set up their systems properly. May I kindly ask those
people how these unskilled users can operate a proper 'defense in depth'
setup? If those users are unskilled (I have no doubt that many of them are
....) they will neither be able to read or understand the logs nor draw (the
right) conclusions from the logs.

Adding complexity to a system is never the solution when complexity itself
is the problem.

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

Archived from groups: comp.security.firewalls (More info?)

"Mike" <nospam@notherematey.com> wrote in
news:c9kin1$c81$1@thorium.cix.co.uk:

>
> "Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
> news:c9kf6j$3o9$1@news.shlink.de...
>> Neil Mort wrote:
>>
>> > I am interested to know which type of firewall is adequate for a
>> > home PC,
>>
>> Simply configure your system properly and you don't need any
>> suspisious third party so called 'firewall' software.
>
> I'm sorry but that is complete bollocks. The vast majority of
> computers users can hardly configure their computers to print let
> alone configure the operating system to make it secure. Even if they
> could they would be unable to maintain it in the correct state.
>
> Your advice is bad, wrong and downright unhelpful.


I work in customer support and can confirm that! Not only do most
users not know how to configure their computers for security, so many
of them don't want to learn how to get "under the hood" and do anything
but use the program(s) they purchase! They complain "you don't need to
know how to repair your car in order to drive, why should you need to
know how to <name just about anything necessary to update, configure,
etc> your computer to use it?"

Ppfflllt is what I'd like to say to them!

Sherry

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

> It's in the details - and most users don't know the details. That's why
> a NAT device and AV software are so important.

If they lack knowledge they will not be able to operate the additional
device/s or software as well.

If complexity is the problem making a setup more complex is _not_ the
solution.

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

Archived from groups: comp.security.firewalls (More info?)

In article <c9knub$4uf$1@news.shlink.de>, wolfgang@shconnect.de says...
> Greg Hennessy wrote:
>
> > w.r.t the sage advice of implementing defence in depth using a dedicated
> > router and host based measures are utterly ridiculous.
>
> Well,