Join 3,430 readers in helping fund MetaFilter (Hide)


Free/cheap firewalls?
February 12, 2006 2:34 PM   Subscribe

Is Zone Alarm the last free firewall software?

I've used Sygate for a couple years now(Win2k and XP), but they were acquired by Symantec and will no longer be offering the product. I tried Kerio, but the interface was terrible. It was not intuitive in the least. (I need something my not-tech-savvy Dad (Win98, eek!)can use as well.) I had a bad experience with Zone Alarm and have been hesitant to try them again. I certainly don't mind paying for a good product, but if I can get it free...?
posted by jaronson to Computers & Internet (24 answers total) 1 user marked this as a favorite
 
What does the Windows XP firewall not do that you want from Zone Alarm?
posted by public at 2:59 PM on February 12, 2006


(Assuming you can't upgrade from Win98 to XP.....) (doh)
posted by public at 3:00 PM on February 12, 2006


Old Version has Sygate up to version 5.6.2808, Tiny Personal Firewall version 2.0.15A, and some Zone Alarm versions as well. Might want to give them a try.
posted by educatedslacker at 3:05 PM on February 12, 2006


Barring that, if you have a broadband connection and a hardware router, that offers far more protection than a software firewall.
posted by cellphone at 3:09 PM on February 12, 2006


wipfw is a port of FreeBSD's ipfw package. Not for everyone, but if you know what you're doing, it can't be beat.
posted by devilsbrigade at 3:14 PM on February 12, 2006


Try Kerio with the simple interface.
posted by orthogonality at 3:31 PM on February 12, 2006


Keiro from Sunbelt Software is free. For the first four weeks running it, all of the features of the full version are accessable. After four weeks, some of the features go away, but it's still a functional firewall--much like Sygate.
posted by Korou at 3:34 PM on February 12, 2006


Thanks for the replies...

...if you have a broadband connection and a hardware router, that offers far more protection than a software firewall.

I do have a broadband connection and a Linksys WRT54G router. Hmm. Ive always heard that a firewall is necessary if you have a broadband connection, but I din't realize the router would provide that protection. Thanks, cellphone.

Oh, and btw, I tried Kerio (in both modes) and all I got when I started up Firefox was a bunch of "Server not Found" pages. Does it possibly conflict with my router firewall where Sygate never did?
posted by jaronson at 4:11 PM on February 12, 2006


Here is a review of free firewalls from Astalavista.
posted by mlis at 4:12 PM on February 12, 2006


jaronson writes "Oh, and btw, I tried Kerio (in both modes) and all I got when I started up Firefox was a bunch of 'Server not Found' pages. "

Kerio (correctly) doesn't allow FF to connect out by default. You must allow FF explicitly.
posted by orthogonality at 5:19 PM on February 12, 2006


What does the Windows XP firewall not do that you want from Zone Alarm?

Can anyone answer this question? I guess I just naturally assumed that the XP firewall was crap; am I wrong?
posted by Saucy Intruder at 5:32 PM on February 12, 2006


Kerio (correctly) doesn't allow FF to connect out by default. You must allow FF explicitly.

Yes, I realize that, (thanks) orthogonality, and I set "permit" across the board and I still couldn't connect.
posted by jaronson at 6:21 PM on February 12, 2006


For one thing, the WinXP firewall offers no protection from outbound connections, so if you run into some spyware it'll be able to call home transparently.
posted by moift at 6:22 PM on February 12, 2006


The Windows XP SP2 firewall works fine. Installing any other firewall software on an XP box is overkill, IMO, and will cause more problems than it prevents.

For Windows 98, the nicest little firewall I know of is the SoftPerfect Personal Firewall.

Both these firewalls are (stateful) packet filters only - they don't do per-application connection blocking, so they won't block spyware etc. that's already installed and capable of making outbound connections; but if that stuff's running on your machine, you ought to be removing it, not just frustrating it with a firewall.

If you install SoftPerfect, you should modify its default rules for handling ICMP traffic: by default, it will allow your PC to respond to Ping requests. If you want to be invisible on the Internet, you should change the default ICMP rule to allow only outbound ICMP traffic, and add another rule that allows inbound ICMP responses.

As soon as I can get any sense out of my ISP's tech support line, I'll upload the SoftPerfect ruleset I usually use, and post a link here.
posted by flabdablet at 6:48 PM on February 12, 2006


"if that stuff's running on your machine, you ought to be removing it, not just frustrating it with a firewall."

And if it does somehow get installed, what better way to discover it quickly than through an alert from your firewall?

Or you could let it use your machine to send spam on someone else's half, blissfully unaware, because network traffic is really the only visible symptom that some of this stuff has.
posted by CrayDrygu at 7:06 PM on February 12, 2006


My SoftPerfect firewall ruleset is here.

As for stuff "somehow" getting installed: if you're running a basic firewall that drops unsolicited connection requests, and using Firefox for Internet browsing, it's just not that likely to happen - especially if you're using XP and run it with a Limited Account user for day-to-day work.

Application blockers certainly have their place, and lots of people like them; but in my experience, installing them on machines owned by the technically clueless is (a) useless, because they end up configured all wrong (b) cruel, because their main effect is to add unexpected and confusing behavior to legitimate tasks.

Sometimes they're worse than useless. I've seen several Zone Alarm installations where Windows Updates had been blocked by ZA, causing XP to go unpatched since the ZA installation date. One of these had blocked Symantec Live Update as well, and was crawling with viruses. I've also seen ZA mysteriously kill printing (it doesn't put 127.0.0.1 in the Trusted zone by default).

If you know what an application blocker is for, and how to set it up, it will undoubtedly work well for you, and make you feel all warm and fuzzy when you run Leak Test; but it seems to me that if you're that savvy, you probably have enough basic network hygiene to keep you uninfested in the first place.
posted by flabdablet at 7:44 PM on February 12, 2006


Thanks, flabdablet.

I think your suggestion is just what I am looking for and have installed SoftPerfect on my Win2k machine. (I'll put it on the Win98 machine after I run it on mine for a few days.) Would you recommend a pseudo-geek like myself to use the "Learning Mode"? Or is your ruleset all I need?
posted by jaronson at 9:03 PM on February 12, 2006


Not to be pedantic, but, if I'm not mistaken, there's no basis for preferring something like a dedicated hardware router (such as the Linksys WRT54G) to a software package that you install on your PC (like ZoneAlarm) simply because the former is a "hardware firewall" and the latter is a "software firewall." Routers like the WRT54G are essentially little Linux PCs that use Linux's built-in firewall software (iptables). That is, they are "software firewalls," and there's nothing magical about them.

You may prefer to use a dedicated router rather than PC-based firewall software for other reasons, of course, but the "hardware firewall" vs. "software firewall" distinction doesn't really have anything to do with it, IMO.
posted by cobra libre at 1:41 PM on February 13, 2006


"Keiro from Sunbelt Software is free."

It's also no longer being developed, IIRC. I remember reading that immediately after PC Magazine selected it in a competition, ironically.
posted by pmurray63 at 3:20 PM on February 13, 2006


cobra libre, I don't understand what you are saying. Are you saying there is no difference between the router firewall and the software firewall? It is just a matter of the user's preference?
posted by jaronson at 4:26 PM on February 13, 2006


jaronson, it's not that it's just a matter of the user's preference, but that whether or not the firewall is running on your PC ("software firewall") or a dedicated device ("hardware firewall") is largely irrelevant; they are all, strictly speaking, software firewalls. What matters is whether or not your firewall solution's capabilities and features suit your needs (and whether it works as advertised).

But after reading over my earlier comment, I think that it's much more pedantic than useful, and you shouldn't let it distract you from flabdablet's advice, if it works for you.

(But I do wonder if it wouldn't just be easier for you to turn on the firewall on your router, since it should protect all of the computers attached to it without any further configuration of the individual computers.)
posted by cobra libre at 5:50 PM on February 13, 2006


jaronson: I've never turned on SoftPerfect's learning mode, so I'll leave that adventure up to you. By all means play with it on your own machine. I'd be interested to hear your comments on how well it works. I would certainly not turn it on on your Dad's machine. You don't need the family-tech-support hassles you're going to get from a randomly configured firewall :)

If you care enough about security to be wanting to run a firewall, you should also make sure that your OS has all available security fixes and patches applied. On your Dad's machine, I'd be visiting Windows Update, installing the Windows 98 Critical Update Notification update, and teaching him what its popup looks like and how to react to it.

My SoftPerfect ruleset is pretty basic, because I don't run much stuff; the only changes I made to the default SoftPerfect rules were the ICMP stuff I explained above, plus opening up the necessary outgoing ports for Gmail's encrypted POP/SMTP access.

I like knowing what my firewall is up to, so I prefer to set up my filtering rules by hand. If I'm trying to make something work (e.g. BitTorrent or VOIP or instant messaging) and a firewall is getting in my way, I read the documentation for the new app to find out what port numbers I need to poke holes in the firewall for, and add rules by hand as needed. SoftPerfect has a logging facility that can reveal what packets are being dropped, which is very handy for debugging new rules.

As for differences between router firewalls and software firewalls: As cobra libre says, the firewall in the router is indeed software. But because it's running in a physically different computer from your application software, and because the operating system inside the router is very unlikely to be Windows, it's harder for malicious code running in your Windows box to turn it off.

It does seem to me though that once you have malicious code running in your Windows box, whether or not your firewall is running right becomes a moot point.

A router firewall, like the Windows XP SP2 firewall and like SoftPerfect but unlike Zone Alarm, is just a packet filter. There's no way for your router to find out which PC application has sent (or is expecting to receive) which packets, so a router firewall can't do per-application blocking.

Theoretically, a properly set up machine shouldn't need a firewall at all. Unsolicited packets arriving at a properly set up machine should simply provoke a "port unavailable" response.

Unfortunately, in these terrorising times of terrifying terror, the Internet is no longer a polite place; and a simple "port unavailable" response can often provoke a persistent flood of connection attempts to other ports and/or incoming packets malformed in various interesting ways. At best, this is annoying (because those incoming packets slow your connection and increase your total-downloads cost). At worst, malware running elsewhere can establish a connection to a service you didn't realize your PC was running, and exploit bugs in that service to inject malware onto your machine; or a malformed packet can trigger OS bugs and take the system down.

If you have a bunch of PC's on a LAN, and the LAN is connected to the Internet through a router, you should definitely use the firewall in the router. Whether or not you also run firewalls in the individual PC's depends on where you think the threats are likely to come from.

For a typical home network, where there's a small number of PC's on the LAN and they're all used by the same small group of people, it probably makes sense to consider them all trustworthy and allow them to communicate freely amongst themselves; so you probably wouldn't bother with software firewalls on the PC's.

In a corporate or college network, where there's a larger number of PC's and the users are not all known to one another, there's more likelihood that one or more PC's might have malware installed by some other means than being pushed in from the Internet. In that case, to slow the spread of contagion across the LAN, you'd probably want to run software firewalls (perhaps including application blockers) on each PC as well.

There's a pretty clear tradeoff between security and convenience. Finding the "sweet spot" that minimizes total work is a good sysadmin's main skill.

Lots more related stuff here.
posted by flabdablet at 8:41 PM on February 15, 2006


I did fiddle with the learning mode in SoftPerfect's Firewall a bit. I don't "run much stuff" either, but I would need to figure out the rule for allowing MediaMonkey to communicate with incoming and outgoing info. (Not today, though.)

I've concluded (from flabdablet's and cobra libre's very helpful comments) that all I need for now is my router firewall. I have SoftPerfect Firewall running on my Win2k machine as a security blanket, if you will. I also have avast! and regularly scan my machine with that and Ad-aware.

Thanks again to the members of the MetaFilter community, especially "in these terrorising times of terrifying terror". Like Lenny Bruce, I am not afraid.
posted by jaronson at 6:24 AM on February 18, 2006


To make that security blanket actually do something, turn on SoftPerfect's logging for mismatched rules. If your router's firewall is working right, you should never see a packet from outside in that log.

Why would MediaMonkey need holes poked in the firewall? Does it do more net-related stuff than just getting CDDB entries via http?
posted by flabdablet at 9:43 PM on February 18, 2006


« Older Speaker Filter: I've just rece...   |  I remember a typical late 1990... Newer »
This thread is closed to new comments.