One of our computers simply equipped with XP firewall & Avast Home. A wrongly configured top-notch firewall can be unsafer than XP firewall is. In fact, if you are a light user, you may not need to use more heavily equipped modern firewalls. However, if you are still interested, quite many people here refer to Matousec’s test results. However, although Comodo Free is highly rated, it is not popular here mainly because of their policies. Read the comments in this thread.

how do i determine whether i’m a light enough user to get away with using xp firewall? should i wait til i get a virus?

A tough question, I guess. In fact, the net is increasingly getting dangerous and we cannot say which are safe sites any more. Then, please start with Tech’s post here. I guess it’s a good start.

Would you call a fire door that only protected you from fire on one side of the door to be a true fire door, I wouldn’t, certainly not if you happened to be on the wrong side of the door.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

• There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Online Armor and recently released, Outpost Firewall free 6.5 (2009)

Many forum users are using the above:

• PC Tools Firewall seems to have the least user headaches as it doesn’t seem to be constantly asking the user questions about this and that.
• Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
• Comodo is now a suite and you have to do a custom install so as not to install the antivirus element (or use the add remove programs to remove the AV element if already installed), of all the firewalls listed this seems to be the noisiest in asking questions, depending on settings and elements used, so it could be daunting for those not to familiar with firewalls or their systems.
• Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection, http://free.agnitum.com/. Download, http://www.filehippo.com/download_outpost_firewall/

I don’t believe there is such a beast as a light user, you either have internet access, in which case you need a firewall to protect against unauthorised internet access.

perhaps the slowdown is a necessary trade-off for free protection. :-\

Hmmm…however, there definitely are difference among people in terms of the frequency of using PC. In any case, I’d recommend anybody who use the net to make sure to behind a router, which should offer the basic protection against net. In my case, I even chose a provider which offers port-blocking at ISP’s level.

rdmaloyjr was talking of Outpost firewall. The problem here is that it tough to see how things would turn out on your own system. DavidR, who is using a registered version of Outpost firewall, is on a decent system with low-speed connection, for example. You can ask people some questions but, ultimately, you have to try apps by yourself.

i’m not very technical. can you recommend the simplest way for me to get “behind a router?”

which provider do you use? :-\

if you’re on DSL or cable you already have one, rented or sold or given to you by your ISP. So the “simplest” way to get behind it is to connect your computer to it, either via ethernet or wifi (or usb…)…the router integrates, most of the time, the modem that will connect you to the Internet. Its functions are not just to make a “bridge” (gateway) between you and the Internet, but also between your computer and other computers on your local network, allowing file and printer sharing. (routers can be bought as standalone if needed).
Routers are a security because they have a firewall (that you don’t absolutely need to configure) inside. I consider this layer more important than the software firewall used in Windows. Go to “shield ups” http://www.grc.com/intro.htm with just a software firewall, and then with just the router’s firewall, and see the difference in the results.

http://forum.avast.com/index.php?topic=49944.msg423075#msg423075

If you’re paying for 10mbps, will you be happy with only 3mbps?

is mcafee really as bad as mtousec says? i’ve been using it for years w/o an apparent problem. i downloaded as part of att/yahoo dsl package. i’m not very technical though. should i junk it for one of the ones rated higher?

hey tiresias, thanks for the info about routers ;D

Thanks Logos. But does it follow that if I have a router that i can get away with using xp firewall along with avast home edition as my sole protection?

Hi Tech,

May I ask why you don’t recommend ZoneAlarm?

I only ask because I use ZoneAlarm Pro.

Thanks!

Avastfan1

PS: Comments are more than welcome from other forum users as well!

no, you still need an outbound firewall. XP firewall can’t set outbound rules (and imagine with the router, this would be a disaster, the firewall there is not a windows application, no alert ;)…rules can be set manually in routers firewalls but that’s not very practical). So you basically need a both ways software firewall in Windows.

To use a simple analogy, the router, the XP firewall, are both like having a good latch on the door to your house. Difficult for a burglar to get in.
However if one does get in (because, say, a house member invited him in or left the back door unlocked - equivalent to a browser vulnerability or a drive by download-) He then has access to the entire household. You have the best deadlock that money can buy. It needs unlocking from the inside. The burglar can get around that by simply removing the hinges, now he has access.
There are no hinge locks on your door, so he can simply open it and take the booty out and away.

Hinge locks are like fixed bolts into the door frame that prevent the door being removed from its hinges from the inside, to facilitate removal of bulky items. Combined with a dead lock, it turns the door into something quite impregnable, without the use of heavy and destructive tools.

Think of a two way firewall as hinge locks. If something gets in - and there are ways that can happen- it has to ask you for permission to leave.

this link will answer your question:

http://www.matousec.com/projects/proactive-security-challenge/results.php

The latest version is ZA Pro 9.1.008.000.

Is there another link which is more current?

Thanks!

Most consumer level routers actually don’t have much of a firewall, but rely on NAT (Network Address Translation) to provide similar levels of protection. NAT is actually an interim step in the IP4 to IP6 internet addressing transition, (The Internet is running (ran?) out of unique IP addresses) allowing for private IP addresses http://en.wikipedia.org/wiki/IP_address#IPv4_private_addresses valid only within your LAN and repeated in other LANs to have a way to connect to the internet. This is done by having your router maintain tables of outgoing traffic from each of the computers on your LAN, doing the LAN-WAN IP address translation, only allowing inbound (WAN) traffic that is a response to something you sent out, and keeping track of who sent what out to accomplish this. So the router manages your connection streams for you without much intervention. This is a different approach than a firewall, which actually looks at blocking/allowing ports and protocols via rules, but is generally quite effective. A router does need to have a way to punch holes in this to allow things like passive FTP, but usually there are only a few settings and sometimes some interesting tweaks. I have attached the firewalls for two DSL routers as examples: the first is a Linksys consumer router running Tomato firmware, which has just a few settings. The other is for a Netopia business class router, which I am using as a bridge but which has actual firewall capabilities; when not set it becomes NAT again. So a router is a great thing to have, requires no setup, and lets you mostly forget about WAN generated inbound traffic security issues. But a software router helps you manage your LAN security and outbound connection permissions as well for things just phoning home or actual malware that got in somehow. Looking forward to seeing the capabilities of the Avast! version.
Of the dozen or so software firewalls I have used for any length of time, currently focused on Online Armor. It has some useful features for handling mobile users who often switch between networks that augment its usability and general firewall capabilities that are highly rated elsewhere. Plus, like Avast!, they are a great company to deal with. I used Comodo for a year (beta tester, moderator), and the firewall/D+ is still good but unnecessarily complicated for most users unless you just enjoy security as a hobby-the suite development effectively stopped the potential growth of the firewall/HIPS. The others discussed I haven’t used recently, but they get good ratings and you just need to try them on for size to see what fits the way you want to use your system.

I just think that:

1. Zonelabs support is very poor.
2. They have problems with avast and never acknowledged them. It’s a lack of trustfulness.
3. I think there are better free firewalls nowadays.
   So, I’m an ex-ZA user.