What firewall do you use ? - Page 2

Thanks Pirx, here's some reppage for not making feel crazy

Don't download trojans.

I use a WRT55ag Wireless router with built-in firewall.... has worked fine so far. Don't rely on that software firewalls alone.

remember, a router is not a firewall and a firewall is not a router. True, there are routers that have firewall capabilities built in, but it's still not quite the same as just a firewall. On the same token, there are firewalls that can route as well.

The best approach to this whole concept is to do it in multiple layers. 3 layered security approach is the best way to go. I usually tell people to at least get 2 layers of protection (i.e. a hardware perimeter firewall and a software firewall/defender type of setup) also important is to have at least one of these be something that is 'stateful'. Basically you setup the types of communications you want to allow and the types of activities that are network related that you want to allow on your computer and if something doesn't match up, you get notified and the event is not allowed. The example here is in the case of trojans or other harmful files wanting to do things like write to a boot sector or write itself over a windows system file in the cache or on disk... those are no-no's. Also, being able to block and defend against any kind of buffer overflows...if you can do this you're doing well.. buffer overflows are a typical way that trojans/viruses/worms/haxors try to cripple either an app or your OS so they can weasel some of their own nasty code in there to allow them root access to your systems...

oh the joy of computers....

best defense is to just pull the plug on the i-net connection... do it the old school way LOL

Old school way was to learn how these things work, so you can avoid them.

I've never kept anti-virus software running on my system, I simply use it to scan my comps now and then. Never had a virus in 10+ years of being constantly connected to the internet.

I did have a trojan once. I installed Netbus, it was a great program back in the day to control a 2nd comp remotely.

There's really no reason a knowledgable user should be getting viruses or trojans. There's always exceptions of course, like active-x controls on malicious websites...but you should be more careful where you surf, to be completely honest.

Installing a ton of programs to keep you safe isn't ever going to be as valuable as learning about how to avoid these things.

How do u prevent a uffer overflow?

I use zone alarms free firewall, don't get the pro crap just the firewall. its small unobtrusive and ive never had problems with my games. the best part, its free. that and avg free an I'm good to go.

If you have a old unused computer sitting at home doing nothing (Pentium or better). May I suggest looking into smoothwall or ipcop? I am running smoothwall and you'll be surprised how many attecks gets logged everyday.

Good question
as far as buffer overflows from network attacks goes, you need to have something that is running on your computer ( software firewall if you please) that includes stateful packet inspection...

buffer overflows are typically caused by a bug in programming code of an application or OS...which means you need to make sure you keep your apps and OS up to date with patches and security updates.

We use a product from Cisco called CSA (cisco security agent) on our servers and IT workstations at work, and pretty soon my laptop will have it running (as soon as I get done with the 2nd infrastructure datacenter setup...and get time to setup a profile for my lappies that the IT team use, ugh my life is too busy).

This product is cool because with it, you don't even really have to have antivirus software running because most viruses will try to either modify system files or place themselves in a boot record or something similar and the CSA is smart enough to know typical "behaviors" that are just simply not acceptable... notice, I didn't say "signatures"... this is not a signature based tool, it's behavior based...big difference. This doesn't mean we don't have antivirus running though, because even if an infected file was on your file system, it would still be infected, just inoperable because the CSA would block any attempts that it made to do anything that was considered "bad behavior"... but if the CSA service or agent was stopped and the infected file was accessed, then the virus would be able to do what it was intending, that is why we still have antivirus, to get rid of the crap if it's found.

There are other apps out there that are similar that will watch your system and all... zone alarm is minimalistic but worked pretty good last time I tried it.

Works great.

^Same. EXCEPT: I at one time had (quite vexing) problems using it with my company's Contivity VPN software...I eventually switched to kerio personal firewall, worked like a charm. Other than that one problem, I really can't tell a difference in performance between the two.