which firewall is the best ?

[mariner]

i m using the sygate personal firewall but still i find that some nasty applications do find their way in.inspite of using nav 04,ad aware se,spyubot SAD anf sysmech.


which cud b the best firewall?

presently using IE 6.0 and soon migrating to mozilla firefox !

[sreevirus]

applications like adware and spyware make their way into the system thru the browser...the firewall cant stop those applications from coming into ur system because u have allowed the browser to communicate with the internet...yes, the softwares u mentioned can stop them from loading in ur pc to a certain extent, but not always.....but u can stop these programs from accessing the internet using the firewall [atleast this is to the best of my knowledge(heard this from some another source) ofcourse i cud be wrong(someone please correct me if so)]
and u can stop many of these programs from installing in the first place using programs like javacool software's spywareblaster and spywareguard. use a combination of Spybot SnD(1.3) and Spywareblaster and keep updating.

as far as firewalls r concerned, ZoneAlarm is the best according to popular opinion (i'm also usin it and its doing a fine job for me).
but u can try other firewall softwares like blackice and tinyfirewall personal which i heard r also good.

[sohummisra]

yup zone-alarm is probably the best although you'll get annoyed at the number of programs that are trying to access the net! it also slows (my) computer down quite a bit, if you don't have lots of RAM. but its the best in my opinion. can get it from zonelabs.com

[infra_red_dude]

i find mcafee d best......zonealarm uses a lot of sys resources.....

[theraven]

actually firewalls block certain ports which specific *ware/viruses use
hence preventing an attack
and again im not sure either .. so waiting for confirmation
and i agree ... its zone alarm for me !

[mahidhar]

Go to the following site and find out how good your firewall is.

Symantec Security Check

You can even post your results and we'll know whose firewall is best.

[NikhilVerma]

ofcourse it will show that norton has the best firewall!!!

Isn't there any neutral site...

[sohummisra]

why would symantec say that norton is best?

[Saud Hakim]

Zone - Alarm is the Best.!
Nothing gets better than it.

Used to use it when i had broadband.

[sreevirus]

here r my results....not bad....check em out

http://img.photobucket.com/albums/v2.../securscan.jpg
http://img.photobucket.com/albums/v2...irus/stats.jpg

[techno_funky]

if u have no money to spend on a GENUINE firewall
ZONE ALARM
is the best

[EinSTeiN]

No money no ads Zone alarm is the best..

[walking-techie]

zone alarm is the best .. but it eats up a lot of resources

u can opt for other options like

tiny firewall
sygate firewall
norton internet security
..

[mariner]

well guys this is te result fm symantec

Your Results:
Port Description Status

ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer. :STEALTH


21 FTP (File Transfer Protocol). FTP is used to transfer files between your computer and other computers. Port 21 should be open only if you're running an FTP server.:OPEN


22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server.:STEALTH


23 Telnet. Telnet can be used to log into your computer from a terminal anywhere in the world. This port should be open only if you're running a Telnet server. :OPEN


25 SMTP (Simple Mail Transfer Protocol). A protocol for host-to-host mail transport. This port should be open only if you're running a mail server.:STEALTH


79 Finger. Finger is an Internet utility that allows someone to obtain information about you, including your full name, logon status, and other profile information. :STEALTH


80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server. :OPEN


110 POP3 (Post Office Protocol). Internet mail servers and mail filter applications use this port. This port should be open only if you're running a mail server. :STEALTH


113 Ident / Authentication. This service is required by some mail, news, or relay chat servers to allow access. A stealth result on this port could cause performance problems.:STEALTH


119 NNTP (Network News Transfer Protocol). A service used by News servers to distribute Usenet articles to newsreader applications and between other servers.:STEALTH


135 Location service (loc-srv). This port is used to direct RPC (Remote Procedure Calls) services to the appropriate dynamically mapped ports. Hackers can use this to determine which port is used by several Windows services. This port should not be visible from the Internet.:STEALTH


139 NetBIOS. NetBIOS is used for Windows File & Print sharing. If port 139 is open, your computer is open to sharing files over the Internet. Other components of NetBIOS can expose your computer name, workgroup, user name, and other information. To learn more about preventing connections to your NetBIOS ports, see: NetBIOS Information and Configuration Instructions :STEALTH


143 IMAP (Internet Message Access Protocol). IMAP is a sophisticated protocol for electronic mail delivery. This port should be open only if you're running an IMAP server. :STEALTH


443 HTTP over TLS/SSL. A protocol for providing secure HTTP communication. It should be open only if you're running a Web server. :STEALTH


445 Windows NT / 2000 SMB. A standard used to exchange Server Message Blocks, and can be exploited in multiple ways, including gaining your passwords. :STEALTH


1080 SOCKS. This protocol allows computers access to the Internet through a firewall. It is used when one IP address is shared among several computers. Generally this protocol only allows access out to the Internet. However, it is frequently configured incorrectly to allow hackers to pass traffic inwards through the firewall.:STEALTH


1723 PPTP (Point-to-Point Tunneling Protocol). This service is used for virtual private networking connections. :STEALTH


5000 UPnP (Universal Plug and Play). This service is used to communicate with any UPnP devices attached to your network.:STEALTH


5631 pcAnywhere. This port is used by Symantec pcAnywhere when in host mode. :STEALTH


so what do i do about items 21,23 and 80 ?

[EinSTeiN]

But security : system resources .. which one will you choose?
I think todays sstem can handle the resources needen for zone alarm.
mine is just an amd 1800+ but zone alarm runs fine on it.

[cooljeba]

I use Nortorn Firewall. I think it's cool. My other fav's are Sygate Personal Firewall .
..:: peace ::..
Jeba

[aadipa]

Norton Internet Security

[aadipa]

also check ur firwalls at

https://grc.com/x/ne.dll?bh0bkyd2

check for common ports and messenger spam

do put ur results here

[anusoni]

well i just shifted to SUSE Linux, so now i'll now see how to configure the firewall inside it.

[anusoni]

i just tested myself using the link aadipa gave, and i am glad to say my computer is suppose to be a real stealth machine according to that link !

[Deep]

I use my all time fav Norton Internet Security..

no problems at all :d

Deep

[mariner]

well guys i m still waiting for ur responses on hjow to close ports 21,23 and port 80 as these seem to be the trouble makers.

[Deep]

Quote:

Originally Posted by mariner

well guys i m still waiting for ur responses on hjow to close ports 21,23 and port 80 as these seem to be the trouble makers.

atually this test will work properly only if you ave Public IP, i.e. with IPs other than 172.16.x.x, 10.x.x.x,172.168.x.x

anyways to cross check these ports... do this..

in IE write this

For Port 80: http://127.0.0.1/
For Port 21: ftp://127.0.0.1

for Port 23

Start - Run - Telnet

in the new window write o 127.0.0.1 it should not show

"Connecting To 127.0.0.1...Could not open connection to the host, on port 23: Connect failed"

if it shows above message then it means you dont have port 23 open..

and for port 80 it should say page cannot be found or something..
21 should say something like unable to connect..

lemme know what happens after u do above things..

Deep

[rock_ya_baby]

Quote:

Originally Posted by mariner

well guys i m still waiting for ur responses on hjow to close ports 21,23 and port 80 as these seem to be the trouble makers.

You can easily do that using a firewall..

If you dont have / want to use it then you can try > portblocker

Just run it, it automatically blocks the ports that u've mentioned (by default)

(:

[anishcool]

Hey i am using sygate (v 5.5, build 2156) with the latest updates and avg. If you keep updating your firewall just like ur antivirus it will work much better. By the way zonealarm is crap as the free edition takes too much system resources and has a very childish and non-geeky interface. if you can pay Rs.1500 mcafee is great. norton is not bad as well but just too expensive.

[mariner]

ok guys i got the following from symantec today

How to close ports that should not be open

Situation:
You ran Symantec Security Check or a similar type of security scanning tool and the results indicate that certain "well known" ports are open. "Well known" ports can include any port from 0 to 1023, but the most commonly used ports are 23, 25, 80, and 110.

Solution:
"Well-known" ports are generally reserved for services such as email, Web services, Internet protocols, and so forth. If a security scanner indicates that some of these ports are open and you are not running services related to those ports, then an unknown process - like a Trojan - may be running on your computer.

To correct this situation, run the current version of an antivirus program to detect and eliminate the Trojan, and then install Norton Internet Security or Personal Firewall and re-scan your computer to confirm that the suspect port is now closed.

The following table identifies ports that should not be open unless you are running services (servers) relating to them. If any of these ports are reported as being open, then a component of a service or server may be running on your computer. An example of a service or server component running on your computer is INETINFO.EXE from Microsoft. This component is used to run the Personal Web Server feature of Windows.

Port Service Type of Server Description
23 Telnet telnet server allows another computer to log into yours
25 SMTP mail server email protocol that sends mail out
80 HTTP web server web protocol
110 POP mail server email protocol that receives mail

To determine if INETINFO.EXE is running on your computer, follow one of these procedures:

Windows 95/98/ME/XP

Click Start then Run.
Type MSCONFIG in Open box.
Click OK or press the Enter key. The System Configuration Utility screen will appear.
Select the Startup tab.
See if INETINFO.EXE is running. If you do not need this feature running, uncheck the box then click OK. Reboot your computer and run Symantec Security Check again.

Windows NT/2000
Open the Task Manager by right clicking the Task Bar.
Select Task Manager.
Click the Processes tab.
See if INETINFO.EXE is running. If you do not need this feature running, you must remove the Internet Information Services (IIS) feature from the Add/Remove Windows Components in the Control Panel.

going to try out the same and will post results

[Deep]

u shall read what i had said in my post..

regards
Deep

[mariner]

ok deep i did what u said and got the following results

port 80 : cannot be found
port 21 : windows cannot access this folder.make sure u have typed the file name correctly and u have the permission to access this folder
details: a connection with the server cannot be established
port 23 :connecting to 127.0.0.1....cud not open connection to the host,on port 23 connect failed.

ok so tell me
1.does it mean that my pc is safe ?
2.and if it so than why do symantec and shields up tell me that my pc is at
gr8 risk?

[Ashis]

zone alarm is the best .. but it eats up a lot of resources

u can opt for other options like

tiny firewall
sygate firewall
norton internet security
..[/quote]

I have Used Zone Alarm & I find it slows down the net speed!

[Deep]

Quote:

Originally Posted by mariner

ok deep i did what u said and got the following results

port 80 : cannot be found
port 21 : windows cannot access this folder.make sure u have typed the file name correctly and u have the permission to access this folder
details: a connection with the server cannot be established
port 23 :connecting to 127.0.0.1....cud not open connection to the host,on port 23 connect failed.

ok so tell me
1.does it mean that my pc is safe ?
2.and if it so than why do symantec and shields up tell me that my pc is at
gr8 risk?

it means that these ports are already blocked on ur machine..
the reason why norton showing those ports open coz it was checking the IP address of your ISP not yours..

you must have having IP address with 172.16.xx or 10.x.xx.xx or 192.168.xx.xx

to cross check it

start - run - command - write ipconfig

it should show ur ip address

and then go to www.whatismyip.com

it should show the IP address of your ISP..if both are same then you have public IP and otherwise your IP address is private..

about ur 2nd question...
answer is in my above explanation...it's chekcing ur ISP's IP address..no need to worry..install firewall like Norton Internet Security or any other u prefer..shall solve your problem

Deep