What is ransomware and how do I protect my PC from Petya?
It seems to me that 'Programme Control' in Firewalls can cause a lot of problems. Someone asked me why Firefox has stopped working on their PC, but IE was OK. I found that the Norton firewall Programme Control was blocking Firefox from talking to the internet, and quickly fixed it (presumably at some stage, the user had chosen 'Block' in Norton when Firefox tried to access the internet).
This was simple for me to do (although it took a while to find the Programme Control bit since I hadn't used Norton firewall before). For someone who's not very PC literate, however, this is a problem. They only have to make one mistake (choosing 'Block' when Norton Firewall says that a programe wants to access the internet) and that programme no longer functions correctly.
So, I get the feeling that for general (rather than PC-savvy) users, programme control is a menace. Since XP SP2 doesn't have programme control, perhaps it's the best compromise for them? I get the feeling that some people might end up always choosing 'Permit' each time a Norton-style firewall dialogue box comes up anyway.
There's nothing wrong with the built in WinXP SP2 firewall but, as you say, it only blocks incoming traffic. I've found that it's pretty easy for installed malware to penetrate software firewalls so I think you have a point. However, I would still recommend a 2-way firewall for a modicum of extra security.
I have tried many firewalls, all of them has annoyed me in one way or another. I decided to use XP's own firewall, and find it does everything that is required without any fuss, or constantly asking me to decide if I should let something in or out that I haven't a clue about.
Yes, its only one way, stops incoming, but to me that is enough, if it stops incoming, then there is no outgoing to worry about. This is just my personal opinion and not suitable for all users, but it works fine for me and has never let me down in 3 years.
I do of course use various anti virus applications but they are a different story altogether.
I've been happy with the two firewalls that I use right now - Sygate and F-Secure. They approach porgrams in slightly different ways though; F-Secure can ask each time a program connects, and clicking "block" will not burn that particular bridge so to speak.
I used Norton a long time ago and that was not as easy to deal with if changes had to be made.
I wouldn't rely on the XP firewall - it's not so much inbound hack attempts that we have to worry about, but already-present malware phoning home or downloading other nasties. An outbound program control helps to prevent that.
Of course, your AV and anti-malware apps are supposed to stop malware getting there in the first place but nothing is 100% infallible. If the anti-malware has missed a downloader, it's useful if the firewall can attempt to block it or at least flag it up.
Personally I've not used a firewall for 3 years, just AVG and MS Antispy. With downloaders if you give a Trojan file permission to run no amount of firewalls will stop it and this is where people are relying way too much on a firewall. They are useful if you are on dial up but there are a few programmes around that stop diallers. You have more chance of hitting the 6 lotto numbers on 3 consecutive weeks than ever having a 'hack' attempt and all reported 'hack' attempts are merely handshakes from a myriad of servers, checking to see if you are online still.
However as I understand with all the hype and paranoia around that some people would feel happier with a firewall and if they feel unsure enough to use the excellent MS firewall built into XP then I have always admired Sygate as it is unobtrusive and uses little resources. It also seems fairly easy to configure and it would be exceedingly difficult to goof up setting it.
I abhor Zone Alarm as Steve Gibson has many questions to answer regarding his ever wilder claims click here. There is no need for a home user to pay for a firewall....or an AV for that matter.
I actually kind of like zone alarm - but if I wasn't such a cheap skate I'd buy F-Secure - from my experience it suits my needs most. That said I've never tried sy-gate, maybe I'll give that a whirl too.
Thanks everyone for all your replies.
GANDALF: "You have more chance of hitting the 6 lotto numbers on 3 consecutive weeks than ever having a 'hack' attempt"
I'm not so sure about that. Someone I know was having problems with her firewall which was preventing her AV software from getting updates from the internet. I couldn't work out why, and it was an old Tiny firewall, so I thought it best to uninstall it and download the free Zonealarm one.
Without thinking, I removed the tiny one, then went on the internet and started to download Zonealarm (ie without a firewall running on the PC). I should have uninstalled the Tiny firewall AFTER downloading Zonealarm. During the 30 or so minutes it took to download Zonealarm (she has dialup internet) her AVG anti-virus warned of four different bits of malware that were trying to get on her PC. I assume that they were getting through open ports that a firewall would have blocked. Fortunately, AVG stopped the malware, but if a new bit of malware had been doing the rounds that AVG hadn't been updated to cope with, I think that it would have caused trouble.
I also use the built-in XP Firewall together with the usual anti-virus applications and have had no troubles over the past 3 years.
As I've mentioned before it's ZoneAlarm for me.
The XP firewall does not run in stealth mode. It is easily penetrated.
Regarding Steve Gibson. Even Microsoft have at times met up with him and listened to his suggestions.
GANDALF. I checked your link and it seams it is set up to slur Steve Gibson. That kind of character assassination would not be tolerated on this site!
This thread is now locked and can not be replied to.