Which is the best Firewall?

[boxerman23]

Symantec Endpoint

Quick startup, no messing and works a treat

[xger]

IMHO the differences between them are fractional and I would say
that all software solutions offers basic protection to home users.

[tritolsat]

In my humble opinion, no PC with a firewall is secure, and no firewall is "safe".
The system structure itself is a big black hole that no firewall can ever block.
A simple file from the internet can easily gain administrative rights on a remote PC, and issue whatever command to bypass limitations such as firewalls etc.
One could go on and on forever with examples on bypassing firewall restrictions on a remote PC, and let's not even go, on the whole issue of the rubbish bin they call "The Registry".

As for the windows firewalls out there most of them give the user a false sense of security, by being intrusive or "interactive" as some tech geeks like to call it. A firewall should only serve as a filter between the user and the net nothing more and nothing less. What good does application blocking do, if the firewall is bypassed, and the port with which it communicates is wide open!

If you want a somewhat "safer" PC, than close all services that Microsoft has deemed that they should run. Keep only services that you need for your usual computer activities such as browsing printing etc. Most of the open ports will also close this way, other ports you can close manually by editing the registry. Edit administrative rights on your PC. Use a hardware firewall ( router ), if that's not possible than, IpFilter firewall, block everything and allow only ports that you recognize. I use IPFW, it has been ported to run on Windows also, and it is one powerful little thing .
However one could use a variety of other similar firewalls.

Better yet, use Linux and ditch Windows altogether. Not that using linux alone will make you safe, but at least it has a far more secure structure, and besides it looks so damn fantastic.

I still use windows btw, my work requires it, ( program compatibility issue ) but other than that if you don't have any such hurdles as i do, than Linux is best.

[verona]

That´s what I have always thought, no firewall is absolutely safe, but you should always use one since it´s better than nothing...

[Sat-TV]

I'm very pleased with "ConfigServer Security & Firewall", it's an ip tables based firewall for linux with many more options and security tweaks than any windows firewall will ever give you.

# Straight-forward SPI iptables firewall script
# Daemon process that checks for login authentication failures for:

* Courier imap, Dovecot, uw-imap, Kerio
* openSSH
* cPanel, WHM, Webmail (cPanel servers only)
* Pure-pftd, vsftpd, Proftpd
* Password protected web pages (htpasswd)
* Mod_security failures (v1 and v2)
* Suhosin failures
* Exim SMTP AUTH
* Custom login failures with separate log file and regular expression matching

# POP3/IMAP login tracking to enforce logins per hour
# SSH login notification
# SU login notification
# Excessive connection blocking
# UI Integration for cPanel, DirectAdmin and Webmin
# Easy upgrade between versions from within cPanel/WHM, DirectAdmin or Webmin
# Easy upgrade between versions from shell
# Pre-configured to work on a cPanel server with all the standard cPanel ports open
# Pre-configured to work on a DirectAdmin server with all the standard DirectAdmin ports open
# Auto-configures the SSH port if it's non-standard on installation
# Block traffic on unused server IP addresses - helps reduce the risk to your server
# Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
# Suspicious process reporting - reports potential exploits running on the server
# Excessive user processes reporting
# Excessive user process usage reporting and optional termination
# Suspicious file reporting - reports potential exploit files in /tmp and similar directories
# Directory and file watching - reports if a watched directory or a file changes
# Block traffic on the DShield Block List and the Spamhaus DROP List
# BOGON packet protection
# Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
# Works with multiple ethernet devices
# Server Security Check - Performs a basic security and settings check on the server (via cPanel/DirectAdmin/Webmin UI)
# Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internet
# Alert sent if server load average remains high for a specified length of time
# mod_security log reporting (if installed)
# Email relay tracking - tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
# IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binaries
# SYN Flood protection
# Ping of death protection
# Port Scan tracking and blocking
# Permanent and Temporary (with TTL) IP blocking
# Exploit checks
# Account modification tracking - sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
# Shared syslog aware
# Messenger Service - Allows you to redirect connection requests from blocked IP addresses to preconfigured text and html pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficiently
# Country Code blocking - Allows you to deny or allow access by ISO Country Code
# Port Flooding Detection - Per IP, per Port connection flooding detection and mitigation to help block DOS attacks
# DirectAdmin UI integration
# Updated Webmin UI integration
# WHM root access notification (cPanel Servers Only)

Link: http://www.configserver.com/cp/csf.html

[torrent208]

you think that ???

yes it is.

[SkinArt]

MainFrame, ConfigServer Security & Firewall may'be very good as you said, but we in our homes not all use Servers, and not all have Linux knowledge :) however your proposal may help someone.

this week i have made a full of test with viruses for check how my Kaspersky 7 Internet Secure will react, the test really satisfied me.
Kaspersky is still an good program to have on our pc's!

[fotis065]

i use nod32 for a year...and everything is ok...

[navid91]

i have kaspersky internet security and its good
but bitdefender is the best

[nozar2]

zonealarm-eset smart security