mountainmachine Posted October 21, 2006 Report Share Posted October 21, 2006 Ok so running Kiero Firewall at the moment and regarless of what i do it seems to be blocking ports, i can switch machines and go from 5-10kB/s to 25-50kB?s on another machine.Basically i want to know the best firewall to use with utorrent! That also gives decent protection - obviously!Thanks Link to comment Share on other sites More sharing options...
Alpha-Toxic Posted October 21, 2006 Report Share Posted October 21, 2006 I don't have much experience with firewalls, but from some of my tests I think Comodo is a very good choice. Also I remember that like 2 years ago Kerio and Tiny Personal were very good and convenient, but this was too long ago. And my personal preference is STAY AWAY FROM ZONE ALARM, i don't know how good it is at keeping u safe, but the interface is sooooooo irritaitng.... and as I recall it lacked too many config options. Link to comment Share on other sites More sharing options...
Ultima Posted October 21, 2006 Report Share Posted October 21, 2006 Oh the problems with ZA go much further than skin-deep. Link to comment Share on other sites More sharing options...
µtorrent-Guest Posted October 21, 2006 Report Share Posted October 21, 2006 if you use xp then the built-in one is all you need. just activate it! Link to comment Share on other sites More sharing options...
anoxan Posted October 22, 2006 Report Share Posted October 22, 2006 the best firewall is no firewall...unless you have a router. then use that. Link to comment Share on other sites More sharing options...
Intangir Posted October 22, 2006 Report Share Posted October 22, 2006 If you're behind a NAT (router), you should be more-or-less golden. The well-behaved XP firewall on top of that usually fits the bill just fine. If you do use Kerio, do like Alpha-Toxic said and get the older series. I believe the last version of the classic Kerio/Tiny was 2.1.5 and you can probably find it with Google easily.Still, a router + SP2 firewall = win. Link to comment Share on other sites More sharing options...
silverfire Posted October 22, 2006 Report Share Posted October 22, 2006 I only have WIPFW installed on my laptop because when I take it to classes, it's not firewalled. It serves its purpose nicely, but if you're not used to using console-based apps, you're probably screwed. Link to comment Share on other sites More sharing options...
weilawei Posted October 22, 2006 Report Share Posted October 22, 2006 Hrm, everyone is so down on ZoneAlarm. Personally, it's my favorite choice; I have never had issues with it being unconfigurable for any given purpose. I'm behind a router, but I'm not going to let that sit as my only line of defense. Here's how I do it, fwiw, ymmv.1. Check which port uTorrent wants to use.2. Forward that port on the router.3. ZoneAlarm -> Firewall -> Expert tab -> Add4. Fill in the nice dialog. (Mine below)5. Save, apply, and minimize ZoneAlarm.6. Use the uTorrent Port Checker at http://www.utorrent.com/testport.php?port=[your uTorrent port here] to make sure everything is kosher.Rank: 1 (Can be ranked something else to give other firewall rules priority)Name: uTorrentState: EnabledAction: AllowTrack: None (Can be Log/Alert and Log here if you feel like checking up on it)Source: Internet Zone (Possibly be Gateway here, but I'm on a wireless connection that switches between 2 different APs)Destination: My Computer (Again, you have options, could be an outward-facing IP or DNS entry)Time: Any (If you've got uTorrent on the scheduler, you could modify this)Protocol: Add a new protocol here, like soProtocol: UDPDescription: uTorrentDestination Port: Other - [your uTorrent port here]Source Port: Other - [your uTorrent port here] Link to comment Share on other sites More sharing options...
boo Posted October 22, 2006 Report Share Posted October 22, 2006 weilawei, except that ZA has a backdoor and does a "calling home" with sensitive information. Link to comment Share on other sites More sharing options...
Alpha-Toxic Posted October 22, 2006 Report Share Posted October 22, 2006 If you have a router, you need no firewall at all, 99.999% the router does a better job than any given firewall (except if it is not some very very crapy one). Link to comment Share on other sites More sharing options...
boo Posted October 22, 2006 Report Share Posted October 22, 2006 Alpha-Toxic, true, but there are some security function which only a software firewall can do,so the best protection is software + hardware firewall. Link to comment Share on other sites More sharing options...
anoxan Posted October 22, 2006 Report Share Posted October 22, 2006 what is so important on your pc that makes it so desirable anyway? I know it's not your porn, cause I'll guarantee my collection's bigger/better than yours.... Link to comment Share on other sites More sharing options...
boo Posted October 22, 2006 Report Share Posted October 22, 2006 for example personal data, work related data + I don't won't my computer to be hijacked andused in various illegal matters.But even if I didn't have anything important on my computer, I highly believe in privacy and also a hacker could mess up my system and I like to avoid reinstallation of windows etc. Link to comment Share on other sites More sharing options...
weilawei Posted October 22, 2006 Report Share Posted October 22, 2006 weilawei, except that ZA has a backdoor and does a "calling home" with sensitive information.Okay, I don't remember this existing. I'm running ZoneAlarm Security Suite 6.1.x. Here's what I found.Starting here -> http://www.iss.net/search.php?config=corporate&pattern=ZoneAlarm&x=0&y=018 reports. Time to dig.zonealarm-ipc-dos (19309): Zone Labs: ZoneAlarm Security Suite prior to 5.5.062.011Not an issue, anymore.zonealarm-adblock-dos (18159): Zone Labs: ZoneAlarm Security Suite 5.xNot an issue, anymore.zonealarm-showhtmldialog-obtain-information (22971): Zone Labs: ZoneAlarm Internet Security Suite 6.0.xOkay, this looks somewhat serious, since they didn't mention a remedy. Does it affect 6.1.x as well?http://www.derkeiler.com/Mailing-Lists/Securiteam/2005-12/msg00003.html gives a bit more information. It seems we have to run a malicious program on the local system. This is a tossup. Do you like to run random code from strangers? Mmm, candy.zonealarm-synflood-dos (10379): Zone Labs: ZoneAlarm Pro 3.1Not an issue, anymore.zonealarm-insecure-file-permission (17099): Zone Labs: ZoneAlarm Pro 5.xNot an issue, anymore.zonealarm-udp-dos (13072): Zone Labs: ZoneAlarm Pro Any versionWell, this certainly looks troubling. http://www.securityfocus.com/bid/8525 lists Zone Labs ZoneAlarm Pro 4.5, Zone Labs ZoneAlarm Pro 4.0, Zone Labs ZoneAlarm 3.7 .202. I'm not sure yet if the UDP flood still works in 6.1.x builds. Any more information here?18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suitebuild 6.1.744.000: This is a bit of a side-track into Bugtraq archives.http://www.securityfocus.com/archive/1/427122 details this one. Exploitation Requirements:First of all, you will need to have a directory that is writeable to alower level user, that is included in the Windows PATH environmentvariable. As you saw above, I had ActiveState's ActivePerl installedand it worked just fine.Secondly, verify that the path you have chosen is definitely writeableto a lower level user. On Windows 2000 operating systems the defaultpermissions for the root of the partition where the operating systemis installed is set as Everyone/Full Control. So, by default,C:\Perl\bin is set to Everyone/Full Control. On Windows 2000 operatingsystems a guest account can be used during the exploitation process.On Windows XP, the C:\Perl\bin folder has special permissions set (bydefault) for the local Users group that allows the creation andmodification of new files and folders. Perfect, that is all that isneeded. On Windows XP, an account in the local Users group can be usedduring the exploitation process.This feels a bit like leaving the door open and letting a stranger run their own code. Granted, it is a privilege escalation, but it's not a remote vuln. (Unless... something else is vulnerable on the system that gives local account access.) Your call, I never leave Guest open.zonealarm-email-bypass-security (15884): Zone Labs: ZoneAlarm Any versionAgain, this doesn't look good. Unfortunately, I don't see anything since 2004. Considering that this is a potential remote exploit (if you use ZA mail filtering) it might be worth a test run to see if it still exists.Although... you shouldn't run random executable code attached to your email from strangers.zonealarm-mailsafe-dot-bypass (8744) Zone Labs: ZoneAlarm 3.0Not an issue, anymore.zonelabs-multiple-products-bo (14991): Zone Labs: ZoneAlarm prior to 4.5.538.001Not an issue, anymore.device-driver-gain-privileges (12824): Zone Labs: ZoneAlarm 3.1Not an issue, anymore.ca-vet-antivirus-bo (20686): Zone Labs: ZoneAlarm Security Suite Any versionHere's a good one. Affects any operating system or program using the Vet Antivirus Library. Remote heap overflow exploit. However, this seems out of date.http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896 says Vet engine 11.9.1 and later are not affected. Install the latest virus defintions if an earier Vet is in use. ZA 6.1.x seems secure here. Not an issue, anymore?Annnnd.. the rest were attempts to kill ZA once you have a worm safely harbored in your computer. Now to look at ZA "phone home" settings.Check for product updates can be set to manual.Whenever I request info from Zone Labs: Alert me with a pop-up before I make contact can be turned on.Hide my IP address when applicable can be turned on.Share my security settings anonymously with Zone Labs can be turned off.If you contact ZA for program advice, that's your own contact initiation, not a phone home.Spyware or not?A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.http://www.vtc.net/~cdgoldin/caveat/zap0719.htm declares ZA to be spyware. Also, provides ways to disable the purported activity.http://www.hansenonline.net/Networking/zaspy.html couldn't find any data being sent back. What to think?I'll avoid the SP2 firewall with reports like this from http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0257.htmlGranted, any software firewall will have its issues. No software is perfect. (Neither is hardware for that matter.)As soon as you install SP2 on a Windows XP PC with a certain configuration,your file and printer sharing data are visible worldwide, despite anactivated Firewall. This also applies to all other services. The PC onlyhas to provide sharing for an internal local network and connect to theInternet via dial-up or ISDN. Users of DSL services are also affected, if afirewall is not integrated into the DSL modem or a common modem instead ofa DSL router is used. Additionally, Internet Connection Sharing of the PChas to be disabled.A number of test scans run by PC-Welt revealed that this in fact is acommon configuration and not a rare sight. Without great effort, we wereable to discover private documents on easily accessible computers on theInternet. It must be assumed, that these users wrongly believe they aresafe and that their sharing configurations are only visible in theirnetwork at home: Often, we did not even encounter password protection.Okay, that's my mini-research summary on the topic. I'm going to stick with ZA for now since *my* system doesn't seem to be phoning home or allowing my system to become swarmed with nasties. Link to comment Share on other sites More sharing options...
boo Posted October 22, 2006 Report Share Posted October 22, 2006 weilawei, well there are better options like Outpost, Look'n'Stop and Jetico Firewall.A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.I think declaring it as a bug is a cheap and bad excuse, a bug does simply not encrypt data and send it to several ZA servers. If ZA once does this kind of immoral thing they can do it again and why I say it's immoral, well a firewall is meant to protect you from such things like this. Link to comment Share on other sites More sharing options...
µtorrent-Guest Posted October 22, 2006 Report Share Posted October 22, 2006 boo, correct me if i'm wrong, but we are talking here about a "firewall" for THE phone home closed source software on the market.So why does anybody would even complain when another piece of software for that OS do also phones home?I mean, come on, If you are really concerned about your security you would not use an closed source OS like windows in the first place and even not additional closed source software from 3rd party vendors that promise you "security" because they tell you that windows is not secure in the factory shipping version!@weilaweiregarding the firewall bug with the open shares the german PC-welt wrote about back in the days; That was patched by MS if I remember correctly Link to comment Share on other sites More sharing options...
weilawei Posted October 22, 2006 Report Share Posted October 22, 2006 Morals. Iffy subject. I was more looking to see if there was any truth to the idea that the current code phoned home. I'm a tad more concerned about what a piece of code does than the moral reasoning behind it.However, I had forgotten about Look 'n' Stop. Haven't used it in years, but from what I remember, it was an excellent choice as well. But.. for a quick rundown, http://www.firewallleaktester.com/tests.php has a great list of firewall tests and rankings.Now, back to fiddling with the WebUI. There's a world to be taken over, you know! Link to comment Share on other sites More sharing options...
Ultima Posted October 22, 2006 Report Share Posted October 22, 2006 @boo: IMHO the "phone home" thing was blown out of proportion, and that isn't really the issue at hand. ZoneAlarm is just really buggy for a lot of people.@weilawei: As I said to boo, ZoneAlarm has been buggy for a lot of people. I myself have never had any real "beef" with ZoneAlarm, and even wrote a guide for opening the port for ZA a while ago. I decided to switch from it myself simply because I got annoyed with it. It works fine for some, but in many cases, we've had to tell people to uninstall ZoneAlarm to fix some issue it was having with µTorrent. As you said, YMMV.Edit: Oh, and regarding the phone home thing... here. But yeah, it's old news. Link to comment Share on other sites More sharing options...
boo Posted October 22, 2006 Report Share Posted October 22, 2006 boo, correct me if i'm wrong, but we are talking here about a "firewall" for THE phone home closed source software on the market.So why does anybody would even complain when another piece of software for that OS do also phones home?I mean, come on, If you are really concerned about your security you would not use an closed source OS like windows in the first place and even not additional closed source software from 3rd party vendors that promise you "security" because they tell you that windows is not secure in the factory shipping version!Well some people have no choice but to use windows like me for example, but when it comes to security programs you do have a choices to choose between and thats the major difference to what your talking about.And to windows there is no reliable open source firewall as far as I know,so those who use windows have to use closed source firewallAnyway, we are going a bit offtopic, as I mentioned I personally recommend Outpost, Look'n'Stop and Jetico Firewall.Also, I have heard that Securwall from Securstar will be a good firewall when it get released. Link to comment Share on other sites More sharing options...
Dark Shroud Posted October 23, 2006 Report Share Posted October 23, 2006 Just to add to the comments about ZA and why I stopped using it. It doesn't keep up with p2p traffic and blocks a lot of legit peers. It doesn't stop running, even when you set it to disable; you have to uninstall it. This I don't know of first hand but it from a knowledgeable person, ZA modifies the TCP/IP stack without telling you. And when you uninstall it ZA will leave tons of hidden files.Personally I use McAfee. It hasn't failed me yet. For a free Firewall I suggest Windows or Kerio since Norton bought & kill Sygate. Link to comment Share on other sites More sharing options...
Switeck Posted October 23, 2006 Report Share Posted October 23, 2006 I have an old 4-port Linksys wired router. After updating its firmware, I was able to block LAN ips *AND* ports from being visible from the internet OR connecting outward to the internet.In particular, I have these ports blocked:23-2448129-13944517300These ports are either unsecured ports that I need for LAN traffic or ports that correspond to portions of Microsoft Windows that I do not feel can be safely given internet access due to its "phone-home" features.Almost all my unused LAN ips are blocked as well to prevent ghosting issues that can occur with file-sharing to ips reported second-hand. An example is if your LAN is on 10.0.0.x and the ip 10.0.0.223 arrives via DHT or Peer Exchange (they probably filter LAN ips so this is just a hypothetical example)...your computer will try to connect to 10.0.0.223 on your network even though it doesn't exist. Link to comment Share on other sites More sharing options...
aiyps Posted January 16, 2007 Report Share Posted January 16, 2007 hi! As far as i am concerned, you can use mcafee firewall with uTorrent.It gives u gr8 download speeds.If you are looking for a free firewall, comodo is the best. i got good speeds on it too.So, for utorrent, i would suggest comodo/Mcafee Link to comment Share on other sites More sharing options...
lsd Posted January 16, 2007 Report Share Posted January 16, 2007 Zone Alarm - absolute NO! NO! a bloated resource hog that's all to it; Someone mentioned KPF 2.x <-- NO!NO! as well, has unpached security hole, if you want to use KPF use 4.2.x, or latest version before Sunbelt took over; Comodo has had some issues (what issues - don't remember google it);I don't agree that NAT and router is enough, what about Outbound traffic ??? What happens when on a bad day you get some malware that want to phone home, there's nothing to stop it if you don't have fw Anyways kpf is my choice, small, resource easy, configureable and reminds me a bit Firestarter - gui for IpTables for Linux. Link to comment Share on other sites More sharing options...
µtorrent-Guest Posted January 16, 2007 Report Share Posted January 16, 2007 Isd asked:"what about Outbound traffic ??? What happens when on a bad day you get some malware that want to phone home, there's nothing to stop it if you don't have fw :)"let me ask back: what if some "bad day" malware is programmed in a way that circumvents the PFW software that runs on the same physical system that the malware is running on?!If you truely believe that a PFW on the same system can protect you from the scenario you mentioned then you don't know what you are talking about and you got fooled by snakeoil promisses from the personalfirewall software vendors that make you believing that their product can stop it reliable!EditSpelling + clarification Link to comment Share on other sites More sharing options...
FORCE Posted January 16, 2007 Report Share Posted January 16, 2007 Outpost is best choice, i used it years and it is best so far...Connection monitorBest user interfaceBest defence against killing outpost.exeVery good network stress resistance Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.