I just got a new machine (nothing special), and I'm wondering what you all use for software firewalls. Any reccomendations?

I'm still using Norton...version 2003.  The 2004/2005 versions have more add-on's/popup blockers/online activation with Norton, which is probably why I haven't put them on my own machines.  I use them on stand-alone test machines at work though.  Zone Alarm is pretty straightforward.  Security-wise, it's as good as any.  And the non-Pro version is free!  The protection is the same from the non-Pro to the Pro version, but the Pro version has add-on's that aren't related to the firewall.  Another recommendation is Tiny Personal Firewall.  Not sure if TPF has been updated in awhile, but last I heard, it was a solid performer.

McAfee seems to have a solid product too...protection-wise.  But from the different versions I've run, I absolutely can't stand their interface.  BlackICE Defender isn't quite a firewall...it's an "intrusion detector."  I don't recommend it for firewall duties.

In addition to all that, if you're on cable/dsl, a $20 router (probably with a $20 rebate too) will add a measure of "firewall-like" protection from unsolicited packets from ye olde Intarweb.  Routers say they have a firewall, but it isn't a true firewall.  But I still recommend them (in addition to a software firewall) as they're good at what they do.

Software firewalls are snake oil, crap, SHIT... Get it?

If you *really* want to run one, the one that comes with Windows is just as useless & innefective as the others, so go ahead, use it...

But in the end, the only firewall worth it's salt is the hardware kind...

I'm running a Cisco PIX 501 here at the house. It's nice. 'Nuff said.

My software firewall works just fine (stock OS X firewall with a shareware controller). Use this site to check your firewall: www.grc.com/x/ne.dll?bh0bkyd2

Avoid any kind of intrusion detection or "scanning the scanner" stuff. Neither one will tell you anything useful.

What kind of connection do you have, and how do you plan on using it? Always-on broadband connections need much better protection then dialup connections that are only on for an hour or two at a time.

Quoted: But in the end, the only firewall worth it's salt is the hardware kind...

Hardware, you can buy a 4 port router with a built-in firewall for something like $40, with a $30 rebate, so net cost is around $14 for a hardware router/firewall.

Windows firewall

*shudder*

Quoted: Quoted: But in the end, the only firewall worth it's salt is the hardware kind... Hardware, you can buy a 4 port router with a built-in firewall for something like $40, with a $30 rebate, so net cost is around $14 for a hardware router/firewall.

Not a true firewall, but they provide a measure of security.  Most hardware firewalls start around $500-600 and go way up from there.

Quoted: Windows firewall *shudder* Quoted: Quoted: But in the end, the only firewall worth it's salt is the hardware kind... Hardware, you can buy a 4 port router with a built-in firewall for something like $40, with a $30 rebate, so net cost is around $14 for a hardware router/firewall. Not a true firewall, but they provide a measure of security.  Most hardware firewalls start around $500-600 and go way up from there.

Close! I got special NFR pricing on my PIX 501 - $450 w/3DES and 10 IKE peers (if I recall correctly).

How do some folks live without the ability to establish IPSec VPN tunnels with other IPSec devices or clients, anyway?

WITH 3DES AND 10 IKE peers HOLY crap!!!!

Close! I got special NFR pricing on my PIX 501 - $450 w/3DES and 10 IKE peers (if I recall correctly). How do some folks live without the ability to establish IPSec VPN tunnels with other IPSec devices or clients, anyway?

Wow.   I better than that (bandwidth shaping, detailed logging and intrusion detection, essentially unlimited IKE peers, VPN over either IPSec or PPTP, unlimited firewalling capability) with a $300 PC and OpenBSD....

Quoted: WITH 3DES AND 10 IKE peers HOLY crap!!!!

The licensed features affect the price, that's why I mentioned it (I know, who gives a crap). I can't recall if I had extra for 3DES. Something tells me I did.

Anyway...

Quoted: Close! I got special NFR pricing on my PIX 501 - $450 w/3DES and 10 IKE peers (if I recall correctly). How do some folks live without the ability to establish IPSec VPN tunnels with other IPSec devices or clients, anyway? Wow.   I better than that (bandwidth shaping, detailed logging and intrusion detection, essentially unlimited IKE peers, VPN over either IPSec or PPTP, unlimited firewalling capability) with a $300 PC and OpenBSD....

Ya, I know. For a while I had one of my RedHat boxes performing VPN duty. It was older than dirt, and it died. I got reimbursed for the PIX. Either way works for me.

Quoted: Software firewalls are snake oil, crap, SHIT... Get it? If you *really* want to run one, the one that comes with Windows is just as useless & innefective as the others, so go ahead, use it... But in the end, the only firewall worth it's salt is the hardware kind...

Are there hardware firewalls that will allow application-specific access rules?

Quoted: Quoted: Software firewalls are snake oil, crap, SHIT... Get it? If you *really* want to run one, the one that comes with Windows is just as useless & innefective as the others, so go ahead, use it... But in the end, the only firewall worth it's salt is the hardware kind... Are there hardware firewalls that will allow application-specific access rules?

Yup.

I tend to stay away from Symantec produts such as Norton after learning that they were antigun.

www.wmsa.net/prohibition/symantec.htm

I sent an email to them about a year ago asking about their policy and received no response.

Ed

There is NOTHING wrong with software firewalls. Are you going to tell me Checkpoint sucks? What do you think hardware firewalls are? Software burned onto a chip.

I use open bsd 3.5. Works just great.

I use Zone Alarm. Its free, and does an excellent job at what its supposed to do.

I use Black Ice and am very happy with it. I tried Zone Alarm several years ago and was not pleased.

Quoted: There is NOTHING wrong with software firewalls. Are you going to tell me Checkpoint sucks? What do you think hardware firewalls are? Software burned onto a chip. I use open bsd 3.5. Works just great.

checkpoint costs several thousand for a license.... (unless they have a home user version for several hundred..    )

www.smoothwall.org

Use that old POS you have laying around to run this.

Quoted: I use Black Ice and am very happy with it. I tried Zone Alarm several years ago and was not pleased.

Black Ice is no longer free that I'm aware of.....

iptables

-foxxz

I'd 2nd the smoothwall. My box ran forever without a reboot. Its free the only thing it'll cost you ia an old computer and 2 or 3 nics