Quote:
Originally Posted by zorgon
But does it catch OUTGOING dials? That is the most important. A harmless file can call out and open a door. As far as I know currently Zone Alarm is the only one that forces programs to ask for outgoing and 'act as server' permission.
I may be wrong though  |
Yup, it does, Windows Update, etc.. can be blocked, it catches every outgoing call.
Quote:
"FREE for personal use, Sygate Personal Firewall provides best of breed security in a user-friendly interface, protecting your PC from hackers, trojans and DoS attacks.
New features include Deep Packet Inspection, Anti-Application Hijacking, Smart WINS, Log Dampener, and enhanced logging. Sygate Personal Firewall is the first FREE PC firewall to offer protection from malicious code intrusions, keeping the information on your PC safe and private."
|
Incoming traffic needs only to be stopped for certain networks when you use services who are listening, see with "netstat -an" (windows) or "netstat -natup" (linux) which ports are listening.
With windows xp you see port 135, 139 and 445 are listening (in Vista file and printersharing is not enabled default), during an install of windows xp these ports are listening, everyone who can connect to your PC can put malicious software on your machine because your installation isn't patched yet.
When you install windows, do this without the network cable and patch it offline (download the patches, minimal service pack 2, before going online).
In Linux (desktop install, no services like www, ftp, databases, etc installed) you see only port 6000 listening, this is for X, you can only connect local to this port, when you want to connect remote you have to modify a configuration file.
In short:
Use a firewall for outgoing traffic when malicious software can be installed on your machine without knowing if it's installed (backdoors, spambots, etc..)
Use a firewall for incoming traffic when you use services (www, ftp, everything what is listening you can connect to) who needs to be protected for certain networks. Example you use a ftp service for internal use, not for the whole world, block port 21 for the whole world and enable traffic for your local lan.