What Firewall?

I was using Kerio Personal Firewall  on my 32-bit Windows XP and
I liked it a lot. But it doesn't work on 64-bit Windows XP and I was
not able to find aby 64-bit version.

I found that there is 64-bit version of Tiny firewall so I have installed it.
I uninstalled it one day later and it is not very userfriendly (and it is very
expensive after all - 99 USD).

Do you have any other recommendation?

 Dalibor

I reccomend the integrated Windows firewall.  It actually works good...

Yes, it does work good. But the word "good" is the problem.
I am used to firewalls which perform "better".
Windows firewall does not offer any real rules based on IP addresses
and what's more important it does not alert me when there is some
communication originating from my computer and I am not aware of it.

Isn't there some real firewall available?

 Dalibor

Use a hardware firewall, like a router or a server.  Very effective ip filtering and mac filtering.

Worrying about outbound is conceding that something nasty has made it in. Folks worry too much about outbound. Focus and worry about inbound. The best firewall is hardware. The biggest falicy in Security is believing you're secure.

Throtkar:
Your post is quite contradictory.
I definitelly do not believe that I am secure and therefore I do worry
about my outband traffic. Detecting un-wanted outboud traffic is the
best identification that something has made it in my computer.
It does not mean that it is realy nasty application, but there are tons
of different small utilities which are trying to "call home" time to time.
And I just want to know about it, sometimes I allow it, sometimes not.
If you will ever install a real firewall which will enable to see what
programs are trying to access internet without your permission you might
be surprised.

Hardware firewall and MS firewall do not help in this matter. Kerio/Sunbelt
was the best and I hope some new 64-bit beta will appear.

 Dalibor

Behind a hardware firewall is best. You are invisible to the internet. If your ports are managed correctly the script kiddies will not ever see your machine/s. If they don't see you then their automated port scans move on to more open systems.

What software firewall does stateful packet inspection? My hardware firewall drops bad packets on the floor. My hardware firewall does not even trust its own internal network. My various windows systems do send out outbound traffic. I don't care because that is part of their function. I don't worry about windows media player checking the streaming characteristics of its media connections. I don't care if my systems want to check for updates. I really don't want to have to view and sign off on every single outbound connection.

I pay more attention to processes and have software that monitors the system processes and prevents any new process from ever getting started without my approval. If nothing can load without my approval then why should I worry about outbound?

In 20 plus years of computing I have never had a virus, trojan, worm, or browser hijack. I don't download files from P2P sites, or shareware. I don't click on untrusted links in emails nor file attachments. I practice safe computing and it simply works...

rhoffman wrote:

I reccomend the integrated Windows firewall.  It actually works good...

It is pretty decent on sp2/x64sp1, but I still don't like it 100%.  I was thinking of picking up mcafees personal firewall plus deal for $39, since thats the easiest and least problematic two way one I've ever used (as well as very informative) ...but unfortunately they don't support x64 yet.  Ah well...life goes on.

 

___

To elaborate on that, I'd like the ability on the windows firewall to open up a port range.  Maybe you can and I just haven't figured out how yet.  Which is only proof that it needs to be more informative, IMO.

ZoneAlarm just posted a beta 64 bit version of its firewall.

Throktar - I agree with you 100%. The first step is being behind a hardware firewall, even if some don't like to admit it because they don't have one. The second step is, like you say, safe computing and being wise about where you go and what you download. Every software firewall I have ever seen or used takes way too much configuration and ends up using resources - and then still doesn't do it as well as a hardware router/firewall. I have used Eset Nod32 (now the 64bit version) with Spybot S&D and Ad-Aware for years and never had to deal with any virus or malware getting through other than cookies which are easily removed during weekly maintenance. I don't even subscribe to the "having to go to FireFox for security" train of thought - IE is a much stronger browser and if your system is configured properly is not a threat as Nod 32 constantly monitors incoming and outgoing in realtime. E-mail is the biggest threat if not handled properly as it can get through everything because you are in a sense inviting and allowing it when you download it which bypasses everything. So I don't download it until I'm sure of it - read it on the server and download what you want to keep. Sounds like you've been around awhile!