Why is EVERY SINGLE software firewall a load of crap?

[RJARRRPCGP]

Just dump all that firewall stuff, setting it up for an home enviroment is just wasted time and also most worms now turn off firewalls directly so you won't even find out that you're unprotected.

At the minimum, don't allow unused ports to be left wide open! Because a new virus can find a way to crash a Windows component!

[iCEhOT]

Yep tried outpost, tried kaspersky (which was complete and utter crap btw), had the same "interfaces" problem described originally, had next to no options, and although I tried this program a few months ago I *think* i recall that you either allowed net access or not, not server or client access etc...

Outpost is ok, but buggy atm, that would be my second choice, although it has the problem of needing an expert rule for every program u want to have some access etc... Also the interface isnt the best...

I'm not leaving any ports wide open, cos atm, i'm running a hardware firewall, and windows firewall so nothing can come in, I just have no outgoing protection right now, except for antivirus and antispyware etc.

Nice to see though that I'm not the only one who thinks the current state of firewall software is pretty abismal!

[Andrew932]

Try Kerio 2.1.5 version, never had any problems with it. I didn't like Zone alarm because it kept blocking me out of the internet.

[RogueSpear]

Try Kerio 2.1.5 version, never had any problems with it. I didn't like Zone alarm because it kept blocking me out of the internet.

Believe it or not, this very old version of the freeware Kerio is about the best I've run. I thought that 2.1.5 wasn't available for download anymore in lieu of a newer version.

[WolfX2]

its hard to know what software to trust! some of it is REALLY good and some of it is just a piece of crap that comes in a shiny box

[Andrew932]

Try Kerio 2.1.5 version, never had any problems with it. I didn't like Zone alarm because it kept blocking me out of the internet.

Believe it or not, this very old version of the freeware Kerio is about the best I've run. I thought that 2.1.5 wasn't available for download anymore in lieu of a newer version.

I used it a couple of years ago when I got fed up with Zone Alarm. Kerio and AVG Free work great together. Unfortunately Kerio 2.1.5 is a bit out of date now and I doubt the protection is that good but it does Inbound/Outbound protection so it would easily be adequate I would had thought (excellent for PCs running 64MB RAM)

http://pricelessware.org/thelist/sec.htm

(Scroll down)

Personally, I've got fed up with using Free software so I now use Norton Internet Security 2006. Not exactly the most recommended security software but it's just as good as anything else. (Although for some reason fails to detect a 6 month old MSN virus while AVG detects it)

[kurt476]

Hi chilifrei64, i was woundering if you know anybudy els knows how to disable complete windows xp firewall so i can use outpost?

they both seem to have a conflict or something.

dose anybudy know?

[WolfX2]

@kurt476 -

1.go start>run, then type in "services.msc" (without the quotes)

2. Find "Windows Firewall/Internet Connection Sharing (ICS)"

3. Right click it, then click properties

4.Click the general tab

5. under startup type select, "Disable"

6. Click OK

Edited February 25, 2006 by wolf74481

[chilifrei64]

that would be the easiest way.. or you can specify group policies to deploy that settings to multiple computers or GP has a setting to disable the firewall. Normally in my group policies, I will disable windows firewall and disable the service because it does tend to remove some lingering dependencies.

[DigeratiPrime]

Winpooch

http://winpooch.free.fr/home/index.php

1) remove default filters that allow anything to connect to internet

2) add custom filter that says block everything from connecting to internet

3) add filter that says let firefox connect to any address on ports 80 and 443.

[EDIT] I went ahead and posted a guide here:

http://www.msfn.org/board/index.php?showtopic=68523

Edited February 25, 2006 by DigeratiPrime

[kurt476]

Hi, chilifrei64 and every one els...

that would be the easiest way.. or you can specify group policies to deploy that settings to multiple computers or GP has a setting to disable the firewall. Normally in my group policies, I will disable windows firewall and disable the service because it does tend to remove some lingering dependencies.

How did you deploy gp for the windows firewall to be disabled?

also if i reinstall windows xp with service pack 2 would there be away to have this done?

[chilifrei64]

First create a group policy and lets call it WS_Windows_Firewall (That is my naming convention for Workstation Windows Firewall GP)

Secondly we will apply it above the OU where the computers reside and leave security filtering to authenticated users

Thirdly we will add a WMI Filter.

-> From within Group Policy Management Console

-> Right click on WMI Filters and select new

-> Under Name lets call it PostSP2

-> Under Queries add

--> Select * from WIN32_OperatingSystem where ServicePackMajorVersion>=2 and Version='5.1.2600'

-> Hit OK

Apply this WMI Filter to WS_Windows_Firewall (the selector box underneath security filtering)

Fourthly lets right click on WS_Windows_Firewall and choose edit

-> Navigate to Computer Configuration\Windows Settings\Security Settings\System Services\

--> Select Windows Firewall/Internet connection Sharing

--> Check "Define this policy

--> Choose Disabled

-> Hit OK

-> Navigate to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile

--> Select "Windows Firewall: Protect All Network Connections

--> Choose Disabled

-> Hit OK

Lastly.. close out and your all done. This will disable the Windows Internet Connection Firewall Service on all computers running Windows XP SP2

As far as re-installing and automating having it done.. I only do RIS OS Deployments, GP Software Deployments, and GP setting deployments..I don't normally mess with default settings on install.. for me.. once you join to the domain.. you get all the settings you need..As geeky as it sounds.. even my home network is this way.. I know nothing of applying custom reg settings through runonceExec or however that goes.. Domain all the way

Edited March 1, 2006 by chilifrei64

[kurt476]

Hi, chilifrei64 is there away to export this to my unattended cd after that is done?

Edited March 1, 2006 by kurt476

[chilifrei64]

Like I posed above. I dont do unattended installation stuff... All my stuff that I do gets pushed down via group policies

Edited March 1, 2006 by chilifrei64

[kurt476]

dose anybudy els know how to export gp's?