I have tried lots of firewalls. The best I found for flexibility, power and ease of use is the Norton Firewall 2002. Regards, Splat
I am using Norton Firewall 2001 with Win2k. Extremely robust, efficient, and easy to use. No problem with any of my trading software (Qcharts & VTS order entry). Got it set up to update itself automatically everyday along with the antivirus definitions without any user intervention. I also have a second machine connected through Internet Connection Sharing, with the firewall installed on the primary PC and protecting both machines.
I have a router up front. I don't believe I need a firewall because I don't think anyone can "see" my IP, only my router's IP. Someone please correct me if I'm wrong. My ISP allows (Cox - by refusing to police) the storing of fellow customers files on my hard drive. I was getting over 100 hits a day by Cox customers on my firewall. I had trojans showing up and a lot of people creating hidden directories and storing other files on my drives. Cox said they weren't going to do anything about it because it wasn't explicitly illegal...so I bought a router. Every two weeks, Cox shuts down the ability to surf in my area by changing the DNS for everyone that they cannot successfully ping. At that point, you have to change your configuration to surf again. Thay are trying to run out the routers. If I had any other high speed inet svc available to me, I would switch in a heartbeat.
I had an interesting experience recently. I just happened to come across Steve Gibson's site and read the article about the 13 year old who successfully brought down his site temporarily. This article is located at http://grc.com/dos/grcdos.htm. It is a somewhat long but, very interesting and at the same time very disturbing article. I especially liked the part where he actually turned the tables on the hackers and made up his own spyware program to spy on them! It is amazing how easy it is for some individuals to take over the use of someone else's computer. Near the end of the article Mr. Gibson showed two methods that someone could use to see if they had the presence of one of these "IRC Zombie/Bots" on their computer. Well, I went ahead gave it a try. Just like he had listed in this article, it appeared that my computer had an established open connection to an IRC server running on port 6667. (every instance that Mr. Gibson had seen one of the "IRC Zombie/Bots" working, they used port 6667 when maintaining a static connection to the remote IRC chat server whenever the host PC is connected to the Internet.) I was alarmed to say the least. I didn't have any IRC programs running that may have given the same result. The second test was to try to discover if you had a local "Ident server" running on your computer. (I don't totally understand the IRC process but, in the article he states "since IRC servers generally require the presence of an "Ident" server on the client machine, IRC clients almost always include a local "Ident server" to keep the remote IRC server happy.") The second test showed that I had an "Ident server" listening in on port 113 of my computer. Well I didn't pull the plug on my cable modem like he joked about in his article. Instead, I downloaded ZoneAlarm v2.6(Free) off of http://www.zdnet.com/downloads/ and installed it on my computer. (By the way, we have 3 computers in the house all networked together and using the same cable internet connection and only one of the computers had the above tests come back positive.) Using ZoneAlarm is pretty neat. Anytime a program tries to access the net, ZoneAlarm will notify you and ask whether or not the connection should be allowed. I had a number of different programs that I never heard of pop up but, I only allowed Internet Explorer the access. Subsequent checks showed that I did not have any programs using ports 6667 or 113. I wasn't totally sure where the "IRC Zombie/Bot" was or if there was one to begin with but, later on down the road something else happened. Everytime I would reboot my computer ZoneAlarm would go through the same notification each time for the same programs that were trying to make an outbound connection. Each time I told ZoneAlarm that I didn't want to allow these connections to take place. However one time I noted on the ZoneAlarm box that sits on the screen (ZoneAlarm can also remain on the tray if you don't want it to take up too much space.) that I had this unusual looking icon next to my Internet Explorer icon. Now I knew that I had given Internet Explorer permission to have a connection but, what was this other program that was running? I placed my mouse pointer over the icon and a box came up that said "kernel32.exe is listening in on port 113"! I was shocked. How did this program get running? The one thing that I remembered was that everytime I booted the computer this "kernel32.exe" kept popping up on the ZoneAlarm notification box asking me whether or not I wanted to let it access the internet. Not knowing what it was I just kept saying no. I am sure that this last time I must have mistakenly clicked on Yes instead of No. Well, I traced the file to a directory called c:\Windows\Litmus which I thought was strange for a Windows directory. Inside this directory were five files named: kern3.exe, kernel32.exe, lit.exe, MSGSRV32.exe and MSGSRV320.exe all of which are 36,384 bytes in length. I then changed the directory to c:\Windows\5Litmus instead of c:\Windows\Litmus and then I rebooted the computer. Upon the new reboot, I noted that the program kernel32.exe did not pop up on the ZoneAlarm notification screen and I haven't heard from it since. In the end I am not totally sure what this program really does except that it was listening in on port 113 similar to the "IRC Zombie/Bot" that Mr. Gibson had during his testing, leading me to believe that I may have had this type of program on my computer. I am impressed with ZoneAlarm and I highly recommed it. I do use a hardware firewall on my computer (LinkSys Etherfast Cable/DSL Router) which gave me a false sense of security. The router does hide my ports well and using some of the testing software on Mr. Gibson's site, it showed that my systems were pretty much invisible. However, using his "Leaktest", I soon found out that my hardware firewall did not prevent any outbound communications from taking place. This is where ZoneAlarm fit in. Now my next step is to install anti virus software. I also recommed Ad-aware 5.62 (see http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles/search.html) which scans your computer for spyware software and allows you to remove it. John Dvorak (PC Magazine) said that when he ran this software he was amazed at how many hidden programs were running on his computer and that when he removed them he noted that his computer ran so much faster. If anyone else knows what the c:\Windows\Litmus directory is for and any of the files that I listed then please write a post. I am trying to figure out if I have just stopped a perfectly legit program from working! Also, take a look at Mr. Gibson's site. He raises a lot of issues about internet security especially in regards to Windows XP. He also has a lot of free testing and security software, evaluations, articles etc. rpc