Firewall....can someone give me a good source for an effective one?

[John Schmidt]

The title tells it all, I need a good one. Anybody have such experience? Serk....how about your experience with such things, any suggestions. Plus, the guy that worked on the tower suggested I shut down each night instead of just going into "sleep" mode. I'm open to anything constructive on this, I'm definitely not a computer whiz.

[Serk]

What are you specifically after?

I personally turn off the local software firewall on my non-Internet facing computers and just use my router with NAT to clock incoming malfeasance. Any quality router that's had it's firmware kept up to date should be fine (I personally have become rather fond of the Asus routers, but that's just a personal preference.)

(And I don't even use the softwall firewalls on my fully Internet exposed servers, I just disable unneeded services and close unneeded ports.)

The software firewalls on the client computers, IMHO, are more trouble than they're worth unless, as I said you have something very specific you're trying to block.

(If you have a router that your client computers are connecting to the Internet via, you're behind a hardwall firewall already.)

Addition - I don't even let my computers go to sleep, much less turn them off. Once again, just personal preference, but unless you have an SSD, the power on cycle is the most damaging to a hard drive. If you just leave it running all the time it'll last longer.

[John Schmidt]

I just want to be able to go online and not worry about someone hacking in and gaining access to my personal stuff....or anything else. You mentioned a router, if I install one does that do the trick or is something else needed? You refer to "non-internet facing" computers, I don't know what that means. Is that a unit that's not directly connected to the net? The guy doing the cleanup did find a couple foreign IP's and jokingly asked if I'd been hitting the porn sites. No, but my wife's grandson may have without my knowledge, easy to do on my set up. Next time he/they come to visit I might ask him, at least then he'll know I'm on to him. Or, just lock out the computer while he's here, kinda sad a person should have to do that.

[Serk]

Sorry, I gave an overly complex answer.

Yes, Internet facing in this context I meant a computer that's directly on the Internet, not behind a router and NAT'ed.

Odds are about 99% you're already set up with a router which acts as a firewall. I haven't seen anyone do a direct connected computer in a consumer setup in well over a decade, since the dialup days.

Really the best thing to do is keep your computer updated, use a reputable anti-virus (Or just the built in one if you're on Windows 10, it's pretty decent actually)

IMHO the more firewalls, antivirus, anti-malware you install, the more vulnerable you become as it makes your computer even more complex and non-standard. Keep it simple...

[The emperor has no clothes]

Sorry, I gave an overly complex answer.

Yes, Internet facing in this context I meant a computer that's directly on the Internet, not behind a router and NAT'ed.

Odds are about 99% you're already set up with a router which acts as a firewall. I haven't seen anyone do a direct connected computer in a consumer setup in well over a decade, since the dialup days.

Really the best thing to do is keep your computer updated, use a reputable anti-virus (Or just the built in one if you're on Windows 10, it's pretty decent actually)

IMHO the more firewalls, antivirus, anti-malware you install, the more vulnerable you become as it makes your computer even more complex and non-standard. Keep it simple...

Well, I understand this explanation a little better. But it would help if you could speak English in the future.  John, please understand I have no expertise at all. But, I've been using Panda Internet Security for about 8 years now with no ill effects.

[Robert]

Do you have a virus program, they most of the time have a firewall program in them. Like Serk said a router is a natural firewall because in regular language your computer has many doors open to allow information to go in and out. Well by having a router its like having a fence with one gate around your house. So instead of having all your house doors exposed to the neighborhood you have a fence that only has one gate and that has a monitor on it to only allow certain people to come through.

This program will test for open ports on your computer and give you an idea of how exposed you are. If anything is open then you need to close that door to the internet.

Welcome to ShieldsUP!

https://www.grc.com/x/ne.dll?bh0bkyd2

Once you are to this page press proceed then all service ports.

If anything is open then your computer has failed the test. This will give you an idea of your exposure.


As for turning them off the ones at work are on 24/7 the one at home is off most of the time. I have an SSD in most all and the one at home takes 10 to 15 seconds to go from full off to full on ready to go. Its only preference, because the old days power usage was one of the arguments for shutting them off but they dont use much power. I also do not allow the computers to go into sleep mode just turn off the monitors

One more thing I would recommend your virus program incorporate a firewall only because its easier to setup and manage since a add on firewall can be kind of daunting in the choices on setup.

[Ramie]

Instead of a firewall I've used Sandboxie for years now.  What it does is run your browser or any program you wish in a sandbox keeping any malicious programs from doing any harm.

You can read about it here: https://www.sandboxie.com

I use the free version which requires I click a few buttons to start up my browser but they have paid versions.

[Roidfingers]

Or you can do as I do and have a VPN. Which is virtual private network. What they do is when you are online it sends your IP to their server then to the intermet with a different IP address. No one can trace you. I live in Alabama and my IP shows up in dallas tex. But I could send it overseas if I which. With the Dallas one there is no lag at all. Or so little I can't tell. If I want to send to Albania, then maybe I could tell. The one I use is IPvanish. Look it up. IPvanish does not keep logs of any type, that way nothing can be traced. Very secure.

https://www.ipvanish.com/

I have a jailbroken media box and can get any channel I want plus free movies and sports. I have no cable or sattelite . Love it. They why I use IPvanish. Good for up to 5 different devices. Ipads, phones, computer, media box / firestick etc....

[Serk]

I'm gonna add one more thing... If we're in a world where almost everyone sends their mail on postcards and a very small number of folks send their mail in an envelope, who do you think will get more attention, the ones going with the flow or the ones that are extra secretive?

In some ways, being more secure is being less secure as it draws more attention to your activities.

Just my opinion, and worth what ya' paid for it.

Just an idea, but if you're concerned about relatives/friends using your computer, pick up an inexpensive low end laptop or Chrome Book (I've gotten rather fond of my Chrome book lately). It'll come in handy for when you're traveling, plus it's a lot nicer to browse the board with it while sitting on the throne than a phone or tablet, and when company come over, offer it up for them to use instead of your main computer.

(The Chrome Book I got was under $200, will run for 12 hours of real usage on a charge, is tiny and takes up almost no space in a saddle bag. I used it for my recent Inzane trip (The reason I bought it) and it handled everything I needed to do while on the road.)

[scooperhsd]

serk - the new wrinkle  is IPV6 - I'm not sure how these home routers implementation will deal with the viruses and what not when you are using IPv6. So, while in the past I would 100%  agree with your assesments on NAT home routers, I'm not so sure about today and IPv6.

At this point - if you are using IPv6 - I would want a software firewall on that client, even if it is the ones that come with Windows.

Also - general advice - don't go crazy and try to use multiple anti viruses /firewalls on a single PC - they will just fight with each other.

And for the guy using a VPN - with your VPN up, you have essentially put your PC out on the open internet. You should have a good A/V and Internet firewall running. If your VPN provider is doing the firewalling, then this advice is not as crucial.