I have had Zonealarm on my desktop but for some reason it decided to block all internet access so I have removed it. My question is, is it necessary to have two firewalls as my router has a firewall built in?
firewalls
- Thread starter jaymar
- Start date
Help Support UKworkshop.co.uk:
TrimTheKing
Established Member
I work in IT and look after the Internet connectivity for KPMG UK. I can honestly say that in general terms Internet safety is as much about your own vigilance as anything else.
Obviously a firewall will protect you from DDOS and various other malicious attacks, but the firewalls on home routers are generally more than enough to deal with these (and you are unlikely to be a target for such attacks, which are generally reserved for ISP's and giant companies).
I have 3 PC's at home and not one has, or has ever had a personal firewall on it, and in 10 years I have never had a single virus or malicious attack.
It's all about being careful which emails you open, where you browse to, the kind of things you download and whether you AV scan them before opening any downloaded files.
Just so you know, my ISP is BeThere and I use their BeBox device. The firewall is set to not allow any connections initiated from externally and being a stateful firewall will only allow return traffic from sessions initiated from inside the firewall.
Cheers
Mark
Obviously a firewall will protect you from DDOS and various other malicious attacks, but the firewalls on home routers are generally more than enough to deal with these (and you are unlikely to be a target for such attacks, which are generally reserved for ISP's and giant companies).
I have 3 PC's at home and not one has, or has ever had a personal firewall on it, and in 10 years I have never had a single virus or malicious attack.
It's all about being careful which emails you open, where you browse to, the kind of things you download and whether you AV scan them before opening any downloaded files.
Just so you know, my ISP is BeThere and I use their BeBox device. The firewall is set to not allow any connections initiated from externally and being a stateful firewall will only allow return traffic from sessions initiated from inside the firewall.
Cheers
Mark
MrJay
Established Member
In theory you only need one good firewall. I suppose you could check the logs Zone Alarm produced and see if it ever did anything useful; if not I'd consider that a good sign that the firewall on the router is doing a fair job. XP service pack 2 also comes with a firewall which you could enable for a bit of extra peace of mind.
I reckon a firewall absolutely essential. A fun game is to try attaching a fresh install of Windows XP sans firewall and service packs to the internets and see how many minutes it lasts. Less than 10 I'd wager.
I reckon a firewall absolutely essential. A fun game is to try attaching a fresh install of Windows XP sans firewall and service packs to the internets and see how many minutes it lasts. Less than 10 I'd wager.
MrJay
Established Member
That's a fair point actually; if you're mobile you probably want a personal firewall more than most as you've less control over whatever networks you may attach to. (also, not all routers have firewalls, mostly it's the better domestic ones that do; cheap ones often don't)
TrimTheKing
Established Member
Yep, good points one and all. A hardware based firewall is perfect for when you are at home but as you rightly say, a personal firewall is a must if you are roaming.
Problem with most of the ones you can buy (Norton, ZoneAlarm to name 2) are very poorly written and resource intensive. We use RealSecure in work, but that is more of a corporate solution so not much use at home. I am yet to find a decent one that doesn't hog system resources.
Cheers
Mark
Problem with most of the ones you can buy (Norton, ZoneAlarm to name 2) are very poorly written and resource intensive. We use RealSecure in work, but that is more of a corporate solution so not much use at home. I am yet to find a decent one that doesn't hog system resources.
Cheers
Mark
PowerTool
Established Member
jaymar":3iqlvhcs said:
It wasn't Zonealarm itself,but an automatic update by Microsoft that affected Zonealarm - check out the yellow box half-way down the right hand side - an updated version is available that solves the issue.
Andrew
Hello Jaymar
Have you fallen foul of Microsoft's last XP update?
Have a look at this thread ...
https://www.ukworkshop.co.uk/forums/view ... hp?t=25151
There is a link in there in a post from OLD which will take you to the Zone Labs site, where you will find the latest (free) version.
As Mr Jay says, the conventional wisdom seems to be not to run two software firewalls in case they are incompatible, his point about running Zone Alarm and your router firewall to see if anything gets past the router makes sense. If your router does the trick on it's own, why waste resources ?
Cheers
Dave
Have you fallen foul of Microsoft's last XP update?
Have a look at this thread ...
https://www.ukworkshop.co.uk/forums/view ... hp?t=25151
There is a link in there in a post from OLD which will take you to the Zone Labs site, where you will find the latest (free) version.
As Mr Jay says, the conventional wisdom seems to be not to run two software firewalls in case they are incompatible, his point about running Zone Alarm and your router firewall to see if anything gets past the router makes sense. If your router does the trick on it's own, why waste resources ?
Cheers
Dave
MrJay
Established Member
Actually I'm going to stick up for not only the much maligned Mr Brown, but also Norton. Norton Ant-Virus and their firewall rocks big time; they represent quite the most spectacularly secure set of interweb security stuffs that you can get for less than quarter of a million dollars and there quite simply isn't nothing in the domestic market that compares. Norton is seriously good schit.
Whether or not Norton is overkill and you'd be better off with something less obtrusive is another thing...
Whether or not Norton is overkill and you'd be better off with something less obtrusive is another thing...
Terry Smart
Chestnut Products
Hi Guys
An interesting thread; I don't often go mobile on 'shared networks' but I've sometimes wondered about other network users being able to access my shared folders - so I normally make sure it's empty.
I hadn't thought of using a firewall in this way, d'oh!
So, I've stuck Zone Alarm on my laptop, all seems ok, except that now I can't get my main computer to see my laptop, it's being blocked!
I tried adding the IP address for the computer but that doesn't work, it seems to want the IP address for the router, which I can put in... but don't all routers (at least of a certain make) have the same IP address? Which means that if I am mobile somewhere else using the same type of router I'm back to square one?
Of course, I could turn ZA on and off when needed, that'd be easy enough, or is there another way I'm not seeing?
Thanks
An interesting thread; I don't often go mobile on 'shared networks' but I've sometimes wondered about other network users being able to access my shared folders - so I normally make sure it's empty.
I hadn't thought of using a firewall in this way, d'oh!
So, I've stuck Zone Alarm on my laptop, all seems ok, except that now I can't get my main computer to see my laptop, it's being blocked!
I tried adding the IP address for the computer but that doesn't work, it seems to want the IP address for the router, which I can put in... but don't all routers (at least of a certain make) have the same IP address? Which means that if I am mobile somewhere else using the same type of router I'm back to square one?
Of course, I could turn ZA on and off when needed, that'd be easy enough, or is there another way I'm not seeing?
Thanks
davegw
Established Member
I have two PC's at home, one acts a server and had norton firewall on it. Whenever I checked, it boasted how often it had intervened to save me being attacked.
On investigation every one of the attacks was either the PC downstairs or my Work laptop trying to connect to the printer!
no firewall internally now - rely on the one in my router.
On investigation every one of the attacks was either the PC downstairs or my Work laptop trying to connect to the printer!
no firewall internally now - rely on the one in my router.
Terry Smart
Chestnut Products
Terry Smart":152vejtm said:
Anyone?
RogerS
Established Member
Terry Smart":ma0iclf7 said:
Terry - seem to remember ZA having two zones (Internet and Trusted) so wonder if that is where your problem lies. Your local computers should be in the trusted zone (I think). Hopefully someone will be along with a bit more knowledge.
General point re firewalls - a good firewall will stop rogue traffic going out from your computer as well as prevent stuff trying to get in.
Roger
Hello Terry
I don't know a lot about networking, but had a poke around on the Zone Alarm forum ...
http://forums.zonealarm.org/zonelabs/bo ... age.id=510
Says ...
'3) How do I get Internet Connection Sharing (ICS) work with free ZoneAlarm?
The free version of ZoneAlarm does not support ICS.
Your options are to set Internet Zone to Medium setting (on the ICS gateway machine only),
or you can upgrade to ZoneAlarm Plus or Pro, which fully support ICS, allowing you to keep Internet Zone set to high.'
I take that to mean that you can't get the highest level of protection on a network unless you buy the Pro version.
You might try Microsoft's own firewall. I think it's available in XP and Vista. I don't know how well it works.
http://www.microsoft.com/athome/moredon ... setup.mspx
gives details of how to set up a network in XP.
There's also a FAQ page at ...
http://www.microsoft.com/protect/comput ... l/faq.mspx
Hope this is some help.
Cheers
Dave
I don't know a lot about networking, but had a poke around on the Zone Alarm forum ...
http://forums.zonealarm.org/zonelabs/bo ... age.id=510
Says ...
'3) How do I get Internet Connection Sharing (ICS) work with free ZoneAlarm?
The free version of ZoneAlarm does not support ICS.
Your options are to set Internet Zone to Medium setting (on the ICS gateway machine only),
or you can upgrade to ZoneAlarm Plus or Pro, which fully support ICS, allowing you to keep Internet Zone set to high.'
I take that to mean that you can't get the highest level of protection on a network unless you buy the Pro version.
You might try Microsoft's own firewall. I think it's available in XP and Vista. I don't know how well it works.
http://www.microsoft.com/athome/moredon ... setup.mspx
gives details of how to set up a network in XP.
There's also a FAQ page at ...
http://www.microsoft.com/protect/comput ... l/faq.mspx
Hope this is some help.
Cheers
Dave
RogerS
Established Member
I don't think that ICS is where Terry's problem lies since it sounds as if he has a router (which provides ICS logically). His problem lies in not being able to see each of the computers on his internal network on his side of the router.
Terry - if you go to Firewall then what setting is Trsted Zone set to? Should be Medium I think.
Terry - if you go to Firewall then what setting is Trsted Zone set to? Should be Medium I think.
Similar threads
