Pretty happy with Norton Internet Security.

I'd also second Scott's vote for a hardware firewall, but I like the software firewall's ability to specifically block outbound traffic, like the annoying efax.com popup program.

Anything new here?

I too am behind a router at home (but like having both belt and suspenders ) and also want a firewall when at public wifi hotspots or glomming onto someone's network.

I've been playing with the Comodo Firewall
http://www.comodo.com/ It gets very good reviews.

I finally dumped Zone Alarm because it basically stopped working.

Or is Windows XP's built-in firewall enough when out in public?

I find Zonealarm adequate but since I use a WAN card for domestic travel (Sprint) and disable my wifi card, I do not think I can be hacked in the ordinary way. I only use wifi at home on the farm.

That makes two of us - actually three, as I just talked a friend through removing ZA from their laptop which that software brought to its knees. I got so sick and tired of scanningprocess.exe chewing up my CPU, I removed the entire package tonight and installed Comodo+AVAST for a free, low resource intensive firewall/antivirus combo.

Comodo seems to be stable, nicely designed and works without chewing up my resources; I'm happy so far.

As an IT guy, I think safe computing habits and the XP integrated firewall are sufficient for general public access points. BTW, the "computing habits" are a MAJOR factor.

There are too many idiot users out there who expect software/hardware to protect them from themselves. It's like a condom: sure, it'll protect you, but don't go putting it in high-risk places.

Browse safely this holiday season, folks. Oh, and flies spread disease...so keep yours closed.

Disagree with some of the upthread comments about not needing a firewall while doing WiFi, since WiFi is easily hacked.

The primary purpose of having a firewall on your Windows laptop (or home PC, but for now let's talk laptop on a public access point) is not to prevent WiFi hacking. It's to lessen the chance your PC from being exposed to exploits on the public internet. Stealthing ports, preventing unusual inbound and outbound access, etc. Making it less likely that the latest zero-day exploit or patch-available but not-yet-patched will own your machine, make it part of a botnet, install a rootkit, etc.

The general consensus is that an unpatched Windows machine, unfirewalled, connected to the public internet (whether via Wi-Fi or ethernet cable, if connected to a well-known IP provider like Comcast, Verizon, Qwest, Sprint, T-Mobile, whatever) will be infected within 10-30 minutes.

That's what the firewall is for. Not for protecting you from the guy on the other side of the RCC sniffing your packets.

Also - big reason for using a 3rd party software firewall, whether it's Norton, McAfee, Comodo, ZoneAlarm or whatever: They all provide firewall protection for outbound connections. The built-in Windows firewall, at least in XP, only protects against inbound. If some malware is on your machine already, unknown to you, trying to contact the mothership, the Windows firewall does nothing to stop its outbound connection attempt. The third-party firewalls add this protection.

Actually, there's no such thing as a "hardware" firewall. There are firmware firewalls that come loaded in a box with connectors on it, but it's still good old code that's inspecting packets and deciding what to do. There are no gears and levers in there that hackers can't penetrate.

Firmware firewalls might offer marginally better protection (because an intruder has to figure out how to re-flash the program memory), but good software implementations have ways of preventing their own code from being corrupted, so the margin of superiority is extremely slim.

The term is generally used to describe an appliance that has a built-in firewall, as opposed to loading a software program on your computer that does the firewall function.

It doesn't really matter how the firewall is implemented in the appliance (eg, router) as long as the function is built-in to the appliance. It's all software at the end of the day, but that doesn't really matter. (Does it matter if your washer/dryer has a computer program driving the display, controls and operation of the appliance?)

-David

If that's true, why do I get popups from Windows Firewall saying "Program such-and-such wants access to the internet. What do you want to do?"

Vista added outbound filtering capability to the Windows firewall. I don't know if this new firewall can be run on XP (I think MS wants it to be a Vista feature and might make using it on XP difficult).

But outbound filtering is turned off by default, and turning it on is much more difficult than controlling inbound filtering. Probably beyond the interest and abilities of most Vista users (have to use MMC and Advanced Security Group policy -- big pain in the neck, and a really flawed implementation).

I use SystemSuite (by Avanquest) which includes an effective firewall (NetDefense) which is not resource hungry and works well on Vista. For XP there are lots of other firewalls that work well and are cheap (often free). Sticking with the Windows firewall is probably a poor choice for most people, unless you are willing to spend a lot of time administering it. If you don't know what administration it requires, then it is a really poor choice (it will leave your system vulnerable).

Keep in mind that the OP was from 4 years ago. When the XP firewall first came out, I believe it was uni-directional only. I think it's changed since then, but I've never used it.

FWIW, I put the free version of zone alarm on a new laptop I setup with XP Pro. It seems to work ok for me. Lot's of pop-ups, but that's to be expected when it's new and you haven't trained it yet. My older laptop had a Symantec Corporate firewall. I didn't particularly like that one, but I lived with it for a long time. It did work, but it was annoying in some ways.

-David

ScottC hit the nail on the head, go with a VPN connection and use secure email and web when you can.

For software firewalls I am smitten with Blink
http://www.eeye.com/html/consumer/pr...ink/index.html
Blink, from Eeye, is free for personal use. I am convinced its the most effective firewall/malware/spyware/adware toolkit available and its very lightweight. It takes up a fraction of the memory/cpu footprint that just one of those applications alone normally takes... in short, I'm zealous about it to the point of not building an XP box without it.

I'm also a convert from ZA to Comodo... ZA had memory leaks and was causing problems when I do p2p. Comodo runs great

ok, I'm giving it a try. So far it looks very nice and fairly easy to use with a very nice initial configuration wizard. Allowing incoming ssh was much easier than with ZA.

-David

Thanks, LIH Prem. I was very confused by his statement.

While I really liked Comodo, I ended up removing it because I never could get it to play nice with my two print servers. That was probably my fault/impatience, though.