Unfortunately I don't use Norton either. Which Linksys Router do you have? Do you have the Router IP in your trusted IP's? For instance in ZAP the program recognizes I am connected to a router and adds the router address to my trusted zone.

hazz-Yep exausted Symantec days ago. If I can figure how to delete or uninstall the firewall portion of NIS without affecting the anti virus part that's what I'll do and go with ZA! Tired of fooling with this-two weeks almost, is long enough.

Thanks

Well I should be able to help you with ZAP, ZA+ or ZAFree, but is you can make sure that you have your router allowed to access your computer, this doesn't mean that things that go through the router are not scanned by your NIS but that it is able to be connected to your computer. If you have NIS blocking your router then it might not be translating the Standard NAT of the router. I don't know enough about Linksys or NIS to be more specific.

hazz-yeah, pretty much given up on Symantec...good stuff but the support isn't! Thanks

From Sam Spade:
"Personal Firewalls" are mostly snake-oil
A 'personal firewall' isn't a firewall. A firewall is a dedicated box with (usually) two or three ethernet ports running no services other than a firewall. My preferred configuration is an x86 box with a couple of tulip cards running FreeBSD or OpenBSD and ipf, though you can do OK with Linux and iptables too. You can run either on a $100 obsolete PC. (*BSD is better, but Linux is easier for a new user to configure).

Even the little hardware NAT boxes that you can get for sharing a DSL connection or cable modem are way better than any 'software firewall' (The NetGear RT311 and RT314 are extremely sophisticated and flexible NATs and start at less than $100 - they do full NATing, allow port forwarding and filtering to a protected network (NetGear Firewalls and NATs).

So... what does a 'personal firewall' actually do? Well, effectively it listens on all the ports on your system. This provides no real additional security over turning off the services that you don't use.

I'll repeat that - it provides no real additional security over turning off the services that you don't use. (Maybe it'll block trojans from phoning home, but A) if you've run a trojan your system is completely compromised and B) http://cyberpunks.org/display/356/article/).

What it does do is break standard network applications (such as traceroute) and, more importantly, if badly written it will claim normal background network traffic is some sort of attack, alarming the user for no good reason. I've never heard of a 'personal firewall' that isn't badly written in this way. That doesn't mean one doesn't exist.

Why do the authors do this? Two reasons, as far as I've been able to gather.

The first is that most of the people writing these applications know next to nothing about IP networking. They may be pretty good windows developers, but they have no idea what normal network traffic looks like. That should make you nervous about their ability to block any real malicious intent.

The second is more insidious... Why is an end user going to buy / register / upgrade their 'personal firewall'? They're not going to do so if they don't perceive any benefit from it. If it were a properly written application that just sat there, doing its job quietly in the background, users would forget it was there. But if it pops up warnings about 'attacks' all the time then it's clearly Doing Something. Most of those warnings are entirely frivolous - normal network traffic. And the remaining few... well... if the 'personal firewall' has protected your system from the supposed 'attack'... why do you care about it? You're safe from that supposed 'attack', right? So why pop up warnings and alerts? To make you feel you're getting a service from this program and so you'll pay for updates or 'Pro' versions.

The bottom line is this... If you care about your home network security a lot, and you're interested in it, spend the time to learn about networking and build yourself a standalone firewall.

If you don't want to spend that amount of energy on it, buy a standalone dedicated NAT or NAT+firewall box. I like the NetGear RT-311 and its siblings, but there're a bunch of others out there too. It'll sit there, do its job and never bother you again.

If you want to play with a piece of windows software that makes you click all over the place, there's always minesweeper.

If you'll feel safer sleeping at night knowing there's a 'personal firewall' running on your system, then install one. As long as you pay no attention to the "hack attacks" it reports it's better than nothing. A free one, ideally, as few of them are worth paying for. Turn off all the alerts and logging - you'll just waste your time (and, more importantly to me, my time and the time of other network administrators your complaints go to) increase your blood pressure and provide no benefit to you. If you really want to leave them turned on and see where traffic is coming from, feel free, but remember that most of the traffic you see is harmless, and that even if it isn't harmless it can't affect your system (if it could, it wouldn't be logged). Oh, and try not to waste admins time with frivolous complaints.

"But, but, but reporting these alerts to network administrators will help them catch crackers!"

Uhm, no. I know a whole bunch of network security and abuse staff. The response to any complaint with ZoneAlarm, BlackIce etc logfiles in it is to close the ticket, usually with an annotation like 'GWF' (Goober with Firewall). 99% of those reports are frivolous, about normal network traffic. In the remainder of cases there's nowhere near enough data in the logfiles to provide any idea of why the end user is upset. If you send frivolous complaints that just wastes the time of the staff receiving them and prevents them from handling real security issues. How do you tell if a complaint is frivolous? If the sender doesn't understand basic networking, it's almost certainly frivolous. If the sender is complaining based on 'personal firewall' logs, it's definitely frivolous.

The abuse desk staff I talk with hate users of 'personal firewalls' more than they hate spammers. That should tell you something about how useful your complaints will be.

"You're just a unix bigot and don't like Windows applications!"

I don't like Windows applications for networking, no, as Windows isn't very good at it in general (with a few exceptions - some of the kernel level networking code in NT4 and NT5 is extremely sophisticated). As for being a unix bigot... I'm a Microsoft Independent Software Vendor, subscribe to Microsoft Developers Network and in my spare time produce Windows Network Applications.


http://preview.samspade.org/d/firewalls.html

Also from Sam Spade:
Personal Firewalls
If you are running a 'personal firewall' such as ZoneAlarm or BlackIce Defender, please read the following very carefully

Normal traffic
There is a huge amount of background traffic on the internet. The majority of the alerts your personal firewall shows are normal background traffic. Nothing to worry about, nothing to notify anyone else of, nothing worth investigating.

Worms attacking IIS webservers
There are a number of worms that try and infect machines on the 'net. If you're running a Windows machine and not running IIS you have nothing to worry about. One thing that means is that if your personal firewall tells you that you have attempts to connect on port 80 it may well be traffic from one of these worms. Don't worry about it. Don't notify anyone about it.

'Alerts' are not something to worry about
If your personal firewall pops up an alert, there is never any reason to worry about it. Never, ever, notify an abuse desk about it. It merely wastes their time, and yours.

Don't let your personal firewall alarm you
And finally, most personal firewalls are snake oil, intended to separate money from those who don't understand the issues involved. That means that they will alert you about perfectly normal network traffic, even though there is absolutely no need to do so, in order to encourage you to upgrade or pay for 'Pro' versions.

http://preview.samspade.org/d/persfire.html

That whole diatribe is Crap, nothing is given about outbound traffic which is the major reason to have a Software Firewall. That guy is full of it, because there are a number of things that will go right through a Linux box and smash a windows box. This clown is trying to claim an expertise he doesn't have, evidently and just wants you to run a system that the most common user is not capable of running. The major reason I run windows is the ease, no matter what he says the additional lag time on the Linux box is going to significantly impact on-line gaming. God I hate such "Ex-spurts", they want to go back to the Internet is only for geeks time. I admit many of his major observations about the efficiency of the Windows System, but my Mom and Dad can operate a Windows Machine with minimal problems, but Linux installs would be completely over their head they wouldn't even know how to configure a piece of Linux hardware. These clowns are the intellectual bigots that give geeks a bad name.

I have a Linux Box, I can set up apps on operating systems that no longer exist except in the history books, I was there when Unix was first becoming popular and when it was a programming nightmare. This is like those people who burn SUV's in the night in Southern California creating more pollutions in those fires than would ever have been made by that SUV during its lifetime. These are the same people who complain about people who don't patch their machines. People who want the Internet to return to the days when it was just a means for University Research and Military Development of the DARPA days.

Well your time is dead, just as Windows as it exists now will be dead in the future, those who stand still will be left in the past. Not only should we not listen to you, we should expose you for the neo-Luddite you are. This is not to say that at Software Firewall should be on every machine, but it is to say that one day there will be less of a need for one. You can live in your fantasy world of every computer user being a Linux user, but it isn't going to happen. The average user doesn't want to invest the time in doing what you want, and no one is going to give up their ability to use what they are comfortable with, just upon your say so.

I hate MS Windows and wasn't an early adopter. What I hate even more is pompous idiots trying to say what should be done. I have seen it tried your way with only a Linux Box Hardware Firewall, and it was owned by some character who was hopping out of Europe. If you haven't had that experience then you should just count your lucky stars. But don't think you are immune, if that black hat hacker spent the time and energy on you that you think you are worth, he probably could own you like the hacker owned that box, he was a damn sight better than an average cracker.

So what I am saying is buy a cheap $100 box and spend your time learning a new system if you have the time and the energy to do so. Alternatively spend $40 for a Pro Level Software Firewall or install a Free Software Firewall, the Techs that hate these things are usually just lazy SOB's trying to do the minimum to get by through their day, they won't take time to explain their opinions and most are just mimicking the party line of neo-Luddites like this one.

Thnaks, for clearing that up......... are you sure that' how you really feel

I am new here and honestly have not had much experiance with hardware firewalls. However one thing they offer is the fact that they are always on no matter what the computers behind them are doing, and the computers behind them do not have to run an extra program(software firewall). I think in some cases the hardware firewalls provide more customizable options as well. And of course most provide NAT which is another line of defence.

Everyone who works in IT security for a living knows that hardware firewalls and software firewalls compliment each other. They both serve a purpose on a network. The nodes get the software firewalls which are basicly to keep sneaky apps from not getting access to the internet and the hardware firewalls stop the nasty buggers getting in. Throw in a decent AV, trojan-scanner, reg-cleaner, bunch hand tweaks, latest patches ALWAYS and a nice system cleaner (slack wash + bleach etc) and you have a nice setup that will keep out ALL the script kiddies and the scan bots. The only time you get hacked then is if you run and give something naughty access or someone that is good has you as a specific target

even some of us that don't work in the IT Security field.......get it