Loading Search...

Saturday, January 27, 2007

firewall alternatives

i'd try a few firewalls product, especially free personal firewall.

from what i've tried, most free personal firewalls are application firewall. that mean, each application you run can have different rules on what ports it can or cannot connect to the internet.

so far, i only found one free personal firewall (it's softperfect personal firewall) that do port based only and do not care about what applications are using what ports.

what is the different?
i wont tell you network engineer or security expert terms what make these firewall different from each others.


from end-user point of view:

with application based rule, you will be asked each and every time a new apps is trying to connect to a port that's not yet in rulesets. thats mean annoying popups each time a new application try to connect.

with port based rule (like softperfect personal firewall), you only asked onces after the program is installed. and after you setup all the rules at once and only once, your firewall sits there without asking you another question.

so what...

with too many 'annoying' popups by application based firewall, end-users tend to ignore whatever the firewall is warning about and they tend to 'automatically' press the 'Yes' or OK button without understanding the risk, or without even read the warning at all.

so, the application based firewall tends to become useless in the long term and also an administration headache for people like me, managing dozens of friends, families and clients' personal computer / laptop.


with port based firewall, i only need to setup the rules once and never mind about what application using what ports.

off course, the downside is, virus/worms/badware/malware can still go wild and using the internet on those allowed ports without the user know about it.


it's security vs usability.

0 comments:

Loading