should i turn the windows vista firewall off if i have a firewall active on my norton security package.

it was off but i have turned it back on again. is this ok???

[karbo]

Usually, one firewall is enough. Otherwise, conflicts may occur.

[lotuseclat79]

Hi Manila,

If you have both turned on and there is no interference, it would be useful to understand if having both turned on at the same time is a simple redundancy situation in which one or the other could be turned off. The real question is which provides stronger protection, and is there a better alternative to both.

Generally speaking, never get caught without a firewall running. If you have one from your Norton security package running, then it should not be necessary to turn on your Vista firewall. However, the amount of protection afforded by one vs the other appears to need testing. I could not find definitive testing results comparing the two. Also, there may be other alternatives to Norton's security package firewall, i.e. both Vista and Norton's firewalls could be turned off, provided a better alternative is in place and works without interference. A hardware router properly setup could provide great inbound protection, but that would also leave outbound protection an issue. ZoneAlarm Free is useful for outbound protection.

The question remains which is the stronger protection. First, I'd recommend visiting the website Nmap-Online to test out that all of your ports are stealthed. Shields Up! also can do this kind of testing, but not all of the 65,536 ports (0-65535) in one scan specification.

Leak tests are located at Firewallleaktester.com, as are firewall leak testing results of various firewalls, and evaluations of various firewalls at Firewall Challenge.

Note: Vista firewall is not tested in the firewall leak tests, nor in firewall challenge tests. Also, the firewall leak test web site appears to be inactive, but the author is known to have posted in the Other Firewalls sub-forum (using the same user name - gkweb) at Wilders Security Forums.

I would suggest searching for Vista firewall test comparisons by an independent (not subsidized by MS) firewall testing organization - they might be out there somewhere.

-- Tom

[perfume]

Dear Manila,
Welcome!Now that's the quality (rated very high) you will get for questions in this website !

Thank you Lotuseclat79 for a very useful response and guide to test firewalls. You've not only put the firewall issue in it's proper perspective but you have helped us all with your fantastic depth of knowledge! Thanks again!

[Kenny94]

Tom stays on top of security and new security programs as well. Tom was one of the first to talk about Superantispyware here at TSG back few years ago..

Do you remember this thread Tom?

http://forums.techguy.org/all-other-...tispyware.html

That's when I wanted to start to helping with HJT logs. After that thread! It's Tom's fault.... I told my Ex wife...

[mrss]

Vistas outbound protection is turned off by default, even if the firewall is enabled. Configuring the outbound protection to make it a general purpose firewall when turned on is not feasible for the average or even the advanced user. Perhaps a double secret super advanced user could do it, but it would be much easier to buy or get a free firewall package. In addition, these other packages can do things that one cannot do by writing a set of firewall rules.

Without outbound protection, there's no point in testing Vista. It would fail most if not all the leak tests that testers like to run on firewalls. Whether a leak test is valid is another issue. Certainly the threats exist. At the same time, Vista in its defense, has the user access protection that would prevent a number of the existing threats from fully installing w/o an OK from the user. Perhaps new threats will find a way around this. In any case, my opinion is that Microsoft is missing a huge amount of revenue by not producing an enhanced security package for its own products.

By the way, Microsoft also says to only run one firewall at a time. It's just good practice unless you want to run multiple firewalls and document the results for the rest of us.


.

[perfume]

Dear Karbo,
I have both the MS default firewall and the KIS2009 firewall on,working together! Two's company!LOL

[Gizzy]

Quote:

Originally Posted by perfume

Dear Karbo,
I have both the MS default firewall and the KIS2009 firewall on,working together! Two's company!LOL

much like anti-virus's it's not a good idea to run more than 1 software firewall as they could have underlying conflicts that you may not notice.

[perfume]

Dear Gizzy,
I can assure you that even if an Elephant passes thru', the MS firewall wouldn't detect. Actually,for a fact i know that two firewalls in tandem is a bad idea and my MS Firewall is not ON! I check up on my KIS2009 firewall regularly to notice how it's performing. Two's Bad Company!

[Gizzy]

That's good to hear,

Also despite everything said about microsoft's firewall the inbound protection is decent,
Though only vista has any sort of outbound protection and it's off by default so other than vista microsoft's firewall is useless against outbound,

And I don't think vista's outbound is all that great even if turned on anyway,

So an elephant couldn't sneak in through microsofts firewall but it could sneak out passed microsofts firewall but then what would you be doing with an elephant in your computer.

[lotuseclat79]

Quote:

Originally Posted by perfume

Dear Gizzy,
I can assure you that even if an Elephant passes thru', the MS firewall wouldn't detect. Actually,for a fact i know that two firewalls in tandem is a bad idea and my MS Firewall is not ON! I check up on my KIS2009 firewall regularly to notice how it's performing. Two's Bad Company!

Hi perfume,

Actually, it is de rigeur to have a hardware firewall running in a rounter, backed up by a software firewall running on the computer with regard to inbound access.

You see, the main idea of security is to have a multi-layered defense against the nasties that could potentially get in - and they can get in if you are targeted by an advanced miscreant, or if you are lazy and drop your guard for a second or make a mistake that you did not intend.

I run on a Linux Live CD - none of my disks are mounted when I am online (better security than MS already) - and I have just upgraded from a dialup (56kb) to FiOS. I have closed down all of the ports on the FiOS router's firewall in order to stealth its presence on the Internet from miscreant ip address port scans - visit my thread entitled The word on Verizon FiOS and Linux over in the Unix/Linux forum to learn more.

As part of my Live CD setup, I also run a restrictive iptables firewall on my Live CD setup prior to initiating a connection between my computer and router, and thus Internet access.

Neither firewall conflicts with the other - two firewalls are ok, if this condition is met for inbound access, and an additional one for outbound access is also ok if you know what you are doing and do not make any mistakes that would open your computer up to the Internet without protection - this is true whether your computer is Windows, Mac, Linux, Unix, or otherwise when it is connected to the Internet.

Computer security is much more than just firewall protection. It is also about hardening the OS, intrusion detection, border gateway network protection, not installing free software without scanning it first to see if it is contaminated , and being smart about what you do on the Internet - like not clicking on links in unsolicited emails - a common social engineering technique used by miscreants to install malware on computers.

-- Tom

[RootbeaR]

Quote:

Originally Posted by perfume

Dear Karbo,
I have both the MS default firewall and the KIS2009 firewall on,working together! Two's company!LOL

Quote:

Originally Posted by perfume

Dear Gizzy,
I can assure you that even if an Elephant passes thru', the MS firewall wouldn't detect. Actually,for a fact i know that two firewalls in tandem is a bad idea and my MS Firewall is not ON! I check up on my KIS2009 firewall regularly to notice how it's performing. Two's Bad Company!

[perfume]

Dear Lotuseclat79,
To accept and acknowledge a superior's advise is a sign of "humility"and partly "maturity". I bow before you! Iam just a lad in my late teens (with juvenile Diabetes)and studying hard to get into a good medical school to study medicine and if there's still gas in the tank, specialize in Diabetology.The option to teach or practice is in the Good Lord's hands as my very longevity is in question here!
I seriously tried to learn Linux language,so that i can work in an "OPEN SYSTEM" and not bound hand and feet under Microsoft's monopoly. But i found my ailment allowed me to concentrate on only one subject and i chose to give up Linux,specially UBUNTU! I envy your freedom,scout's honour!

I do all this work when my mom's asleep. She feels i should be brave, study like hell and behave like other teenagers,but i can't jell ! Can't even drink Coke or Pepsi,man! My sugars shoot up and she'll be all upset. My Doc' rings up and stiffens my spine (He's my inspiration) and brings my moods and sugars back under control. I sincerely pray that no teenager should face this kind of life. Yes,my dad's a very rich man,but i can't eat dollars,can i? He tosses the keys of his BMW and allows me a spin around town and he thinks his job is done! He woke me up on new year eve night and whispered" I've got you a "Merc-Benz Sports" my son,wanna see it? He's not into computers and that' sad! I care more about studying for medical school and computers.My Uncle presented me first computer when i was seven,since then no turning back! Participating in this forum is heaven and if i can learn/help at least a few guys/girls on their way to comp.education/discussion in this site, i sleep peacefully that night.

sorry for al this blabber! You are the Boss and what you posted is really too deep for me! The final sentence you said"don't open links" is real vital. I always tell my friends !1)don't open email attachments, 2)don't open email attachments and 3)don't open email attachments---ad infinitum, jives well with what you said(sensible surfing. Like to see you more on this site!Thank you.

[Kenny94]

Quote:

He tosses the keys of his BMW and allows me a spin around town and he thinks his job is done! He woke me up on new year eve night and whispered" I've got you a "Merc-Benz Sports" my son,wanna see it?

Does your dad need another son....

Quote:

The final sentence you said"don't open links" is real vital. I always tell my friends !1)don't open email attachments, 2)don't open email attachments and 3)don't open email attachments---ad infinitum, jives well with what you said(sensible surfing. Like to see you more on this site!Thank you.

A lot folks sent email attachments. Pictures and videos and so forth.. Ex: my friend sent some picture attachments of her new puppy (Hudson) so I download it her attachment and seen her cute puppy. That's what your anti-virus is for to check attachments for viruses. Enjoy your PC. And use the KISS method....

[lotuseclat79]

Hi perfume,

Take care of your health first, and listen to your Mom (very important)! And best of luck in a medical career!

You can do a search from the Advanced Search window for either threads or posts I have initiated or made if you want to see more of what I have posted. I post a lot in the Unix/Linux forum, and not so much in the others: General Security, All Other Software, Software Development, Civilized Debate, and Random Discussion (Science and Space thread).

Sorry to hear you gave up on Linux - maybe in the future.

-- Tom