Effective Personal Firewall against Hackers and 0-Day malware?

Status
Not open for further replies.

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Hello dear friends:)
since 1 months ago I'm researching about firewalls but I can't decide
I found smth about Sophos UTM here:
Sophos UTM Reviews | G2 Crowd
but I'm not good in eng and its hard to read all of those posts:/also I'm not network expert and can't understand those posts:p

let me know which one is better and stronger against hackers(if someone tries to hack ur IP or...idk how they hack ur PC) and zero-day malware, also I don't wanna go for other vendors

I read about IPS and IDS in Sophos UTM but honestly, I don't know what's the difference between IPS and IDS in Sophos UTM and Hips in ZoneAlarm and comodo

Sophos provide more protection?Sophos use hips?

I know its special Discussion and I want security expertise reasons:oops:NOT ONLY VOTE!

I only tried avast firewall but I can't find any review about it on the internet(ye only in PC mag but who trusts PC mag?)!how is effective? IDK how is strong? idk


I found about comodo in MT but about Sophos and ZoneAlarm couldn't find anything special( i mean expertise reasons not only suggestion)


Mod Edit: Do not use all Capitals in Thread Title. See Forum Guidelines.
 
Last edited by a moderator:
  • Like
Reactions: frogboy

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Spawn is correct. No one is going to break into your computer (unless you are some sort of Star), but you must protect yourself against info stealers that you may come across via Web exploits, downloads, emails, etc.

Speaking really generally, Info stealers will work by two main ways- either the malware itself will attempt to connect out to send your private data to the Blackhat, or else the payload will "hollow" a legitimate process (like svchost) and use that to transmit out. As most of the malware that people will come across on a daily basis will be 12 hours old or less, one really can't depend on a traditional AV to help you, but a good Firewall and/or a virtualization product will.

But to your point- Comodo Firewall will help. The firewall can prevent (with my settings) the malware itself from getting out to the web, and the sandbox will prevent hollowed processes from doing much of anything. If you don't want to go that route, something like Windows Firewall Control would also be a good choice.
 

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
As a home users, you're not going to be targeted by organised cyber-criminal groups or government agencies. The chances are miniscule that someone wants the data from your PC.

And as a Home user, enable the Firewall on your Router.

Added Other to Poll.
hello
I know but between those firewalls, i want to know which one is better :pam paranoid
 
  • Like
Reactions: frogboy

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Spawn is correct. No one is going to break into your computer (unless you are some sort of Star), but you must protect yourself against info stealers that you may come across via Web exploits, downloads, emails, etc.

Speaking really generally, Info stealers will work by two main ways- either the malware itself will attempt to connect out to send your private data to the Blackhat, or else the payload will "hollow" a legitimate process (like svchost) and use that to transmit out. As most of the malware that people will come across on a daily basis will be 12 hours old or less, one really can't depend on a traditional AV to help you, but a good Firewall and/or a virtualization product will.

But to your point- Comodo Firewall will help. The firewall can prevent (with my settings) the malware itself from getting out to the web, and the sandbox will prevent hollowed processes from doing much of anything. If you don't want to go that route, something like Windows Firewall Control would also be a good choice.
thnx for advice and complete Descriptions
 
  • Like
Reactions: frogboy

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
hello
I know but between those firewalls, i want to know which one is better :pam paranoid
I can't comment on Sophos or Avast's firewall as I've never used them.
ZoneAlarm's firewall includes application control which uses behavioural detection to detect malware and to block its internet access. It's pretty much the same as your AV's behavioural detection (besides the fact it can block network access) and its results will vary the same as any other behaviour based detection.

Comodo Firewall (using @cruelsister settings) uses virtualisation to block or isolate (depending on your settings) the execution and network access of unsigned/untrusted files. It's a very strong and reliable solution against zero-day malware but it requires a decent amount of user interaction due to the firewall blocking a lot of legitimate processes network access. (Although Skype is the only program that I've seen breakage in when it blocks said network access.)

As @Spawn and @cruelsister said, unless you're a high ranking public official or a A-list celebrity then organised cyber-criminals probably don't give a rat's arse about you. They've got much bigger targets to go after with much bigger payoffs if they succeed. Same applies to governments: Unless you're apart of a cartel or terrorist organisation they aren't going to waste their extremely valuable time and resources to put you under targeted surveillance.
 

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
I can't comment on Sophos or Avast's firewall as I've never used them.
ZoneAlarm's firewall includes application control which uses behavioural detection to detect malware and to block its internet access. It's pretty much the same as your AV's behavioural detection (besides the fact it can block network access) and its results will vary the same as any other behaviour based detection.

Comodo Firewall (using @cruelsister settings) uses virtualisation to block or isolate (depending on your settings) the execution and network access of unsigned/untrusted files. It's a very strong and reliable solution against zero-day malware but it requires a decent amount of user interaction due to the firewall blocking a lot of legitimate processes network access. (Although Skype is the only program that I've seen breakage in when it blocks said network access.)

As @Spawn and @cruelsister said, unless you're a high ranking public official or a A-list celebrity then organised cyber-criminals probably don't give a rat's arse about you. They've got much bigger targets to go after with much bigger payoffs if they succeed. Same applies to governments: Unless you're apart of a cartel or terrorist organisation then probably don't care either.
hello
I'm not terrorist lol
ok between comodo or ZoneAlarm which one provide more protection?I mean there is best between them
 
Last edited:
  • Like
Reactions: frogboy

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
hello
I'm not terrorist lol
ok between comodo or ZoneAlarm which one provide more protection?I mean there is best between them
one of them is better which one is better?
I'd say Comodo. ZoneAlarm will allow malware to run on your system before its behavioural detection blocks its network access and terminates it (assuming it does detect the malware at all).
Comodo on the other hand will sandbox and block its network access right away and once the malware tries to elevate its privilege to gain admin rights it will be terminated. It won't be able to access anything related to your PC inside the sandbox and if your sandbox restriction level is set to restricted it will only be allowed to access a limited set of operation system resources and run with very limited access rights.

Like I said, Comodo is far less user friendly so if you don't want to get your hands dirty then I'd suggest ZoneAlarm or research the other two firewall's you suggested. (Although you have to buy Avast's paid-for solution to get their firewall and I feel there are much better paid-for suites out there with their own firewall.)
 
Last edited:

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
I'd say Comodo. ZoneAlarm will allow malware to run on your system before its behavioural detection blocks its network access and terminates it (assuming it does detect the malware at all).
Comodo on the other hand will sandbox and block its network access right away and once the malware tries to elevate its privilege to gain admin rights it will be terminated. It won't be able to access anything related to your PC inside the sandbox and if your sandbox restriction level is set to restricted it will only be allowed to access a limited set of operation system resources and run with very limited access rights.
thnx<3 that's what I was searching for it
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Nowadays Firewall are already enhanced with protection capabilities in order to make it effective, and not only focus to one certain attack.

Likely the game of choice goes on available tweaks to make it effective.

The problem here where some firewall software are tune down to make it friendly but already sacrifice in terms of protection.

Comodo Firewall is the choice next to ZoneAlarm, it needs little time to familiarize alongside to conduct some test if the system match for the regular basis.
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
I'd keep with the default firewall. Windows Firewall is good enough and when I tired Comodo's it turned my computer into a snail..
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top