After RobRich's well assembled article on personal firewalls back in november, I chose to switch from BlackICE to Sygate. The better security is definitely a plus, and just to make the move easier, BlackICE had started picking fights with Windows Media Player (or the other way around).

I was wondering if anyone else has been using Sygate, and if they are, how they like it. Do you have any tips or tweaks that you have found to make your life easier with it? I already love the fact that it's less of a memory hog, and has yet to die on me. BlackICE would from time to time corrupt itself when Diablo 2 would load.

I have noticed a bunch of logs detailing ICMP messages, but that's about it other than my own activity. With BlackICE running the log picked up many, many more types of activity. So I wonder if I'm less protected now because of the way I have it set.

Any and all feedback would be most appreciated.

http://grc.com/lt/leaktest.htm I used to use Sygate and liked the less use of resources, but found it didn't always allow access and it used to do other strange things. The security settings didn't seem to be very consistent and would sometimes allow access even on Ultra. I received the GRC Leaktest link (above) one night and ran it and ZoneAlarm passed and and Sygate didn't. Not using Sygate anymore. http://sysopt.earthweb.com/forum/smile.gif

I apologize I did not explain myself very well thank you for correcting. But that is the very reason why I still use a firewall http://sysopt.earthweb.com/forum/smile.gif

But it is still better to have your ports closed and run a firewall (at least thats how I see it). That way even if you had an unstealthed prot your computer would still be that much harder to break into. Wouldn't it?

Im still learning so please bear with me. If I am wrong than I would like to know http://sysopt.earthweb.com/forum/smile.gif

even with no firewall on I have no ports open

Not exactly true. You need and do have ports open, to access the Internet, at least. Those open ports, if you pass the scans, are just stealthed, meaning they're not sending back a response to a connection request. http://sysopt.earthweb.com/forum/wink.gif Read further at Steve Gibson's site to see the difference between 'open', 'closed' and 'stealth' ports.

If the report comes back as the port/s that are open as closed, this is not as good as stealth; the reason being that a CLOSED port will respond with a "ICMP Destination Port Unreachable" packet - for example in a UDP scan - and alerting a hacker that a computer is indeed at that destination. Stealth mode renders you invisible.

And also, this depends on what kind of scan you're running. If your running something like GNIT (http://security.ellicit.org/) , then the ports reporting as closed is ok, in fact it's GOOD - you want them closed, as this is a basic connect scan for open ports.

To see what ports are really open, run in the command line: netstat -an

[This message has been edited by socalgal (edited 12-30-2000).]

ZONEALARM all the way!! Numero UNO!!! After one year its just $3.95 a year for updates. Small price for security and peace of mind.

Like jap03 I like zonealarm and have been using it for several months.
[BR]Magikal gave an excellant link to grc.com, sheilds up will probe your ports and let you know what risk you have, with oodles of information on security, well worth checking out http://sysopt.earthweb.com/forum/smile.gif

Many consistently ask what software firewall package I personally use. For this, I must analyze the firewall from my personal perspective, not as an reviewer.

For the best in security in my current enviroment, I use Conseal PC Firewall with a custom created packet filtering ruleset. However, Conseal's interface and detailed rule sets are not well suited for most desktop users, thus I did not include it in my recent review.

Later,
Robert Richmond

zonealarm and blackice are (in my opinion) both decent personal firewalls for basic to average users ... but if you want something that's much more configurable and doesn't kick and scream about every little incoming packet that hits your nic/modem, go with sygate. it is very configurable, very solid, and has a small memory footprint. i've been using it for quite a while now and have had no problems with it, other than the expected problems with programs not being able to connect to the internet properly without some editing to the config files (which is how it should be). and i know there are some who will knock it because of how it performs with the grc 'leak test' but i'm not buying the hype. i'm not saying that steve doesn't know what he's talking about, because he's proven himself pretty well thusfar ... but as far as i'm concerned that test is not a very good thing to go by. a firewall is not designed (in and of itself) to keep your system safe from virii and from trojans. that's what virus scanners (and some common sense) are for. and in regards to spyware (which is not necessarily a malicious thing, albeit very unwanted by most), if you download a piece of shareware or a program that you even suspect is loading spyware, then run a scan on your system for those types of programs ... there are several pieces of software out there that are designed to pinpoint these and help you get rid of them ... steve even has one out there. my point is, a personal firewall's purpose is to keep your system secure ... mostly from outbound connections. any software that is making outbound connections from your computer isn't the fault of the firewall, it's your fault for downloading it and installing it in the first place (especially if you didn't scan it first.)

as far as personal firewalls are concerned, sygate definitely gets my vote. i'll be putting up a gauntlet box next month,though, so i'll be pretty much done with sygate. *lol*

be safe out there.

psyklone,
As you say Sygate is a good product, wait till the new stuff hits you and you'll change

{BR]Magikal

Yes, closed is better than open, but stealth is better than closed. (At Steve's site, anyway)

Try some scans here:

http://scan.sygatetech.com/

Now, if they all come back Blocked, this is GOOD! http://sysopt.earthweb.com/forum/smile.gif

[This message has been edited by socalgal (edited 12-31-2000).]

One thing you should do is check out the network bondage page on the site above (just scroll down to the bottom of the page and you will find a link).
It is the only true way of disabling file and print sharing on a windows computer. Before I read that page i used to fail every security test! But now even with no firewall on I have no ports open and the security tests all pass. But of coarse I still use a firewall because a firewall actually hides you on the net. Now the security pages all say that my computer is not there!

I would recommend highly reading and using the site. This guy knows what he is talking about!
ok hold on go to this link instead http://grc.com/su-explain.htm

[This message has been edited by [BR]Magikal (edited 12-30-2000).]

oh and i would highly recommend using zone alarm in stead of sygate.

If you use sygate and then install or reinstall any hardware you wont be able to use it! You will have to reinstall sygate to get the hardware to receive any data. It may have just been a problem with my comp but for 2 weeks after I changed my modem to a different slot I had no dial-in access because sygate was blocking the device.
just a word of caution http://sysopt.earthweb.com/forum/smile.gif

[This message has been edited by [BR]Magikal (edited 12-30-2000).]

Ya! Thats one of the scan pages that I go to and I always pass with no ports visible or open.

By the way I did mention that I use ZA along with having all of my ports closed so that was my whole point replying was to say that the use of a firewall and having all of your ports closed id the best solution IMHO.

Afterall sometimes you need to turn off a firewall to do certain things so you would be better off haveing closed ports. http://sysopt.earthweb.com/forum/smile.gif

I have tried Sygate, Conseal, etc. and Conseal seems to be a good firewall but I keep going back to ZA for it's simplicity and high protection. And ya gotta like how the Leak Test shows only ZA as a no for the one issue about trojans.
Plus it allows my network to see each other, something Conseal's firewall doesnt allow, they admit that and say they are working on a fix...I wont be waiting. Sygate I didnt like at all.
I still use AtGuard 3.22 on my Win95b box and love it but my Win98 & NT4/Win2k systems run ZA with no problems at all.

A few days back I installed the Sygate Firewall, based on the review. I did not have a chance yet to read the documentation, which I am planning to do soon. Since the discussion about this firewall came up, I might as well point out that the firewall prevents internet access to the Real Player G2 on my system. If anyone has a suggestion for a speedy correction of this problem, it would be appreciated.

salatar .. i'm not sure i understood your post. what new stuff are you referring to?

xby .. as for getting g2 to work, there is not any rtsp proxy that you can run that through, but what you can try is to go into the g2 preferences and try to proxy the connection over http. it's worth a shot.

Thank you, Psyklone, but I have already tried that. This was the first suggestion from the Real Player software when it encoutered the firewall barrier. It did not work. Real Player could not get through.

I have a question. I run Sygate home network 4.0, and all I see for the option for firewal is an advertisement for their firewall software. I though sygate will take care of the firewall stuff, so whats the point of the additional firewall software?

Ollie