Zone Alarm firewall: do I need it if I'm behind a NAT router?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Ask Leo ..... great site. I have a router and i use ZoneAlarm Pro. As my ZA is up for renewal i might well not bother. Trouble is its the paranoia that kicks in. I cant see my hardware firewall so does it really work ? !! I even disabled my ZA and went to grc.com and ran the LeakTest ..... guess what .... my firewall was penetrated !! Looks like ZA free might get my vote or maybe Comodo ;)

Hmmm, one thing I don't like about zonealarm is that when I start up Pangya, during that time it shows up the box then my Pangya hangs or can't login at all. Normally i would shut down zonealarm when I'm playing online, save the trouble of restarting my pc again.. -.-;

It's a constant debate whether a router peforming NAT is just enough. From what I've heard and read, a software firewall will add an extra layer of protection, and block outbound traffic, your router is just going to do what comes in. Not what goes out. Overall, reading about firewalls and security I find very interesting. Windows Firewall at least in XP, lacks outbound protection. This is one of the cons of it. I've used ZA, Sygate, and one other firewall and ZA I've found myself coming back time and time again. It's easy to use and configure, and effective. You can get rid of the nagging alerts if you go to the alerts tab and choose off, program alerts will still be displayed. I admit ZA has gotten more bloated. It works well though and I highly recommend it. If your router does SPI, that's extra protection, again--no outbound protection on your router though. ZA free version is very configurable and you can get rid of the nagging alerts if you know how to press the correct buttons.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The problem with outbound protection is that when it traps
something real, it's too late - you've got outbound bad
traffic because there's something bad on your machine. If
you don't have malware on your machine, then the outbound
warnings are just so much noise (that often serve to mask
anything valid that might come up anyway).

IMO inbound-only firewalls - particularly NAT routers - are
the way to go.

Leo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHk+dRCMEe9B/8oqERAo/7AJ9p15TtYlaqLb4+bK/41lyFMEA1BgCfd161
0E5iuyvAxgivEBf9gud6oaw=
=44t3
-----END PGP SIGNATURE-----

I've had nothing but problems using software firewalls such as both the free zone alarm and the pay-for zone alarm pro, norton's firewall, sygate's firewall. I've done lots of port scanning using all those previously mentioned software firewalls and found that 1 or more of my ports were showing up as being closed which is not good. You actually want your ports to be a ghost...to be stealthed out like a black hole. I use NetGear's WGR614 v7 router alongside those previously mentioned firewalls such as norton and zone alarm and again I say the ports were closed. I had lots of problems with zone alarm and norton. I then removed them and decided to try Windows xp own firewall with my netgear router and found during the port scanning that my ports were now being shown as fully stealthed. I quit having problems using the combination of a netgear router and windows firewall. Scan your ports at https://www.grc.com/x/ne.dll?bh0bkyd2

To post a comment on "Zone Alarm firewall: do I need it if I'm behind a NAT router?", please return to that article's main page.