Lost In Firewall Land

Oh man. I don't know if my brain can take any more info. I just joined the BROADBAND Club and am loving it! Tiny Personal Firewall was recommended to me, because it was FREE and easy to use. ZoneAlarm was highly UNRECOMMENDED. I just did some searching in some old posts here and have read the pros and cons about ZA. I'm not interested. But, I have tons of questions about using my firewall and hope someone can shed some light on it. I have trouble comprehending written instructions (must be an age thing....again!) and even though I have a good idea how they work and why, I still need to know a few things. Please bear with me.

As my firewall was warning me of different info going in and out while I connected to certain sites on the web, I knew that I wanted to tell it that it was ok to do so. I didn't realize that on the allow/deny window that I could designate THIS IP ONLY. My list now shows ALL PORTS and ANY ADDRESS. Is this a good idea? Can I change them to individual IPs? Should I just delete all of them and start over so that when they come in I can designate THIS IP ONLY?

I understand what packets are....sort of. I keep getting requests do let some IP send me a tcpip kernel driver. When I do a search on the IP (I have a link to check that out), I don't recognize the sender and I tell it to DENY it. What IS a tcpip kernel driver? What does it do? Why is someone trying to send me one? Is my computer sending info out that I am not aware of, and if it is, is it neccessary?

If I start designating IPs for each incoming request, will this IP always stay the same? For instance, LiveUpdate. Is that IP always the same? My Excite home page. Is that always the same?

The help site for my TPF is useless! To me, any way. Probably because I don't understand half of what they are talking about. I just want something that will quietly run in the background and keep me out of trouble, like my Norton AV does. I don't mind having to update and change a rule or two to keep it all kosher, but I really don't have the knowledge or brains to use something that is complicated. Am I being a dunce about all this?

I really need some input and a little help here. I'm not dumb! Just a bit confused until all this sinks in.

Thanks!

 

Panda:

I tried using Tiny's Firewall and I couldn't surf the net no matter what settings I had set.

I now use Sygate's Personal Firewall (also Free) and have had no problems with it. They also have a forum for any questions that you have.

You can download it at http://soho.sygate.com/default.htm .

You can find the forum at http://forums.sygatetech.com/

 

Thanks for the tip. Will check it out. It sounds like I may be trying out different ones until I figure them out and find one that suits my fancy.

(are you following me around???? lol.)

 

A Tcpip Kernel Driver is, to put it very simply, a part of the protocol through which all your internet communications are routed.

Part of what a firewall does is to generate an alert for each incoming connection attempt for which there was no (recent) associated outgoing request. There are numerous reasons why you will see these alerts - your ISP may be knocking to see whether you are still there, a website may be slow to respond to a request, etc, etc, etc. 99% of alerts are caused by nothing other than normal, harmless background noise; the other 1% are harmless so long as you don't have a trojan installed!

The best thing to do is to simply block anything which you are unsure about. If you make a mistake and something stops working, it's easy to go back and delete the offending rule.

If you want to gain greater knowledge, this should help you configure some more advanced rules (but it's not really necessary).

Post back if you have any specific questions.

 

Panda - you said " I have trouble comprehending written instructions (must be an age thing....again!) ".

LOL - you don't need to apologize for being young. Us old fuds will always be willing to help out.

Seriously - more likely a matter of learning styles. Lots of folks do poorly with "written only" instructions and it has nothing to do with age or intelligence. You may be an auditory learner or visual learner (which usually calls for video/slide presentations) or some combination.

Or, if you have the same problem I do and are trying to read web-based instructions which are written in one of the sans-serif type faces like ariel, you might want to try a trick Arie put me onto. I set accessibility to ignore font sizes and font styles from the web page which renders mine in Times New Roman (I think) and with the serifs, I can read it easier plus set the size to suit myself. I find an occasional page that distorts when I am set like this but if I really want read those, I just set accessibility back to normal for a few minutes.

To digress just a bit - one knock I have always put on the school system is the way the are geared mostly toward folks who learn best (or at least well) from written-only material and have a strong bias aginst the large numbers who would do very will with a multi-media presentation where they got auditory, visual, and written instruction.

I had one son drop out of high school his junior year. Smart kid but couldn't deal with all the printed material (and had been convinced by the schools that he was both lazy and stupid). BTW - he is now making more than I am because he found a field that focused on his strengths rather than his weaknesses as the school system had. He designs lighting setups for productions (stage, conferences, etc.). 90% computer graphics for the design work so he deals with what he does well rather than what he does poorly (since he has difficulty with reading). He designs the setup, supervises the installation crews, and such like.

 

Thank you very much! The last two posts are VERY helpful! Thanks for the link, Brett! I'm learning more and more as the days go by. The explaination on the tcpip was very informative.

Newt

LOL. Yes, we 'young' ones have to stick together. And, you correct in assuming that I am one of those visual learners. I always did better if someone 'showed' me something instead of making me read about it. Not that I can't follow written instructions. I usually read them several times before I attempt to do what they say. My problem right now is just understanding the lingo. Once I understand the basic info then I should be able to make decisions about that info. Way cool about your son! I can relate to that one.

I still need to know if I should just delete all the rules and start over so I can create the correct rule for them. You know, the one where I tell it THIS IP ONLY or THIS SITE ONLY. I don't like having it say ANY PORT or ANY ADDRESS. I would rather be more selective that ANY....... Any feedback on that one?

And, what about all the IPs staying the same? I know that some change, but I'm thinking that if I have connections to the same places, like game sites, then shouldn't the IP always be the same?

Thanks again.

 

You can either delete the rules or edit them. IP’s for utilities such as LiveUpdate will change only infrequently so restricting the range shouldn’t cause any problems. If, however, an IP does change, you can always edit the rule again.

However, IMO, restricting IP ranges and ports does not do a great deal to enhance security and it’s not something which I bother doing (except in the case of my mail client which I do restrict).

BTW Tiny have ceased to develop TPF (so there’ll be no new versions). The programmers responsible for TPF are, however, now going it alone and have released a (free) firewall (which is almost identical to TPF) called Kerio. If you're going to delete the rules in TPF, you might instead wish to consider simply uninstalling it and starting over again with Kerio.

 

Thanks, Brett. I wasn't aware that TPF was going out of business. I will check that link out. When my brain is back to normal again (is that possible???) I will do more research on Firewalls. Right now this one seems to be doing it's job.

Thanks.