Software firewalls are a joke. Get a real hardware firewall.
"Software firewalls are a joke. Get a real hardware firewall."
That is a myth. Unless you are running a server or multiple computers off the same HS line, hardware is unnecessary. Furthermore, hardware firewalls have their own inherent weaknesses that software can cover. The best scenario is to have both...but if you only have one home pc, firewall software like zone alarm security suite w/antivirus offers more comprehensive security for less.
Furthermore...I've had my ports scanned for leaks by "sheild up" and the only port not stealthed but closed is port 113. Here is what sheilds up was said about it.
One of the things that first caught my eye about the Zone Alarm personal firewall (aside from the fact that is was free) was that it has always been very clever about handling IDENT's port 113. I recall being impressed and thinking "these guys really know what they're doing". When Zone Alarm receives an inbound connection request for port 113, it checks to see whether the computer has recently initiated any outbound connections to the remote server sending the IDENT request. If not, the IDENT packet is simply dropped, stealthing the protected machine. But if the user does have an existing "relationship" with the sender of the IDENT request, the IDENT packet is allowed to pass through Zone Alarm's firewall protection so that the user's system can respond normally (which usually means immediately returning a closed status for the port). This means that Zone Alarm is a "stateful packet inspecting personal firewall", not just a simpler static packet filter.
At the time of this writing, Zone Alarm is still the only personal firewall to offer this sort of adaptive dynamic IDENT port handling. I hope that other firewalls will follow suit once the benefits are better understood.
The good news is that since IDENT is almost never used, simple "hard stealthing" of port 113, which is available from all personal firewalls, is probably sufficient. It will allow your system to remain completely invisible on the Internet and will almost certainly never cause any connection trouble.