Zone Alarm stopped giving updates for my OS. So until I get a router, I'll need something to replace it. A trial version will do, but I'd prefer something free like ZA if anyone knows of one.

i use sygate
but really a router is not a 100% replacement
software firewalls make you set rights for applications
a router dont it just open and clock and block surden ports
if you have a port open in the router because you need it for
www, ftp or some game
then a trojan can use the port too i guess
a software firewall would ask you if you would let the trojan use it
first
and unless you just click yes to every program that askes
it's more safe

F-secure is the best

I love my router. The key for www,ftp,etc is like I did, and use high-range ports (10000 and above) to avoid portscans. I've been using port range forwarding which just leaves them open all the time for four years with no problems at all. Everybody's all paranoid about security and all of that, but if you don't go to sketchy sites all the time, then you'll be fine with minimal protection.

Of course, software firewall is more flexible, but it has nowhere near the protection capabilities of a hardware firewall. With software firewall, the attack makes it to your computer and then it's up to the software to decide what to do. Then there's the 30-45 seconds at startup and shutdown where the firewall isn't running and you're left wide open. With a hardware firewall, the attack gets stopped at the firewall/router and never even makes it to your computer.

I haven't had any of the paranoia software running (anti-virus, anti-spyware, software firewall) in the four years I've had my router and I've never once had an infection. I know you're asking how I know I'm clean after four years, and it's because people challenge me on that, and I install software and scan and it always comes up empty.

NMB2 day i'm amazed we have a hardware firewall in our router as wel but we still need f-secure for the leftovers and he kills most of them :) maybe you just internet nicer then i do :D

Well if it's an NAT firewall, then you shouldn't have anything uninvited get through, period. All ports are locked down unless you're waiting on a reply from somewhere. This is why browsing the web still works is because you sent a request out to an IP address on port 80, and a reply from that address will be accepted.

The reason attacks get through an NAT firewall is either because you invited it in by going to a website, or you have spyware that is holding the door open for its brothers.

http://www.oldversion.com/program.php?n=sygate

Like AtGuard, my previous favorite Windows firewall product (and my first online credit card purchased product), Sygate was snorted like so much intellectual property cocaine by Symantec, and we were left with a shrinking field of really easy to use and deeply effective firewalls. I recommend Sygate highly.

Why should you use Sygate or any other Windows firewall behind a NAT router? Because there is a lot of hacked shareware out there that will phone home as it were. Because if you make one stupid mistake, your system will be making new friends you don't want it to. A hardware firewall does nothing to tell you about what is going out and what should and should not be. If something communicates via HTTP over port 80 and it is malware, your firewall doesn't know that. A system firewall does. SPF can tell you what executable process is asking to talk to where.

the windows firewall will do just fine. just dont do stupid things.

Well I only go to like four sites on Windows..so they're trusted sites, and anything out of the ordinary that I need to go visit...Linux.

Supposedly trustworthy sites can become false sites damn quick. I work at an ISP and people let their domains lapse all the time. Nail someone's domain and put up a dupe site and oops, the trusting are up for a plucking. Sites are often hacked and redone without owners' realizing or hosts caring. Many carry HTML as part of ads that is composed and loaded from somewhere else entirely which is awfully trusting that those 3rd parties will not have naughty code.

Do you know what programs you've installed? What a family member might have installed? This is why it is important with Windows to have something telling you what code is trying to talk to what address on what port. I constantly clean crap off of systems for people who SWEAR that they NEVER go to any bad sites. Yup, but those three spam .EXE files you double-clicked, they're taking you to bad sites and you don't even know it.

Supposedly trustworthy sites can become false sites damn quick.

you can bet your damn ass on that everything that starts small and trustworthy can become false exept for those that are big from start like newegg zipzoomfly
inquirer and all things that start of big believe me i cn talk in experience

One of the big reasons you end up with someone else taking over your domain name is because you don't have it set up to automatically renew. I did that for mine 'cause I don't want to lose it...not that it's something someone wants, but there's people that do malicious stuff just for the fun of it.