# Is there a "one-way, do not enter" barrier to unsolicited downloads and intrusions?



## NRA_guy (Jun 9, 2015)

Watching news reports about ransom attacks, PC hacks, and such, I got to wondering if there is a hardware device or software program (some call them an "app") that serves as a "one-way, do not enter" barrier to ALL unsolicited downloads and intrusions.

Obviously, I want incoming downloads from forums, email systems, eBay, Amazon, YouTube, news reports, etc., when I initiate the action.

(Though I could do without the popups and cookies.)

I don't even want automatic "software updates" to Windows and antivirus packages pushed out to my PC without my acquiescence.

Am I dreaming or does such a thing exist?


----------



## robin416 (Dec 29, 2019)

I think that's what Malwarebytes is supposed to do.

Although with these ransom attacks most everyone was because some dumb person clicked on a link in an email. It's really simple, don't click on the link. I don't.


----------



## NRA_guy (Jun 9, 2015)

Thanks. I should have added "without overly obstructing my normal use of my PC".

Some I have tried did weird things like AVG uninstalled my custom screen saver (a digital clock display).

I do see the following for Malwarebytes:

---------------
_(Malwarebytes) Web protection blocks traffic to known dangerous addresses, whether by the browser or by a malicious application. Ransomware protection watches for the behaviors that occur when an unknown program is getting ready to encrypt your files. It should catch even a zero-day ransomware attack, with no need to recognize anything but behaviors that suggest ransomware. _
---------------
That sounds good. Long ago Malwarebytes was more of a program to identify and remove viruses after they were on a PC---rather than to prevent them.

I have tried AVG, Panda, Kaspersky, and Malwarebytes in the past---I am now running Avast and Windows Defender.

Looks like they are all working to improve things.

ETA: Scroll down to the comparison table -

The Best Free Antivirus Protection for 2021


----------



## Nevada (Sep 9, 2004)

The big market for hardware firewalls is with server operators, and they can get very expensive. But there are hardware devices aimed at home and small office use. Here's a listing of a few.









10 Best Hardware Firewalls for Home & Small Business Networks (2022)


On this website I have written tens of articles about enterprise level firewalls (especially Cisco ASA) but many people are interested to learn about the best hardware firewalls for home or small business networks, so this is what I’ll focus in this article. Firewalls are designed to monitor...



www.networkstraining.com





Admittedly, I have never used any of those devices myself. That article suggests devices and throws around a lot of jargon, but it's short on how well they work or user experiences.

I've found that a simple port blocking firewall and a free antivirus software (Avast or AVG) work for me at home. Of course part of my strategy is not clicking on obviously dangerous links. My next door neighbor doesn't have that sense. She uses the same firewall, antivirus, and Internet source that I use but when I go next door to help her with a computer problem I find that she has maybe 8 toolbars in her browser.

I'll admit to having some promiscuous traits in my Internet usage, but when I know I'm flirting with danger I keep my eyes open. So far it's worked well for me.

But I digress. The purpose of a workstation or home router port-blocking firewall is to make it difficult for malware to do its thing. If you block all ports but the ones you need and malware gets installed in your system the malware will find it difficult to call home on some random port. It's still possible for it to call home, but it will have to piggyback on a port that you commonly use. That's why I say that I wouldn't give you a dime for a port-blocking firewall. They aren't worthless, but they also don't provide the protection that some people think it does.

On the other hand, antivirus software can do you a lot of good. Even the free ones provide good protection. I would never be with it.

Your concern is with the uptick in ransomware attacks, but a workstation doesn't attract the same kinds of attacks that servers do. I don't believe the threat level has changed for workstations.

The market for hardware firewalls is very different for server operators. Typical hardware firewalls for use in data centers can not only block ports but are also capable of subscribing to (free) services that list known IP addresses and host names that are known to be abusing networks, so you can deny access to those sources as quickly as they're reported. Hardware firewalls can also monitor for suspicious behaviors, types of connections, packet flow rate limiting to any one network client, and a lot more.

Server hardware firewalls can be expensive (thousands), depending on what you need. Another problem is that VPS (virtual private server) operators can't install any hardware, for obvious reasons. In that case you can run an advanced firewall application software. APF and CSF are common solutions and are both free. Just be sure that you lease enough processor cores for the firewall software to do its thing without slowing the system.

But in direct answer to your question, if it were me I wouldn't buy a hardware firewall. If you feel the need for an advanced server firewall you can sim0ply build a Linux box and install APF or CSF. Repurposing an old PC will do the job. Since they run as memory resident applications using a hard drive instead of a solid state drive won't slow you down.


----------



## NRA_guy (Jun 9, 2015)

Wow! Many thanks @Nevada!!!

I get lost in some of that explanation, but I like what I read about the Bitdefender Box 2 and the Firewalla hardware firewalls in your linked web site.

My son (a computer system engineer) has a hardware firewall on his home PC, but he does 'work from home' on a large Federal system. He has said, "Dad, you don't need a hardware firewall."

I am not a risk taker and rather be safe than sorry; so I'll ponder the options (software vs hardware) a bit more. The $150 to $250 cost would not be a problem, but I don't want an annual fee for use.

Thanks again. I do appreciate it.

ETA: It seems like a hardware firewall might be a better single point of protection for the 4 or 5 laptops and other wireless things as well as my main hardwired desktop PC.


----------



## weaselfire (Feb 7, 2018)

If you run Windows 10, it has a ransomeware defense built on. Otherwise, PC Matic is what you want. As for unwanted downloads, a lot of that is in your settings.

Jeff


----------



## NRA_guy (Jun 9, 2015)

Interesting (it's $50/year or $150/lifetime):
--------------------
_PC Matic’s SuperShield whitelist functions by using a list of known, trusted programs and allows them to run. Everything else, that is not on the whitelist, is sent to the PC Matic malware research team to be tested. Within 24 hours it is categorized either trusted or malicious._
----------------------
PC Matic® with SuperShield


----------



## colourfastt (Nov 11, 2006)

For those of us using Macs, there's always Little Snitch but I've never really seen the point. I have AdBlock extensions added to my browsers and that generally takes care of any issues. What I'd never do is add a virus to my computer like Norton, Kaspersky, Avast, etc.


----------

