Hello

I'm wondering if someone could recommend a lightweight firewall that checks outgoing traffic (application control). Interface and ease of use don't matter, neither does incoming. I just need something to stop certain apps from going on the net most of the time.

Thanks in advance
Allan

I don't know what is considered "light" (which was a question I tried to get answered for weeks, I even posted here; still don't have the answer!), but I finally went with Sunbelt's Kerio Personal Firewall and so far I have been very pleased. And for $20.00 it is hard to beat. Shields Up! tests me at 100% stealth. Along with my Router, NOD32, and Webroot's Spy Sweeper I feel pretty good -- though ever vigilant

Plus, you can configure it in a myriad of ways. There are many here that have vast more nknowledge than I do concerning firewalls so I am sure they can give you suggestions backed by more experience.

One more thing, their tech support has been a very positive experience for me.

Hello Zom

What I mean by 'light' is easy on system resources (ram & cpu). I'll look into Kerio too.

Thanks
Allan

my recommendation (and personal choice) for a light firewall is looknstop.

although i havent tried it myself, others recommend kerio v2.1.5 saying it is much lighter on features and resources then the newer v4.x.

edit: also keep in mind that what works on one computer may act differently on another, so ur best off just trialing various firewalls.

A less heard of firewall that is very light is Prisma (http://www.prismafirewall.com). When I trialed it, I found it to be very light on resources and provided basic application control. But if you're looking for something to dominate leaktests (the importance of this is debatable, imo), this isn't the best choice. I realize it's of little importance to you, but it is very simple to use and I'm kind of fond of it's network graph (Pic (http://www.prismafirewall.com/jpg/page-info-large.gif)).
Otherwise, LnS would be another good choice.


Edit: fixed link

I have never heard of Prisma but the screenshot looks very neat especially for application control. I am considering LooknStop for my own computer (although this new one has promises) but need a simple one for a family computer. They need something simple to use effectively. They are behind a router SPI firewall but really do need outbound control. Prisma reminds me of Sygate 'polished' up for client server access controls. Thank you for posting this as I hated to leave the computer without any application control but also didn't want them more confused with a firewall they would need to know how to run etc light and easy to configurate this really seems to be the one I didn't know existed - I will investigate more but am very pleased this post was created.

If you're looking for a very 'light' firewall resources-wise then
Jetico is not beatable.
From personal experience (i recently switched sunbelt Kerio for Jetico in one pc and i couldnt believe how faster it was)i think that a theoretical ranking in terms of lightness -given they all work fine- could be:
1-Jetico
2-Sygate 5.5 and Kerio 2.1.5 (possibly Look'nStop,too,didnt use it yet)
5th or 6th: Sunbelt Kerio, plagued by BSODS for trivial reasons and with very unexplainable netstat -b or -an , results.

-{ Quote: "If you're looking for a very 'light' firewall resources-wise then
Jetico is not beatable.
From personal experience (i recently switched sunbelt Kerio for Jetico in one pc and i couldnt believe how faster it was)i think that a theoretical ranking in terms of lightness -given they all work fine- could be:
" }-

I keep reading this about Jetico and I don't disbelieve it, but having tried it on a couple of occassions it was just so impossible to configure. I know there are postings here of how to do it but still find it a nightmare. There was talk of it being updated last year but nothing seems to have been done to it since July last year.

At the moment I am running Jetico, installed it about an hour ago. I wonder what's so impossible about configuring. I didn't noticed that. OK, you will need some mouseclicks in the beginning but then.....? I guess that does not differ with other PF's.
Am I wrong....? :(

Gerard

well jetico does have lots of app control and some ppl do have more patience than others...tiny is probably harder to configure but i wouldnt associate "easy" with either PF.

it doesnt matter tho, the OP didnt care about ease of use.

I was checking Prisma firewall details and noted this -{ Quote: "ODC seems to go crazy: i can't download xxxx, i can't search pics while prisma is installed...why...i do something wrong?
- Baraja (forum) -
You cannot use it with ACTIVE connection. Must be PASSIVE because you are behind a firewall. Or you have to disable the firewall... which might not be a good idea. This actualy happens with any other firewall. - Rashida (forum)" }- I hoped it was an easy firewall for the home intended but this bit concerns me now.

I would love to know more about the firewall as I don't want to install it for my sister to find it is not as easy as the screenshots look. LnS may be better for them ???

Well if you look at the thread here (http://www.wilderssecurity.com/showthread.php?t=121009&page=4)
you can see the problem one person had getting their head around it. When I tried it I could not even get it to work. All the other f/ws I have tried have been much less trouble and fairly logical.

Re the OP. It might be worth looking at Comodo which is free and getting a lot of input from the developers. Their forum is here (http://forums.comodo.com/index.php?PHPSESSID=7af229dcbbf2cd4d9c47fa5e6b6e8c00&board=2.0)

Thanks for the replies everyone.

I have been trying Look 'n' Stop and have found that it is very light with some features disabled - using about 1 MB of RAM right now. However one feature i miss is the 'ask' setting for a application (ask everytime it attempts to access the net).

I'll try out Prisma and Jetico and look into Comodo.

Thanks for all the help
Allan

-{ Quote: "I was checking Prisma firewall details and noted this I hoped it was an easy firewall for the home intended but this bit concerns me now.

I would love to know more about the firewall as I don't want to install it for my sister to find it is not as easy as the screenshots look. LnS may be better for them ???" }-

I saw the same (poorly worded) question that you quoted and I'm pretty sure it's referring to hosting an FTP server behind a firewall. Probably not applicable to the typical home user.

I do all of my software testing inside of a virtual machine and Prisma worked fine in that. I tested the uninstall of the program and it seems that it uninstalls cleanly if you decide it's not something you want to keep. Not sure that will put your mind at ease or not :)

In my experience, Prisma is a light and stable firewall, especially for those who want simple app control. My only beef with this firewall is when it comes to setting more advanced rules for packet filtering. There is a bug that prevents me from adding rules to contain IP ranges. But for someone who just wants app control they can either just not worry about it or turn off the packet filtering.

-{ Quote: "Thanks for the replies everyone.

I have been trying Look 'n' Stop and have found that it is very light with some features disabled - using about 1 MB of RAM right now. However one feature i miss is the 'ask' setting for a application (ask everytime it attempts to access the net)." }-
what do u mean? if u allow an app in Look n Stop and dont check the box for always allow, then it will ask u everytime.

-{ Quote: "I was checking Prisma firewall details and noted this I hoped it was an easy firewall for the home intended but this bit concerns me now.

I would love to know more about the firewall as I don't want to install it for my sister to find it is not as easy as the screenshots look. LnS may be better for them ???" }-Hi Robyn,
It as been a while since I looked at this firewall so I have installed to see how it is these days (the last time I installed was last nov.)
From the user end, this is simply an application firewall,.. all that is really needed from the user is to "Allow" or "deny" an application access to the internet. I have attached an image of "Firefox" wanting access. The first attempt (popup from Prisma) is for firefox to "act as sever", this is due to the "loopback" that is needed, but I denied this, as I dont want firefox to accept inbound connections from the internet, (blocking this did not cause any problems with firefox, so loopback must be allowed with Prisma). The next popup was for the outbound which I allowed (or firefox cannot connect out), you can see the rule that was entered after these popups.
As mentioned, there is a bug, that stops the user from placing rules to limit connections (included in attached image).

-{ Quote: "what do u mean? if u allow an app in Look n Stop and dont check the box for always allow, then it will ask u everytime." }-

If I delete the existing rule to allow Firefox for example, than launch Firefox, a window pops up giving me two options (Authorize or Block). I choose authorize.

If I then remove the checkbox next to Firefox (in LnS), it will ask again next time I start it. However I'd have to go and remove the checkbox again, or it would allow it from there on.

-{ Quote: "If I delete the existing rule to allow Firefox for example, than launch Firefox, a window pops up giving me two options (Authorize or Block). I choose authorize.

If I then remove the checkbox next to Firefox (in LnS), it will ask again next time I start it. However I'd have to go and remove the checkbox again, or it would allow it from there on." }-
im at a school computer now, but ill check on LnS later today.

-{ Quote: "If I delete the existing rule to allow Firefox for example, than launch Firefox, a window pops up giving me two options (Authorize or Block). I choose authorize.

If I then remove the checkbox next to Firefox (in LnS), it will ask again next time I start it. However I'd have to go and remove the checkbox again, or it would allow it from there on." }-

If I remember right, in LnS you have to enable the Advanced Options to have the option to always ask.

se7engreen & Stem thank you very much for your most detailed replies. I really appreciate this and the screenshots, I had to go to my sister's last night just after posting so am only back to the forum this morning to read the replies.

I am glad the wording of the posted question was a puzzle as I could not understand this myself which is why I was utterly confused.
The word 'bug' did jump out at me with the IP address in both posts but know this would not affect my sister as it would be purely settings for appliaction control. I didn't want to shock them with a firewall which needs to be understood and then configured therfore Prisma looked to be easy for them when I wouldn't be there to help with each application. I really appreciate the screenshots provided by Stem and the follow up from seengreen - thank you both so much.
The last concern was the fact in one user review they had troubles with payment for the firewall which worried me as to the actual Prisma site/security. It doesn't seem to have a UK or US seller and some were left trying to get their license etc :(

@WSfuser - thank goodness you posted about LnS asking for permissions as this firewall is still in my view but would have been off the list if I thought I would not be able to permit/deny access to my applications. Thanks for clearing this bit up for me :)

I only realised when setting up the computer for a family that they are not as wary and careful as I would be therefore I really do need to set them up with more than a router with SP2 firewall atm. I worry a lot more about applications but had my eyes opened when they just let their applicatiosn install and run at startup etc - had a few tweaks to set for this - family computing is a lot different than being the one user on my computer with all the layers ;) I am using my laptop at the moment until I am sure about my firewall but know I need to make my mind up soon for both computers.

I really appreciate all help and advice posted and this wasn't even my post - hope the main poster has been able to decide on the lightweight firewall - your post has helped me.

-{ Quote: "@WSfuser - thank goodness you posted about LnS asking for permissions as this firewall is still in my view but would have been off the list if I thought I would not be able to permit/deny access to my applications. Thanks for clearing this bit up for me :)" }-
just remember, if u want to always ask u for an app, enable the Advanced Options and dont check any boxes when u click allow.

Thanks se7engreen and WSFuser, I did what you said and it works perfect now.