I'm currently using Kerio 2.1.5, and I know it's pretty light on resources but is it the lightest? I only really want a firewall for outbound protection as well. I mean Kerio 2.1.5 is fine it's just that I want to make sure that I'm getting the most out of my firewall whilst keeping the resources spent at a minimum.

Cheers.

Kero 2 has to be the lightest of those providing outbound filtering.

Others very light should be Look n stop (and probably PC Tools firewall which is based on it) and Ashampoo Free.

As CReal put it.

Oh,i 'd say Jetico 1 is also quite light.

Cool. Cheers for these. Time now for some testing.

Do not know the resources used by the above mentioned. On my Win 2k PC running ZA Pro 5.5.094 with only the FW running, no AV monitoring, or e mail protection, memory usage comes in at just under 11 Mb. Since I set behind a router I really only count on it for outbound which it does quit well.

Does anyone know any working links for downloading Jetico 1? I'm having trouble finding one.

Also, does anyone know if the inbound protection provided by Kerio and jetico is superior to the Windows XP firewall, or is the only advantage over XP firewall the outbound protection, configuration etc?

Thanks,
Londonbeat

-{ Quote: "Does anyone know any working links for downloading Jetico 1? I'm having trouble finding one." }-
http://www.jetico.com ( hxxp://www.jetico.com/jpfwall.exe )

So far I've tested COMODO, Kerio 2.1.5 and Jetico, and Kerio and Jetico are about the same, about 7MB each. But for COMODO I get about 5MB which is surprising as most people say it's heavier than the other two. Now, I'd love to use COMODO but it keeps forgetting my settings, so really it's either Jetico or Kerio unless someone comes up with anything.

Filseclab quite light as well. A single process @ <7MB.

I've heard lots of people say it crap, but I would consider if it has good outbound protection.

-{ Quote: "I've heard lots of people say it crap, but I would consider if it has good outbound protection." }-
Outbound protection is not stellar compared with others, but it does pass some of the basic leaktests.
(I doubt Kerio 2.1.5's outbound is that great either)
However, Filseclab, in conjunction with HIPS here (Pro Security), and I pass virtualy all leaktests I've thrown at it.
Interesting Filseclab thread here: http://www.wilderssecurity.com/showthread.php?t=92710&highlight=filseclab
One thing I like about Filseclab (and the reason I keep returning to it) is that I can almost always figure out what's going wrong (should something go awry), thanks to it's excellent monitor / logging.
It gives me the "warm and fuzzies" in that I am able to diagnose issues that arise. I find it's been a great learning tool.

Well, I just tried Filseclab and I have to say I'm not really that impressed with it. The resource usage for me was about 13MB, plus it made my wireless connection go weird. But cheers for the recommendation though, it's good that I've been able to find out all of this first hand though.

Now, though Jetico has passed more leak tests and is thought of as a safer firewall, I might stick with Kerio 2.1.5 as I prefer the way it handles outbound connections and it did pass the leak test at www.firewallleaktester.com. Anyway, cheers for the input guys, of course I'm still open to more suggestions.

For me testing the lightness of a firewall isn't only RAM usage.The ultimate test is its behaviour in p2p.Filseclab from what i remember,has CPU spikes at 4-6%,even when downloading a single file through the browser,let alone p2p.

While the really "light" firewalls,are "stuck" to 0% cpu even at full speed p2p.
Same applies to ZAF.It's light,but under stress it oscillates from 0-2% cpu,so i don't put it at the same category with the super light Kerio.

-{ Quote: "
Now, though Jetico has passed more leak tests and is thought of as a safer firewall, I might stick with Kerio 2.1.5 as I prefer the way it handles outbound connections and it did pass the leak test at www.firewallleaktester.com. Anyway, cheers for the input guys, of course I'm still open to more suggestions." }-

Ah,the pop up windows of Kerio 2 are exemplary.It's a shame that this firewall was abbandoned.It was the perfect way of setting up a rule based firewall.

Running LNS Lite on a 466Mhz Celeron laptop w/96MB of RAM.

Using around 1.6MB VM.

I gave LNS a go, but unfortunately it wouldn't allow me to connect to my wireless network. Shame, I've heard lots of good things about LNS.

Also, go to agree that it's a shame that Kerio abandoned their firewall. It's seems odd that they'd do that, does anyone know why?

It never ceases to befuddle me why so many people seem to put 'lightness' above other (more important) FW properties. ???

Unless you are stuck with an old PC with limited resources, even the 'heaviest' of FWs isn't going to result in much of a performance 'hit' on your system. I would gladly allocate an extra several MB to gain a user-friendly interface, ease-of-use to the point where you can quickly get to not even noticing it's there, and of course, inbound/outbound protection that survives reputable independent testing with flying colors!

-{ Quote: "It never ceases to befuddle me why so many people seem to put 'lightness' above other (more important) FW properties. ???

Unless you are stuck with an old PC with limited resources, even the 'heaviest' of FWs isn't going to result in much of a performance 'hit' on your system. I would gladly allocate an extra several MB to gain a user-friendly interface, ease-of-use to the point where you can quickly get to not even noticing it's there, and of course, inbound/outbound protection that survives reputable independent testing with flying colors!" }-

The "more important" features,is something subjective.One may prefer Kerio 2,despite the fact that fails most leak tests.Because some users have different defences,so that having a firewall leak-stopper isn't a priority.As a matter of fact,i would be curious to know just how many REAL life cases there are where the fancy antileak features of some firewalls are really needed and kick in.

Some people even prefer no outbound filtering at all.After all,a firewall,originally was conceived to close the door to those "outside".Personally i want outbound application filtering,but i understand those who don't.

The extra several MB of RAM aren't much of an issue,but extra CPU is still today.Because the PC isn't supposed to run FOR the security applications.The power of the Pcs has become an excuse for bloated,untrimmed code that eats resources for doing something that shouldn't burdon the pc at all and in a perfect world ,where Windows would be a very secure OS,they wouldn't have reason to exist at all.

Unfortunately,the reasoning of "come on,you have a paleolithic pc or what?" has made,firewalls,avs,hips and even the OS itself ,become bloated.You spend 3-4% Cpu for the firewall ,2-3% for the Antivirus,1-2% for the antitrojan ,2% for the HIPS and there you go with 10% of your CPU eaten for "background tasks".When most of these tasks,combined with appropriate applications and habbits can be done at much lesser cost.So why not do it?

It's the same story with Vista coming out now and which of course requires a new pc practically.Is it necessary really?Well,the easy answer is "come on,buy a modern pc".Another view is "why would Vista require all that hardware and hence resources,when Linux does the same things on much more humble hardware?".

So,there is the person that prefers switch to Linux or stay with XP ,in order to avoid the increased resources required for Vista and at the same way ,there is the person that doesn't think that spending too many resources for various security applications in necessary.Because most things that Vista or a heavy firewall do,can also be done in XP or with Kerio 2.

Regards

I certainly appreciate those who want a Firewall that does not eat into their resources. It seems right to me? Sure old systems are always going to be out there that need protection too. Where there is a need there should be a market.;)

CReal, while I found your commentary quite interesting, I would point out that I did not indicate that my remarks were anything other than my belief.

However, speaking as a Software QA Specialist, my objective is to determine whether or not a particular software product satisfies its intended design purpose, is free of development flaws (bugs) and coexists well with other installed software. All programs require computer resources to execute, but imho we just have to keep that in its proper perspecive in the overall scheme of things.

And please don't get me started talking about Vista!

A lightweight firewall is not only a firewall with low memory footprint. IMHO, the lightest firewalls are:
- Packet filters such as Ghostwall and CHX-I (haven´t tried this last though).
- Rule-based firewalls such as Kerio 2.1.5, Jetico v1 and LnS.
- Application-based firewalls: older versions of Zone Alarm.
I also suspect that Filseclab, Sygate and Online Armor FW are lightweight too.

-{ Quote: "CReal, while I found your commentary quite interesting, I would point out that I did not indicate that my remarks were anything other than my belief.

However, speaking as a Software QA Specialist, my objective is to determine whether or not a particular software product satisfies its intended design purpose, is free of development flaws (bugs) and coexists well with other installed software. All programs require computer resources to execute, but imho we just have to keep that in its proper perspecive in the overall scheme of things.

And please don't get me started talking about Vista!" }-

Hi again pvsurfer.Of course it is your belief and you did well to post it.It's a forum ,so everyone speaks his mind.So did i.I don't mind people wanting the super anti-leak test firewall or the antivirus with 50MB ram.I simply say that users differ.Just like some forum members have countless security applications ,while others prefer just a router and an antivirus.I am somewhere in between,but generally speaking,i want my pc as clean and fast at "default" as possible.So i use nlite and try to minimize the startup programs and use those with less impact on resources.Do i have to?No.I have dual core Cpu and plenty of RAM.But this is the way i like it.I can also "sense" even small variation in speed when using different applications.Also,my needs are different.I ve been using Kerio 2,ZAF,Sygate for years,none of them is a champion of leak tests,yet nothing bad happened to me.So,it's a calculated risk i can take.So i prefer to use as light applications as possible and Pg free,which is a big watch dog that allows me to do that.So,let's say i want to buy an antivirus.KAV is better in detection rate than NOD32.But i would buy NOD32,because it's lighter and i can afford the "risk" of slightly lower detection rates.

-{ Quote: "A lightweight firewall is not only a firewall with low memory footprint. IMHO, the lightest firewalls are:
- Packet filters such as Ghostwall and CHX-I (haven´t tried this last though).
- Rule-based firewalls such as Kerio 2.1.5, Jetico v1 and LnS.
- Application-based firewalls: older versions of Zone Alarm.
I also suspect that Filseclab, Sygate and Online Armor FW are lightweight too." }-

Ghostwall is in deed ridiculously light.Less than 1MB Ram,0% CPU.But it has no outbound application control.

Sygate is also very light,but eats up CPU if you use p2p,proportionally to the download speed.If you use it only for browsing it's fine and only about 8MB Ram.Only problem the local proxy hole and the fact that ,like Kerio 2,is now out of development.

I've seen others here and elsewhere saying Ghostwall has no outbound application control. Sure it has no control over installed software but it DOES control outbound connections. eg block all outbound TCP to port 80 at IP xxx.xxx.xxx.xxx and it will do just that.