I know my post will probably be moved to the poll area, it will be surely his place this time, but i would want to gather as many responses as possible to include statistics on my website ( i will include the link of this thread on it).

Already existing poll on this subject doesn't have all the options i would like.

Time to poll now :)

EDIT : if you use one of this firewall but the free version, i think you can vote for the Pro version, it should keep fair statistics.


EDIT2 : Poll adjusted to remove "Pro" versus other versions. Please pick the brand regardless of using Pro or other versions.

I voted other, because I use Sygate free 5.5, and its by far my favorite, I've tried Outpost free, and ZoneAlarm free, didnt like them, I like Sygates setup so it can be like Zonealarm, take less resource, AND STILL be able to have some rules.

I replied 'other' for TinyFirewall but once LnS includes application rules (due shortly) I might just have to change to that ;D

The reason for what i doesn't include the free versions is that there isn't enough option (limit is 8).

So may be you can vote for the Pro version of your firewall :)

Having the look 'n' stop forum hosted at Wilders (not that this is a bad thing at all) may cause some bias in your poll if you plan to use statistics for your site. Many people from other forums have never even heard of look 'n' stop.

Having said that, my choice is LnS ;D

The support is great, and it offers great flexibility (which should even be greater with the addition to app rules which Dan Perez mentioned) whether you are a newbie or advanced user.

ZoneAlarm Pro because I like high security without having to worry about pre-configured rules. I can still make rules if I need to. But knowing how I am with firewalls, this could change. ;D

@rerun 2
{QUOTE->
Having the look 'n' stop forum hosted at Wilders (not that this is a bad thing at all) may cause some bias
<-QUOTE}

I don't think, some people reading the "other firewall" area like others firewall than Look'nStop.
Moreover, when i'll post the new page on my site, guest will be invited to come here, register, and poll too, so i think all is fine :)

Why OutPost Ofcourse!!! ;D

I'm a big Sygate fan ;D

I'm no firewall expert, so I like the "application" ability along with the capability to create advanced rules if I learn of any that may be needed.

It also does a good job of "holding on" to programs while waiting for my response as to whether said program should have internet access or not without crashing that program.

All this said, my opinion probably doesn't mean a whole lot since ZA was my first firewall ever and Sygate my second ;)

Kerio all the way, Baby! ;D

Tried, ZA, was good 4 a neebe like me, then tried outpost, couldnt figure out how to edit my rules once they were made. Using sygate and love it, its like a mix of ZA and outpost in that is primarily and app based firewall but can also be a rule base and a mix and match of the 2. It has the best of both worlds.

At the present I am useing BlackIce internet security. It seems to be doing a pretty good job :)

I now use OP so I voted for it -- only fair. When/if I change to something else, it will probably be L'n'S because it has the best marks in reviews I've seen.

Hi,
The most firewall have good thing:
I like many Sygate Firewall PRO, because it have excellent things like IDS, Automatically block IP of..., and it use low resources, and the logs are easy to understand, but Sygate not block pop-up, cookies, Web bugs, etc.
ZA Pro is another firewall that I like much, it interface is easy and very friendly to understand, block pop-up, web bug, cookies, etc, provide best outbound protection than Sygate, for example ZA pro have a "Open process" option for sophisticated trojans, etc. But Za uses many resources and make the start of windows very slow.
Outpost is a good firewall, easy GUI, the gui are available in many languajes, and the plug-ins are excellent and easy to use.
Kerio have excellent and easy to understand logs, in my opinion the best logs.
Kaspersky Anti-Hacker, I don't like it, I think that is a poor firewall, not provide DLL injection protection, the IDS is very incomplete, the logs are average, not have password protection options, no auto update, the price is too expensive for the class of firewall that is, no provide pop-up, cookie, and web bug protection, in others words: it's a g@rb@ge.

Out Post Pro V2! ;D

up

I just remembers to readers that results from this poll will be used on my website, it's a long term poll not a temporary one, so if you want to be heard for a long time, poll here and now, thx :)

For my pers use I have 8Signs Firewall on my pc. I have tried them all, and each one in their own right has good qualities. Its a matter of pers taste as to what your needs are. 8Signs is a rock solid firewall...hands on application. Its the one for me ;D

I think for many of them there's a big difference between the pro and free versions.

For example, I think ZA free sucks. But ZAP is okay. Dont know about the other ZAs

{QUOTE-> quoting: JayK link=board=19;threadid=17688;start=15#msg115078 date=1072967065]
Dont know about the other ZAs
<-QUOTE}

I've had ZA+ for about 2 months now.

It's looking good so far.





snowbound

Why polling?
OP of course 8) ;D

{QUOTE-> quoting: snowbound link=board=19;threadid=17688;start=15#msg115080 date=1072967722]
{QUOTE-> quoting: JayK link=board=19;threadid=17688;start=15#msg115078 date=1072967065]
Dont know about the other ZAs
<-QUOTE}

I've had ZA+ for about 2 months now.

It's looking good so far.





snowbound
<-QUOTE}

Whats the diff between those 2 versions? My brother (you know the guy who has the title "security expert" in his offical job title) is using ZAP on another computer, so I played with it a bit, it's pretty good.

ZAP has cache cleaner, ID lock, popup blocker and cookie control. ZA+ doesn't.

I have other apps to take care of those things.






snowbound

{QUOTE-> quoting: snowbound link=board=19;threadid=17688;start=15#msg115348 date=1073061153]
ZAP has cache cleaner, ID lock, popup blocker and cookie control. ZA+ doesn't.

I have other apps to take care of those things.

That's all? Any firewall related functions? Eg support for VPN, advanced firewall rules? etc.





snowbound
<-QUOTE}

{QUOTE-> quoting: JayK link=board=19;threadid=17688;start=15#msg115355 date=1073063536]
That's all? Any firewall related functions? Eg support for VPN, advanced firewall rules? etc.
<-QUOTE}

Everything else is the same other than what i mentioned.

Oh, and it was 10 bucks cheaper. ;)





snowbound

Sorry i missed one thing :P

ZAP has a thing called My Vault. Keeps personal info secure on your box.






snowbound

Right, basically all the items that are extras in ZAP over ZA+ can be classified as Privacy related. Many people don't believe these functions belong in a firewall, so Zone Labs released ZA+ without all those.

ZA+ still has the component level applications controls (to fight outbound leaks), advanced firewall and program configurations, experts rules and the extra email controls like ZAP, but which aren't included in ZAF.

I used ZA+ for a year, on just a ZA+ license, but when 4.0 came out I bought a 2-year ZAP license. Interestingly enough, I leave the Privacy controls mostly disabled except when testing sites, so I'm really only using the ZA+ feature set.

50 !

still few poll, but keep growing my lovely poll ;D

I like LooknStop but I am inexperienced with Firewalls. I have only ever used LNS and Norton Internet Security which I also liked. LNS is a bit confusing for me (that means it's probably easy to use) but with Phantom's support here at Wilder's it was very easy to setup (and for me, THAT'S saying something) and has behaved perfectly. 8)

Acadia

I have tried most of the firewalls available Over the years. I have finally stayed with mcafee 4.0. It has intrusion detection very good networking options ip blocking that actually works I like the visual trace option also. And to those that it matters to it is a full stealth firewall. And it is one of only three personal firewalls certifed by ICSA The other two are norton personal and ezTrust armor firewall. ;) I also run a hardware firewall.

I like ZA. Once set I never have to go near it again. Tried Kerio for a while but the rules near done my head in. Had a very short relationship with Outpost, same again, so back to ZA and am staying there although still on 3.7.211. I even understand it. :D

{QUOTE-> quoting: JayK link=board=19;threadid=17688;start=15#msg115078 date=1072967065]
I think for many of them there's a big difference between the pro and free versions.

For example, I think ZA free sucks. But ZAP is okay. Dont know about the other ZAs
<-QUOTE} ???why would there be a difference between the pro and free version if the idea is to get you to try it and buy it it seams like they would be the same :o

As for the software firewall, I personally like Zone Alarm Pro. I also think there is a big difference between free and pro version. But if combined with SSM(System Safety Monitor), I think any software firewall listed on this polls will be a good solution.

Best Regards

we don't need/want any link to any test there, it is a poll of YOUR personal opinion/feeling/experience ;)

I tried ZoneAlarm Free and Pro, Sygate Free and Pro, Kerio 2.15 & 4.010, and OutPost Pro. ZoneAlarm hijacks my Rnaapp.exe. Sygate doesn't check the traffic to my local server. Kerio 2.15's interface is somewhat outdated. Kerio 4.010 is way too buggy. I haven't found problem with OutPost Pro yet. So It's my favorite so far... Well, things can change ;D

good experience you have :)

Look 'n' Stop works right well with my system (windows XP).
It's very extensible and it allows you to stop any suspicious packets.
It has provided a permanent and secured protection up-to-now. ;)


Uguel

Outpost Pro 2.0 is good.
It has some nice plugins.

I prefer LooknStop 2.05 beta.
It runs lighter and I like the features.

Neither firewall has ever let me down.

Like Zone alarm best, tells you what software is trying to access the net, and how many hits your PC got.

I think look n stop is excellent,

for a free one i like EZ firewall

{QUOTE-> quoting: Tech_Guy link=board=19;threadid=17688;start=30#msg122604 date=1074745115]
Like Zone alarm best, tells you what software is trying to access the net, and how many hits your PC got.
<-QUOTE}

Amazing, I have never heard of a personal firewall that does exactly those functions. Must be a pretty unique firewall ;D

He said his zonealarm notified him of pc hits and software trying to access the net. Well mcafee 4.0 firewall does this also and more. So not being the only one to do so makes it not so unique.

{QUOTE-> quoting: bigc73542 link=board=19;threadid=17688;start=30#msg122958 date=1074832848]
He said his zonealarm notified him of pc hits and software trying to access the net. Well mcafee 4.0 firewall does this also and more. So not being the only one to do so makes it not so unique.
<-QUOTE}

You need to learn how to get a sense of humour

me too i didn't get the humor !

may be you should think too that the language can be a shield sometimes, at least myself, english is not my native language :)

I happen to have a very good sense of humor, when I see or hear something funny I laugh.

Everyone laughs when he sees or hears something that strikes him as funny. But the humour impaired, seldom fails to see something that strikes him as funny of course.

Since I lack even the most remote sense of humour, I would like you all to get back on topic.

Regards,

Pieter

REMOVED. On topic please!

As a reminder, the topic is:

Which personal firewall do you like the best ?

Zone Alarm Pro - without question

Jack

I tried a lot of them, but still I always come back to Sygate 5.5 as:
- I don't need popups manager, thanks to Mozilla Firefox,
- I don't need AM, thanks to SSM,
- I don't need any secure vault to store my personal Information, I don't trust a FW safe "folder",
- I don't understand a thing to rule making ... I wish I knew how to, but too lazy to learn, even though LnS forum seems quite informative.

Sygate looks like the best set & forget FW, with few RAM usage.
I just hope outbound protection will be improve as it seems to be possible.


HD, lazy FW tester

Look 'N' Stop here. Great support in forum, a lot of features, light on resources...

Second choice would be either Tiny PF or ZoneAlarm Pro.

{QUOTE-> quoting: hokhost link=board=19;threadid=17688;start=45#msg133814 date=1077323418]
I tried a lot of them, but still I always come back to Sygate 5.5 as:
- I don't need popups manager, thanks to Mozilla Firefox,
- I don't need AM, thanks to SSM,
- I don't need any secure vault to store my personal Information, I don't trust a FW safe "folder",
- I don't understand a thing to rule making ... I wish I knew how to, but too lazy to learn, even though LnS forum seems quite informative.

Sygate looks like the best set & forget FW, with few RAM usage.
I just hope outbound protection will be improve as it seems to be possible.


HD, lazy FW tester
<-QUOTE}

Hmm if you want good outbound protection, given the loopback bug , Sygate is the last FW you should use I think.

I'll wait for LnS 2.05 final to be released. This should help a bit for outbound protection.

In the meantime, I stay with Sygate and the best security software, my brain.

And as you say, " Whatever you do, don't listen to me!" ;)

i like zone alarm pro

thanks you all for polling, results are used to update my webpage :
http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/statistics.htm

keep polling :)

zone alarm is a good firewall

I like OutPost Pro.

The default configurations work well for most things (all things here, actually) and the plug-ins simply can't be beat. Pete

I like FREE firewalls best ;D and therefore, Kerio. The free version has some bells and whistles disabled, but it's fine with me, I don't surf with IE, and they are mostly related to IE problems (activeX blocking etc.)

I did try out some other, commercial ones, like ZoneAlarm PRO (too basic), Sygate (just unpleasant to look at) and TPF (used it for a while, after it broke down the third time and I had to set it up by clicking these tiny cells, I gave up). But will go right away to try Outcast and LookNStop :)

In this community I still might consider myself a llama :-\ , but @ least I'm not a shy one ;D

So, untill now, I've only tried 2 FW's:

*ZoneAlarm;
which worked fine with my dinosaur system (P1 120 mhz!) in combination with dial-up connection :P

But as I finally started to play in the major league, and got myself a new P4 with broadband :-*, I figured it was time to learn some more about serious and safe surfing. A friend of mine suggested

*Sygate;
and that's what I've been running for a week now -with great satisfaction, I must add. It's indeed clear and obvious enough for a guy like me, to set and forget. In contrary to other postings; I happen to like the plain and sober interface.

But hey- nothing to debate about personal taste ;)

I'll try some of the other FW's mentioned here later (the first time Sygate is letting me down haha ;D)

Grtz,
Slammer

I am using F-Secure Client Security right now. It has both AntiVirus and Firewall components. It is doing a very good job so far.

I've only used Zonealarm free and paid for NPF. Why does everyone rate NPF so poorly ? It passes all tests on GRC.com.

zone alarm is the best

thanks for polling everyone, i will update my website's page as soon as it will be a little more results, so i keep en eye on it :)

Outpost has never let me down gkweb ;D

my choice is sygate personal firewall
at first, i used zonealarm , but it always locks up my internet access and also uses too much system resources
sygate allows you to create advance rules and has a more comprehensive log files than zonealarm ;)

I'm changing my vote from ZAP to undecided. ZAP will not let me on the internet despite rules being created by me and applications being taken out of the list. I'm using NPF with my KAV right now.

zone alarm

need again 2 posts and i will update results on my website ;D

i like both outpost and zone alarm . but i will go with zone alarm because of its features

Hi,

I never tried them all. Anyway I use Panda Platinum Firewall.
Tried McAfee, but i dumped after one day.

{QUOTE-> quoting: gerardwil link=board=19;threadid=17688;start=60#msg149202 date=1080168451]
Hi,

I never tried them all. Anyway I use Panda Platinum Firewall.
Tried McAfee, but i dumped after one day.

<-QUOTE}

With the risk of being 'dumped'from this thread ;) I just couldn't help noticing the motto beneath your avatar, Gerard:

Have I finally met a fellow bridgeplayer here? ::) ;D ;D ;D
(Where do you think my ID is coming from? ;) ;) ;))
groetjes,
Slammer

Hi Slemmer,

Yes indeed a bridge player.

Greetjes,

Gerard

oh wow....lol. I can't believe Zone Alarm is actually winning :P

weird :P I personally use Zone Alarm, I've tried Kerio and Outpost, and Sygate (I can't really remember WHY I chose to uninstall/stop using either of those lol) But Sygate, I experienced crazy CPU/mem usage with it....I think it was cause I was paranoid and went messing around with the logging settings and set all the fields to 9999999 for best/most logging results or something. So I uninstalled it :P I cant remember why I uninstalled Kerio and Outpost though, I dont think I got too far into Outpost, because I missed the DNS Cache that it has (is it a plugin by chance? and maybe I didn't have that plugin?) so I think I might try out Outpost again, because for my HOSTS file-ad-blocking process over @ bluetack.co.uk, the DNS cache might help me a bit, by logging all websites I visit ;).

But yea, I use Zone Alarm free on my dialup box (currently my "testing" box, lol I tested Kerio/Outpost/Sygate on it). I stuck with it because of the easy IP importing/blocking using ZA Update 2.0. But IP Blocking isn't that big of a deal for me now, since DudeZ over @ bluetack released ProtoWall that blocks IPs @ driver/system level. So yea, I might try out Outpost and Sygate again and compare em ;) Maybe Ill read this thread me and see if anyone can sell em to me either way hehe.


BTW, juding from that firewall tester site.....lol. ZA Free version = SHITE LOL. It don't block anything :P

Never mind - I seem to have solved my problem with ZAP. :D

I go with Zone Alarm Pro

I used Zone Alarm Free, Sygate Free, Zone Alarm Pro, Sygate Pro, Kerio 4.010, and Outpost 2.1. Now, I am using Zone Alarm Pro.

I used Zone Alarm and Sygate without utilizing expert rules before. They were very easy to use without using expert rules. But the problem is that user does not have full control on outbound traffic without using expert rules. As a newbie, I was happy with them.

Then, I wanted to try something new. So I switched to rule based firewalls such as Kerio and Outpost. I studied how to generate rule sets with Kerio and Outpost, and they all worked pretty well. I was happy with them too.

Again, I was somehow tired with Kerio and Outpost. So I come back to use Zone Alarm Pro again. This time, I have generated my own expert rule sets to have a full control on outbound traffic. The idea here is a layered protection: the layer of my expert rule sets + the layer of zone alarm default settings. Both of the layers can work pretty well without each other. But when they work together, the protection is much better. The zone alarm default rules are general. In other words, they are not tight enough. So my expert rules tighten the default settings. On the other hand, I might have missed something, and thus there might be some 'security holes' in my expert rules. The zone alarm deffault settings can cover up these 'holes', as they work fine even without my expert rules.

Fortunately, ZoneAlarm Pro works fine on my box. ZoneAlarm Pro, Sygate Pro, and Outpost Pro 2.1 all takes about 20MB RAM on my box. I have not seen any obvious disadvantage of ZAP so far.

Been using Kerio 2.1.5 and am very happy with it. Had NIS 2002, got hacked, sucked down the resources bad. Tried ZA free, very erratic protection, repeatedly lost the entire ruleset.
Kerio 2.1.5 has worked flawlessly. It has the features that make a firewall good and none of the bloat of others. Their newer version doesn't look nearly as good. Tried it, removed it the same day.
Rick

I use Zonealarm free. it has served me well for 2 years

I had a very bad experience with Looknstop when I was using W2k (since moved to XP pro). LNS buries itself deep inside your OS and it doesnt uninstall itself properly if you get a problem as I did. My problem became worse to such an extent that I had to buy a new hard disk and start afresh . The LNS support was modest but couldnt sort his at all, obviously not tested on W2k but this was 2 years ago.

I wouldnt touch LNS again personally because of its ability to completely trash your system.. I wouod like to post more objective info on this but couldnt get much explanation out of LNS at the time. I guess its part of their proprietary method of prevent malware from disabling its fucntion.

So far , touch wood, i havent had any further problems but have had some near missess via email.

I notice this site doesnt seem to have any Linux users represented? prehaps they dont yet have the M$ problem. I read somewhere that it is possible to generate a similar security threat in Linux but it hasnt happened because the user base is too small.

any info greatly appreciated.

rgds to all and my sympathies if you are suffering - been there myself.

Headcase

I am kin of fond of sygate. When I started using it firewalls were a bit of a mystery to me and I'd had a really bad experience with NPF. I liked the application based rules and for some reason ZA would block my net access repeatedly. Now I'm becoming more familiar with Sygate I'm able to set up specific rules to tighten it up .

da cat

Zone alarm pro is the one to use ya know,

no other firewall has as much go,

you may search high and low,

but you'll never get better protection for your dough.

Having used practically everyfirewall I could find, outpost comes out on top as it is the only one that makes me sleep at night ;D . However I have heard good things about 8signs so i may give that a trial next

Been using ZoneAlarm for years. Love it! Hard to believe there is something better.

Long term Outpost user here so no surprise as to how I voted. ;) Did try ZoneAlarm a while back but found the lack of control frustrating (no ability to really crack the whip over what applications can get up to online). Look'n Stop could be a worthy contender if they added application level rules - but Outpost's plugins would still give it the edge in my view.

I use ZA free for now. I tried Sygate first, but no matter what I did, it refused access to everything. :(

I voted for Kerio. Kerio 2.1.5, that is.

I like ZA free V.3.7.211. No nagging or other nuisances. I give it an odd check
on GRC and get full stealth each time. I wouldn't change it. :)

look n stop is the best firewall in the world (notes of 17/20 compares to ZAPRO 11/20)... and nothing more to say except it may be difficult to use for noobies... but there are many all made rules on the official site.

{QUOTE-> Been using ZoneAlarm for years. Love it! Hard to believe there is something better. <-QUOTE}

ZA is not protecting U... you want a proof. .. take Emule or Edonkey how many intrusions you ve got at the end of the day ?

look n stop can get 200 000 per day and even more ! It blocks all intrusions, not as ZA which leaves gate open

I use Windows XP Service pack 2 RC1's built-in firewall. It does a rather pretty good job in keeping all the dirty crap out from my computer. 8)

I like Zone Alarm, mostly got it because of it being promoted a lot on the
computercops.biz site. The Pro version, though, as the free version is sort
of like a demo of a game where you can only play one level... :D

I use ZA. But i have a friend who has never even had a firewall ever! And he never has had a serious problem(and he goes online daily). BTW he doesn't have an anti-virus either. He uses the free virus scanner for aol customers. This really amazes me and makes me wonder if the makers of all this expensive stuff (firewalls & antivirus makers) have overblown the need for alot of their products.

{QUOTE-> i have a friend who has never even had a firewall ever! And he never has had a serious problem(and he goes online daily). <-QUOTE}Three possibilities - his ISP is filtering traffic to block the most common attacks, he is keeping bang up to date on Windows Updates and (very likely) he does have problems but simply has not noticed them yet (for instance, if his PC was being used as a spam relay or being used to host other people's illegal content, without a firewall he would only notice if he kept a very close eye on network traffic).{QUOTE-> This really amazes me and makes me wonder if the makers of all this expensive stuff (firewalls & antivirus makers) have overblown the need for alot of their products. <-QUOTE}On my router firewall I am currently getting two incoming connection attempts per minute (this is quiet - I have had one every 2 seconds during busy times) - most of these are on port 135 which is most likely Windows Messenger spam. Port 137 is next and this can cover a variety of nasties including all the DCOM/RPC exploits like MSBlast and its ilk. On that basis I would regard a firewall as essential and would not connect a PC to the Internet without one installed. Costwise, some are free while the best ones should not cost more than US$40 - which is not expensive in my book.

A firewall, an antivirus and a web/spyware filter are the basic security tools that everyone should run. If you receive files from questionable or anonymous sources (IRC, Usenet, P2P) then a specialised anti-trojan should be considered also. The paranoid ;D could then add a further layer of defense using an application firewall like System Safety Monitor (http://maxcomputing.narod.ru/ssme.html?lang=en) (free) or install Process Guard (http://www.diamondcs.com.au/processguard/) to protect their other security software from being shut down by any malware that slips through the defenses.

Tried ZA,Sygate and Norton....they all had various things about them i did not like....found OP and very happy about it.

' I am currently getting two incoming connection attempts per minute (this is quiet - I have had one every 2 seconds during busy times) - most of these are on port 135 which is most likely Windows Messenger spam. Port 137 is next and this can cover a variety of nasties including all the DCOM/RPC exploits like MSBlast and its ilk. '.....................me too

strongarm..please point your friend to what Paranoid2000 wrote ( the man knows ) and maybe we will have one less zombie out there :)

People stop posting ( ~snipped~ )

Before you do a post about your firewall, and say this is the best, go and download these little programs at :http://www.firewallleaktester.com


Then you can see if you have a good firewall !!!!

The most firewall are leaking.


snipped objectionable word==bigc

well i voted for other, mine is currently tiny personal firewall 5.5

it blocks everything, including 99% of FWB backdoors..


others i've tested/had installed

ZAPro for 3 years(ZA and ZA+ too)
Mcafee
f-secure intenet security
kerio( both 2xx and 4xx)
L'nS
sygate pro and free
Norman

I love Look'n'Stop 2.05.

Using around 1,500 K of MB, whereas ZAP 5 (vsmon, etc) used...a much larger number of resources.

My page rendering times improved also ^_^

Anon, those leak tests are not actual forms of malware, their just testing devices. If there was malware designed in a similar manner to one of them, i'll bet it would be found by your AT/AV. Because these tests are just that 'tests' and not real forms of malware. Maybe your firewall could even block them if they were real malware. Besides, you have willingly put the leak tests on your own harddrive yourself. Who says they could ever get on your computer in the first place if they were real forms of malware? Unless you don't pratice safe hex.

But anyway i like ZoneAlarm pro.

I use ZA free on my XP and 2K boxes with really lame dialup. Also use SpywareBlaster, Ad-Aware, Startup Monitor, Lookout Express (yeah, yeah, I know), WinMX and IE. I try to stay current on Windows updates. NEVER use Windows Media Player.

Passed the leak test and shields up test.

Never noticed any problems, but I'm not an expert and Paranoid2000 may be right, I just haven't discovered the problems.

And I may find the free version inadequate when I go to wireless internet in a few weeks and install a router.

Any router recommendations??

nmmng

I prefer linksys but that is my personal choice, it works very well. Any decent software firewall that filters outgoing request's will work just fine with a router. Wireless or hard wired. I use a linksys BEFW11S4 wireless and it works without a hitch. I use kerio 2.1.5 soft firewall, works just like it is supposed to filtering all outgoing. The router takes care of the incoming.

Right back to normal these days. Kerio 2 and NetGear rp614v2 router. Works great.

I now use Sygate PRO firewall , excellent because one option actually allows me to set a specified number of seconds ( between 0 and 999999 ) to block known attackers' IP addresses. I put 999999. So, all attackers IP addresses are blocked automatically for 999999 seconds.

{QUOTE-> I now use Sygate PRO firewall , excellent because one option actually allows me to set a specified number of seconds ( between 0 and 999999 ) to block known attackers' IP addresses. I put 999999. So, all attackers IP addresses are blocked automatically for 999999 seconds. <-QUOTE}

Outpost Pro does this as well.

i have Outpost ;D

I only use Zone Alarm. I've heard that Kerio & Sygate are good also, but a little harder to manage that Zone Alarm.

I have used Agnitum Outpost FREE for two years, and I was very happy with it, because you can configure every detail of your internet connection, and you can monitor the traffic very easily.
But unfortunately, this free version wasn't updated anymore, and after a while I got stop-errors (blue screens) in Windows, more and more.
Microsoft's Online Crash Analysis blamed Outpost for it..... :-[

As I am from Holland, I don't want to pay for the PRO version ;) ,
(we Dutchies want everything for free....)
So I went on the web to look for another good freeware firewall, and found Sygate's Personal Firewall.
I am using it for a few months now, and I am very happy with it. It didn't cost me much time to understand its configuration.
I think Sygate is giving me better protection than Outpost Free. I am missing the big screen with all the traffic though. It always gave me the great feeling of being in control of all that happens.... ;D

Be aware that Sygate cannot control access to local proxies on your system (see this FAQ (http://forums.sygate.com/vb/showthread.php?threadid=7813)) so if you are running any (principally web filters like Proxomitron (www.proxomitron.info) but some antivirus scanners like Norton AV also use a local proxy for email scanning) then any application can use the proxies' rules to gain Internet access - in this case Kerio would be a better free solution.

However you may also find it worthwhile trying to track down the real cause of the blue-screens you were getting with Outpost (don't assume Microsoft's analysis is telling the whole story) - if it was working previously then something else must have changed on your system to cause a conflict.

Well I used to be a long time user of Zonealarm, first the free version then 8 months ago I registered for the pro version. It ran fine until they released Version 5 which is incredibly unstable and would regularly bring my system to a grinding halt locking it up solid so that a hard reset was needed. After browsing the Zone alarm forums it turns out I'm not the only person with this problem and the advice seems to be to revert back to the previous version then try the new version 5 when it comes out.

I really can't be doing with having to beta test something I've paid for so I switched to Kerio. Have been very impressed with the free version so far, especially the way it alerts you when one program tries to open another. This is the way I caught a suspicious file trying to open attrib.exe.

{QUOTE-> I really can't be doing with having to beta test something I've paid for so I switched to Kerio. <-QUOTE} I agree completely about we having to beta test new updates. ;)
I used Sygate Pro before, but since a new update started to behave badly with Avast, I switched to OutPost Pro and I like that one more. Never had any problem with it and it's really easy to use.
>:( Never again do I want to become beta-tester of software I paid for.
Of course to beta-test Palm software, they can call anytime. ;D

D'oh! I am still no closer to choosing a firewall after reading all the threads on Firewall ....

All of them seem to have some sort of negative points ... I don't mind it being a bit slow (medium resources usage is fine) but I just want it easy to install and to uninstall (clean) and secure. Oh ya and easy to set up ...

::)

I have tried many firewalls, and now i am back on the free Kerio 4.0. It runs very smooth on my system, and it is doing a good job. I know it is not much favoured here at Wilders, and i really dont know why. The free ZA is useless, ZA PRO is good, i guess, but too expensive. I think the Kerio is providing the same protection, maybe even better. I have tried others, but Kerio is my choice.

Configurability of rules and they way an app accomplishes this task, is power. I have found Outpost Pro to be a “master” in this respect.

You can get the job done with Notepad, or have more options with Wordpad - but have a multitude of options with Word - to be as creative as you want to be. hehe, maybe not the best analogy but you know what I mean - :)

I have tried most other software firewalls but LookNStop. I am going to try LookNStop in another computer because I am impressed with results from many different testing facilities as well as testimonials from individuals.

BTW, I have 4 file sharing apps runining (emule, foldershare, leechget, and a bit torrent app) 3 are currently active downloading and uploading - keeping Outpost busy. OP is using 12MB of memory.

{QUOTE-> I know my post will probably be moved to the poll area, it will be surely his place this time, but i would want to gather as many responses as possible to include statistics on my website ( i will include the link of this thread on it).

Already existing poll on this subject doesn't have all the options i would like.

Time to poll now :)

EDIT : if you use one of this firewall but the free version, i think you can vote for the Pro version, it should keep fair statistics.


EDIT2 : Poll adjusted to remove "Pro" versus other versions. Please pick the brand regardless of using Pro or other versions.
<-QUOTE}
Hello
i like sygate-it seems to work very well
Rita

outpost pro 2.1 for me i own a license for za pro but i alway loose my connection when i run it so staying with op and am very happy with the program

Keeping the faith for now. Zone Alarm Pro 4.5, but I am very concerned. I got a thread over on the 'other firewalls' going if you want to take a look. No need to repeat my self here. ;)

Oh, I think it is important to make this disclosure I have only used Norton Firewall 2004 and Zone Alarm Free and Pro. If I were to every try another my vote might change.

bump

6 poll left to reach 300 post to update my website ;)

Outpost for its blockpost. ideal.

i like kerio 2.1.5. its low on resourses and has a MD5 checker too

I have used Zone alarm Pro, which i thought was ok, but wanted to try others. Changed to Mcafee (which im suprised wasnt in your poll) liked it but just didnt feel secure.

Now using outpost pro, and absolutely love it. This is the firewall to have in my opinion. And it also works very well with my mcafee enterprise 8.0i.

Right now I'm trying KAH. It's worth checking out. I've used free Sygate for many years and it has served me well. Not too long ago, there was an issue with Sygate being terminated without notice. It seems to have started with disabling ports 135, 445 and Netbios through a small utility program then re-enabling the ports. I was also using PG to protect it. I've read posts here and at Sygate about similar occurrances with no real determination of what has caused free Sygate to keep terminating. Not good! This disturbed me so I then proceded to try the Kerio 4 trial and now KAH....no terminating FW's!:) Years ago I've tried Zone Alarm when it was in its infancy and had compatibility problems with my OS.

I took a chance and bought two Outpost Pro licenses when it was still beta (with lifetime upgrades). No regrets. Kerio 2.1.5 would be my second choice.

Nick

I switched from McAfee after some problems, them? don't know! Using ZA 5, lately it's been blocking everything, don't trust it anymore, looking for something I can configure, not be controlled.

I spend alot of time looking up my logs, to see what I'm not getting now!! Think it's flipped out. ???

I've tried the following firewalls:

Zonealarm free 2.6.132 version - imo this is a very good firewall for beginners. It passes all the stealth tests I put it through at grc, pcflank, etc. However its logging features are something to be desired. It's horrible when trying to uninstall, due to the true vector engine.

Sygate personal firewall ( free ) This firewall is rich in features for a free firewall. The best logging features I've seen. Has the password protection option if you want it. Give you the ability to make some rules.. unlike zonealarm, and much more. Cons. It was a resource hog on my computer. So I got rid of it. I did like this firewall much better than zonealarm. Like zonealarm it passed all the stealth tests I put it through.

Outpost free - What can I say? I just didn't like this firewall. Like zonealarm, and sygate it passed all the stealth tests. It's just an ugly firewall imo. I didn't trust it either. I didn't feel secure with it. It hasn't been updated in years.

Look n stop - Don't remember what version I tried. It has a very light footprint on system resources. However, setting up the rules was just to confusing to me. I did set up some default rules that came with it. This firewall also passed all the stealth tests. Look n stop is not free though. LOL

Kerio 2.15 - This is my favorite firewall. The rules are easy to setup, and like look n stop it has a very light footprint. And it's free It also passes all the stealth tests . It also has great logging features.

Blackice defender - Didn't like this firewall at all. also failed several tests and had some open ports. It was a long time ago that I tried this firewall. Hopefully it has improved.

Now I will rank all these firewalls as to which I like best:

#1 Kerio 2.15

#2 Look n stop - If I ever leave kerio, look n stop will probably be back on my computer. I'll just have to study the rulemaking more carefully

#3 Sygate personal firewall - This is my third favorite firewall

#4 Outpost free

#5 Zonealarm

#6 Blackice defender


BTW. Did I mention that kerio 2.15 is my favorite
;D

I had a thought... then I added others' thoughts to it.
Find out what features the firewalls mentioned here offer. Get someone ELSE's configuration files for the firewall that seems at once both versatile and powerful(the reason why I stick to kerio 4x) - just for checking it out, then modify the rules after reading the mnaul and visiting/lurking around a forum or two.
This will take 2 months on an average... but it should lead to bulletproofing of your system, at least till where you can notice it. I tried that for ZA, but I found it to be hopeless, NPF as a memory hog, and Sygate/outpost had none of the other features I liked such as program control of kerio4x (Its amazing - check out the manual for a good view - helps prevent trojans).
Tried it for Kerio 2.1.5 using yosponge's configs....loved it. Then shifted to Kerio4 for its better features incl. an IDS.
Tried similar for BlackICE... only thing I'm holding on to in it is component control (dlls)... I don't even like its auto-configuration.

If I had to choose it would be 'Sygate'.

{QUOTE-> helps prevent trojans). <-QUOTE}

I to choose for Kerio at the moment while I was using Outpost Pro for a year. but kerio will not prevent trojans. it has a intrusion prevention yes. and a application control but it has some vulnerabilities too. if you check out the forum (if you are lucky it is on the first page) you will see this thread, maybe I will copy this link this ev.)

but will not prevent trojans. (how could it prevent trojans???)


kerio is great and versatile but using outpost together with the Blockpost (and blocklist manager) was one of the most important things for me I could remember. that was some security...I wished kerio could implement something like the blockpost from Outpost Pro.

just my two euro's *puppy*

I like two:
Kerio 2.1.5
Jetico 1.0.1.31b ( at the moment it is very good, and promises too much more)
Both of them free!!!

zap because its simplicity.

Tiny Personal Firewall 6.0

I have experienced several of the popular firewalls, which include Sygate Pro 5.0, ZoneAlarm Pro 4.5, OutPost Pro 2.0, and Kerio 4.0. I wrote my own rules for ZoneAlarm, OutPost, and Kerio, and have quite good protection with them. They are good. However, I finally settled down with Tiny Personal Firewall (TPF).

TPF 6.0 is not easy to use (This is a pain). This is because of two facts. One fact is that TPF is so powerful. It can do so many things. To make TPF do these many things as desired, of course, the user needs to configure a lot more. The another fact is that the UI of TPF 6.0 is not as good as good can be. Indeed, some people complain about its user interface. There is a learning curve to get familiar with it. I installed and uninstalled TPF about 5 times because of the tough learning curve during the trial period. Everytime I tried hard and failed to configure TPF, I lost the patience with it and uninstalled it. Then, I missed the functions of TPF, and also was reluctant to admit my failure, I installed it again. At the end, TPF earned a space on my computer, and it's working well on my computer now.

I love TPF because of its functionality. It has a good rule based firewall (+IDS/IPS), as well as a strong sandbox (application firewall) which can monitor and protect registry, file system, services, dll injection, and a lot more. So only with one software (TPF), I have the functions of a firewall + SSM/ProcessGuard/AbtrusionProtect/Prevx + more. Some people have shown that TPF can beat all the leak tests with correct configurations.

I am happy that I did not give up, and learned to configure TPF. Its new version TPF 6.5 is comming soon with improved new UI. Hopefully, it will be more user friendly.

For me the best choice for now is ZA Pro last beta. I m sure this is the best resolution for my style of using Web. I passed by Kerio, Outpost, NPF, Sygate and I'm back with it.

I read in ZA forums about lots of ppl have problems (expecially 5.*), but I never experienced them. May be because I don't use proxies (ISP's), ruters, etc. Here is just me and my ISP without limitations :)

I tried for some time Outpost and was thinking that I might stay with it, but when spend some time of reading about it (mostly Paranoid - thanks for the knowledge) I saw a big defect in its structure of rules. In fact, they are just opposite to the right sequence (by my own opinion). The application rules have best antecedence, but the global rules LESS!? So is you make any mistake installing/starting/etc or you don't have way to know what is really happening and give any prog permission, it overules all other well though (and lost days to thing what is best) rules!!!

So you must carry this load of responsibility all the time. And if you DL frequently progs from p2p and other unreliable sourses, which ask u for permissions every sec. - you are dead. Or you have to love to be in bondage to the firewall. Coz every permision must be checked very, very well (and I mean really well - components, dlls and so on) and if you make mistake, all your previous work is useless. I don't have time and desire to live like that. In ZA things are diferent - you make global rules that cover most your interactions - DNS, DHCP, undesired IPs, etc, etc. And when u install or miss any trojan and without knowing give him permission, global rules are OVER it!! An it stay inside!! The diference if quite a big one and chance to stay clear is much bigger.

And after all I don't see somethig that is not present in ZA - it have everything!! Full component control including . The only thing that I miss is the log viewer of Outpost. I loved it only for a week using.

Just now I passed all leak tests in http://www.firewallleaktester.com/leaktest7.htm without even 1 leak out! I don't know what will hapen if I'm hastin and don't look so closely, but if I do it - ZA catch everything.

In fact I'm usin all the rules described by Paranoid (in outpost forum) in ZA. And they work perfectly.

regs :)

I dont like personal version of any software. Proffessional usually ensures better security.

Jimbob

That's a myth JimBob. The only firewall that will offer competent security is one with a very good and custom-made ruleset. If you'd like, just try to download any trojandropper after turning of your AV/AT and watch and be amazed, as any firewall gets beaten to death (netcat is a good download). ZA is completely gutted by the onslaught of Trojans from the Kazaa network, and I get flooded by classmates' calls every 2nd day to help "repair a nroken ZA".... and since I'm not a PC tech guy (I'm an electrical engg. student) I get really really upset that people fail to even take basic security countermeasures.

I was under the impression that personal firewall refers to software firewalls running on the machine they are protecting, it does not matter if they are free or pay versions.


{QUOTE-> That's a myth JimBob. The only firewall that will offer competent security is one with a very good and custom-made ruleset. If you'd like, just try to download any trojandropper after turning of your AV/AT and watch and be amazed, as any firewall gets beaten to death (netcat is a good download). ZA is completely gutted by the onslaught of Trojans from the Kazaa network, and I get flooded by classmates' calls every 2nd day to help "repair a nroken ZA".... and since I'm not a PC tech guy (I'm an electrical engg. student) I get really really upset that people fail to even take basic security countermeasures. <-QUOTE}

Basic security countermeasures like what? He's running a firewall isn't he? ZA free has strictly limited rule settings functions, not much you can tweak there if you want to use kazza.

Zone alarm's suite is the only firewall i have found that examines instant messanger services and that is a major detriment in other firewalls
Couldbe

just get Copycat and Thermite from PCflank or www.firewallleaktester.com ... ok?

{QUOTE-> just get Copycat and Thermite from PCflank or www.firewallleaktester.com ... ok? <-QUOTE}

I know of them for a while already. What's your point?

They'll muck up even the best firewall lacking app verification. Similar stuff can be downloaded off kazaa without ur knowledge. Kazaa messed up my Kerio v2 BAD... (then I had to go to a free ftp to get an 8 mb project... the HORROR)

What's missing from above post (dunno how, my bad) is that if Tiny can beat them? I'm on the verge of picking up Tiny, and I've started a new thread since at http://www.wilderssecurity.com/showthread.php?t=54724
So if you want, u cn reply there...

Tiny Personal Firewall 6.0 (for me personnaly)

...........it is difficult to configure (even with lots of FW experience),
and it's (TPF's) forum is not helping you with examples etc...

But if you can configure it the correct way, it is without a shadow of a doubt the best there is.

And i have tested (for my job) about 26 Software Firewalls last 6 months.

Of course, i prefer a good hardware firewall like Cisco Pix, Snapgear or Sonicwall.

;)

{QUOTE-> The application rules have best antecedence, but the global rules LESS!? So is you make any mistake installing/starting/etc or you don't have way to know what is really happening and give any prog permission, it overules all other well though (and lost days to thing what is best) rules!!! <-QUOTE}There's been a lot of debate about this in the Outpost forums and the consensus has ultimately been that it is better to have application rules take precedence otherwise a global Allow rule would affect every application which could create some significant security problems.

However Outpost 2.5 does allow you to set a priority flag to individual global rules which then gives them priority over application rules - so if you want to be certain that a specific traffic type is blocked, you can use this. The downside is that there is no clear visual indication of which global rules have a priority setting and it makes Outpost's rule structure that little bit more complex. For complete control of rules order you would probably find Kerio a better bet.{QUOTE-> So you must carry this load of responsibility all the time. And if you DL frequently progs from p2p and other unreliable sourses, which ask u for permissions every sec. - you are dead. <-QUOTE}Every firewall has to be configured so the burden of responsibility is the same. As for P2P programs, some can be difficult to create rulesets for but search the Outpost forums and you will find recommended rulesets for pretty much every one.{QUOTE-> Or you have to love to be in bondage to the firewall. Coz every permision must be checked very, very well (and I mean really well - components, dlls and so on) and if you make mistake, all your previous work is useless. <-QUOTE}Component Control is a difficult issue and Outpost does prompt a lot during a first few days of installation. There is a Component Control in Outpost 2.5 (http://outpostfirewall.com/forum/showthread.php?t=12233) FAQ which should answer many questions though.{QUOTE-> I don't have time and desire to live like that. In ZA things are diferent - you make global rules that cover most your interactions - DNS, DHCP, undesired IPs, etc, etc. And when u install or miss any trojan and without knowing give him permission, global rules are OVER it!! An it stay inside!! The diference if quite a big one and chance to stay clear is much bigger. <-QUOTE}Outpost and ZA are similar in that they will block (or prompt) for traffic you have not defined. However Outpost makes it easier (in my view) to set specific permissions for applications - this does require knowledge of what access is appropriate and this is where the forum tries to help out. As for trojans, both should be as effective in detecting and blocking network access as long as a tight ruleset is used.{QUOTE-> And after all I don't see somethig that is not present in ZA - it have everything!! Full component control including . The only thing that I miss is the log viewer of Outpost. I loved it only for a week using. <-QUOTE}The main difference comes down to the user interface - and which is preferable is a personal choice. Outpost does include preset rules for common applications (with ZA I believe you have to create rules from scratch) and it does offer more in the way of plugins (Blockpost, SuperStealth, HTTPLog, TrafficLED). The connection-level Stateful Inspection option can be useful for a few applications. Outpost 2.5 also checks incoming localhost connections which improves security if you are running a local proxy (webfilters like Proxomitron or WebWasher and anti-virus email scanners being common examples) since it would detect any attempt to hijack the proxy (see the long Proxomitron default ruleset question (http://outpostfirewall.com/forum/showthread.php?t=8790) thread for a discussion of this).{QUOTE-> Just now I passed all leak tests in http://www.firewallleaktester.com/leaktest7.htm without even 1 leak out! I don't know what will hapen if I'm hastin and don't look so closely, but if I do it - ZA catch everything. <-QUOTE}ZA doesn't do badly here - but it doesn't get 100% either. Are you running process protection software like System Safety Monitor or Process Guard? If so, then these will make the process control feature of any firewall redundant.{QUOTE-> In fact I'm usin all the rules described by Paranoid (in outpost forum) in ZA. And they work perfectly. <-QUOTE}Good to hear the guide helps with other firewalls - I take it that you were using ZA's expert rules?

Paranoid2000,

With much respect for your knowledge, I must disagree with the following excerpt from what you just wrote (toward the end of last post):

" Are you running process protection software like System Safety Monitor or Process Guard? If so, then these will make the process control feature of any firewall redundant. "

Redundant? Too strong a word.

I use PG and I briefly used SSM (still installed here). Yes, they and application-filtering firewalls do monitor applications (among other things). But PG and SSM are UPSTREAM of the firewalls in the sense that they do not check outbound network connections, whereas process-controling firewalls do. This is a significant difference that no one should overlook. Yes, this difference may not be critical in the classic case of a Trojan that launches itself to immediately connect to the Internet. PG would intercept such a program if we never asked PG to authorize this program to go into memory before. So, if you and I are alert when PG asks to authorize the Trojan in RAM, we would ask PG to block it, and our firewall would not have been necessary to do any further police job. This was the drift of your remarks, I believe. And I obviouisly agree with you here.

However, although this scenario is a classic one, undesirable connection attempts can happen in many different ways. A process could have been allowed to get into memory by accident, out of user's doubt, or because of a clever malicious scheme invented by a smart hacker (and smart hackers enjoy concocting new types of surprises for us). In other words, whatever the cause, it is perfectly conceivable that a malicious program may have gotten into memory despite all of our live watchdogs. So, if this malware then seeks to connect to the network, PG and just about all the other watchdogs will stay silent, EXECPT for the app filtering firewall that happens to see this new CONNECTION seeker for the first time. Acting on the database that it keeps on applicants for outbound connections, such a firewall gives us the last chance to catch the malware by raising that last red flag.

My reply to your specific point ends here. But your point, surprisingly for a paranoid (such as Paranoid2000), also fits a pattern of polarization that many posters on this board lapse into (maybe after they get tired) when it comes to choosing firewalls. So I will address the larger pattern of polarization below. Many may not care to continue beyond this point.

-------------------------------------------------------------------------

By polarization, I refer to the fierce debate about SPI and app. filt. firewalls; or the debate about SPI + PG being enough. Even after many posters were smart enough to recognize the value of features complementarity, they managed to relapse into drawing fault lines between 2 approaches which, in fact, should be simultaneously embraced.

Security is about avoiding risks, not taking additional risks. Therefore, the prudent approach is NOT to let key "gates" (I am not being technical here) unwatched. Watch a good army or police at work when it wants to lay a tight control grid. Nothing is left to chance. Therefore, as we are bracing for smarter hacking, it's inconceivable to me that a prudent operator would leave the "departure gate" of a computer unguarded, despite all the good control upstream or elsewhere.

Even if an expert tells me that I don't need to watch that last gate under the guise that some deceptive exploit could always be designed to fool me ("so, why waste your time?"), I would also consult my common sense. To begin with, even if such exploits exist, I will still catch some if not most of attempts the better my firewall is at checking on outbound apps.

By the way, "legitimate" programs that were allowed in memory have caught me by surprise by seeking "unexpected" connections. In those cases, it is not PG or Prevx that alerted me but rather some software monitoring further downstream (firewall or port mapper. These warnings teach you about the behavior of programs (including Windows) and prepare you for the critical decisions about what to authorize through or not.

In practice, multilayered security also means SOME overlapping of functions, since software vendors are not divinely choreographed to produce the perfect concatenation of products that we need. Frankly, even if such concatenation existed, one silent software that runs all such products is the user's brain a brain that can be tired or be fooled even if cautious. So if I make just one wrong click, then it's good to know that another piece of security software will save me from my mistake. Heck, even within the same areas of competence, different software do different things (SSM will do things that PG won't, and vice versa; ditto for PG and Prevx which I like to keep paired despite SOME overlapping). This is even truer when the areas of competence are supposed to be different in the first place, such as app. filt. firewalls and process monitors.

One last example about multilayered security. I used to use ZA Pro. Despite all the sophisticated software watching upstream, I could have been fooled by a ZA trick, were it not for a port mapper (Port Explorer in my case) that showed ZA Pro's VSMON.EXE secretly connecting to the Web. Having authorized VSMON in memory, PG was not supposed to warn about this secret connection. ZA Pro was supposed to, but never showed VSMON asking for any permission (to run or to connect). Neither is VSMON listed on the ZA page where the permission status of eachl software with a connection history is listed. ANOTHER LAYER of monitoring, the lowly port mapping, was necessary to find out that VSMON was stealthily connecting to a particular site.

Multilayered security is more expensive and ought to be balanced, of course, with the usual cost and affordability considerations. Are my processor and RAM adequate to deal with the loads, the cost of software, etc. Then I do the best I can under those constraints. but I know that the smart norm is multi-layered security.

Pigitus,

A big post with a number of points - so pardon my delayed reply. ;)
{QUOTE-> Redundant? Too strong a word. <-QUOTE}PG or SSM should intercept all leaktests listed at Firewallleaktester except Leaktest (the original, which does not attempt any process manipulation), DNSTester (no process manipulation, tries to exploit the DNS protocol instead) and the first Wallbreaker test. On that basis, I think "redundant" is an appropriate description since firewall process-control features do duplicate the functionality of PG/SSM.{QUOTE-> But PG and SSM are UPSTREAM of the firewalls in the sense that they do not check outbound network connections, whereas process-controling firewalls do. This is a significant difference that no one should overlook. Yes, this difference may not be critical in the classic case of a Trojan that launches itself to immediately connect to the Internet. PG would intercept such a program if we never asked PG to authorize this program to go into memory before. So, if you and I are alert when PG asks to authorize the Trojan in RAM, we would ask PG to block it, and our firewall would not have been necessary to do any further police job. This was the drift of your remarks, I believe. And I obviouisly agree with you here. <-QUOTE}I presume you are talking about allowing a trojan to run with PG's Execution Protection or SSM's Application Watching feature. While these are useful checkpoints in their own right, I do not consider them an adequate defense on their own. My comment really meant the following:

1) PG/SSM prevents malware from "masquerading" as another process
2) This allows a firewall's application filtering facility to work properly.{QUOTE-> However, although this scenario is a classic one, undesirable connection attempts can happen in many different ways. A process could have been allowed to get into memory by accident, out of user's doubt, or because of a clever malicious scheme invented by a smart hacker (and smart hackers enjoy concocting new types of surprises for us). In other words, whatever the cause, it is perfectly conceivable that a malicious program may have gotten into memory despite all of our live watchdogs. So, if this malware then seeks to connect to the network, PG and just about all the other watchdogs will stay silent, EXECPT for the app filtering firewall that happens to see this new CONNECTION seeker for the first time. <-QUOTE}If the trojan attempts any process manipulation, this will be blocked by PG or prompted for by SSM - over and above the execution prompts mentioned above and before any firewall gets involved. If you choose to allow such activity, then yes, your system can be compromised. This however applies to virtually all security programs.{QUOTE-> But your point, surprisingly for a paranoid (such as Paranoid2000), also fits a pattern of polarization that many posters on this board lapse into (maybe after they get tired) when it comes to choosing firewalls. So I will address the larger pattern of polarization below. Many may not care to continue beyond this point. <-QUOTE}I'm not aware of any "polarization" on this forum though there have been some in-depth technical discussions on various firewall features. Perhaps you may care to provide some links?{QUOTE-> I refer to the fierce debate about SPI and app. filt. firewalls; or the debate about SPI + PG being enough. Even after many posters were smart enough to recognize the value of features complementarity, they managed to relapse into drawing fault lines between 2 approaches which, in fact, should be simultaneously embraced. <-QUOTE}I presume you are now talking about the debate in the Firewall with these features?? (http://www.wilderssecurity.com/showthread.php?t=53646) thread. If so, I would repeat the point made there about most firewalls offering both application filtering and SPI (to some level) so I don't see this as an issue of choosing one over the other. SPI and PG without application filtering however would be an incomplete solution and in this situation I would agree that malware could slip through.{QUOTE-> Security is about avoiding risks, not taking additional risks. Therefore, the prudent approach is NOT to let key "gates" (I am not being technical here) unwatched. Watch a good army or police at work when it wants to lay a tight control grid. Nothing is left to chance. Therefore, as we are bracing for smarter hacking, it's inconceivable to me that a prudent operator would leave the "departure gate" of a computer unguarded, despite all the good control upstream or elsewhere. <-QUOTE}I would say there are several approaches to good security: Avoiding or minimising risks (avoiding insecure software, being stealthed online); Limiting vulnerable areas (running a firewall and process protection software); Checking for and countering known threats (running anti-virus/trojan/spyware scanners and checksumming key files); Restricting the damage that can be done (using NTFS file permissions, restrictive Windows account setup and software like PG to limit possible abuse by malware); Providing a means of recovering from those threats that get through (keeping regular backups of important data).{QUOTE-> By the way, "legitimate" programs that were allowed in memory have caught me by surprise by seeking "unexpected" connections. In those cases, it is not PG or Prevx that alerted me but rather some software monitoring further downstream (firewall or port mapper. These warnings teach you about the behavior of programs (including Windows) and prepare you for the critical decisions about what to authorize through or not. <-QUOTE}PrevX and PG are not intended to monitor network connections but instead monitor process activity on your system - so this result should not be a surprise. If a process modified your registry so it could run on Windows startup, your firewall would be similarly silent (unless you were running Tiny) but PrevX and SSM would pick this up. If a process tried to install a service, again a firewall would not detect this but PG/SSM/PrevX would. This is a division of responsibilities based partly on the evolution of security products (firewalls became available 4-5 years ago while process manipulation is a more recent threat - Tiny Trojan Trap was, I believe, the first software that attempted to address this) and partly on the complexities involved in either role (a program that does both would be very complex and require an exceptional UI to be usable).{QUOTE-> In practice, multilayered security also means SOME overlapping of functions, since software vendors are not divinely choreographed to produce the perfect concatenation of products that we need. Frankly, even if such concatenation existed, one silent software that runs all such products is the user's brain a brain that can be tired or be fooled even if cautious. So if I make just one wrong click, then it's good to know that another piece of security software will save me from my mistake. Heck, even within the same areas of competence, different software do different things (SSM will do things that PG won't, and vice versa; ditto for PG and Prevx which I like to keep paired despite SOME overlapping). This is even truer when the areas of competence are supposed to be different in the first place, such as app. filt. firewalls and process monitors. <-QUOTE}Most software can be configured to minimise (or at least reduce) overlap - but this comes down to a personal choice between security and usability.{QUOTE-> One last example about multilayered security. I used to use ZA Pro. Despite all the sophisticated software watching upstream, I could have been fooled by a ZA trick, were it not for a port mapper (Port Explorer in my case) that showed ZA Pro's VSMON.EXE secretly connecting to the Web. Having authorized VSMON in memory, PG was not supposed to warn about this secret connection. ZA Pro was supposed to, but never showed VSMON asking for any permission (to run or to connect). Neither is VSMON listed on the ZA page where the permission status of eachl software with a connection history is listed. ANOTHER LAYER of monitoring, the lowly port mapping, was necessary to find out that VSMON was stealthily connecting to a particular site. <-QUOTE}This is ZoneAlarm's "phone home" feature - while I would agree that it should not be doing this without user consent, I would consider it a ZA-specific failing.{QUOTE-> Multilayered security is more expensive and ought to be balanced, of course, with the usual cost and affordability considerations. Are my processor and RAM adequate to deal with the loads, the cost of software, etc. Then I do the best I can under those constraints. but I know that the smart norm is multi-layered security. <-QUOTE}Having to configure different security programs not to step on each other's toes is another "cost". For example, anti-virus/anti-trojan scanners may need to be configured to exclude firewall or process monitor logfiles to avoid excessive CPU utilisation or one security program may identify another as a threat (like PrevX did with PG recently). Outpost's Open Process Control feature will block network access to modified processes, but SSM and SpySweeper trigger this feature on all running processes.

However there is another benefit - using multiple products from different countries means you should be less likely to be affected by "legislative compromises" (e.g. legal requirements not to detect certain snoopware like the FBI's Magic Lantern).

Paranoid2000,

The central point of my message was lost, I guess. I was saying that, except for firewalls that CHECK applications, no other category of software that I know of actuall asks the user to AUTHORIZE AN OUTBOUND CONNECTION. The 3 firewalls that I have tested -- ZA, Outpost, LnS -- do, and I love it. I expect that most other application-checking firewalls do too (Tiny, for instance). But applications that control processes upstream from the network gate -- such as PG, Prevx, and SSM -- do not ask this PARTICULAR question to the user. Their programmers could have easily added that feature, but so far I am not aware that they do.

You might counter that PG and/or SSM and/or Prevx would have stopped the malware before it could even ask for the outbound connection. Therefore, you would then ask what's the point of checking for outbound connections? I spent lots of lines explaining that a good security apporach does not reason like that. You want to provide the authorization for outbound connection yourself because something or some thingS could have cleverly slipped in RAM and the application checking firewall would be the LAST point to catch it. It's one more hurdle for the malware to go through and one more chance for you to catch it. Good security mentality (in my view) does not assume that since there was a preceding checkpoint (filter) then there is no more need to test down the line. I say : don't underestimate good hackers. The keep surprising us. So, that extra layer (permission for outbound connection) may appear to you as redundant, but I don't think so. http://www.wilderssecurity.com/newreply.php#
Smile
------------------------------------------------------------
As to your last point:

"However there is another benefit - using multiple products from different countries means you should be less likely to be affected by "legislative compromises" (e.g. legal requirements not to detect certain snoopware like the FBI's Magic Lantern)."

I never looked at it that way, and I thank you for that excellent observation. By trying to buy the best of breed, I buy from may countries and I have accidentally applied your advice.

Hi All. I gotta say that I've been ussing ZoneAlarm for aout 3 years now. I have the Pro version 5.5.094.000.

I ran some test in the past but I wasn't sure if It failed because I did not have it well configured or because back then, it was the free version.

I just finish running some Tooleaky.exe and some other test and it failed. I have the WinXP firewall set to ON, and Zone Alarm. The test was succsesful in penetrating both. LokNstop however, when I turn it ON and test it again, IT IS THE ONLY FIREWALL that blocks all test ran on this site.


I've had LookNstop for about a year, I believe is the free version. I hardly ever used it, but from now on, I'll start ussing that one instead..

Well, there you have it, that is my input on firewall preference..

-Don Debrasco 8)

running two firewalls isnt good idea and *possibly* the reason zonealarm failed. but anyways my vote goes to outpost as it is easy to use and offer top notch protection tho zonealarm might be my second coice.

I have used ZA Internet Security Suite, BitDefender Pro Plus, Norton, PCCillin and OutPost. Here's my 2 cents on each-
ZA- is a really good firewall, however I think their anti-virus sucks; therefore don't get the secuity suite (which includes AV) just go for ZA Pro
BitDefender- has an awesome AV, but I wasn't incredibly impressed with their firewall; maybe the ZA firewall with a BitDefender AV would be the ultimate combo (however I don't know if you can just get BitD AV). Oh ya and BitD sucks up a ton of your resources, if you don't have at least 512k worth of memory forget about BitD (but you should have at least 512k RAM- as memory is dirt cheap right now, like $80 for 512k Corsair RAM)
Norton- sucks, in my opinion. mainly because it sucks up even more RAM than BitD and doesn't work as good.
PC-Cillin- is the firewall with training wheels; if you do not know how to configure firewalls or get sick of constantly being asked permission for programs to access the internet PC-Cillin is for you. Experienced firewall users will not like the lack of control. Overall I thought it did a good job considering.
Outpost- the king of customization; you can really fine tune the way this firewall functions. There are tons of plugins you can add
My favorite- Outpost, followed by ZA. For AV run AVG Pro with Outpost

I use Bitguard & the XP one together. Works flawless.