Hi All,

I am looking for a new firewall to try. The main things I want are.

1. Low use of memory/resources.
2. Ease of use and creation of rules.
3. Good protection/security.

Is there anything out there (other than LNS) that I should be looking at? If not no problem, I will give LNS another shot. ;D

Thanks,

Jag

Jaguar....Check out the NetVeda thread....I think NetVeda meets all your
requirements.

Yeah but Netveda uses too much memory for my liking. :(

Without the admin GUI according to many...only kerio 2. is lower.
average for many is 7-8megs for ipsvc.exe and 5 megs for ipctray.

Does Kerio 2 have application filtering?

Thinking of trying Netveda myself, whats this admin GUI and is it a prob to turn off ?

Huwge...The admin Gui ....is just the users interface..to make settings...so its not normally on

Yes kerio has app filtering....there is BZ's ruleset for it.

-{ Quote: "Yes kerio has app filtering....there is BZ's ruleset for it." }-

BZ's ruleset? ???

Don't laugh, but the Windows SP2 ICF meets all three requirements.

Heres BZs ruleset for kerio 2.**

http://www.dslreports.com/forum/remark,8023708~mode=flat

Thank you for the link, I will have to check it out. ;D

what about look 'n' stop?

-{ Quote: "what about look 'n' stop?" }-


I did try that one awhile back. I wonder which is better, LNS or Kerio 2.1.5? :-\

i tried ZA pro for a few days now, but i dont like it. LnS looks good.
If somebody knows, is good to tell us more.

well...
Netveda has become lighter.
kerio 2 is EXTREMELY light and fast. But doesn't have the new thingys of dll control, and I supose, NAT support?
Anywhu.. just get a packet filter style firewall like CHX-I along with kerio 2 to cover its flaws with framented packets [configuring CHX-I is weird and i didn't understand much... ask Diver 'coz he knows how to do it... I think]
LnS is good and light, but some people don't like it's flimsy packet filtering AFAICT. Go to the LnS board and have a look-see

-{ Quote: "Don't laugh, but the Windows SP2 ICF meets all three requirements." }- The Windows Firewall does not provide good protection/security as you claim, You can refer to this (http://www.agnitum.com/products/outpost/OPFvsWF.pdf) pdf document for the details.

So what? That PDF is nothing more than advertising copy for Outpost.

Another vote for Kerio 2.I m running version 2.1.4 right now (it's more stable for me than the 2.1.5 and i don't use remote administration)

8signs fw is still a very good spi based firewall!

www.8signs.com

Jaguar - I would give Look N Stop another try.. It's quite good. I'm using it right now with Phantom's rule set modified for my needs, and it's only using 3 mb of ram. Very light, easy to use, and so on. Aside from that, Kerio 2 is probably the next lightest..

-{ Quote: "So what? That PDF is nothing more than advertising copy for Outpost." }- :lurking: I knew you were going to say that. ;D

I did too... ;) ;D

ROFLOL...

-{ Quote: "So what? That PDF is nothing more than advertising copy for Outpost." }-The original poster asked for
-{ Quote: "
1. Low use of memory/resources.
2. Ease of use and creation of rules.
3. Good protection/security.
" }- so we presented an answer as to why Windows FW is not sufficient for security purposes since it was mentioned. Outpost Firewall is a firewall which meets all three of the above.

-{ Quote: " so we presented an answer as to why Windows FW is not sufficient for security purposes since it was mentioned. Outpost Firewall is a firewall which meets all three of the above." }-
Yes indeed it does!! thanks Q. :)

-{ Quote: " Outpost Firewall is a firewall which meets all three of the above." }-
Hardly.. Last time I tried the latest Outpost Pro is settled at 20 mb usage, which is not at all low. ZA is much lower, and Kerio 2 and LnS are extremely much lower (in the 4/5 mb range). So I would NOT say that Outpost fits the first item in his list:

1. Low use of memory/resources.

Kerodo, when was that? -{ Quote: "the last time you tired 'Outpost'" }-

Just a few days ago.. Tried out OP 2.6.452.403. I have a license. For me it used a consistent 20 mb of ram. So I have to argue when someone says that's "light" on resources.. There are lighter choices... ;)

-{ Quote: "Just a few days ago.. Tried out OP 2.6.452.403. I have a license. For me it used a consistent 20 mb of ram. So I have to argue when someone says that's "light" on resources.. There are lighter choices... ;)" }-How many plugins were on or not stopped as I think they say? (and I am not going to argue). I never really checked my hunch was that it was about the same as ZAP with only attack, content and DNS running the rest off. ;)

-{ Quote: "How many plugins were on or not stopped as I think they say? (and I am not going to argue). I never really checked my hunch was that it was about the same as ZAP with only attack, content and DNS running the rest off. ;)" }-
It was just installed fresh out of the box with the defaults, which means everything on I guess. Perhaps with some of them disabled, ram usage decreases then? That would be good. I had conflicts between Treewalk DNS and OP's DNS cache stuff anyway. OP kept saying that I was sending mal-formed DNS requests, so I had to turn that option off. But I did leave the cache on.

So to answer your question ;) everything was turned on...

PS - I shouldn't have used the word "argue". A friendly discussion is more like it... :)

-{ Quote: "Hardly.. Last time I tried the latest Outpost Pro is settled at 20 mb usage, which is not at all low. ZA is much lower, and Kerio 2 and LnS are extremely much lower (in the 4/5 mb range). So I would NOT say that Outpost fits the first item in his list:

1. Low use of memory/resources." }-
wasn't there something about "turning logging of some components off makes RAM usage go down to 6 or even 3 megs"?
Try searching around at www.outpostfirewall.com
I think P2K has posted links up here too. i forget the threads. Sorry.

Ok, that's fine, if you can tweak things here and there and get it down low. But a fresh install out of the box is a little high...

At any rate, I'm using Look N Stop for now, which uses in the range of 3-6 mb ram. One of the lightest...

I recall that to get Outpost to swap out of memory you have to open and close the GUI while a connection to the internet (a bowser works) is open. That gets it down to 6MB. Further reductions by turning of logging may be possible, but you can reduce it to zero by uninstalling Outpost, if you get my drift.

My experience with Outpost on a PIII 450 wih 128MB of ram that I use around here for testing is that it slowed down the machine more than any other firewall tested, including heavies like ZA and Tiny 6.x.

Kerodo and No13,
O. K. that helps answer my question yes out of the box it was heavy and slowed me down a little. I really think the worst offender for slow downs on any product including OutPost is Ad blockings. I also felt some of the plug ins were not needed for me. So I turned some of them off as I stated.

No13, I think I was drawing on that discussion with P2K, but I do not turn off logging, but I seem to recall plug in turn offs being discussed as well, but perhaps it was on OutPost forums.

-{ Quote: "I recall that to get Outpost to swap out of memory you have to open and close the GUI while a connection to the internet (a bowser works) is open. That gets it down to 6MB. Further reductions by turning of logging may be possible, but you can reduce it to zero by uninstalling Outpost, if you get my drift.

My experience with Outpost on a PIII 450 wih 128MB of ram that I use around here for testing is that it slowed down the machine more than any other firewall tested, including heavies like ZA and Tiny 6.x." }-Subject to my post above, this has not been my experience on my Compaq 800mhz Celeron with 256ram, certainly a little more horse power then the one you listed.

Just "uninstalling Outpost, if you get my drift," no outbound control needed discussion...well there is no need to go through all that again... :P

We will just have to not see things the same way on that one. ;)

-{ Quote: "Jaguar - I would give Look N Stop another try.. It's quite good. I'm using it right now with Phantom's rule set modified for my needs, and it's only using 3 mb of ram. Very light, easy to use, and so on. Aside from that, Kerio 2 is probably the next lightest.." }-


Kerodo, I am indeed trying LNS again. I just installed a fresh copy this morning. I am using the enhanced ruleset for starters, but I want to look into Phantoms as I understand it is even more secure.

So far its running really light with just the enhanced ruleset applied. I would like to get to know this app better and understand more of the advanced options and what should be turned on and off. I did enable the dll protection tho as I have always felt that its a good thing to have. ;D

Try out McAfee's Desktop Firewall once, it's running smooth here, espessially in combination with VSE 8.0i... (I love university admins ;) )

Well, the drift is, or was, if you have to disable a major program function like logging to save on memory, that is a bad trade off. I was just being sarcastic by saying you could follow that line of reasoning and delete more program functions to save on memory until the entire thing was gone.

Only someone who was paranoid would think I was discussing the merits of outbound control. Anyway, I have to go out and mulch the yard with the shredded remains of my junk mail and unredeemed pizza coupons after I get my kids to memorize their 14 character passwords that are changed weekly.

I'm now testing the latest Tiny 2005. And I love it so far. Strange: I now even have more MB's left than I had with for instance LnS and Netveda. And I don't think that my system runs slower or something too.

@ Edwin: the Firewall of Tiny (without the windows security) is one of the fastest firewalls I have ever experienced, browsing was remarkeable faster then with outpost and certainly uses less resources.

I love the new tiny too...way better then before and even easier to use lol whatever that means in this case...

Ihave just gone back to look n stop.Of all the ones i have used,i find this the best.I took it off last week,to try netveda but am now back with it.Load enhansed ruleset,and thats it.

-{ Quote: "Well, the drift is, or was, if you have to disable a major program function like logging to save on memory, that is a bad trade off. I was just being sarcastic by saying you could follow that line of reasoning and delete more program functions to save on memory until the entire thing was gone.

Only someone who was paranoid would think I was discussing the merits of outbound control. Anyway, I have to go out and mulch the yard with the shredded remains of my junk mail and unredeemed pizza coupons after I get my kids to memorize their 14 character passwords that are changed weekly." }-Hmmm, you work out in the garden too.... I don't get that much junk email, but I certainly shread enough to mix in with grass clippings to make some might fine mulch. I also throw out far more pizza coupons then I use too. I could go on about the gardening but I would be so far off topic...stay well Diver. ;)

Eat Pizza, Mercurie, and stay well.

Try Filseclab Personal Firewall
freeware: http://www.filseclab.com/eng/products/firewall.htm

Down Under,

I tried Filseclab out too, how is your experince with it so far.

Waters, i agree with you about LnS

hi arup tried filseclab b4 settling for netveda.i found it to be a very low resource using ,firewall.my only glitch was that there were way too many prompts and i didnt knew what to do.i think for someone with lil knowhow of rulemaking ,it is a very good one..

Clansmann,

Same here, very nice and low resource firewall which was completely stealthed even with ICS on, however too many prompts like Jetico, I have talked to the developers and they have promised to improve the next version.

On my system, Outpost(turn off logging and plugins except attacker & DNS) RAM usage is much less than PG, Regdefend, nod32 beta.

-{ Quote: "Try out McAfee's Desktop Firewall once, it's running smooth here, espessially in combination with VSE 8.0i... (I love university admins http://www.wilderssecurity.com/images/smilies/wink.gif )" }-


StyleWarz, is that the same firewall they use in their McAfee Security Suite? I tried McAfee SS but did not feel good about the firewall. I can't remember the exact names at the moment, but I think these are close. In Application Settings, all applications were set to Allow Full Access. I would set them to Outbound Only. When I re-booted, most all applications were re-set to Allow Full Access. The ones re-set to Full Access were, all the McAfee apps and Internet Explorer. I was worried that having apps set to Allow Full Access was giving them outbound and inbound access, and server rights. I didn't want to give any app server rights.

I could never get a straight answer about this over at the McAfee forum or from the Live Chat tech support. How do you have yours set up?

-{ Quote: "Just a few days ago.. Tried out OP 2.6.452.403. I have a license. For me it used a consistent 20 mb of ram. So I have to argue when someone says that's "light" on resources.. There are lighter choices... ;)" }-
Hmmm, interesting...

Let's see, to get that 2.4mb of memory you had to turn off logging, which is an important security feature, and load and unload the gui while surfing the web, right? That tricks Outpost into swapping out.

I found that even when Outpost was swapped out, it was the only firewall out of about 9 tested that would slow down my P3 450 test machine when only minimal connections were open. Quite an achievement for a firewall.

-{ Quote: "Let's see, to get that 2.4mb of memory you had to turn off logging, which is an important security feature, and load and unload the gui while surfing the web, right? That tricks Outpost into swapping out." }-
Actually, I did neither (please don't assume ;)).

-{ Quote: "I found that even when Outpost was swapped out, it was the only firewall out of about 9 tested that would slow down my P3 450 test machine when only minimal connections were open. Quite an achievement for a firewall." }-
I don't know why some people's memory usage is so high with Outpost (maybe all the plugins?). I've been using it for well over a year and it's rarely gone over 5 mb.

Jaguar,
What about LnS? U still try it?

-{ Quote: "Hmmm, interesting...

" }-

You don't show what the peak usage is. Could be higher.

-{ Quote: "Actually, I did neither (please don't assume ;)).


I don't know why some people's memory usage is so high with Outpost (maybe all the plugins?). I've been using it for well over a year and it's rarely gone over 5 mb." }-

I dont know why yours is so low. The only way I could get Outpot to drop much below 20mb was the load and unload trick and that resulted in 6mb. To get under 3mb I had to turn off logging. These results were consistent with those of several other persons in this forum. Until I see confirmation from several other forum members, I will have to consider your results to be a fluke.

And frankly, having all that stuff running on your system is punishment enough.

-{ Quote: "Jaguar,
What about LnS? U still try it?" }-


Yes I am still using LnS. I like it so far, I just need some help with rules. :)

Just load phantom rules and keep them like this. Dont change them unless u need some extra for applications.

Hmm, now i see, u need rules for router....

I do have phantom's rules setup. They work quite well except I am having some probs occasionally with internal things showing up in my logs when this ruleset is activated.

You can check it out on the LnS forum.

Thanks,

Jag

-{ Quote: "Hmm, now i see, u need rules for router...." }-


Yeppers. I tried Patrice's setup as per the sticky but they do not seem to work. ???

-{ Quote: "I dont know why yours is so low. The only way I could get Outpot to drop much below 20mb was the load and unload trick and that resulted in 6mb. To get under 3mb I had to turn off logging. These results were consistent with those of several other persons in this forum. Until I see confirmation from several other forum members, I will have to consider your results to be a fluke.

And frankly, having all that stuff running on your system is punishment enough." }-
It's no fluke....

hi ligh ,yours is a rare case if what you are saying is correct.i dont think some body else has achieved this much low memory without turning off logging and opening and closing the gui of outpost once..mine was around 18-25 mb when i tried outpost ..by opening and closing the gui once i could drop it down to about 7-8mb..

If it is no fluke, it must be a flounder :o :D

Shouldn't have to trick a firewall into using less ram. You should just install it and run it and it should only use 3-5mb on everyone's system. Kinda like LnS. ;)

No need to trick my ancient Kerio 2.15 into running a low memory footprint, it runs consistently at 5.38mb on my system, no matter what and this with havy LAN transfers or net downloads.

A number of posts were removed....Please find another location for your P contest :lurking:

I now return you to the thread discussion....Looking For New Firewall To Try 8)

I have decided to return to this thread because there were a lot of loose ends left when Bubba had to come in and do his thing as a mod.

The original request was for a firewall that was light on resources, easy to use and provided good security.

I suggested the Windows ICF. I don't think there is much dispute that this firewall is low on resources or easy to use. One fan of the Outpost firewall cited some promotional material from Outpost's publisher and concluded that the ICF does not have such good security. If thre is something really wrong with the ICF tell us, but don't bore me with leak test trivia.

Perhaps some people feel that any firewall without outbound application control does not offer good security. So that means CHX-1, 8Signs, Firewall One, Smoothwall and all hardware firewalls do not provide good security. Then it also means that the standard practice on business networks of not employing outbound application control is defective. The reader is left to decide for him/herself if that makes any sense. Please don't tell me that business networks are different because they lock down the workstations. Anyone with half a brain can do as well at home.

Fans of Outpost seem united in the idea that their chosen firewall meets the three criteria. Starting with pretty good security, I suppose it can be said that Outpost is capable of providing it, assuming you are not one of the unlucky ones with BSOD problems. There is a caveat that applies to all rule based firewalls, which is they can be mis configured. With respect to ease of use, this is rather subjective. IMO, no rule based firewall is easy to use. Kerio 2.15 perhaps has the most intuitive rule editor, and is probably the best firewall to use to learn about firewall rules. To someone who has not learned the basic concepts firewall rules are very confusing. It is all to easy for someone who has become used to using rule based firewalls to forget how difficult these concepts were at the start. To its credit I am willing to agree that Outpost has a decent user interface. However, it is nowhere as easy to use as the ICF, Zone Alarm or a hardware firewall.

The point that was the cause of the most contention is use of resources. Fans of outpost feel that because it will swap down to a main memory footprint of less than 3mb it is light. This ignores several other concepts of resources including virtual memory, commit charge and kernel memory. Nearly all firewalls load drivers which use resources that are not shown in the task manager. I recall Outpost loads about 8 or 9 drivers by default. Outpost may have good memory management (although different users appear to get very different results), but there is no way a 40mb program (including drivers) is light, at least not in the English language.

By the way, I don't think Outpost is a bad product. It is a major player and anyone looking for a software firewall should try it. It is not one of my favorites as my tastes run to routers or free software firewalls.

-{ Quote: " Outpost Firewall is a firewall which meets all three of the above." }-

Sorry, Outpost is quite a resource hog, when compared to Kerio 2 or LnS.

Even Netvada is bigger and it's still smaller than Outpost in terms of memory/cpu resource use.

Don't trust comments from guys who have not tried and compared the products they talk about, but are only touting the single product they like themselves (for another reason altogether).

Diver,

"...IMO, no rule based firewall is easy to use."

I agree with you on this.

Thanks for your contributions here at the Wilders. I enjoy reading them. I like to hear....I do not know how else to put it except to say, an opposing point of view. I am no expert on firewalls I find them a little complicated. In the firewall department I think the best thing that ever happened was the NetGear Router with firewall I had my ISP set up for me.

I have OutPost with Lifetime upgrade on one machine and Zone Alarm Pro 5.1.033 on the family machine. At some point I may try your suggestions quoted here: "CHX-1, 8Signs, Firewall One, Smoothwall," are you suggesting this for some one using FW Router who would like some outbound controls?

I total agree that perhaps a lot of money is wasted paying for firewall subscriptions at least I think that is what you are inferring. ;)

Mercurie,

The list of firewalls I mentioned do not have outbound application filtering. Firewall One is a high end enterprise software firewall. It can recoginze certain types of connections like Kazaa, but mainly so they can be blocked. Smoothwall is Linux based and intended to be installed on an obsolete PC dedicated to a firewall function. CHX-1 and 8Signs can be installed on a workstation, server or a dedicated gateway.

If you have a router, you can probably get by without any software firewall. There are exceptions involving tunneling protocols. I do not consider myself to be an expert either, but I have read enough articles by experts to pick up the thread, so to speak.

What goes on here is not a waste. However, it needs to be put into perspective. What many of the members are doing is experimenting at the cutting edge of computer security. Many of these products are a long way from being useful to the general population. It is OK to experiment and have some fun.

Thank you for your kind words.

-{ Quote: "Mercurie,

The list of firewalls I mentioned do not have outbound application filtering. Firewall One is a high end enterprise software firewall. It can recoginze certain types of connections like Kazaa, but mainly so they can be blocked. Smoothwall is Linux based and intended to be installed on an obsolete PC dedicated to a firewall function. CHX-1 and 8Signs can be installed on a workstation, server or a dedicated gateway.

If you have a router, you can probably get by without any software firewall. There are exceptions involving tunneling protocols. I do not consider myself to be an expert either, but I have read enough articles by experts to pick up the thread, so to speak.

What goes on here is not a waste. However, it needs to be put into perspective. What many of the members are doing is experimenting at the cutting edge of computer security. Many of these products are a long way from being useful to the general population. It is OK to experiment and have some fun.

Thank you for your kind words." }-

So behind a router, excluding zonealarm and oupost (which I don't like and finding replacement) what else do you recommend?

dja2k

If you just want app control you could always use the light Kerio 2.

A few home routers do have some outbound protection. I know mine does.
But here is a firewall you may have missed. BitGuard ;)


controler

Well I don't just want app control, I want some good protection in addition to my router. I need something that won't start giving me blue screens like outpost and something that is easy to set rules for application port forwarding.

dja2k

Just thought I would mention it. Sounds like you have researched BitGuard already but if not her is some old links, exp for those that like lite resources.

http://www.wilderssecurity.com/showthread.php?t=20737&highlight=BitGuard

http://www.wilderssecurity.com/showthread.php?t=22168&page=1&pp=25&highlight=BitGuard

Thanks all. I will keep watching and listening to the discussion for now. :lurking:

-{ Quote: "Just thought I would mention it. Sounds like you have researched BitGuard already but if not her is some old links, exp for those that like lite resources.

http://www.wilderssecurity.com/showthread.php?t=20737&highlight=BitGuard

http://www.wilderssecurity.com/showthread.php?t=22168&page=1&pp=25&highlight=BitGuard" }-

Yes I have read about it, doesn't seem to be any good around anywhere. No one seems to even talk about it but here. All I hear about that people say is good right now is Look n stop and tiny firewall pro 2005, but don't know about those. Others say stick with Kerio 2.

dja2k

And what is wrong with "ONLY HERE" ? LOL
Some of the best minds in the world come here.
If not here DSLReports.

I would say Tiny is the best if you want protection and are willing to learn this firewall-sandbox.

Look & Stop is a great firewall. one of the lite ones.

All I will tell you is I never heard anything bad said about bitGuard, have you?
Even Paul Wilders commended it. If you would have taken the time to read thru those posts I listed. GKWeb, the maker of the leaktest site says it is ok also.

Then if you have PG & L&S, that is about all ya need.

To each their own ;D

Behind a router is enough for me.

If you think you need more protection try running as a non-admin user. Another alternitive would be process guard. Really, the objective is to be able to recoginze problems before they happen. A file that is supposed to be a video should not have an exe extension, and so on.

In a sense there is an opening in the marketplace for a utility that is not a firewall to run behind a router and provide some kind of appliation filtering. LnS can be set up to do this, but it has its limitations and it is not cheap.

Nvidia has a hardware firwall built into its latest chipset. It is application awware, but I doubt if it is set up to detect one application starting another, and stuff related to the leak test thing. Something worth looking into if you are building a new system. Support is only for AMD processors right now.

Yes diver & DEP enabled CPU's. Not many use Windows DEP service.
Without CPU, it is only software based. Default is protect system files only.
Protects memory space.

I use an actiontec gateway myself.

-{ Quote: "

I would say Tiny is the best if you want protection and are willing to learn this firewall-sandbox.

Look & Stop is a great firewall. one of the lite ones.

Then if you have PG & L&S, that is about all ya need.

To each their own ;D" }-

So you would say Tiny and Look N Stop are good? <--- Which one is better in security wise and not extras. I already have DiamondCS Process Guard and Regdefend, so no need for process control nor registry monitoring.

-{ Quote: "

All I will tell you is I never heard anything bad said about bitGuard, have you?
Even Paul Wilders commended it. If you would have taken the time to read thru those posts I listed. GKWeb, the maker of the leaktest site says it is ok also.
" }-

I did read them and look what one person stated.

"But, the bad point, in this state (firewall _only_ state) BG fails near all leaktests, i haven't tested "leaktest" and "yalta" because i assume BG pass them. All other leaktests go through." and "based on my criteria testing identical for all firewall i am evaluating, if i would have to add BG to my site it wouldn't have more than 2/20 score so i don't think people would like that, especially those who refuse to try to understand my criteria."

So there you go. dja2k

I would say L&S in your case.

Yes BG is a sandbox-firewall. That was also a pre 2.0 version in that thread ;)

I have alot of security apps, that i paid for and still run alot of beta's

5 min ago I got a new CPL virus in my e-mail that the new Norton Internet suite
doesn't catch :'(

-{ Quote: "I would say L&S in your case.

Yes BG is a sandbox-firewall. That was also a pre 2.0 version in that thread ;)

I have alot of security apps, that i paid for and still run alot of beta's

5 min ago I got a new CPL virus in my e-mail that the new Norton Internet suite
doesn't catch :'(" }-

Hope you removed that virus. And thanks for your fast replies dude. I really appricate them. I will give L n S a chance.

dja2k

Tiny? Ouch! If you understand Tiny, tell me how. Anyone who understands Tiny deserves an honorary PhD. Help! I'm ready to throw a towel under the door...

Heck no I didn't delete it yet. Using Shadowuser, all traces will be gone on reboot. I will check it with some AV's to see if they detect it yet.
So far KAV & Norton don't checking Trend now.
I am guessing it is a nasy since it came for an e-mail that bounces & the main part of the e-mail just says predetor with attached garry.cpl file..

Diver. It had been over a year since i messed with Tiny. I can't remember that far back LOL. When my memory leaves, I just do an advanced search here
for the title, say Tiny

-{ Quote: "Heck no I didn't delete it yet. Using Shadowuser, all traces will be gone on reboot. I will check it with some AV's to see if they detect it yet.
So far KAV & Norton don't checking Trend now.
I am guessing it is a nasy since it came for an e-mail that bounces & the main part of the e-mail just says predetor with attached garry.cpl file.." }-

Try to use bitdefender free edition scanner, it has been updating a lot and I mean a lot this passed week.

dja2k

-{ Quote: "Tiny? Ouch! If you understand Tiny, tell me how. Anyone who understands Tiny deserves an honorary PhD. Help! I'm ready to throw a towel under the door..." }-
And nobody really knows for sure if it even works either... ;D

Well installed L&S already and guess what, error already. It didn't even stop any programs from going to the net. The application filtering was checkmarked and well if you try to add any program manually, it causes a windows encoutered error and freezes the whole L&P program and can't unfreeze or close until you restart. Oh well, guess I will have to go back to Zonealarm or back to the Firewall that never gave me any problems, Sygate.

dja2k

-{ Quote: "Behind a router is enough for me.

If you think you need more protection try running as a non-admin user. Another alternitive would be process guard. Really, the objective is to be able to recoginze problems before they happen. A file that is supposed to be a video should not have an exe extension, and so on.

In a sense there is an opening in the marketplace for a utility that is not a firewall to run behind a router and provide some kind of appliation filtering. LnS can be set up to do this, but it has its limitations and it is not cheap.

Nvidia has a hardware firwall built into its latest chipset. It is application awware, but I doubt if it is set up to detect one application starting another, and stuff related to the leak test thing. Something worth looking into if you are building a new system. Support is only for AMD processors right now." }-


The nvidia firewall in conjunction with AMD 64's native process injection protection does work but also brings myriads of problems as you can see by their forums, I have tried it out and can't say I liked it at all.

Oh well thanks guys for the replies, just went back to using good old Zonealarm. Nothing else worked for me. Tiny, well to complicated as others say. L&S, well crashed. Sygate (gave it a try again) and well it crashed on me. Outpost, well gave it too many times a chance and always ended up with the same thing, BLUE SCREENS. Bitguard, well didn't even try it, but maybe give it a try later. Zonealarm, well works fine and what do you know, no crashes, and zonealarm hasn't given me a single blue screen error like Outpost does - tough that they haven't fixed those damn BSOD errors over there at Outpost.

dja2k

Arup-

I heard the AMD 64 native process protection had compatibility issues, but the Nvidia firewall I have, of course, not tried as it requires investing in a whole new system.

Could you give us a brief list of the issues with these items?

Diver... did you try the latest Tiny (6.5)? It's not that complicated anymore. It even works out-of-the-box nowadays... And it's light!

-{ Quote: "Oh well thanks guys for the replies, just went back to using good old Zonealarm. Nothing else worked for me. Tiny, well to complicated as others say. L&S, well crashed. Sygate (gave it a try again) and well it crashed on me. Outpost, well gave it too many times a chance and always ended up with the same thing, BLUE SCREENS. Bitguard, well didn't even try it, but maybe give it a try later. Zonealarm, well works fine and what do you know, no crashes, and zonealarm hasn't given me a single blue screen error like Outpost does." }-
ZoneAlarm is notorious for not completely uninstalling everything. Any remnants of ZA left could well cause problems when you install other firewalls but will be ok when you re-install ZA. Did you perform a complete uninstall and clean before you tried the others? (See Don Hoover's site at http://www.donhoover.net/ for details of how to completely uninstall and remove all traces of ZA.)

HTH

patermann

-{ Quote: "And what is wrong with "ONLY HERE" ? LOL
Some of the best minds in the world come here.
If not here DSLReports.

" }-

Heh, I find (slightly) better minds visit DSLreports.

-{ Quote: "Diver... did you try the latest Tiny (6.5)? It's not that complicated anymore. It even works out-of-the-box nowadays... And it's light!" }-

I trialed Tiny and found it hard to understand. As for light, I don't think so. It used a lot of memory, but I did not experiment enough to see if it would swap out. My idea of a light software firewall would include CHX-1, 8Signs, Kerio 2.15, Windows ICF, Jetico or Look n Stop.

CHX-1 is the lightest one that I know of. Nothing in the task manager unless you are changing something or checking the log. Just a single driver, somewhere.

Of course for light, nothing beats a router. Very difficult to terminate and no impact on system performance under heavy usage with a router. I wonder why there is not more discussion of the different features of hardware firewalls around here. Probably becuase they can't be downloaded and trialed.

Diver,

I too am all for the use of a "properly confirgured" NAT router with SPI as opposed to messing around with a software firewall. However, I must admit I am curious as to what kind of a security set up you have on your system(s) if you are not running a software firewall. Which antivirus do you use? What other security software do you use?


Thanks,
Dave

I don't want to turn this into an AV thread. PM me for the answer to that one. But I will give you a hint: a high percentage of detection is very important to me. For me security is more of a mental approach than an attempt to build an automated fortress with the latest sand box utility. The sand boxes have to be turned off to install anything and besides they are unable to tell the difference between good and bad programs. I do use several of the Sysinternals free utilities including tcpview, regmon, rootkit revealer and process explorer to check up on things. The trick is to be aware of what you are doing at all times. For anything that is really doubtful there is Jotti's on line scanner or other similar services.

-{ Quote: "ZoneAlarm is notorious for not completely uninstalling everything. Any remnants of ZA left could well cause problems when you install other firewalls but will be ok when you re-install ZA. Did you perform a complete uninstall and clean before you tried the others? (See Don Hoover's site at http://www.donhoover.net/ for details of how to completely uninstall and remove all traces of ZA.)

HTH

patermann" }-

I didn't start with zonealarm. After a clean install of windows, I started with Outpost, that gave me blue screens. Then I went to Look n Stop, that would cause an unusual windwos error with the application filtering tab. I then tried good old sygate, but it would crash if I clicked on two interntet programs at once, don't know why though. Then I installed zonealarm, more than 12 hours now, no problems and I kinda figured out how to set up rules for applications on it.

As far as uninstall for each of them, well I would run the uninstall, then use jr16 power tools, delete all tracks in the registry tools>registry manager. After that I would go to the registry tools>registry finder and manually look fo traces from each app using the app name and then the company as a search and deleted all those. After all that, I used Registry First Aid to remove anything that was left. Well if that wasn't enough, then oh well.

dja2k

For ZA, there is a /clean parameter that has to be added to the uninstall command line, or else it leaves a lot behind. Actually, anything that installs drivers can be problematic when it comes to removing it. The best thing to have is some disk image software so you can get back to where you were. Its a good security practice as well. If anything goes wrong, just restore.

-{ Quote: "For ZA, there is a /clean parameter that has to be added to the uninstall command line, or else it leaves a lot behind. Actually, anything that installs drivers can be problematic when it comes to removing it. The best thing to have is some disk image software so you can get back to where you were. Its a good security practice as well. If anything goes wrong, just restore." }-

Well disk image doesn't work when you have a dual raid format or does it? I tried using some before, none would pick up the raid. As far as the other subject on zonealarm, well I never had it installed, until now, so there was no way I can uninstall something that wasnt there in the first place.

dja2k

Ask about raid in the Acronis support forum over here at Wilder's. I haven't a clue.

Even using /clean ZA will sometimes still leave crap behind. I uninstalled with /clean recently and was amazed to find vsdatant in hidden devices and running also, after a uninstall and reboot! Apparently you have to uncheck "protect the zonealarm client" before uninstalling (or run at startup.. something like that, don't know for sure). Anyway, ZA really *ought* to do a clean uninstall, but for some odd reason, it doesn't.

I uninstalled Zone Alarm Pro 5.1.033 from this machine using 'clean parameter" as Diver put it. I did all kinds of things shut it down rebooted with no start ZA at boot did clean uninstall rebooted several times then did some looking around and still found stuff. Days later I get some sort of pop up from AdWatch about a registry issue or log or something I had to go kill that one off and remove too. Really weird. It can be done but it is not easy. By the way this machine now uses OutPost Pro. no BSOD either.

My only point is it can be done but is not easy do not give up. It can be done. I believe the secret to getting rid of it is to make sure the darn thing is not running and a "clean" reboot is very important. It appears once you screw up it can be really bad leaving live active component parts from partial uninstall. Bad system stability issues for many. If this happens seek some help. ;)

-{ Quote: "Arup-

I heard the AMD 64 native process protection had compatibility issues, but the Nvidia firewall I have, of course, not tried as it requires investing in a whole new system.

Could you give us a brief list of the issues with these items?" }-

Various, including blocked access for programs on list, BSOD and general instability.

-{ Quote: "Various, including blocked access for programs on list, BSOD and general instability." }-

Sounds miserable.

Yep, Kerio or ZA+Harden IT+CHX rules, light and easy, CHX can't be terminated as it is not even shown in the task manager so it offers the ultimate protection, dont' need pesky, interfering hardware based firewalls, no matter how good they promise to be.

Actually CHX can be terminated, it is just not all that easy to do it. There is a function to unload the firewall driver in the mmc. This programing could be duplicated, but it would have to be a directed attack. Of course this borders on the security through obscurity concept. Widespread malware tends to target widespread software. I recently read that one of the Sobig varities can turn off the Windows ICF and Norton AV.

Anyway, I am satisfied with being behind a router. If I had a laptop the software firewall thing would have to be revisited and most likely my choice would be CHX-1.

True, but wouldn't the MMC need a script file to be enabled? In that case, your vigilant AV should come into the picture.

SPI Router though is the best line of defense in any case.

-{ Quote: "True, but wouldn't the MMC need a script file to be enabled? In that case, your vigilant AV should come into the picture.

SPI Router though is the best line of defense in any case." }-

I didn't say it was easy, just possible.

-{ Quote: "Yep, Kerio or ZA+Harden IT+CHX rules, light and easy, CHX can't be terminated as it is not even shown in the task manager so it offers the ultimate protection, dont' need pesky, interfering hardware based firewalls, no matter how good they promise to be." }-

It is trivial for any process with root rights to do so:

"net stop flthook"

Of course you can make the driver unstoppable but that just ain't a good thing and can easily be "bypassed" as well with admin rights.

Best Regards,

Stefan

Running root is actually the most risky thing one can do but sadly it is a common practice among Windows users.

I don't go near Tiny. Played with an older version not long ago and completely, totally, managed to lock myself out of my own computer. I couldn't even fix the problem in Safe mode. Had to format and reinstall everything. Fortunately, other than XP and Word, I have all my programs saved on a second hard drive.

I now use Kerio 4.1.3 firewall. It's a bit heavy on memory, but seems very low on CPU useage. With ZA, I notice a slight slowdown. There's virtually none with Kerio. Don't know how it does with leaktests, but think I read somewhere here that it's pretty good.

-{ Quote: "Running root is actually the most risky thing one can do but sadly it is a common practice among Windows users." }-


The reason it is a common practice is MS makes it so inconvenient to run as a limited user. A lot of software will not run properly under a limited user because it accesses protected areas of the registry. However, it just amazes me how much trouble some go in the name of computer security while not using a limited account.

I have a question about tiny firewall pro 2005.Is it possible to disable the start up loading bar when windows starts?

-{ Quote: "The reason it is a common practice is MS makes it so inconvenient to run as a limited user. A lot of software will not run properly under a limited user because it accesses protected areas of the registry." }-
So is that an MS issue, or just poorly written software?

Regards,

CrazyM

-{ Quote: "I didn't start with zonealarm." }-
Sorry - my mistake. :-[ I thought that when you said "just went back to using good old Zonealarm" you meant that you had been running it before you tried the others.

-{ Quote: "As far as uninstall for each of them, well I would run the uninstall, then use jr16 power tools, delete all tracks in the registry tools>registry manager. After that I would go to the registry tools>registry finder and manually look fo traces from each app using the app name and then the company as a search and deleted all those. After all that, I used Registry First Aid to remove anything that was left. Well if that wasn't enough, then oh well." }-
That should certainly have done the job of clearing everything out! Sorry if my post sounded a bit patronising - it wasn't intended.

patermann

-{ Quote: "So is that an MS issue, or just poorly written software?

Regards,

CrazyM" }-
Both. MS says that in Longhorn there will be improvements in this area. I tried running as a limited account for a few weeks and got tired of using the run as command so often. Some things they let you change, like access to CD/DVD burning, but the user is locked out of a lot of normal functions.

Has anybody tried Omniquad Personal Firewall 1.4.92
http://www.omniquad.com/downloads.htm

Primedius Firewall lite
http://www.primedius.com/PersonalFirewall.htm

Well after all this, Im bringing this back to the top again.

I am *thinking* of trying Netveda, however I would like to know.

* Am I protected out of the box?
* Does it have outbound app control?
* Does it prompt you a lot?
* Would like to know specific mem/cpu usage
* Anyone have any screenshots/tutorials for setup?
* Is this a good firewall for beginners? (I am looking to set some up for some home user clients of mine).

Thanks in advance,

Jag

Netveda thread. http://www.wilderssecurity.com/showthread.php?t=76006

Thanks ronjor. ;D 8)

Give it a try. Very nice app. :)

I think I will, altho on a test box first.

I also need to learn how to properly configure it.

-{ Quote: "The original poster asked for
so we presented an answer as to why Windows FW is not sufficient for security purposes since it was mentioned. Outpost Firewall is a firewall which meets all three of the above." }-


Look 007 no funny business!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!