If you do not mind I would like to ask what firewall software you are currently using and why you like it? I do not care if it is free or not.
Hope that is not to broad of a question.
I am currently using Kerio 4.1.3. I like it pretty well, but it seem to get talked down quit abit here which makes me wonder if it is a wise choice.

Thanks,
Lon

I'm also using Kerio 4.1.3 and am completely happy with it. I have tried many many other free firewalls and a few paid-for ones, including Zone Alarm, Sygate, Jetico, Filseclab, Outpost, R-Firewall, Kerio 2.1.5, Softperfect, Look'n'Stop, a-wall, b-wall, and several others that I have probably forgotten. I started off looking for an alternative to Kerio 4.1.2 and after trying them all, I am back with Kerio 4.1.3, so that says it all as far as I'm concerned.

If you're happy with it, stay with it as it's as good all-round as all the others and, when they get this good, it's only personal opinion which separates them.

{QUOTE-> If you're happy with it, stay with it as it's as good all-round as all the others and, when they get this good, it's only personal opinion which separates them. <-QUOTE}
my thoughts exactly. secondly u might want to browse this poll/thread:

What Firewall do you use? (http://www.wilderssecurity.com/showthread.php?t=13403)

Im sure many of people who responded also put their reason for choosing tehir firewall. as for me i use outpost since it has preset rules for many programs and if it doesnt i can either create my own rules or just allow/deny all (like in zonealarm or sygate). it offers plugins tho i only use the attack detection and it has a good gui IMHO.

Hi!

I also use kerio 4.1.3. Have tried almost *all* firewalls out there! But i find kerio the best. Its ad blocking is the best there is. The protection offered is also very good. Its a bit noisy though!

{QUOTE->
I am currently using Kerio 4.1.3. I like it pretty well, but it seem to get talked down quit abit here which makes me wonder if it is a wise choice.

Thanks,
Lon <-QUOTE}
I have used Kerio 4.1.x and 4.2 beta and like them, but I think the reason Kerio 4.x gets a bad name is due to it's buggy nature. In the 4.2 beta series, each release has had bugs, some were fixed in subsequent releases, and more were always introduced. So it seems that 4.2 will never be finished if they can't squash all the bugs for good. 4.2 has been in beta for many months now.

Also, many people prefer a firewall that's light on resources, and Kerio 4.x isn't among the lightest ones. In fact 4.2 is getting up there pretty high in ram usage.

There are probably other criticisms too. Logging is terrible, especially in 4.1.x.

Just a few things which might make people stay away from it.

I think the basic firewall and SPI is pretty good though. :)

I use CHX-I. Only.

I use no other firewall - No Windows firewall, no Kerio, no other, I don't need outbound because I never get spyware or trojans and I'm not stupid enough to let that happen.

Minimalism works for me and CHX-I has never let me down. No need for a firewall sucking up resources, as the main purpose of a firewall is to make sure you are stealth and block unsolicitored packets - nothing else. No need for unwanted features like IDS, Block cookies etc... In fact the only thing reguardless of security app or not in my system tray is avast! and internet connection icon.

I have used Kerio 2.15, ZoneAlarm 5, LnS and Windows XP firewall. Nothing comes close to CHX-I.

100% recommended for advanced computer geeks or nerds. :)

CHX-I with Avast is great. If I was running a firewall now, it would be CHX-I.

I am still useing Kerio 2.1.5 It has always worked very well and as long as it does I guess I will keep it.

Hi Irtrees.....

Go with advice given in here, stick to what you know/like/happy with.

Cheers, TAS

for the record, I use...............................................

Using CHX with Jammer and Antihook for outbound protection, my system never felt better, have tried out almost all the major firewalls out there, all have their pros and cons, CHX scores over all of them in my case.

Arup, I went over to Agnitum and it shows a download trial for jammer but it doesn't look like its for sale anymore. I wonder if the trial will just keep working after the trial period?

Regards,

Jaws

{QUOTE-> I'm also using Kerio 4.1.3 and am completely happy with it. I have tried many many other free firewalls and a few paid-for ones, including Zone Alarm, Sygate, Jetico, Filseclab, Outpost, R-Firewall, Kerio 2.1.5, Softperfect, Look'n'Stop, a-wall, b-wall, and several others that I have probably forgotten. I started off looking for an alternative to Kerio 4.1.2 and after trying them all, I am back with Kerio 4.1.3, so that says it all as far as I'm concerned.

If you're happy with it, stay with it as it's as good all-round as all the others and, when they get this good, it's only personal opinion which separates them. <-QUOTE}
+1, I'm also using Kerio 4.1.3 and completely happy with it. I have tried many other firewalls.

Lon, Hello
Why go with the rest when you can have the best!!
Outpost by Agnitum
http://www.agnitum.com/
Check it out you wont be disappointed ;)

{QUOTE-> Lon, Hello
Why go with the rest when you can have the best!!
Outpost by Agnitum
http://www.agnitum.com/
Check it out you wont be disappointed ;) <-QUOTE}
Outpost isn't the best. Please, check your internet web surfing speed with and without outpost. you'll see dramatic differences.

Kerio 4.2 beta RC3
very happy and no problems at all

I've tested and reviewed all the firewalls mentioned
here above (it's my job) EXCEPT: CHX-I !

1) I prefer a firewall that is not in my pc's (hardware/ or in router)
like Cisco Pix etc.
2) The best firewall on Windows XP (software) that i have tested was:
Tiny Personal Firewall 2005 Pro (tinysoft is bought by C.A. this week i have heard)

Tiny Personal Firewall 2005 Pro is not as difficult to configure as the previous versions, and has lot of extra features:
It can protect processes like DCS ProcessGuard, protect files, protect registry. it has IDS, integrity checking,registry protection etc. etc.

AND:
-------------------------------------------------------
Track'n Reverse - Undo The Harm

Imagine the world where you can turn the clock back. Imagine the situation where you can - by a simple mouse click - repair all damage caused by the application accidentally started on your computer. Imagine all files and registry entries being put back in order like nothing happened ever before.

Track'n Reverse is a unique engine - capability - literally allowing turning the clock back. Track'n Reverse allows to undo all changes to files and registry (the most important parts of your system) done by selected application or any application started (spawned child applications).

Track'n Reverse engine is particularly suitable to protect the computer against the malicious spyware and trojans brought with the installations of various software programs. Install the trial software, look what it does and when you want to get rid of it click a mouse and see Track'n Revert cleaning your computer reverting all changes to your files, registry and completely wiping up the application from your computer.

Whenever you do not trust the vendor of the application or you want to uninstall particular application like it would have never been on your computer before you can count on Track'n Reverse to keep your computer clean.

Technical Note:
Track'n Reverse feature requires as much of a free space on your hardrive as big the volume of replaced/modified files will be. Also if the application makes entry into a common log file and another application would make subsequent entries when applying Track'n Reverse all changes made by other applications subsequent to the entries made by your selected application will be lost. Plan before enabling and using Track'n Reverse feature for selected application.
-------------------------------------------------------

If you are looking for a firewall-only this is not the thing you like.
I have tested this with Shadowuser and NOD32,Regrun Gold
and SpySweeper OR CounterSpy for on-demand..
nice , very nice.

But again, if you want to spend money on a firewall only
buy a hardware firewall, it doesn't use system resources, difficult to get
it disabled by malware on your system etc.

Jetico is "THE FIREWALL".
I have got two licences (Norton and Outpost) but I only use Jetico.
I love Jetico! ;D ;D ;D

{QUOTE-> Outpost isn't the best. Please, check your internet web surfing speed with and without outpost. you'll see dramatic differences. <-QUOTE}
Very Fast With Outpost!!
And No Change Without it!!
I have heard some folks have this little ditty[I dont]

Outpost didn't slowed my computer down too. I used it for a long time and it truely is a superb firewall.

Tiny2005 seems to be one of the fastest firewalls that I've tried. ok, you will have to learn the way it's set up but the firewall (browsing experience, rule creation is still one of the best things. Browsing seems to be a lot faster with Tiny then with the rest of firewalls I tried.

I liked look n stop too. With the filterset of Phant0m it did a splendid job behind my router, fast too.
Just my two cents :)

A very happy Outpost Pro user... ;)

NetVeda Safety.Net for a free firewall...

Is Tiny a one off fee, or a yearly fee ? I've been using ZA free for a while now, but Tiny is the one other firewall that has interested me.

Kerio or Tiny.

Kerio 4 on my machine.

Netveda on wife's and kid's.

I came to Kerio after repeated and damaging BSODs with Outpost Pro (to which I hold a lifetime license) over several installations on several machines. OP seems to work ok on some systems & not on others - that seems to be true of most firewalls (including Kerio 4).

Kerio has worked flawlessly since I installed it back in March: it's never missed a beat. It worked fine on my wife's machine prior to my installing Netveda.

I am watching Netveda closely and so far (nearly 2 months) I am very impressed. The free version offers a lot of features - I think it's one to watch.

I recommend "ZoneAlarm Free" :

1. It's free of charge, so you won't regret your money, if it didn't protect your computer.
2. It's ready after installation and easier to understand for typical users.
3. It keeps the unskilled intruders away from your computer, like any other firewall.
4. It is made of the same straw, that is used in other firewalls.

Any firewall is vulnerable and there are other ways to break into your computer, because the worst bad guys are also very smart.

That's why I created a VERY BORING and IMPERSONAL harddisk for intruders.
I removed all my personal files from my harddisk, except the ones, I'm working on.
I removed all my personal data from my harddisk, except my email-address, first name and initials.
This way, I'm also able to re-install my harddisk from scratch at any time.

Why would a smart intruder waste his time on my computer, when there are so many other interesting computers in the world ?

if u like application based firewalls and lack of development isnt an issue then maybe sygate will suit u well. it offers IDS/IPS and a fair amount of option and from what ive heard, it logs very well. i prefer it over ZA, but im not here to debate, solely to provide some alternatives.

NetVeda or Kerio 2.1.5

I use BitGuard - Developed in Denmark, made by danish folks :)
It has loads of features, really fast and state-of-the-art protection.
It 'becomes' a part of the OS deep deep inside (ring 0), not another app like the other firewalls are.

http://www.tryus.dk/bitguard.asp

{QUOTE-> I recommend "ZoneAlarm Free" :

1. It's free of charge, so you won't regret your money, if it didn't protect your computer.
2. It's ready after installation and easier to understand for typical users.
3. It keeps the unskilled intruders away from your computer, like any other firewall.
4. It is made of the same straw, that is used in other firewalls.

Any firewall is vulnerable and there are other ways to break into your computer, because the worst bad guys are also very smart.

That's why I created a VERY BORING and IMPERSONAL harddisk for intruders.
I removed all my personal files from my harddisk, except the ones, I'm working on.
I removed all my personal data from my harddisk, except my email-address, first name and initials.
This way, I'm also able to re-install my harddisk from scratch at any time.

Why would a smart intruder waste his time on my computer, when there are so many other interesting computers in the world ? <-QUOTE}
Hi Erik,

If those are your feelings about firewalls then may I suggest you try out CHX. It is also:

1. Free.
2. Easier then ZA. Import the 2 workstation filters from their web site. You'll be totally stealthed and won't have to deal with popups asking you for permission all the time.
3. Same.
4. Same.

and:

5. Far less resources then ZA.

Regards,

Jaws

Jaws,
I will check it out next week.
I'm not in love with my "ZoneAlarm Free".
I ditch every security software without regrets, when it is better and free of charge.

Erik, you won't regret it.

Especially if you believe in your signature. Simplicity is always brilliant. That's a good one.

Jaws

Jaws,
Keep in mind that I never heard of CHX Firewall before.
I have troubles with finding the FREE version of CHX.

I found this website,
http://www.idrci.net/idrci_products.htm
I assume that this is the home page of CHX, but that website has only trials (30 days) and that isn't really freeware.

Is the free version hidden in the trial versions or what ? :)

{QUOTE-> Jaws,
Keep in mind that I never heard of CHX Firewall before.
I have troubles with finding the FREE version of CHX.

I found this website,
http://www.idrci.net/idrci_products.htm
I assume that this is the home page of CHX, but that website has only trials (30 days) and that isn't really freeware.

Is the free version hidden in the trial versions or what ? :) <-QUOTE}
Erik,

You can go HERE (http://www.idrci.net/products/spfpur.html) and register if you want to. That's what I did, it's free.

Or you can go HERE (http://www.idrci.net/fver/index.html) for full version CHX Packet Filter 2.8.2. I really don't know what the difference is.

But the site you got is their home site. Also you can get the sample filter sets by cliching on Downloads there. If you're on a standalone PC go to network interface after you install CHX, right click, and import the workstation filters.

Post back in the CHX thread if you have more questions. I'll try to help and there are a few more people here that can help you.

Regards,

Jaws

CHX it's free for home users.
You have to registrate!

Regards

@Jaws,
Thanks for the links, I will install it next week and keep these links on a CD
together with the install files.

@Colorado13,
You are right about that, I have read this in another forum a few moments ago.
Well I have no problem with that as long it is free LOL.

Erik,

This SITE (http://members.shaw.ca/BIND-PE_and_ICS/chxi.htm) also has a lot of info and different filter sets for CHX.

Have fun,

Jaws

does CHX offer rules for p2p and IM like LnS does?

{QUOTE-> does CHX offer rules for p2p and IM like LnS does? <-QUOTE}
No they don't and that I can't help you with, but read through the recent CHX threads for a lot more info about p2p and other stuff.

Regards,

Jaws

{QUOTE-> does CHX offer rules for p2p and IM like LnS does? <-QUOTE}
That isn't a problem for me anyway.
I don't use P2P and IM for security reasons.
LnS would be a problem for me, I'm not able to create rules.

{QUOTE-> That isn't a problem for me anyway.
I don't use P2P and IM for security reasons.
LnS would be a problem for me, I'm not able to create rules. <-QUOTE}
how is that so? LnS does offer this ability, u just have to learn how to properly create them. or are u referring to the lite version? i think the lite version just doesnt offer application monitoring tho.

Hi all!

You can run certaint p2p programs under CHX-I! There is a problem running Emule/Emule.lite at the momment. (Due to a problem on cetaint systems being able to connect to servers.) But, Bit Torrent, IRC and various other chat programs work fine...

Regards
Jazzie

{QUOTE-> how is that so? LnS does offer this ability, u just have to learn how to properly create them. or are u referring to the lite version? i think the lite version just doesnt offer application monitoring tho. <-QUOTE}
That is exactly the problem, "I have to learn how to create them". I don't want to do this.
I have a personal problem with security softwares in general. It's not my favorite group of softwares.
As long I don't need to work/learn for them, I will use them, but nothing more than that.

{QUOTE-> Hi all!

You can run certaint p2p programs under CHX-I! There is a problem running Emule/Emule.lite at the momment. (Due to a problem on cetaint systems being able to connect to servers.) But, Bit Torrent, IRC and various other chat programs work fine...

Regards
Jazzie <-QUOTE}
unfortuneately, emule is my primary p2p app tho ill occasionally use azureus.
{QUOTE-> That is exactly the problem, "I have to learn how to create them". I don't want to do this.
I have a personal problem with security softwares in general. It's not my favorite group of softwares.
As long I don't need to work/learn for them, I will use them, but nothing more than that. <-QUOTE}
then outpost would serve u better as outpost has predefined rules for many apps. or u could go with zonealarm or sygate both of which simply deny or allow all. theres also kerio (4.x) and tiny, but i havent much experience with either. lastly theres rule-based firewalls like chx and LnS or kerio (2.x). which ever firewall u decide on, i wish u good luck. if u have any questions u can just post here at wilders.

{QUOTE-> unfortuneately, emule is my primary p2p app tho ill occasionally use azureus. <-QUOTE}

I am sure that someone will figure this out! I was able to connect with it, but didn't see the whole list of servers, due to most likely time-outs... Maybe someone on the board here that are 'FANS' of Emule will do enough testing to nail the problem...

Regards
Jazzie

I think that I am right in saying that, unlike most of the other firewalls mentioned, CHX-I does not have outbound application control. Some are using other firewalls such as ZoneAlarm and Look'N'Stop with packet filtering switched off to provide application control for CHX-I. I just thought that I had better mention that as ErikAlbert hadn't heard of CHX-I before.

{QUOTE-> I think that I am right in saying that, unlike most of the other firewalls mentioned, CHX-I does not have outbound application control. <-QUOTE}

Right you are! :)

Regards
Jazzie

Although CHX lets you create filters for outbound traffic, it won't let you do it on a application level, rather you can block outbound for specific ports, CHX works the best when combined with something like Jammer.

is there any alternative to Jammer as it is outdated and unsupported? or is LnS good enough to run with CHX?

LNS with inet filter and options DISABLED works fine!

Regards
Jazzie

{QUOTE-> is there any alternative to Jammer as it is outdated and unsupported? or is LnS good enough to run with CHX? <-QUOTE}
As Jazzie mentions, LnS works fine with CHX, as does ZA also when you turn off inet filtering and just use the app control.

Regarding emule and CHX-1, I had no problems. In fact CHX-1 managed emule particularly well because it has pseudo stateful UDP. All that is needed is a standard set of rules plus an allow rule for the TCP server port (default is 4662) with no particular flag specified so that incoming connections will be accepted. I don't use Kad, so no UDP server port is specified. Worked like a charm.

Hi Diver!

Thanks for posting the solution for Emule! I don't use Emule or Bit Torrent, so I was hesitant to even try to tackle it. Now that Emule is out of the way, have you ever tried Emule.lite? I had sucess with connecting using ports 10300 and 10301, but I didn't do enough testing (leaving on my system)!

Regards
Jazzie