I am looking for a lightweight firewall for portable computers. The biggest issues that I am trying to find solutions for are:

Most of the big-name firewalls are such resource hogs that they have almost as much an effect on performance as half of the threats they are designed to keep out.

Your wireless or wired connection could be connected to a trusted (your network), relatively-untrusted (Internet cafe or client's office where you still need access to the printer or even a file server), or seriously dirty (random access point, cable-modem-under-test, dial-up) network at any time. In many cases, the IP range of these networks could be the same. Most firewalls determine the zone by IP, not SSID+BSSID, MAC address or network/computer name.

I often go to clients (home/SOHO users) and find that they are thinking XP "firewall" will protect them, yet they have networking enabled on their wireless because they need to print or access files at home.

Many people with Windows 9x/2000 machines don't run a firewall because they can't handle the resource (I have seen it use 50 MB RAM!) overhead of products like Zone Alarm.

The lowest firewall in resources that I know is NetVeda Safety.Net, but I use Outpost Pro... ;)

Kerio 4.1.3 is a good alternative.

-{ Quote: "Kerio 4.1.3 is a good alternative." }-
Kerio 4.1.3 isn't light on resources...

-{ Quote: "Kerio 4.1.3 isn't light on resources..." }-
Kerio is better than outpost if you compare the resource usage and internet surf speed. I am an old outpost user. I prefer to test it.

-{ Quote: "Kerio is better than outpost if you compare the resource usage and internet surf speed. I am an old outpost user. I prefer to test it." }-
I agree. I am old user of agnitum too. :)

-{ Quote: "Kerio is better than outpost if you compare the resource usage and internet surf speed. I am an old outpost user. I prefer to test it." }-
Did you tried the last version?

Kerio 2.1.5
LNS

-{ Quote: "Did you tried the last version?" }-
Yes I tested. And I'm happy with Kerio 4.1.3 much more...

In the mean time you have been trying to convince us to use Kerio...

Do you care to share why you think kerio is better? Cause I think this is a better conversation as to only stating it is better?...

:)

-{ Quote: "Yes I tested. And I'm happy with Kerio 4.1.3 much more..." }-
OK, different systems... ;)

On my system, Outpost Pro use less resources than Kerio...

for me outpost doesnt seems to use many resources (at the very not that i can notice) and disabling logging lowers the resources even more. in any case for a lightweight fw i recommend look 'n' stop, i havent ever used a firewall as light as it. of course this tradeoff comes in the case of friendliness and the learning curve for rule creation and placement.

-{ Quote: "In the mean time you have been trying to convince us to use Kerio...

Do you care to share why you think kerio is better? Cause I think this is a better conversation as to only stating it is better?...

:)" }-
By the way, I'm not a kerio salesman :)
But you must test your firewall on a few crowded web sites (a lot of images and scripts -for example; internet markets-). Web surfing speed is dramatically different with kerio and outpost. only memory usage isn't interesting. CPU usage and web surfing speed are more important for me. Because of these reasons, I prefer kerio instead of outpost. (sorry my english, i hope that you can understand me)

-{ Quote: "By the way, I'm not a kerio salesman :)
But you must test your firewall on a few crowded web sites (a lot of images and scripts -for example; internet markets-). Web surfing speed is dramatically different with kerio and outpost. only memory usage isn't interesting. CPU usage and web surfing speed are more important for me. Because of these reasons, I prefer kerio instead of outpost. (sorry my english, i hope that you can understand me)" }-
I would like to see these tests... ;)

-{ Quote: "I would like to see these tests... ;)" }-


Tests are difficult my friend. The way I see it is again it comes down to user experience. it's his experience and feeling that the Firewall is faster...

That doesn't mean it is for you or for me...
The one thing I can say is that I felt some differences too in Firewall Usage...but I cannot proof it...

it's all relative and personal and therefor would not apply to all of us...

Stating that Kerio is the best is useless and can only confuse people whether it is for the difficulty of rule creation whether it is for the lack of decent logging system ;D

Personaly I tried Kerio a lot of times and I like the program. but it's personal ... so I choose another one lol ::)

-{ Quote: "I would like to see these tests... ;)" }-
Yes, I can show an example to you. But, do you know Turkish? :)
http://www.hepsiburada.com/
- first; click the five or six headers (bilgisayar, ofis kirtasiye etc....)
- second; click again same headers.
- consider the web page display time.
after, disable outpost, and restart this test. Please, look the difference.
What did you see? :) (don't ask me the mean of words :))
Regards.

LMAO, like I said: it difficult alright :D

like infinity said, these "test results" are just personal experience. for me visiting that site didnt rele matter with the firewall off or on. maybe its because i have dsl or maybe its just my outpost config.

maybe you have a rootkit ;D

-{ Quote: "like infinity said, these "test results" are just personal experience. for me visiting that site didnt rele matter with the firewall off or on. maybe its because i have dsl or maybe its just my outpost config." }-
Yes, BUT everbody talks about their personal experience. but, a lot of people may have same experience with me. it's a probability. i'll be very glad if there is a public and thrusworhty firewall performance test results in internet.
Regards.

there was some time ago...no there was not lol those were browsers but then again it depends...

-{ Quote: "if = u like it +working + it's secure -> don't try fixing" }-

should be some mathematic formula by now ;)

-{ Quote: "I often go to clients (home/SOHO users) and find that they are thinking XP "firewall" will protect them, yet they have networking enabled on their wireless because they need to print or access files at home." }-
Easy enough to toggle exceptions on/off with the Windows Firewall to accommodate different situations.

Regards,

CrazyM

Outpost user as well and it does slow down surfing at times. May be because of the plugin's? Am using Tiny 6.5 on my laptop now and surprisingly, it is good to surf despite the memory usage. Had my doubts initially 'bout Tiny on a laptop.

-{ Quote: "Outpost user as well and it does slow down surfing at times. May be because of the plugin's?" }-
well i only have the attack detection plugin enabled, could that be why i dont seem to feel any slowdown?

Lekei,

I'm not aware of any firewall that takes notice of wireless network SSIDs - nor would the feature be especially secure since it can be easily changed and many public access networks just use the default value. Instead, creating (and loading) separate firewall rules configurations for home, business and public use may be a better option - most firewalls will allow you to do this so you should not be unduly restricted in what to choose.

MAC address filtering is another method but Sygate, Outpost (via the third-party SuperStealth plugin) and Look'n'Stop are the only ones that spring to mind as offering this (LnS would probably be the best choice if low resource usage is a priority over fine-grained application control).

-{ Quote: "Kerio 4.1.3 is a good alternative." }-
Actually, KPF is a decent firewall but it has no concept of zones per SSID.

It is also in the moderate overhead (10-20MB RAM) range.

It has the additional restriction that the free version will disable all networking functions after 30 days.

-{ Quote: "Web surfing speed is dramatically different with kerio and outpost. only memory usage isn't interesting. CPU usage and web surfing speed are more important for me. Because of these reasons, I prefer kerio instead of outpost." }-
Actually, what you really want to check are page faults and memory faults. OS Swapouts of memory for obscenely hungry applications don'r show as CPU usage. Turn on PFs on task manager to get the real picture.
-{ Quote: "I'm not aware of any firewall that takes notice of wireless network SSIDs - nor would the feature be especially secure since it can be easily changed and many public access networks just use the default value" }-
Which is why I suggested that BSSID is better. SSID is more useful than IP address, but many firewalls filter on IP.

The firewall should clamp down any time it sees an SSID of lynksys, default, wlan, etc. and only allow particular, specified ssids to be trusted, and only if protected by WAP/WEP. It should also use the BSSID to prevent spoofing.

since we're talking about a firewall for laptops, has anyone used zonealarm wireless security? any opinions?

-{ Quote: "since we're talking about a firewall for laptops, has anyone used zonealarm wireless security? any opinions?" }-
I didn't try it, but doesn't ZoneAlarm Pro (the regular) has options for wireless security too? Or am I wrong (never used wireless networks...)

-{ Quote: "I didn't try it, but doesn't ZoneAlarm Pro (the regular) has options for wireless security too? Or am I wrong (never used wireless networks...)" }-
These settings have nothing to do with wireless networks.

Zone Alarm is not a good choice for a notebook because it differentiates trusted zone by IP address. This is somewhat usefully if you set YOUR network to 192.168.75.1 for example, since most routers are 192.168.0-3.1, but you really want to have your settings such that a particular SSID-BSSID is required.

It's amazing that I have yet to find any such utility that I can recommend to my clients!

Do you need a firewall for more than one laptop?

If so, consider a central managed system, with decent password protection. Checkpoint (ZoneAlarm), Sygate, Outpost Office, Netop. It has to be possible to have it use different policies for the LAN, internet, Wifi settings.

-{ Quote: "since we're talking about a firewall for laptops, has anyone used zonealarm wireless security? any opinions?" }-
Remember that one requirement of a firewall is low resources.
My experience with zone alarm is that the system drain is worse than half of the threats out there.

-{ Quote: "Do you need a firewall for more than one laptop?

If so, consider a central managed system, with decent password protection." }-
I am looking for a firewall to recommend or sell for computers I service. The other problem is that most firewalls prompt users for every little change... sounds like a good idea but most users answer one wrong... I just got back from a service call this afternoon where the client killed her computer because after a windows update the firewall prompted her and she answered wrong.

Black Ice is a popular choice in the corporate environment as after it has done it's initial baseline it only alerts for intrusions or if you install a new app. In the corporate environment PCs / laptops are often tightly locked down so the end user can't add new programs - hence there are very few application alerts.