6 firewalls tried, back to the simple one ZA...

Okay, so this month, tried moving to all free AV & FW solutions instead of paying for them yearly (even after free after rebate programs, where I'd still pay tax).

AV was simpler - read up on PC World, PC Mag, AV Comparatives, VB100, and it came down to a few. Norton or Eset for paid AV; Avira for non. Generally, these tended to rank Advanced+ on AV Comparatives over time; or ran well in numerous other tests over time. Since I was moving to free, Avira 9 it is. (Avoiding 10 for now given the mixed reviews here...)

MBAM, Spybot, Eset Online Scanner (in IE), Firefox w/Adblock Plus, Prefbar (with javascript/flash/plugins turned OFF always unless needed) as well.

---

Firewall was next. Tested on a 3.06Ghz P4 system with 1GB, XP SP3, Avira 9.
Latest verisons out as of today.

1. Outpost (2009 2725.381.687.32
~59MB RAM used on a fresh boot.
+ Easy to install & use.
- No Easy way to control each program individually ala ZoneAlarm.
- No Toolbar Transfer Up/Down icon ala ZoneAlarm.

2. Online Armor (4.0.0.44)
~32MB
+ Lots of control over various programs on a program-by-program basis.
+ Nice traffic graph popup window for extensive tracking of bytes sent/received, etc.
+ Toolbar up/down icon indicator.
- Takes forever to scan the PC on initial setup, and then puts up a slew of questions asking if you'd like to block, ask, or allow various items.
- Put CPU usage at ~2% all the time even w/o a network card attached and with system at full idle doing nothing (vs. ~0% w/o it installed).

3. PC Tools.
~28MB
+ 0-1% CPU usage.
- Immediately slowed network transfers, browsing, loading, etc.
- Allowed a program to access the net (web browser), the detailed traffic window didn't show the program on screen (even though I had started a download using the browser) for many dozens of seconds. Very dangerous as it doesn't update in real-time in this aspect.

4. Comodo
~19-24MB
+ Easy to install.
- Hard to uninstall fully! Had a Windows Installer not installed properly error on uninstall (huh? How did it install then?) One service still listed in SERVICES, and a total pain! to uninstall in this state (system restore).
- Rules, rules. Not very easy to simply turn access on/off for individual programs. Messy - rules in numerous windows.
- Asking to install and change too many things unrelated - toolbar, DNS, etc.

5. Eset Security Suite
~62MB (although even with everything except firewall turned off, it still took this much)
+ Easy to install
- not a lot of customization
- just rules, but added in one window.
- Browsing a touch slower.
- Bloat

6. ZoneAlarm
9.2 FREE - Constant disk access at intervals with no adapter attached, nothing except system idling from fresh boot. Very odd. 1-2% CPU at all times.
8.0.400.020 PRO - 26MB - Wireless drops now and then. No reason, just stops access.
8.0.298 FREE - 22MB - 0-1% CPU, Fast startup/shutdown of ZA.

+ Easy program control
+ Easy to understand when you've got everything on MAX protection
- Free doesn't have full port/program control vs. Pro or higher paid versions.
- Newest versions result in constant interval disk access at idle.
- Some versions mess with wireless, stopping access every couple of minutes.

----

So eventually, it wound up with immediate BAD firewalls to toss out (PC Tools - slow network, Comodo - bad uninstall).
Others due to lack of control (Outpost), or too many rules to make (Eset, OA), too much CPU/disk access (OA, ZA 9.2), slow install wizard (OA), etc.


Eventually, it was ZA 8.0.298 Free for now given it's lightweight RAM usage, simpler program control (just click ALLOW, ASK or BLOCK), low CPU usage, toolbar up/down indicator icon, and clean install/uninstall and fast install. Net moves along quite nicely with Avira and Norton, almost as snappy as if there were no AV/FW installed most times, and it generally works.

Makes me want to run back to Windows 2000 and Sygate (which I had on a naked server, no router protection, up for 10+ years w/o a single problem or compromise - Sygate's that good at blocking junk - even with updates infrequently, periods longer than months w/o an update). (Makes me wonder why on earth did Symantec kill Sygate as a firewall only software solution... It would still be making $$$ today.)

--

For browsing, prefbar + firefox with javascript/flash/plugins turned OFF all the time except when needed is Super at keeping bugs out! Even nasty pages that would have kept most users in unending popup OK-only button hell, is easily avoided. (and even if you accidently get there, simply press ESC while clicking fast on Javascript OFF and voila! bye-bye pop-up prompt & script!)

---

Lesson learned - Never ever trust Comodo! Bad uninstall (Windows Installer not installed correctly error on uninstall ... despite installing correctly in the first place!?!) with service entry left behind (why can't they simply use the regular installer that works for everyone else?). Now I have to go search how to remove a SERVICES.msc entry..... sigh.... They've been out how long? and can't even uninstall correctly?!?

Here, I'd rather pick Outpost or OA if I couldn't get ZA, and probably would pick paid Outpost for the low CPU usage and easy install. OA is the closest in features and easy-of-use-like a ZA, but 2% CPU usage is just sitting there with logs turned off, no network card attached, and nothing running... sigh.... needs work.

Moving foward, 8.x for ZA seems to be about where they stopped being so nice as a FW. 9.x's constant disk access at idle w/o a network card is crazy, so that's where Outpost's Russian programmers' careful development would be the best alternative choice moving forward if 8.x ZA doesn't run on newer systems anymore.

ZA 8.x's clean install/uninstall, low idle usage, etc. makes it the best compromise for me at this time given the rest of the setup I've got.

 

I have a license for ZA Pro...Though i don't deny that maybe is a good firewall,for me it's HIPS are very very weak.I don't consider myself,and i'm not a power user,but i like to have more control,more pop ups,more configuration for programs access.And ZA lacks completely in this area,at least for me.

 

As a forever Comodo user just some thoughts.
Something went wrong with your installation. I have it on my home machine on Seven x64 and at work at XP x32 SP3. Never had problems with uninstall.
Rules are for granular control. I like this.
Latest version is without toolbars of any kind.

But bottom line the best option is that you feel comfortable with.

 

I had installed Online Armor Free for the first time on my computer yesterday.

It ran the initial scan and it did it fairly quickly, i dont know why you said that it takes time, i think it depends on how fast your computer is.


I have around 224 applications installed on my computer.

 

A 9.2. bug release fix should be released sometime soon to fix the HDD access. 9.2 series contains drivers RAM optimisation to reduce load on the system much better than 8 series. So, I warmly recommend an upgrade when possible

IMO, its very much the contrary, ZAPRO is (or was at the time of the disclosure) the only HIPS able to protect against KHOBE 8 vulnerablity (time attack prevention option). It provides optimal protection against real threats (not leak tests) without flooding the user with pop-ups that are not easy to answer. Sometime marketing of HIPS can be misleading and provide little addittional protection to average users.

 

Try to set the component control on and protection to high. You will get enough pop-ups. The m\main problem I faced with ZA is that it forgets about mu decisions often, my internet zone, my startup items etc. But it runs good otherwise in my Lapi. But it always slows down my Desktops boot time although it has better configuration.

 

Tried the latest bug fix release? It should address many of the reported issues.
Always clean install (remove previous version) and keep defaults to check for performance issues.

 

Are you talking about THIS ?It seems to me that ZA failed too.As i said,i prefer to have a firewall with powerful protection for both leak test,and attack prevention.And i don't think that OA,CIS or OP HIPS can be compared with ZA's...i tried them,and ZA has long way to go.It used to be good,but no more.

Tried that too.Didn't like it.Possibly a matter of taste too...

 

Yes, that one. ZA protects it if setup correctly (advanced options: time attack ). Of course all mentioned firewalls provides excellent HIPS. My experience is that unfortunately, malware protection is very different from leak test protection. But if you are happy with leaks scoring than I am happy for you.

 

I agree for the most part with everything said above. I am using Comodo 4.1 FW/Hips only no AV and I find it light and fast. I have never had a problem uninstalling it. I also liked ZA but it had the constant disk I/O similar to OP Pro. OA doesn't fully support Win7 64 yet. I think their Pro version does, not sure. PCTools FW just never worked right on my PC's.

Ice

 

i use the old sygate 5.6.... for outbound protection no hips

 

LnS is lighter than the rest that were tested and quite simple as well.

 

ZA - Okay, saw that they just released the update. However, given that 8.0.298.000 is working fine here, I don't see a pressing reason to update for myself. And, faster, more stable wireless for me than the 9.2.x releases I've tested (people are still talking about this recently with 9.2.x on their forums)

HIPS - One thing that gets me is how do these things get into the PC?
a) Into the OS w/o anything running - perhaps with an OS security hole.
b) Through the web browser.
c) Email.

Well, let's tackle them:
c) attachments. Simply don't use the regular MS apps for anything. OpenOffice for office docs, FoxIt reader for acrobat files, VLC for videos & audio.
Voila! Majority of the security holes for attachements are closed. (And not a cent paid, too! Why pay $150+ for Office when OpenOffice will do it free?)

b) Firefox with PrefBar & Adblock plus on.
Suddenly, most of the pages with ads - gone! No more ads! And faster web page loading, too!
Browse using Prefbar with Javascript, plugins, cookies, referrer off - voila! Nearly impossible to control/jump through the browser because scripts and plugin vulnerabilities simply don't work.
Naturally, turn them on only when needed for banking sites, etc.

a great trick - browse with scripting on, but browser ID always set to something else - eg. Netscape Mac. All of a sudden, browser script hacks don't work right because it thinks it's attacking some other type of browser.

a) OS. Patch often with Windows Updates, and a solid firewall set to the highest settings will block all incoming ports. Done. Even if the PC sits on the net, ports blocked, nothing running, a solid firewall will prevent takeovers in 99.999% of cases, in my experience.
And, not only have Windows Firewall on, but also the 2nd firewall as well. Running two firewalls here, so two lines of defense on at all times (and Win Firewall set to allow no exceptions). ZA, you can block just about everything from servers to fragments to just about everything, so nothing is likely to ever get through.
ZA loves to ask before allowing things through, so it's another line of security. Monitoring both ZA's & Windows Network Icons for activity when you're not doing anything is wise, too.

---

That said, what else is everyone else downloading??

IF it's the basic Office docs, video clips, etc., #B with a good local virus scanner and Jotti multi-virus scanner scan will take care of any potential problems quickly. ALWAYS scan before opening! And, things like Office doc exploits simply don't work on OpenOffice; Acrobat exploits on FotIt; etc. ^o^

Otherwise, those visiting those Wrz sites and all, well, it's not unusual to become infected...

What is everyone visiting??

Stay away from the bad sites (they've even got trusted site verification in browsers nowadays), and you'll not likely encounter an infected site. Simple. Like not driving through a bad part of a city - just don't do it!

Lines of defense??

You've got at least two firewalls that can run on the PC, most routers have another. Honestly have to be God to penetrate that many lines of defense once they're all setup properly, IMO. Simply using 1 solid firewall on max will block everything incoming, so it's highly unlikely someone will break through all 2-3 at their max settings.

Scanning??

Gotta scan your system often with Avira (or other AV), MBAM (and other Malware), various online scanners for free (ESET ONline Scanner, etc)... just in case. A clean system is the best system.

Backup??

Once you've built a trusted system clean from scratch, ever back it up completely?? Any sign of infection, and it's a master restore from backup and you're good to go again. No point at all cleaning and praying - just restore to a 100% clean system setup. You can never fully trust a compromised system!

If you're neurotic - they've also got software that sandbox and/or restore your system to a clean slate after each logoff. You can also browse from a VirtualPC console as well - the attack will hit the virtual OS, but not your main one (here, don't share IP, assign the VPC OS a seperate one).

Admin login.
er, you know. create a non-admin user account and use that all the time instead. and make sure the admin password is complex and account files isolated from other users.

XP SP3. Just use it.

Anyways, always funny to see other people get hit with bugs and all when it's so simple to simply follow even the 3 rules above and avoid it all. A firewall isn't the end all to infections - just one part of a fully designed defense plan. But given all the free tools and knowledge out there today, so easy to create a really secure system knowing what's the most likely vulnerability points and all.

(Oh, and right about the popup prompts from various firewalls - ZA's the best at it after testing.New ones don't overlap old ones suddenly, making it easy for one to answer each prompt in order and w/o making a mistake. One of those alternatives I tested had this problem - new popups popping over, rather than under already popped up prompts, thus making it crazy trying to answer anything right.)

 

Btw, wait in any case for the next bug release fix of ZA free 9.2. its on the works and it should come sometime in then next few weeks. It will include IPv6 support (if relevant). The main optimisation I see is both the cloud based white/black list central database reducing pop-ups and a better RAM footprint. It can consume as little as 3M (vsmon+zlclient) on idle up to 30M when on duties.

 

are the improvements you mentioned in the ZA Pro yet?

 

What this thread graphically illustrates is that if 10 users were all to try 10 different products they'd likely have 10 different experiences with each of them.

That's why,however much advice/recommendations you receive the best option is to create a disk image then try all the candidates for yourself to see which fits best for you.

 

@bloggingpig on #13th post
to me thats more like restricting yourself in order to restrict possible infection/attack.

but... at least, its safe

 

Yes, they are on latest 9.1.603.000. You could well wait for the next ZAPRO release (9.2) that will contain even more fixes and improvements. ZA never publish release dates so it may happen is some weeks from now or later. Probably anticipated by a beta test... but that is just based on purely anecdotal evidence

 

9.2.057 is now out, installed it, seems to work fine thus far. Hopefully, fixed the minor issues of earlier verisons.

---

Upgraded to 10.0.0.567 of Avira Free, mostly runs smoothly. Does try to bring up issues now and then about 'viruses' that aren't viruses (false positive), so not as 'noise free' as other AV programs like Norton, in my experience. However, stable and quick with ZA thus far, so looking to be a 'nice' substitute for paid apps.

Two above form a 'nice' free AV package IMO. Stable and don't take a lot of resources or RAM on a single core CPU, and no interference with heavy video encoding apps and the like after testing for a few weeks.

---

What would be a nice feature is automated submission of a probably virus to Jotti, etc. to check against 20+ AV engines to make sure it's not a false positive. That would be nicer than having to check yourself.

But otherwise, have bookmarked all the major online virus checking programs, so running those after a detection with a clean bill of health means likely false positive. (never know, but likely...)

 

Well, I know this is going to be like throwing gas on a fire, but,
I stopped using ZA when it went from the wonderful, lite, fast and easy to use firewall to the bloated cow it was turned into.
I compare it to when AMF took over Harley Davidson....ruined the bike..employees got so upset they bought the company back.
Too much code was shoved into ZA, even the free version was crammed full...slowed my system down, started have conflict issues, had to boot up into safe mode just to remove the darn thing. Remember now, I really did like ZA for being so easy to use. Now, you could not GIVE it to me.
jmo

 

ZoneAlarm's Advanced Download Protection gives more and better information about 0-day threats than any other HIPS. For an average user this is more important than to score excellent on Comodo....'khm' Matousec "nagging the user" test.

 

I'm a fan of OA, so I have to offer a modest defense: Experiences regarding initial setup time and CPU usage vary between users and computers. My theory is that potential sluggishness is often due to some minor conflicts/overlap with existing anti-malware programs. For example, many real-time AVs attach themselves to OA's initial scan and slow it down. For best results, I would recommend the following:

1. Shutdown or disable your AV and similar programs and optional auto-starts during OA install and initial scan.
2. Turn off OA's program guard initially.
3. Add your AV to OA's exclusions and add OA to your AV's whitelist or ignore list.
4. Give OA a few days and several reboots to acclimate to your system.
5. The "block, ask, or allow" pop-ups are a necessary evil, but in theory you should only have to answer them once per process (if you keep the 'create rule' checkbox ticked), so over time you should only see them for new processes and during/post software installs/updates.

 

Does ZA free work with MSE any known conflicts ? i have not used ZA since a very long time? is it lite, boot up time etc. and cpu ,ram uses?

 

Unluckily this is not an onyl Comod problem, but an issue common at many excellent security softwares: for exemple Avira, Kis......

 

Let's hope Check Point "does a Norton" and totally revamps their software to be light yet effective. I'd use it again in a heartbeat if this happens.