Looking for a new firewall; basic requirements

[Fly]

As I stated in a previous post I'll drop my McAfee Virusscan Plus 2008.

I've narrowed down my choice for AVs to two programs.

Here I'm requestion suggestions for a new firewall. Even partial answers are appreciated.

For reference, I have Windows XP Home Edition, IE 7, Counterspy,
Spy Sweeper WITHOUT antivirus and will keep it thay way.

Now the firewall: (I'll do more research, but suggestions are welcome)

Most important: protection against incoming traffic/probes.

The McAfee firewall has several possible settings. Two of those: standard, and 'strict'. The difference between the two is that 'strict' (in the 2007 version, I just checked and it has been rephrased) supposedly blocks 'it' if I receive different data than I/a program had asked for.

Basically, how can a firewall know if incoming data should be allowed or not ? In the 2007 version of McAfee 'strict' supposedly would make that distinction. It seems a rather technical question, but one that is certainly relevant. I have a router with a hardware firewall, (it more or less works, I tested it), but in an older version of the McAfee firewall's logs I could find data/probes of of incoming data that had passed the router's hardware firewall. (For example, when I was logged in on Ebay, I certainly wanted certain data to enter my computer, but the Mcafee firewall (version 6 or 7 I guess) 's logs recorded entries like 'EBAY IS HACKED' (with IPs and other data), some apparently innocent traffic, and real probes by hackers) When I get a new firewall, I want one that is able to stop unwanted incoming traffic. VERY IMPORTANT.

Also, I have ONE computer that's wirelessly connected (using software that came with the adapter, I didn't use a Windows network wizard) to a router, which is connected by a cable to my modem, which is connected to the internet. McAfee has the inclination to 'trust' the network, which could presumably mean that the entire internet would be trusted. This is not something I want to take chances with. Not with McAfee or any other firewall.

The above two paragraphs emphasize that the new firewall should be reliable and sturdy regarding incoming traffic.

As for outgoing traffic: I want a firewall that also deals with outgoing traffic.
It doesn't have to be perfect. I should be alerted when a non-malware program tries to establish an outbound connection (if I haven't approved it earlier). If it's leaktest-proof, fine, but I would count on it to stop real malware using refined tactics to sneak through my firewall. Nor would I require other features (like a HIPS, for example the (older) Kerio firewall, asking me difficult questions, slowing down my computer, and being incompatible with the Spy Sweeper) that are cumbersome. The firewall doesn't have to be able to withstand advanced tactics by malware regarding outgoing traffic. It shouldn't be too complicated.

The firewall itself shouldn't cause problems by being unstable.

The firewall should also be fairly light regarding resources, nothing really heavvy. ( I have 512 MB RAM and a 4 year old computer that is still able today to deal very well with today's requirements, in general).

It should also be cheap or free.

Quoting my earlier question: 'Basically, how can a firewall know if incoming data should be allowed or not ? ' Maybe noone here understands. But it would be nice to know.

Suggestions/insight appreciated.

[LoneWolf]

Quote:

Originally Posted by Fly

Quoting my earlier question: 'Basically, how can a firewall know if incoming data should be allowed or not ?

I believe that's the job of Stateful packet inspection or Deep packet inspection

[Diver]

For personal firewalls inbound traffic is controlled by stateful packet inspection, and sometimes pseudo stateful inspection for UDP. Basically stateful inspection allows in connections that your computer asked for by making contact first. Deep packet inspection, gives the ability to look into the data the traffic is carrying and is more likely to be used for enterprise class gateway firewalls.

There is also a shortcut method where all incoming requests for TCP connections having a SYN flag are denied.

For P2P programs its necessary to make an exception.

One can go over to Matousec and look at the list of firewalls there and try every free firewall until one makes you happy. Jetico I is extremely light, but it takes some expertise to set up. Another free one that is light is Kerio 2.15, which again takes some effort to get running. Generally, the easy to use firewalls are going to use more memory. ZA free is one of the easiest to use, but can be a memory hog.

If you own a router consider using the windows firewall, or even no software firewall. It may have no outbound filtering, but IMO outbound filtering has the lowest return on investment (setup effort and machine resources) of any security measure. Something to consider when resources are tight.

[Fly]

Thank you. But 'try every free firewall until one makes you happy' is not what I had in mind. Ok, I have 512 MB RAM, that should be enough space for a decent firewall since I currently have McAfee Virusscan Plus (includes firewall), Spy Sweeper, Counterspy, and I still have free memory left.

I did take a look at the Zonealarm firewall, and the biggest version appears HUGE (3 layers ?), and I've read about people complaining about it being problematic. For example, on download.com (that site always tries to make users' reviews look better than they are, if you select by recent date first you typically see bad reviews, but then, that could just be the competition).

Feel free take come up with a few more suggestions.

[AKAJohnDoe]

A router with NAT will provide almost everything you require. ZoneAlarm (Suite, AV or AS, not the free one) if you want more.