Good app control / outbound access / low resource FIREWALL ?

[halcyon]

I've been running kerio 2.1x now for two years. Have tried Outpost Pro (not for me), ZAP (not for me) and some others (not worth meantioning).

I've now become finally ready to accept that I may need to move on from Kerio 2.1x.

My reasons:

- recently discovered vulnerabilities (more probably coming, but most likely not updates for kerio 2.x)
- sometimes the program loses my firewall application rules (all rules are lost). This has happened twice. I haven't found a solution for this
- Kerio 2.x is vulnerable to various outbound attacks (and will probably never get a fix for them)

My requirements for the new firewall software would be:

- VERY LOW on resources (RAM and CPU). Preferably no more than kerio 2.x
- Good application level control for outbound access (can haver other type controls as well, but application control is a must)
- Catches most known outbound access variations
- Firewall only (or configurable as such): no IDS, no anti-ad, no spyware blocking, no cookie cleaning, etc. I don't want a kitchen sink
- From a company that has existed at least for a year and which is more than likely to exist for at least another year
- Not too expensive (max. 50 euros)
- Easy configurability is a plus, but not a requirement
- Support available either via user groups or from the company itself
- In active development by a company. Not done by a one man shop or receiving only an update once in a year. Known bugs fixed.

Now, I don't like nor will I consider the following firewalls:

- Outpost Pro (kitch sink & resource hog. I had kernel crashes with it and never received support from them and I was a paying customer when they were just starting out)

- ZoneAlarm Pro (I'm a customer, but I don't like their interface or it's resource use, which is too high)

- Kerio 4.x (I've tried it but it is again a kitchen sink. I've had problems with the various betas and I don't want to be a paying beta-tester)


What other options are there for low resource usage / good application control / good outbound access control -firewall?

I know there is no "best firewall" and I'm willing to play a bit with two test versions, but time probably doesn't allow me to try out three or more. I try to have a life as well and I'd like to get a solution that 'just works' (ideally).

I'd appreciate all suggestions for or against various firewalls, but please try to fit my needs.

I also won't participate in discussion about Outpost Pro, ZoneAlarm Pro or Kerio 4. If you like them, fine. However, do respect the fact that I don't like them or want them in my computer (even though I own the license for the them

regards,
halcyon

[Notok]

You might try x-wall, it has a free version that is along the lines of kerio 2.x
http://www.sphinx-soft.com/firewall/order.html

[se7engreen]

Look N Stop
Kaspersky Anti-Hacker

I'd suggest Look N Stop first, but both of these should have (or not have) just what you're looking for. Look N Stop is €32,00 & KAH is €26,30.

[no13]

BlackICE Defender. Best APP Control available. not much of a firewall as it only controls outbound access. low memory usage. seems perfect for you, as its IDS/IPS is simply the default rules of other firewalls, just a new name.

[halcyon]

Thanks for the suggestions.

The last time I looked, LnS had very limited application rules. Has this changed?

As for BlackIce (I have a license). I was burned by them years ago, when they were about the only kid on the block (or so it semed). Also, their security track record (exploits, roots, etc) is just horrible. I won't touch them with a proverbial five foot pole

Thanks for the tips though. Keep them rolling!

[JayTee]

Try Jetico, though it is free for now and in beta.

Has similiar ruleset capability as Kerio 2 which I like, though I must add that when you try to uninstall it, it stays in the control panel. Not too sure what other bits are left behind as well.

Small memory footprint, almost similiar to LnS at 8 MB. Kerio 2 is the best at 5 MB on my system.

Installed it on two XP2 PCs, one of which crashed (Northwood 2. but the other (Williamette 1.7) is working well. Can't figure out whether or not it is due to Jetico or due to Process Guard. I have a registered version of the application on the Northwood.

[Infinity]

ssm with built in firewall of xp. then you have perfect outbound protection and the inbound is built in.

[Infinity]

not completely correct though but I guess with ssm you have some serious app control...

[ronjor]

I am trialing LooknStop. So far, I really like this app. Small footprint on the hard drive and it is configurable down to the inth.
Support is available right here on Wilders. Hard to beat combination!

[tosbsas]

You can even get more support here

h**p://www.fluxgfx.com/ssc/index.php?

Ruben

[halcyon]

For those who have already tried them...

Did Look'n'Stop have application control in it's current version?

How about Jetico?

[Kerodo]

Quote:

Originally Posted by halcyon

For those who have already tried them...

Did Look'n'Stop have application control in it's current version?

How about Jetico?

Yes, to both I believe. I think the free version of Look N Stop lacks app control, but the pay version has it. Jetico has it and is still in beta and free at this point.

[AJohn]

Tiny is nice, it has great application control ("windows security"), but it comes with Snort IDS. Look 'n' Stop has great application protection and is very, very light on resources. Jetico is a good firewall that also has good application protection and is also light on resources, but is still in beta stage. Black Ice is decent, but it comes with IPS/IDS and the application control allows you to choose what can run, not what can access the interent and is highly recommended to only be used on a clean system since it makes a baseline when you turn application control on and does not let you choose what to baseline untill afterwards. 8Signs is a great firewall, but does not have application control. As Notok mentioned, x-wall may be worth a look. There are tons of choices out there, you just have to look. ATM I am using 8Signs with Look 'n' Stop's application control, but that is just a personal preference.

[no13]

Good point AJ
BUT BlackICE does control what apps can access "the network" which is LAN+WAN gateways (i think)
About the baseline thingy... you CAN change what rules are created afterwards (but it takes too darn long) and you can even stop the baseline (NOT recommended)
I don't really like Blackice, but its got one thing not many others have... called "component control" in ZA... it treats each DLL/OCX file as an executable and applies the same rules on those and it spots any kind of DLL "injection" into any process (provided its not a known dll or exe or both)... I like that, and i don't like ZA as ZA doesn't like Kerio and I like Kerio too much.
hope I obfuscated more than you guys learned ... seriously!!!

[no13]

For those who like Kerio, are interested in Kerio or are simply trying to find a fully featured firewall........
Kerio's Web filtering is good, but it removes cookies too much, and interferes with ur board posts. Sorry. Also, not many users give the firewall straight As... maybe B- and C+ grades.
My love affair with KPF may be about to end.

My experience with look 'n' stop AND Jetico....
multiple install and uninstall problems, configuration difficulties, inability to detect new apps, and finally, BOTH screwed up my system pretty bad (led to clean reinstalls)

My itenerary for firewall testing is.....
1. Tiny Personal Firewall
2. Outpost

I've begun to hate BlackICE as well because it can't help but be heavy (but NO other item gives me component control)

[Kerodo]

Quote:

Originally Posted by no13

My itenerary for firewall testing is.....
1. Tiny Personal Firewall
2. Outpost

Good luck with Tiny. I tried installing the latest 6.xx and spent about an hour looking around and couldn't figure out anything. I guess it takes some time. I went to grc.com and scanned and it showed everything CLOSED with some ports OPEN. There's probably a way to stealth everything somehow, but I couldn't figure it out. The help file that comes with version 6 seemed to be the help file for version 5. Things apparently have changed from 5 to 6. At any rate, it doesn't appear to be easy to figure out.

Outpost is good and fairly easy to use though...

[AJohn]

With BID you can always start the baseline/stop it, then turn application protection back on and clear the baseline manually from the .txt file in the BID folder, but I really dont like the whole way it is setup and that is too much of a hassle when you can use something like x-wall, L 'n' S, Outpost, Kerio or any other method much easier.

[no13]

Hey AJ.... The ONLY reason i use BlackICE is that its got Component control.... show me any non-ZA firewall that uses it and I'll throw it out before u can count to... well... 13
And you're right, it is a bit of a hassle, but if you baseline it, then only change some settings, and keep the rules to "ask for new app", then its pretty well behaved, except when you install SPs, then it goes kaplooey for hours and hours together, since after every restart it wants to know something new.
Also, its component control ain't that great... it will only detect one new component PER time the program calling it starts.... which means if 2 BHOs attach themselves to IE and they're unknown to the BID rules, the alert is generated for only one of them, and if u allow, the other has temporarily slipped inside, and gets detected ONLY when the first has a rule for itself created. Only then it generates a fresh alert.

[AJohn]

Good bye BID.

http://www.abtrusion.com/

As for firewalls that have component control...

Look 'n' Stop
Outpost
Jetico
and many more...

[Kerodo]

I don't think Jetico has component control AJohn.. Don't know about Look N Stop either, but perhaps it does. Outpost does. Sygate also does....

[AJohn]

Based on the below, I assumed that Jetico did.

Quote:

Originally Posted by Jetico, Inc. (h**p://www.jetico.com/jpfirewall.htm)

III. Filtering of user-level process activity. This kind of protection notifies user and cuts off dirty tricks performed by trojans and other malicious programs. For example, such a trojan can inject its own code to the memory of running well-known and trusted program, like Internet Explorer, and later make Internet Explorer's process send or receive data the trojan wants to transmit.

At the moment Jetico Personal Firewall detects and prevents such a network activity of malicious programs that are illustrated in firewall test programs like AWFT, DNStest, Copycat, FireHole, Ghost, LeakTest, MBTest, Outbound, PCAudit, PCAudit2, Surfer, Thermit, TooLeaky, WallBreaker, Yalta and Yalta Advanced (*).

I do not see how it could stop all of these without component control, but please correct me if I am wrong.

[nadirah]

Sygate Personal Firewall is a very good choice.

[no13]

AJ... memory injection and dll hooking are different AFAIK, but I'm no expert, just a kid with a Pentium 86 welded at the top...

[AJohn]

I was under the impression that Jetico had both, sorry if I am wrong here.

[no13]

hey, why not test it... the awft test generates hooking in one of its tests...