Are rule-based firewalls inherently more secure?

I'm a longtime Zone Alarm Pro user.  For several different reasons, I've decided to get smarter about software firewalls and determine if I should use a different product.  

Now, I was over at Becky's forum asking questions about Look n Stop specifically, and how a rule-based app differs from an application-based one.  The basic explanation (which I'm sure is very high level and general) is that Look n Stop has 2 fundamental layers of protection.  The first is application based, and if an app is denied permission to establish connections, then that's the end of the story.  But if it IS granted permission to connect, then the rules set is invoked and used from that point forward.  

I'm probably oversimplifying it, but it sure seems to me like what's happening is a rules-based fw is doing what ZAP already does, and then applying a whole other level of control on top of that.  

So, that leads me to my basic question:  is a properly configured rules-based firewall inherently more secure than a properly configured application-based firewall, assuming both are good at 'what they do'?

 

Re: Are rule-based firewalls inherently more secur

I prefer a combination rules and application based firewall. I really liked @Guard while it was still supported. I also liked Signal 9 firewalls a lot until McAfee got hold of them.
I used LNS for awhile, but could not write rules the way I wanted to, so I went looking again. Too bad, as it's an excellent firewall. Finally settled on Outpost. I don't think anybody is going to find a more highly configurable firewall around.
What's the best firewall for one person, is not necessarily the best firewall for the next. It depends on what you want it to do and can the firewall do that? If it does what you want, does it do it in a user friendly way?
Last but not least, do you have some clue as to whats going to happen when you make a rule? If you don't, are you willing to learn. The really bad firewall is the one that's misconfigured.

To answer your last question, a properly configured combo firewall is probably the best, because it is not limited as a single function firewall is.

 

Re: Are rule-based firewalls inherently more secur

Rule based firewalls allow for much more control over application based firewalls.  You can have multiple configurations in one ruleset that you can enable/disable as you need them.

You also can restrict traffic to ip addresses, and ports much more effectively.  It also allows you to permit traffic to one port/address, and block it for everything else which is much more secure than the simple implicit allow/deny configuration of application based firewalls.

When it comes to security, you can place higher restrictions on applications instead of letting them run loose to any address on the ports they are allowed access to.

What it comes down to there is much more room for user-error in rule based firewalls, but they allow for much more complex/secure configurations when correctly configured.  Most people don't understand how to secure a application based firewall as much as possible, if its even possible in the program, and using a rule based firewall is a huge learning curve at first.  Eventually you figure it out if you try hard enough, and do enough research.... However some people just don't have the will to configure a rule based firewall correctly, and that is why they just stick to application based.

The few programs that are application/rule based offer an ease for people just learning rule based, but honestly its not necessary if you can configure a real rule based firewall correctly.  The honest fact is many people are running rule based firewalls that don't really know how to configure them correctly, and then say they suck when its their own rules that were created by the user that are the entire problem...

 

Re: Are rule-based firewalls inherently more secur

One of the nice things for example you can do with a rule based firewall, is:

You can deny Outlook Express access to port 80 (HTTP).
In that way, when you receive an HTML-email that would want to phone home through port 80, is forbidden to do so.

I believe you can do that also with ZA Pro (I'm not 100 % sure about that).

 

Re: Are rule-based firewalls inherently more secur

Hi FanJ I like ZA Pro for that too. I have the 2.6.362 and I like ICQ but hate those Ads that are on the bottom of the chat page. Adding ads.icq.com to the Restricted Zones stops them forever. Also ZA does all the resolving too. I also have the annoying "Tip of Day" blocked as well. It is nice to have more control over one's PC. Regards, Peter.