How would your ideal firewall be?

For me, it would have:
- Kerio's 2 advanced rule creation from the alert window and resource consumption.
- Comodo's colourful pop up alerts and "treat as" option, with customizable policies, as in real Comodo.
- Sygate's logging.
- ZA's overall panel showing applications with server and client rights, for those who don't want to use advanced rules.
- OA's firewall status (with the nice flags).
- OA's hips (no pending files, thank God).
- Port scanning and attack warning.

 

It would be free.

There would never be a warning or pop up unless real malware was trying to communicate out.

It would use very little memory and very few CPU cycles.

The interface and settings would be understandable.

Each new network would default to untrusted and could the trusted/not trusted status could be easily changed.

Resists all sorts of malware attacks.

Plays well with everything.

Brings me coffee in the morning.

Dream on.....

 

My dream firewall would be as light and powerful as CHX-I, and be application-based like OA (standard mode). I dont ask for much.

 

For me: an up-to-date, modernized version of Kerio 2.1.5 (taking the table concept from Jetico, the filtering engine of CHX-I and the standard/advanced mode of OA). Take the HIPS off.
For the masses: a nice filtering engine backed up by an IDS, a behav. blocker, an anti-exploit engine, big whitelists and decent pre-made rules. Better handling of new networks, specially Wi-Fi.

 

For me, it would be an IPv6 compatible version of Kerio 2.1.5. It'd like to have a more versatile logging system, including filtering and export functions. Instead of one "custom address group" I'd like to be able to have multiple "custom" groups. The "network/mask" settings for remote endpoints would be fixed.

The status screen would be improved to include "Time Wait" in the status. Add access to whois and related net services, from the status screen. Add a capture ability to record all connections made and ended over a specifiable time period, savable as a log. Add the ability to close specific connections from the status screen, such as you can do from Sysinternals TCPView, plus be able to add the IP or site name to any one of the custom address groups.

Keep the HIPS and all other functions separate, like it is now.
Rick

 

u forgot the attack detection plugin of outpost
it efficiently protect against denial of services "DOS" attacks and port scanning
also displays the ip and mac of any computer in the lan using sniffer or netcut
although i don't use outpost now but these were unique jobs i never saw thses features in any firewall

 

First of all, I want it to be free. Simple $50 here is already too much for a common household.
Then I want it to have a powerful yet light inbound protection of CHX-I.
Less of the nagging outbound pop-ups yet passes all leaktests and exploits.
Probably warnings regarding attacks, such as DoS/DDoS, worms, etc.
It should be user-friendly or else beginners will be plagued with confusion and questions, and may lead to uninstallation of the software.
Informative logging.
Able to view on ports that are currently being used by softwares.
Simple block all and allow all options, to see connectivity problems or just being paranoid.
It shouldn't have issues on LAN/WLAN or home/business networks.
Doesn't affect internet speed.
Easy uninstallation. Doesn't leave traces in full uninstall.
Doesn't send any information on the software author without consent, unless the user agrees to.
Last of all, it should be light to system resources, size of software, and RAM/CPU usage.

 

It would be better to have SPI on the ARP protocol.

 

what SPI means?
could u explain please?

 

See
http://en.wikipedia.org/wiki/Stateful_firewall
http://outpostfirewall.com/forum/showthread.php?t=7443

 

thanks minoka
u always come on time , whatever the place
although we always have different opinions
best regards

 

Sygate Personal Firewall Free 6.0

Cheers

 

Hello,
Sygate 6.0 sounds like a good idea - 5.5 + ipv6 ...
Cheers,
Mrk

 

Yes! I could live with that! Plus the local proxy hole fixed and programs without server rights by default. I always hated that i had to manually uncheck them.