Recommended Firewall

Online Armor (?)

 

Hello.

SSM? GSS? I don't consider a software without a packet filter a firewall. These two are there because of their abilities with leak-tests, but they are certainly not firewalls...

Cheers

 

Thanks seer who knew! I'll remove them from my shopping list. As to why they are there in a FW list I'll leave that to the source.

 

No clue let's ask formhttp://www.matousec.com/projects/win...ewalls-ratings where it is?

 

Hello Escalader.

These nine applications are not top firewalls. Those are only the leak-test results for outbound control. Take a quick look here. In fact, Matousec says that Kaspersky gives us the "best" firewall.

 

Geez, I always forget that! THANKS for keeping the record on an ever playing field.

Mike

 

Thanks again!
I have a router and a Alphashield for inbound.

As Stem and I have been discussing my main concern is blocking outbound packets that have no business leaving my PC with private information and of course which programs have access.

KAV is that not a whole suite? Sorry for being dumb on KAV I've been trying to optimize ZA pro

 

Hello again.

Yes, they are testing the suite firewall. Kaspersky doesn't have a standalone (pity). Actually, there was Kaspersky Anti-Hacker once, but it's not worth much mentioning.

Ok, I understand your interest in leak-tests now. Well, maybe you should add SSM or ProSecurity to your shopping list after all, they are HIPS' with network application control.

Cheers.

 

Hi again:
Do users like me have/need both an FW and a HIPS in their layered defense? Have a look at my signature, BD for virus SS for ASW and ZA for FW.
Thanks

 

Hello Escalader.

I am not quite sure what kind of user you are (, but from your sig I see that you use ZA which incorporates a type of intrusion prevention (called Malicious Code Protector). So, with your current setup, HIPS is not necessary IMO. But most firewalls now include HIPS, these two are hard to separate nowadays. I was suggesting, as you are behind a router, that you may want to abandon software firewall idea completely and use a dedicated HIPS with outbound network control for applications.
I can also see that next to ZA stands "to be replaced ASAP". I have been following (well, almost) your threads on configuring ZA and I know why you want it replaced (your quest is becoming a legend). I don't use it out of same reason (and a "little hog" aspect also). Have you tried rule-based firewalls?

 

Besides Comodo (btw, disabling dll injection stuff will achieve 0 CPU- it's a bug):

Online Armor. Sometimes i forget, this application is awesome. FW and HIPS (not complicated, it concentrates on the attack vectors and the worst malware behavior, like detecting keyloggers). The firewall is also easy, educational, and afaik effective.

LookNStop. Lightweight firewall, like Comodo it divides filtering in network level and application level. Less thorough on application filtering, but in network level it seems a step ahead. If you don't understand rules creation, you can import rules from their website according to your needs (read applications, etc.).

There's also Kerio 4. Kerio 2.1.5 and Sygate are good firewalls, and not yet outdated. But as all things not continued, they will be. Might as well start looking.

 

Online Armor firewall review by Stem
Online Armor 2 released

 

Funny you should say Comodo slows you down. When I unloaded ZoneAlarm Security Suite and installed Comodo, my computers response time was cut in half. My shutdown time went from 28 seconds to 15 seconds.

 

Yes, ZA has a limited life span on my PC. But I need a replacement identified 1st before doing without any FW.
I want to manage which applications can access for in and out.

You say my quest is a legend? Who knew. I know ZA wants me gone!

I have tried PC Tools+ with help from Stem but it fell short and also Webroots DT FW but it was deficient for my blocking list. I'm NOT a FW expert at all but I'm learning bit by bit day by day.

 

As long as you're open to critique, I believe it's a big mistake to ditch ZAP7 because 'it calls home'. The only reason it does that is to see if any updates are available for your installation. Furthermore, I don't know of any other FW that would allow LAN connectivity if you don't trust your router!

Just my 2-cents worth... pv

 

Hi Escalader, I have never regretted switching to Comodo when I got rid of ZA. A few clicks to configure after installation, and all I have to do is periodically accept new programs and re- accept a few now and then when a program changes. Otherwise it runs itself. The only thing I don't know about is your concern about routers.

 

PC Tools Firewall Plus is lite on resources, won't slow your computer down. It is based on Look n Stop, but it is FREE. Stealths your ports with default settings. Works for me.

Designed for Windows® Vista™ 32-bit, XP, 2000 and Server 2003.

 

Although i have been very pleased with Prevx2 and Avira PP for protection, I find myself with the urge to now also include a third party firewall. I have read that if you're behind a router (which I am) that Windows XP Firewall is good enough, but this urge is a strong one. That said, if I do decide to install a firewall I have at least narrowed it down to Comodo Pro or PC Tools. I have tried both in the past and liked something about each one, but my only concern is that PC Tools still has the connectivity problems that once were very common. The reason I say concern is that I do fancy PC Tools just a little more than Comodo for no particular reason other than how the GUI is laid out, and would like to try it again. Any help would be appreciated, and if anyone strongly feels I'll be ok with my current set up, please say so and save me the install. LOL.

 

with the obvious qualification of "It depends upon your surfing habits" I still argue that a hardware firewall router is more than enough. Combined with Firefox and a reasonable amount of common sense - it is possible to live without a software fire wall, no need even for on line anti-spyware, no on line anti-virus, no HIPs......

I use programs like Acronis and FD-ISR just in case and periodically run the odd virus or spyware check but see no reason to add sofware firewalls and security which would slow my machines down.

Now on the other had if you go deliberately looking for trouble you will probably find it and often find that your security is inadequate no matter how many programs you run.

 

Prevx2.0 in Expert mode makes a great firewall and hips and uses very little resources compared to Comodo or ZoneAlarm. Plus if you enable Event Notification you get a little box that shows you everything your computer is doing.

 

Hi pvsurfer:

TY, yes, I'm open to ideas. If the actual experience with it were the opposite I would agree with you. I wish I didn't have to do it.

Have a read of this thread:

https://www.wilderssecurity.com/showthread.php?t=172579

In it and the split off thread you will find through the post forest a number of tests that showed that there were non-update oriented and unexplained call homes. This is a long sad history with ZA. Recently I posted on zlclient.exe connects to "report.bitdefender".

Now that site BD has told me is in Romania, as their world wide site for gathering data on spam and malware outbreaks. They also told me that it could be blocked with zero effect on BD10 performance or updates. I have done that, in fact I blocked the whole country. BD10 update sites are NOT in Romania.

When I posted that information at ZA User forum, the first time "report.bitdefender" got bleeped out. Why? They have since banned me for the second time (a record no doubt). I guess they don't like questions about why zlclient would contact a Romanian Spam/Malware site owned by another vendor.

Here is another one from ZA Forum:

"I just looked at my ZoneAlarm log and noticed an entry that C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe successfully accessed destination IP 216.73.86.152:53 -- which points to annymegaadvip2.doubleclick.net"

Yes, I still have ZA Pro pending replacement, but have lost faith in that vendor. The design may be close to the ideal according to some but since their implementation includes call homes like that it is no wonder that the conspiracy theory's continue.

You say, "furthermore, I don't know of any other FW that would allow LAN connectivity if you don't trust your router! "

Well, prior to my learning thread I knew zip about that issue. I did said "try" to force. FYI, I have ZA Pro working with Lan as internet so ZA Pro is 1 FW that does. If you look at ZA set up they even say use Internet for Lan if you don't share devices on your network. Check it out!

If I remember correctly, our FW expert here has said the opposite. That ZA is the only one that drives users that way and it is "buggy" requiring unecessary workarounds. My ZA Pro keeps turning off my logging of all alerts. So those who build up the conspiracy can add that to their blogs.

IMO, after hundreds of posts and cross checks , if users are at all concerned about uncontrolled packets leaving their PC's ZA at this point regrettably does not fit that need.

ZA could easily clear up this up by admitting there is an issue and then STOP the behavior identified here and elsewhere. They have admitted it in a way since their web site publishes a way for users to block call homes, although they avoid that term.

For the sake of their users I hope ZA does this.

For those interested here is the status of MY advice on PC's "optimum" program settings for ZA Pro. I have since added to that by setting 90% of Access trusted and internet to either ? or Kill. I set the SmartAdvisor to manual so the advice when available pops up then deny or allow at that time. It is educational and easy to do. Try it!

So here is a summary of what I did in Program Control back a few posts:

1. Send mail all red x'd except mail server, in my case ms outlook
2. Server, Trusted and Internet all red x'd every program except those I killed outright
3. Killed (using trust level) all games like solitare etc
4. Killed 4 windows programs for media player
5. set advanced program settings to match the server settings so new programs asking for connect don't violate MY rules, this doesn't work for send mail so ZA forces you to have to look from time to time to ensure send mail not added without your permission
After todays MS Update 2 MS programs added but send mail was allowed by default. Comment: ZA defaults weak, why allow send mail for systems programs and games?
6. Backup your ZA settings daily for restore during testing and strengthening.

It comes down to x things.

Trust of the vendor/product/support advice actually given?
Real tests results of installed product on your PC and independent advice.

I have finished that work and ZA Pro in it's present form will be replaced on my PC.

What others do is up to them. I wish them all luck!

 

Hi twl845:

Yes, I hear you. Please ask Comodo about that! When you installed it did it ask if you needed to share printers etc on your Lan?

 

Thank you so much for this post! It helps me remove another FW from my choices. When ZA with such a history, I am not even going to look at the old ZA 2.x.

Again, thanks for your recap!

Mike

 

TY, I tried it a few weeks back. It may come up again for testing on my PC when new version comes out of their lab. Not yet officially supported.

AplhaShield stealths all ports as a HW FW so that is not something I expect from software except as a back up layer.

I'm in that forum with same id.