Firewall choices - Help!

I'm currently investigating different firewalls and would appreciate advice from the experts here...

Background
I originally used Norton Internet Security for FW and AntiVirus but found it to be a slow and resource-hungry app.
I moved to NOD32 for virus checking and this is working great.
I also now use TrojanHunter for, well, trojan hunting I guess.

But choosing a new firewall has caused me some difficulty.

So far, I've tried (in order)

• ZAPro - this seemed OK but over time VSMON.EXE was growing in size so not so good for 24x7 usage
• Outpost 2.0 - Looks good but lockups due to (presumably) hyperthreading
• Sygate - Didn't spot an app launching that went straight out onto the net. Not so good...
• Kerio PF 4 - seems OK
• Outpost 2.1 - Still locking PC randomly
• Look'n'Stop 2.04 - lock ups (hypertheading...?)
• Look'n'Stop 2.05 beta- seems good and lightweight on PC resources but looks fairly complex for a firewall novice

Currently still running LnS, but just tested it against PCAudit and it failed (I've raised a question about this in the LnS forum)

Any advice/opinions would be greatfully received...!

 

Hi, welcome to Wilders'

The vsmon.exe thing in ZAP is weird. LowWaterMark may be along to help here. Personally, I have tried and use ZA+, and although I have tried other firewalls, I am very happy with it.

It sounds to me though, that you might have a non-firewall-related issue if you are having that many lockups with different FW's. All of the choices you list are good ones, so it might come down to the one that "plays nicest" with your system.

Again, others will be along, I'm sure to offer more...

 

LnS fails second version of PCAudit but pass first version, other firewalls fail Thermite but LnS passes it, ZA passes Ghost but LnS fails it, etc...

Just to say to choose a firewall based on _one_ leaktest is not a good logic , each firewall passes his set of leaktests, but none passes all.

To advice you we need to know what you are looking for, lightweight firewall, strong outbound application filtering, ease of use ?

Following your needs, we won't advise you the same firewall
(i agree that NIS or NPF is a real ressource hogger but they are easier to use).

 

Take a look at Tiny Personal Firewall. It comes bundled with an excellent sandbox which
will protect your system very nicely. However, because of its steep learning curve, you're
advised to read the manual carefully before trying to configure it. Their forum is also very
helpful, just in case something goes wrong.

Regards,
AgentX

 

I guess I thought the only way to really test a firewall was to subject it to all available leaktests...

Ideally I don't want it to be too resource heavy - hence the move away from Norton.

LnS is still looking good. I'm not sure what I'm gaining/losing just allowing or denying applications rather than true packet filtering - a lot to learn really!

JimIT - agreed, might be something else, but system has been rock solid up until first Outpost and then LnS 2.04. (Did full un-installs and reg cleans between each install) Everything is stable with LnS 2.05 with the hyperthreading fix applied - fingers crossed...!



Thanks for the help so far everyone


AgentX - how different is Kerio 4 to Tiny as I understand one evolved from the other?

 

It's true that both Tiny and Kerio emerged from the same product, however, there is no
similarity between Tiny 5.x and Kerio 4.x as of today. I've never tested Kerio 4.x, so I can't
tell the exact differences. One thing that I know is that the experts seem to be unsatisfied
with the 4.x series. I believe Kerio 4.x lacks the sandbox which is present in Tiny 5.x.

The downside is that you have to learn a LOT of things to configure Tiny properly. But, once
you've done that, you can tell the difference.

Regards,
AgentX

 

I don't want to get too far off topic here, but I too have been having some lock up problems the last few days since I upgraded to Outpost 2.1. Thought it was something with my PC, but now I don't know since it was brought up here. I like OP, so I will give it a couple of more days.

 

SimonW;

Firewalls are like pickups, rifle calibers, boat motors and beer. People seem to have strong opinions about them. Find one that works on your computer and don't get too upset if you see others bashing it. I think most of the gurus here will agree that none of the FW's you listed are inherently bad.

Kerio 4 probably has the worst reputation of all. I am using it without any problems whatsoever. I don't recommend Kerio 4 as being any better than the others. It just happens to work for me.

Doug

 

The only two firewalls that I ever took a real liking to, are Zone Alarm and Sygate.
Sygate is light on resources, has application and rules based features, and is my personal fave.
Zone Alarm is an application based Firewall. It uses a little more resources, but is easier to use and more user friendly. IMHO of course!

Regards,
bill

 

I agree with what has been said before: it's a matter of personal choice.

I'm using Kerio free now, because IMHO Outpost Pro and ZA don't really offer THAT much added security worth the effort. And I own paid licenses for those two (second, I still don't trust Agnitum to make a product that doesn't crash and to offer patches quickly to known bad exploits in timely manner, but that's another thread... ).

Now, if they could see all dll injections and other ways to use "trusted" apps to access net properly + other known tricks (= full marks on ALL leak tests known currently, hypothetical or real), then I'd upgrade/install.

That's just me though.

IMHO an application filtering rule based firewall shouldn't just catch the obvious ones. Kerio free 2.15 also does 100% on those AFAIK.

A good, for-pay firewall should catch the non obvious ones too, after all that's what the trojan authors are going to use.

They surely know of known and unblocked leak methods already, so many of them won't waste time by implementing stuff that 99% of software firewalls will block.

So, untill a true contender for the "catch all programs masquerading as trusted applications" firewall comes along, I'll chuck along with Kerio 2.15, because, it's fast, it's free and it works for what it does. Also, it doesn't give you a false sense of security, because you know it doesn't catch everything.

That's just me though and I'm not an expert, but I do understand that implemented security is always a compromise between money/time invested/ease of use/real security gained.

You have to pick where you draw your own lines, preferably by trying out a couple of options for yourself.

regards,
Halcyon