What is the best firewall?

What is the best firewall with STANDARD rulesets, and doesn't require you to fine tune it, and still provides optimimum security.

 

FPM

please excuse my confusion...I just re-read a previous post by you (3 pages) asking about the best firewall for outbound connections......now I am trying to understand just what type of firewall you are looking for.

a rule based firewall requires making rules...if you are having a problem knowing how to properly make rules then perhaps your question should be regarding that issue...if you are looking for a rule based firewall that offers fairly decent protection right "out of the box" then my guess LNS and Sygate offer that to some extent...users of those firewalls would best answer that....outpost may also.
the thing is...if a person wants to use a rule based firewall an gain the very best security it has to offer...then the person will need to learn how to properly make rules..otherwise whats the point..
a few links below this one is a post that will lead you to a great site for making rules for LNS....
I honestly don't know how to be of any assist to you at this point because I don't understand what you are seeking.

snowman

 

Hi,
As Snowman says give a try at LookandStop.
Regards

 

Every firewall I have tried has "standard" rulesets. Even rules based firewalls like Kerio, have standard rulesets. But with the plethora of programs available, you are going to have to set some rules sooner or later. Outpost has a lot of presets that let you just say yes to allow the program to work with security already set for you. Zonealarm and sygate are also easy to set. If you are behind a router, you are already behind a hardware firewall and don't really need a firewall on your pc for inbound protection; but you will need a software firewall for outbound protection of you pc. GA

 

I use Outpost Pro, it's very easy to set-up. It has very good help files so you can easily learn how to set it up. You can use the preset rules at first and read the help section on how to set-up your own rules. It also has some good add-ons. like referal blocking,cookie blocking, pop-ups, activeX, java. All of it can be configured by user to thier liking. I used others, but find Outpost far superior. Just my opion.

 

I sure do like my Sygate Pro 5.0v1117

 

Kerio for me. I NEED the rules based firewall and I hate application based firewalls.

Ofcourse my needs must be quite different from some others here, since an application based firewall is of absolutely no use to me. If everyone had my needs, no one would use ZA.

So what matters is which one suits YOUR needs. There is no one firewall that is perfect in every possible scenario.

 

Ah, the above is a leading question (snowy take note) to get us to make firewall recommendations! Okay, I'll bite. Used to use Outpost. Now I use ZoneAlarm. I like it. It serves me well. It's user-friendly and essentially a no-brainer. It lets me get on with my day.

 

I find the new BlackIce meets all my needs. I see people talking about setting this and that and that's fine. However I do not like to be bothered too much with the thing, and BlackIce 3.5 is passing all the tests so I'm happy. I can and have made individual settings but only if a need arises!

The BlackIce Application protection is very nice also, I run it as well with the 3.5 package. It has an install mode as to install new programs yet you can by-pass that for certain installs. For instance the last time I installed Audiogalaxy I hit continue only, it then began the install and when the next TWO .exe tried to run I said terminate. The final outcome was no spyware, or better control of my installs. You can of course set which programs to be trusted and which to not be, in which case it asks you first when they try to run and then also if they try to connect to the net.

 

I am following the suggestions made by our fellow members and I am trying out the demos first. I just finished trying out LnS and liked it but think there might be something better for me. I used to use ZA Pro until I had to get rid of it because of conflicts with McAfee. I was so resistant to let it go.
But it is actually very interesting using different demos to see what fits with my "style".
I am off to try Outpost next.
I really do enjoy reading everyones feedback.
Thanks.
Tired (Tracy )

 

I use the KPF beta, used KPF and TPF including TPF 3. Now I still use TPF for it's sandbox capabilities (best around IMO) and KPF as my firewall. IMHO you can't possibly go wrong with that combo (albeit you can easily screw up your OS if you do a "no-no" in TPF).

Feivel

 

I think you should look at what works for you, you dont give any info about you system or systems that you are using - but saying that I think you should give ZA a try, it has good security and is easy on resources, also Sygate has good pre-set security (Out of box) and the option to set rules at a later time also Sygate is very strong and robust (Free and pro), at this moment I use Sygate Free. I hope this helps and remember this is my opinion and this is works for me on my machines.

 

Sygate Pro 1150 here. The free version is perfectly adequate in my very humble opinion. I just wanted the few extra options, so bought it.

I liked Outpost, too, but it isn't/wasn't compatible with ICS at that time, so switched. If they work, and do what's expected of them, they're all good. In my case, being technically "challenged," I like Sygate's ease of configuration.

 

I use Sygate Personal Firewall free edition.I like it.It's got a back-trace feature with it.It's protected me very well.I had Zone Alarm free firewall before that.It worked well for me too.If you go with the free Zone Alarm,consider getting the free add-on called Visual Zone.I had that with the free version and it added the back-trace feature and a lot of informational links.I believe Visual Zone is available on the main page of wilders.org under free tools.

 

Also Sygate technology is used in V-com's SystemSuite 4 to power the firewall within it, so without causing another debate on which is THE best I think Sygate will be a good choice for anyone.

 

I do not recommend using the trace-back features that are now showing up in the various software firewalls -- unless you have a dynamically assigned IP address. If the latter is true of your circumstances, you drop your existing ISP connection, reconnect and then run the backtrace (if you must); then drop this ISP connection and re-connect again.

If you have a static IP address, and run the backtrace, you've just destroyed all the advantages that you thought you had from being Stealth. You've just confirmed that you exist at that IP and were, in fact, there when the probe was run. Only the most clueless skiddy has no idea of what IP addresses they've scanned and your response will stand out on their system like a gleaming beacon. Similarly, even if you've got a dynamically assigned IP address but fail to do the disconnect/reconnect/run backtrace/disconnect/reconnect routine, you've just done the same thing.

Still, if you feel absolutely, positively compelled to do backtraces (rather than leaving it up to MyNetWatchman, or dShield.org), then I would advise that you do this through one of the web-based services. SamSpade is one option. Furthermore, both VisualRoute and Neotrace (I think this is right on the latter) provide web-based backtrace facilities that provide you with a measure of anonymity.

You need to understand that the only sites you're going to be backtracing (in any event) are those that failed to crack your perimeter. (After all, if they had cracked your perimter, you wouldn't have a log event, now would you?) Consequently, a backtrace does little more than indicate to a skiddy or cracker that you exist and you may have other vulnerabilities that he/she has not yet probed. Hence, you're simply marking yourself for further investigation. Now, I must admit that there are people who do this deliberately, on the presumption that subsequent hits (from the remote IP address) simply validate their presumption that the initial scan represents someone with malicious intent. However, unless you know what you're doing, I would not recommend this. In the words of Clint Eastwood "Are you feeling lucky today?" Otherwise, you're likely simply allowing the other guy to respond "Thank you for making my day."

 

Hi Raygun. If you are still lurking around out there, got a question for you about BlackIce. I tried the the 30 day trial version and liked it's look and feel. But, when I did a port scan at GRC all ports came up stealth except for IDENT. I even set BlackIce to Paranoid and still could not get IDENT to show stealth. Have you ever run into this problem and/or do you know of a way to have IDENT show stealth at GRC?

If anyone else out there has any suggestions for this, that would be great also. I'd like to give BlackIce another try.

 

open up firewall.ini(should be in blackice folder) and change where it says something like
ACCEPT, IDENT
to
REJECT, IDENT
haven't used blackice in a while, but that should be able to help you enough

 

JVM, well there are a lot of clueless skiddy out there Hell, I had been doing that with a combination of programs without knowing what I was doing good to know (ZA, TDS-3, Sygate). But that probably confirms something for me. I used to get tons of alerts with ZA. Just bucket loads more than I got with either Sygate or Outpost. I had chalked up to market and figured that ZA was exegerating to justify the money I spent on it. But now I think it was probably how appealing they made their backtrace function. As newbie user, being able to look on a map (how accurate I wonder) added an element of intrigue to the whole experience. But assuming that function works as Sygates does, then it would explain the increased hits.

Survived the experience, only had one bad experience with ZA and a skiddy, actually it was the experience that caused be to jump ship and start researching this whole security thing a little more.

On the other hand the interesting thing was most of by high rated knocks were from one of the 5 places:
USA college
Iraq
China
Germany
SF Bay Area

 

It seems to me if you stay away from ZA and and Nortons you are doing well. I use Kerio and well I just love it. It has never let me down yet and it works well with my NOD

 

Hhmm, that seems a little harsh through poor old ZA in with a weak app like Norton. I mean that is just plain cruel.

I tried Kerio, but wasn't one of those apps that lends itself to plunging in without having read the stereo instructions first. But I have a copy of the manual some maybe after some reading I will give it a try.

Aside from being free, configurable, and less demanding on the system resources, what's the appeal...what a minute that's enough ain't it?

 

LOL well I'm a hard task master when it comes to PC security. One thing I hate is a big foot print.
I guess I should not have lumped ZA with Nortons, It is not really in that same basket but still not as nifty as Kerio. I also like Outpost but that's yet another story.

I can only say that Kerio's functionality, system resorce uses and size make me love it.

Just my opinion

 

JVM,
when you use the "backtrace" feature in ZAP, doesn't it retrieve the information through the Zonelabs Website, making you anonymous to the IP being traced ?
I believe that Sygate Pro does the backtrace directly from the users PC ! That would reveal your IP.

regards,
bill

 

Can't say; I've never tried ZAP. I'm simply trying to point out that if one runs the trace-back exclusively off the machine that got probed, you've just given it all away (unless you can immediately drop your connection, reconnect, and then get a new, dyamically assigned IP address). Both McAfee (using NeoTrace) and Norton NPF/NIS (using Visual Trace) allow one to do this remotely via their own servers. Still, it's important to know if it's a back-trace from your machine or a backtrace through an intermediary. Indeed, that's the reason that many individuals do such backtraces through SamSpade.org or something similar. If you do it this way, (using NeoTrace, VisualRoute, SamSpade, or something similar), the guy at the other end can't tell who you are.

 

Quite frankly, I've found the map (provided by a self-contained copy of VisualRoute) very useful in many instances. Still, if I see something really nasty looking, I tend to either use the VisualRoute servers or their mirrors at Symantec.

In this context, my own personal experience has tended to point primarily to East Asian IP subnets. I simply created a generic BLOCK rule for IP addresses for these subnets and turned off logging on those events. As far as I can tell, that cut the number of records in the firewall event log in half. (YMMV, of course.)