Looking For New Firewall To Try

Hmmm, interesting...

 

Let's see, to get that 2.4mb of memory you had to turn off logging, which is an important security feature, and load and unload the gui while surfing the web, right? That tricks Outpost into swapping out.

I found that even when Outpost was swapped out, it was the only firewall out of about 9 tested that would slow down my P3 450 test machine when only minimal connections were open. Quite an achievement for a firewall.

 

Actually, I did neither (please don't assume ).

I don't know why some people's memory usage is so high with Outpost (maybe all the plugins?). I've been using it for well over a year and it's rarely gone over 5 mb.

 

Jaguar,
What about LnS? U still try it?

 

You don't show what the peak usage is. Could be higher.

 

I dont know why yours is so low. The only way I could get Outpot to drop much below 20mb was the load and unload trick and that resulted in 6mb. To get under 3mb I had to turn off logging. These results were consistent with those of several other persons in this forum. Until I see confirmation from several other forum members, I will have to consider your results to be a fluke.

And frankly, having all that stuff running on your system is punishment enough.

 

Yes I am still using LnS. I like it so far, I just need some help with rules.

 

Just load phantom rules and keep them like this. Dont change them unless u need some extra for applications.

 

Hmm, now i see, u need rules for router....

 

I do have phantom's rules setup. They work quite well except I am having some probs occasionally with internal things showing up in my logs when this ruleset is activated.

You can check it out on the LnS forum.

Thanks,

Jag

 

Yeppers. I tried Patrice's setup as per the sticky but they do not seem to work.

 

It's no fluke....

 

hi ligh ,yours is a rare case if what you are saying is correct.i dont think some body else has achieved this much low memory without turning off logging and opening and closing the gui of outpost once..mine was around 18-25 mb when i tried outpost ..by opening and closing the gui once i could drop it down to about 7-8mb..

 

If it is no fluke, it must be a flounder

 

Shouldn't have to trick a firewall into using less ram. You should just install it and run it and it should only use 3-5mb on everyone's system. Kinda like LnS.

 

No need to trick my ancient Kerio 2.15 into running a low memory footprint, it runs consistently at 5.38mb on my system, no matter what and this with havy LAN transfers or net downloads.

 

A number of posts were removed....Please find another location for your P contest

I now return you to the thread discussion....Looking For New Firewall To Try

 

I have decided to return to this thread because there were a lot of loose ends left when Bubba had to come in and do his thing as a mod.

The original request was for a firewall that was light on resources, easy to use and provided good security.

I suggested the Windows ICF. I don't think there is much dispute that this firewall is low on resources or easy to use. One fan of the Outpost firewall cited some promotional material from Outpost's publisher and concluded that the ICF does not have such good security. If thre is something really wrong with the ICF tell us, but don't bore me with leak test trivia.

Perhaps some people feel that any firewall without outbound application control does not offer good security. So that means CHX-1, 8Signs, Firewall One, Smoothwall and all hardware firewalls do not provide good security. Then it also means that the standard practice on business networks of not employing outbound application control is defective. The reader is left to decide for him/herself if that makes any sense. Please don't tell me that business networks are different because they lock down the workstations. Anyone with half a brain can do as well at home.

Fans of Outpost seem united in the idea that their chosen firewall meets the three criteria. Starting with pretty good security, I suppose it can be said that Outpost is capable of providing it, assuming you are not one of the unlucky ones with BSOD problems. There is a caveat that applies to all rule based firewalls, which is they can be mis configured. With respect to ease of use, this is rather subjective. IMO, no rule based firewall is easy to use. Kerio 2.15 perhaps has the most intuitive rule editor, and is probably the best firewall to use to learn about firewall rules. To someone who has not learned the basic concepts firewall rules are very confusing. It is all to easy for someone who has become used to using rule based firewalls to forget how difficult these concepts were at the start. To its credit I am willing to agree that Outpost has a decent user interface. However, it is nowhere as easy to use as the ICF, Zone Alarm or a hardware firewall.

The point that was the cause of the most contention is use of resources. Fans of outpost feel that because it will swap down to a main memory footprint of less than 3mb it is light. This ignores several other concepts of resources including virtual memory, commit charge and kernel memory. Nearly all firewalls load drivers which use resources that are not shown in the task manager. I recall Outpost loads about 8 or 9 drivers by default. Outpost may have good memory management (although different users appear to get very different results), but there is no way a 40mb program (including drivers) is light, at least not in the English language.

By the way, I don't think Outpost is a bad product. It is a major player and anyone looking for a software firewall should try it. It is not one of my favorites as my tastes run to routers or free software firewalls.

 

Sorry, Outpost is quite a resource hog, when compared to Kerio 2 or LnS.

Even Netvada is bigger and it's still smaller than Outpost in terms of memory/cpu resource use.

Don't trust comments from guys who have not tried and compared the products they talk about, but are only touting the single product they like themselves (for another reason altogether).

 

Diver,

"...IMO, no rule based firewall is easy to use."

I agree with you on this.

Thanks for your contributions here at the Wilders. I enjoy reading them. I like to hear....I do not know how else to put it except to say, an opposing point of view. I am no expert on firewalls I find them a little complicated. In the firewall department I think the best thing that ever happened was the NetGear Router with firewall I had my ISP set up for me.

I have OutPost with Lifetime upgrade on one machine and Zone Alarm Pro 5.1.033 on the family machine. At some point I may try your suggestions quoted here: "CHX-1, 8Signs, Firewall One, Smoothwall," are you suggesting this for some one using FW Router who would like some outbound controls?

I total agree that perhaps a lot of money is wasted paying for firewall subscriptions at least I think that is what you are inferring.

 

Mercurie,

The list of firewalls I mentioned do not have outbound application filtering. Firewall One is a high end enterprise software firewall. It can recoginze certain types of connections like Kazaa, but mainly so they can be blocked. Smoothwall is Linux based and intended to be installed on an obsolete PC dedicated to a firewall function. CHX-1 and 8Signs can be installed on a workstation, server or a dedicated gateway.

If you have a router, you can probably get by without any software firewall. There are exceptions involving tunneling protocols. I do not consider myself to be an expert either, but I have read enough articles by experts to pick up the thread, so to speak.

What goes on here is not a waste. However, it needs to be put into perspective. What many of the members are doing is experimenting at the cutting edge of computer security. Many of these products are a long way from being useful to the general population. It is OK to experiment and have some fun.

Thank you for your kind words.

 

So behind a router, excluding zonealarm and oupost (which I don't like and finding replacement) what else do you recommend?

dja2k

 

If you just want app control you could always use the light Kerio 2.

 

A few home routers do have some outbound protection. I know mine does.
But here is a firewall you may have missed. BitGuard


controler

 

Well I don't just want app control, I want some good protection in addition to my router. I need something that won't start giving me blue screens like outpost and something that is easy to set rules for application port forwarding.

dja2k