Looking for a light FW that has an integral HIPS

Discussion in 'other firewalls' started by bellgamin, Apr 7, 2010.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    A- Up until recently I used Prevx in combo with Malware Defender (MD). Now that MD is going down the road to perdition, as blazed by DiamondCS & BOClean & ProSecurity (et alia), I just lost my taste for MD right now.

    B- Therefore, I am looking for a FW with HIPS or Behavior Blocker, as per topic of this thread. I am running WinXP SP3. Free or paid (up to ~$60 or less).

    C- The ones I have tried & do not want to use are...

    1- Online Armor (it's too heavy for my aging computer)

    2-Comodo FW w/D+ (I know I am the exception, but I find configuring D+ is simply too convoluted for my pea brain. It can get it to work pretty much the way I want it to do, BUT it's like riding a horse all day with the wrong size of saddle -- it gets me there but it's still a PITA.)

    3-Private FW w/DSA (the FW needs a learning mode -- or maybe it's me that needs a learning mode. Also, DSA is a tad outdated.)

    D- The preceeding may be the only FW/HIPS available right now. If so... such is life.:(
     
    Last edited: Apr 11, 2010
  2. Mr Wonderful

    Mr Wonderful Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    23
    The only two that come to mind are PC Tools Firewall Plus or Outpost firewall.
    Never tried them so I can't really give you any answers if they are resource intensive or not.
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    I would add to your tests the latest ZAPRO, decent HIPS, light and easy to use.
     
  4. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    :thumb: :thumb: :thumb:
     
  5. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    Defensewall personal firewall ... light and efffective
     
  6. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    private firewall, or outpost firewall, online armor free.

    or comodo firewall with D+

    all free.
     
  7. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    444
    I have been looking for an answer to this question for a while but have yet to come up with information leading me to what I believe to be the lightest. I have a few machines, both physical and virtual, and am trying a number of combinations. My latest is a netbook with Windows 7 so my needs there are somewhat different than yours....and I want it free.

    I expect that you would be happy with the PC Tools Firewall Plus. It scores at the top on Matousec and it has a classical HIPS which I would expect is good. I have it running on a virtual machine and it uses 20 megs of RAM which is not terribly light but it does what you want.

    I personally use and like DW3 but I'm not sure its as simple as you want.

    Good luck!
     
  8. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    :thumb: :thumb: :thumb:
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Thanks for the suggestions.

    A- I already own a license for DefenseWall but I am not a big fan of policy-type HIPS because of the need to periodically analyze for rollbacks (or else have a steady growth in one's registry).

    B- Accordingly, I am seeking a firewall that includes either a behavior blocker-HIPS, or a classic HIPS. Therefore I have narrowed my search down to 2 suggestions...

    1-ZoneAlarmPro (ZAP)

    2-OutPost Pro (OPP)

    B- THREE QUESTIONS (for those who have used ZAP or OPP)-

    1- Do they require a restart during installation? (I would like to be able to try them out under Shadow Defender, but I can only do that if they do NOT want a reboot during install.)

    2- Which causes the greater perceived loss of computer responsiveness? (I could care less how much RAM they use, but I do want an app that is reasonably light on CPU & I/O, as shown on Process Explorer)

    3- As to OPP, the website's description of the free version as compared to the paid version SEEMS to indicate that the free version lacks the HIPS. Correct?

    Many blessings & thanks to all those who comment and offer help/advice.
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    ZAPRO 9.1.507

    1. Yes, it requires a boot after install
    2. There are some HDD activities since config files are updated every minute or more. You have to see yourself if this is tolerable under your configuration. I have no ill effects here.

    At install the HIPS are basically off and will be active only after the first 20 days of use (autolearn of the system during initial use of ZA, to minimise pop-up galore). You can manually activate HIPS in ZA program control.

    Microsoft signed files are automatically trusted unless you UNcheck "Enable Microsoft Catalogue Utilization" in ZA program control.

    Hope this helps.

    Cheers,
    Fax
     
  11. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    I think it will be hard to find a firewall that don't require a reboot :-*

    I also need suggestion for a light firewall with behavioral hips not classical.
     
  12. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @fax - Thanks. I'll do an image before trying it.

    I believe PCTools FW includes Threatfire -- a behavioral HIPS. Threatfire is an excellent behavior blocker but it is a bit too heavy for my aging computer. It's worth your giving it a try (if you haven't already done so).
     
  13. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    444
    I do not believe the HIPS in the PCTools firewall is the same as Threatfire. I use PCTools FW on one of my virtual machines and it behaves like a classical HIPS. I'd like to know for sure.
     
  14. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    PCTools firewall does not include Threatfire. It used to have an option to install it built into the installer. PCTools firewall is very light for what it does, but the interface / rules setup is a little clunky and dumbed down for my taste. I recently went back to Kerio 2.15 with processguard. imo the lightest full featured combo ever.
     
  15. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I wanted to trial ZoneAlarm Firewall Pro, but I could not find ANY offer for a free trial. The only free trials were for the full suites (which are huge).

    Is there a free trial available for ZAP? If so, link please. :doubt:
     
  16. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
  17. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    I'm running Online Armor Free 4.0.0.35 on an old Dell 8400 system (XP SP3 - P4-3.4 GHz w/ 2GB DDR2 PC4200 RAM) and have found absolutely no performance issues. In fact, since migrating from CIS 3.14, performance seems a bit improved.
     
  18. ALookingInView

    ALookingInView Registered Member

    Joined:
    Sep 14, 2009
    Posts:
    365
    Another vote for OA.
     
    Last edited: Apr 8, 2010
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    :)
    Trial is on all ZA products, just download the installer and your will be asked to insert the license key or opt for the 30 days trial....
    Here: http://www.zonealarm.com/zapdownload/

    Fax
     
  20. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Please post back what you decide to stay with after your testing. I've run this loop several times and, like dave88, I always come back to old reliable. I don't see anything out there that betters the combination you've already been using. Well, ok I did trade out Kerio for Jetico some time ago, but there's nothing better out there than MD even with the uncertainty of the product's future.
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    As of now I don't want anything that has to do with PCTools. I heard they were bought by Symantec. :)
    too sad, PC Tools Firewall is working really good for me.
     
  22. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    342
    Location:
    Boston
  23. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    Sunbelt firewall v4.6.1861 is just like Kerio, but needs about 25meg of RAM instead of Kerio's 5. The interface is very nice - one thing they improved from Kerio is IP groups - it's immensly convenient for groups such as routers, DNS servers, LAN computers,...
    Enabling, disabling of rules, logging or alerts happens one the main rules screen, no need to hit edit as you have to do in Kerio.
    Can move up and down several rules.
    Cannot add port ranges as easily as in Kerio - it asks from port... to port... not convenient.
    There is behavior blocker which nails you with questions such as can explorer run Process monitor, can explorer run scumware.exe etc
    Excellent logging.
    You cannot edit outside the application the rules in a .txt file - they have a checksum of sorts for integrity. Rules can be read in XML viewer.
    There is HIPS but I can't tell much about it, since I see no hips logs that I can understand and SSM runs here anyway. I suspect it's ok (of course not if you read matousec, but they rate ZA badly as well).
    The free version does not include web monitoring of content, no great loss. Paid is $19.95 and includes updates to IDS rules. Updates are a myth of sorts, I've seen one such in almost 2years.
    Bottom line for me - so close to Kerio, it's a joy to use. No trouble, no BSOD, just runs and does the job.
     
  24. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    Let us know how it goes. I've been trying some of the newer gen firewalls but have found either too much slowdown or bugs.

    The two current firewalls I've tried that have the least performance hit on this old system are PCTools, and Private Firewall, but between a few bugs, some weird behavior, and weird / clunky interfaces I can't go with either.

    I've come to the conclusion I like to have hips function separate from firewall functionality. If there are issues it is easier to track down.
     
  25. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I run only 2 security apps in real-time because I want a zippy computer despite the fact that it is equipped with a decrepit 1.7Ghz Celeron cpu. One of those 2 is Prevx. The other used to be Kerio 2.1.5 but I felt a bit insecure without also having HIPS protection. So I wanted a FW+HIPS combo as my second real-time security app.

    After a lot of research & testing, plus careful consideration of all the posts herein, I selected Outpost because...

    1- Outpost (OP) is incredibly easy on my computer's cpu, & is also light on I/O & ram.

    2- OP offers adequate configurability of its FW & HIPS (for tweak-freaks like me) but also offers an excellent "learning mode" (for those who prefer a more hands-off FW/HIPS).

    3- OP's support forum is superb -- with "special mention" going to Mods such as Manny Cravalho, FirePost, & chrisclu. Their replies to posts are fast, responsive, helpful, friendly.

    4- OP was recommended by Blackcat, after he read this thread. (As many of the Wilders old-timers know, BC is a long-time Wilders member -- very helpful, very knowledgeable, & (unlike me) unflappable. I have great confidence in his judgment & expertise.)

    There are several excellent FW+HIPS mentioned in this thread. OP just happened to fit my computer & personal preferences better than the others. However, YOUR computer & YOUR personal likes/dislikes are probably quite different from mine. The only truly valid way to select this sort of security application (or ANY application) is to try it yourself, as I have done.

    My deepest thanks to all who commented. I believe this thread will be very helpful to others besides myself.

    Isn't Wilders wonderful!!

    Aloha from Hawaii,
    Bellgamin
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.