The best firewall (reliable, powerful, etc.) EVER in my opinion - Zone Alarm

I was happy with ZA Pro until version 5 was released which I declined to install due to conflicts with my AV scanner. I am a member of the ZA forum - this site's posts are far more positive. It seems so unreal for a company with Zone Lab's reputation to release such a buggy update. My subscription ends this fall & I am starting to review other firewall applications. Trust is everything in security software. Zone Labs has a major problem to address. A signifigant decline in market share is a strong possibility, especially if the upgrade is not fixed in the next few weeks. Critical moment in the company's history. Very disappointing - the forum members' posts reflect a sense of betrayal.

Hope the company bounces back.

Slim

 

These quotes seem to make the assumption that allowing or denying programs Internet access is all that needs doing. However there are numerous cases where a program should be given partial Internet access - in these situations, a deny-or-permit firewall like ZoneAlarm will not do the job and a rules-based one is needed. Some practical examples of this include:

Utilities Including Adware/Spyware Components: While the best advice is to get rid of these and use an alternative, this may not always be possible - and one key example is Windows Media Player. By default this will contact Microsoft when you play a DVD. A rules-based firewall can block this behaviour by barring access to the windowsmedia.com domain without stopping the player from working elsewhere.

Online Anonymizing Services: A key concern for people using anonymizers when visiting web sites is whether a web site can discover their real location by causing the browser to make a direct connection, bypassing the anonymizing proxy. This has been done in several ways using Javascript. However if you use anonymizing services exclusively, you can create a firewall rule limiting browser access to the anonymizing proxy only - blocking any such techniques and thereby guaranteeing anonymity. This will also help if you forget to activate the anonymizing proxy since "normal" access would then be blocked.

Web Bugs in Spam Emails: Many spammers embed graphics (either visible or non-visible 1x1 pixel "web bugs") in their emails which would normally cause your email client to connect to their server to download the graphic. This would not only confirm your email address as "live" to the spammer but also tell them when you read the mail and your IP address. Using a rule to limit your email client to email protocols only (POP3 or IMAP) and/or your ISP's email server would prevent this (Note: ZoneAlarm can achieve this through port restrictions but cannot limit access to a specific email server).

Limiting DNS Access to Counter Trojans: DNS (Domain Name Service) is a key protocol used by every computer connected to the Internet - it performs the lookup of an IP address from a domain name, e.g. translating wilderssecurity.com to 64.91.226.241. Since this has to be done before making a connection, a number of trojans attempt to disguise their network traffic as DNS requests in the expectation that they will be permitted by any firewall. A rules-based firewall can limit this by restricting DNS traffic to the DNS servers provided by the ISP only (as in rule 0 of Khaine's post).

Typing ipconfig /all from a command prompt will display the addresses of the DNS servers used by your system and should be done before attempting to create your own rule for this, since blocking necessary DNS traffic will prevent most Internet access.

If anyone can provide further examples, please feel free to post them. However the point is that application-based firewalls should be regarded as an introduction to online security rather than a comprehensive solution in themselves. Those interested in further details may find the Outpost Secure Configuration Guide an interesting read - I cannot find any equivalent for other firewalls like Kerio or Sygate so if anyone knows of such, please supply the details!

 

Same here. Quite a learning curve, but worth it. Verrry happy with it.

I have used:

Sygate [a very good while back]: Looked very good, but I had a conflict with it against my AV at the time Trend's PC-Cillin, since changed to KAV, but because I was very happy with Kerio, stuck with it.

ZoneAlarm: Simply did not like it.

Outpost: Looked promising, but once again had couple conflicts with MY system. No doubt others find it fine.

So, the thing simply is: Find what suits YOU.

TAS

 

My favorite is ZAP (it really feels the most reliable), but ZAP 5 started to slow down my surfing. And I still have problems getting on the internet with ZAP 4.5. I'm using Sygate Personal Firewall right now. How does ZAP handle attacks (including DOS attacks) compared to Sygate Pro?

Paranoid2000: I feel like ZAP does enough for me. The configurability is fine for what I need.

 

Hello, P2K. Please excuse my lack of knowledge here, but what exactly is a "rule based firewall"? I realize ZA Free does not have these features, but ZA Pro does allow you to give partial access to a program. You can allow access by destination IP address, origin IP address, protocol, etc (see pic). Is these not considered "rules"?

 

If you can apply that level of detail to a single application then certainly yes - in which case I should be excusing myself for lack of knowledge in not limiting my comments to ZA Free! (in my defense I did check the Zonelabs site first without finding anything). Thanks for the correction.

 

No problem, P2K. I assumed you were referring to ZA Free.

 

Does anyone agree with the accusation that Norton doesn't prevent outbound traffic enough? I've never noticed that myself..

 

Therein lies the Catch22 with that quote. If you have never noticed it, then that *just maybe* because it's not 'reporting' it to you.

Things just may be slipping past without notification at all from it.

I don't have it, so cannot comment on its ability, but the only way to be sure of what's connecting, etc. is to open it up, check logs, see what's gone out, and then find out what each app is that connected.

Or use the excellent PortExplorer from DCS or another app, to check live connections, and then note Norton's Logs, see if any discrepancies with what you can see and what was logged.

Another way is to simply try some tests for Firewalls.

Get a simple test here: http://grc.com/default.htm

Scroll down, look for LeakTest [only 25Kb] and try that... that is a very simple one, but at least you can check to see if your FW at least Alerts on it.
There are numerous other proggies out there, Google for 'test firewalls' or 'firewall tests' etc.

Cheers, TAS

 

NPF has always blocked the leak tests fine. But I agree that if I use it with my KAV, a port explorer program would be a help - thanks.

 

I know I'm a n00b posting on a thread apparently dominated by more experienced computer users, but I have some beef with ZA. The reason is that it seems to conflict with several programs, including the free AV AntiVir Personal and the commercial AV Dr. Web. Or maybe it's something else, since no one else here seems to have noticed these conflicts. It seems that I do not know my computer very well...

 

If I allow me to put my objective point of view here, every firewall has issues, every one, I have never encounter a perfect reliable "ever" firewall.

ZA uses many drivers which on many computers (not all as for every software, there is computers where all works fine) slow down the browsing a bit. For instance when I launch a new program, I have to wait a while before to see the popup "do you allow this program?" compared to other firewalls.

NPF has a weak application outbound filtering, not talking necessarely about the leaktests, but may be more above all about his automatic feature to automatically allow "known" softwares, which has been seen as not working properly on a thread at DSL board. Althought it can be disabled, a lot of newbie users use it and it does not work as it should.

I like Outpost and Look'n'Stop, but Look'n'Stop is not the most user-friendly ever, is not an application based firewall but rule based which can render it difficult to use, while Outpost is user-friendly and easier to use but fails tests that Look'n'Stop pass, and so one.

I mean that by comparing two firewalls, you will always find pros and cons on both, so, if you compare them all, you will find plenty of advantages and disavantages, and no perfect firewall exists (at least I haven't seen one yet) which is stable on every computer, easy to use, user-friendly, strong network filtering, strong outbound application filtering, light in ressources, which can be used by newbies easily as well as filling the needs of most experienced users, which allow you to control everything, and which does
not slow anything down on your system.

We all have different system and needs, and every firewall is a kind of it's own, is done in a way that althought to be labelled as a "firewall" in fact will serve more an area than another, and so one.

The firewall X willl be better for John Doe because of his needs, but the firewall Y will be the best for John Odd.

I don't think you could ever find a "best firewall EVER", but that's strictly my personal own and humble opinion.

regards,

gkweb.

 

Like I have posted many times. The best software for your computer is the one that works the best for you. Not the one that is purported to be the best

 

Just giving a try to ZASS as OP is carshing too many times my sytem (BSOD).

First feed back it is just so so. Not crazy about it.
I had hard times to instal it and the AV & IM do not work as third apps conflict.

To tell you the truth I am missing OP.

 

I have NPF 2003 and as long as you disable 'automatic program control', NPF will block all outbound traffic. I have tested it, with various applications to prove it, and nothing has ever bypassed my firewall.

 

The first firewall I remember using was @Guard.
While I was testing Norton System Works for Symantec, Norton bought @Guard.
When I was testing CleanSweep by Quarterdeck, Norton bought CleanSweep LOL
I tried ZoneAlarm a few times but didn't like how it tried to control my system and the very lousy uninstall that left many a machine dead.
Tried and like Outpost, Look & Stop , Tiny, Kerio, Sygate for different reasons.
I am presently using BitGuard.
My advice is the same as Kevin (_Bo Clean)
Keep the Kernel Mode level apps to a bare min.
When you start adding more then one it causes troubles.
If you are using Process Guard , that is one Kernel mode APP
Then you add another firewall , that makes two, which is not good.


controler

 

Best firewall for advanced users (those who know what they are doing,because its inbound protection only) is Windows Firewall. Lowest CPU and memory usage,efficiency and simplicity.
Do you need more

 

Yes Windows Firewall is nice. Besides the port and ptotacol settings you can USE the OLD DOS commands to configure it. Actualy I leave it on along side BitGuard ;-) and haven't experienced any problems yet.
Then I am using SP2 RC1 also.
Now that MS bought a AV I wonder where all that is going.
MS is claiming the AV will not be part of the OS.
The again there are more then me here who never stays with one APP lol
We are always trying and testing new software and reformatting frequently.
What we must remember is who are the majority of people using AV's and Firewalls? I am guessing home users, not power users. The ideal is to make the APP as easy to use a possiable for the majority of the world.
Because of our detication, more and more home users are learning about security every day.

con

 

Hey, RejZor! Are you serious? I've never used the built-in Windows. Is it configurable?

 

ronjor

there are some reviews right here on Wilders, although I have not seen much mention of it lately.
Red Dwarf was the main one here that worked with BitGuard.
Some of the DCS crew had some good things to say about BitGuard if I remember correctly.

con

 

yes just do a search of BitGuard or Red Dwarf and you will get all the info you need.


con

 

Humm, I have never got any problems with ZA uninstaller. I actually uninstalled/reinstalled, upgraded/downgraded Zone Alarm per boot some time ago (ok, actually per two boots), trying to find the most suitable version for my particular software/hardware setup, and on some other occassion, trying to find out the conflicting app with my system.

... of course, I have some special rule of my - a procedure, I apply everytime uninstalling/reinstalling, upgrading/downgrading some software, especially for "low-level" (driver driven), or as you expressed it: Kernel mode based software.

This procedure is - uninstalling first, rebooting, in next boot deleting respective registry entries, folders if left-over, reboot again and installing it again (usually some other version, that wasn't previously installed), I assume you all apply in similar manner.

This way, you avoid the most common complications. I don't like "upgrading" in a way, when you overwrite older version, or similar "partial" installs, non-clean setups.



Yeah, and I must 100% agree with bigc73542 saying:

Though, again I just wanted to share my own experiences ...



Best regards.

 

You can adjust ports (internal/external) for specific applications,TCP/UDP port configuration,ICMP rules and logging.
It doesn't look much,but it performs better then any other firewall (Kerio for example has constant port Stealthing problems,Kaspersky Anti-hacker needs to be configured a bit to achieve perfect Stealthing...)
Windows Firewall does this out of the box (em CD )