Total disappointment on firewall situation

Discussion in 'other firewalls' started by Hyperion, Nov 6, 2005.

Thread Status:
Not open for further replies.
  1. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Hi,i just post this because i want to get it out of my chest.For some i will be exagerating,but what has happened to the firewalls latelyo_O3 years ago there were so many fine firewalls out there and now...Sygate to be absorbed by Norton.Farewell to a light firewall.Zone Alarm free has lost completely track of its past.I tried in the past 2 days versions 6.0.667 and the previous one and they slow down my ADSL visibly when browsing.Kerio comitted suicide going with Kerio 4 dropping completely Kerio 2.
    I have also tried : Trial of Look n Stop: Couldn't stealth all ports,horrible GUI.
    Netveda.Tried it more times.In all times all ports were blocked,but not stealth,and failed to recognize my commection as ADSL and instead had only one option to tick,that of dial up.The GUI is also horrible-confusing.
    Tried Outpost 2.X some time ago,it would cut my speed down.

    So here i am back to Kerio 2...It seems i am doomed to stay with a firewall of 3 years ago.I could install NIS2005 that i have,but i m afraid of the bloat.
    Why did the firewall vendors end up like this?All this bloatware that slows your PC down...You only see the difference exactly if you are used for long time to have Kerio 2 that seems like a breeze.I remember my first firewall was ZA and was so happy with it.Now it seems so different.Feels so "heavy" when browsing.Each page seems to struggle to load up.I format often,tried and retried ,all times the same thing.I even changed modem in the meantime,i still can't find a decent firewall with application filtering too.

    I guess Kaspersky is my last chance left...Why isn't someone seeing the situation and unbloat the firewalls?I was reading a discussion in this forum about browsing speed and we have arrived to the point to say "it won't slow you down more than the others".Well,my "other" is Kerio 2 and there is no comparison in speed with anything out there right now.That's the situation.To say "It's just as bloated as that others,don't worry".I swear yesterday that i tried once again ZA,i couldn't let it for half an hour.Surfing was so irritating.And they keep coming out with new versions,all of them,with bells and whistles that only make your pc even slower and they try to convince you that they are better.Talk about selling smoke...

    The only other firewall that has given me recently the feeling of browsing without delays was IP Tables (with Firestarter as GUI) in Linux.

    Sad...Just sad how things have evolved in the firewall business.
     
  2. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    well u can try KIS beta 1. (Kaspersky Internet Security)
     
  3. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Hi Hyperion,

    I haven't had a play with it as yet, but I have heard good things said about Ghostwall. It's free, and at that price it has to be worth a try.

    Personally, I used to like the original versions of Zonealarm that were simple, sleek and lightweight. I haven't looked at ZA for a while now (other than a quick compatibility test) but it did seem somewhat changed from the ZA that I remember.

    We have plans to produce a firewall at an opportune moment, but that's not for some time.


    Mike
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    Hi,
    Sygate is still free. Grab the copy and you'll have a new firewall at your hands. The version 5.6.2808 is the latest one I think, only a few months old.
    Mrk
     
  5. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Yeah,but i ll wait for the definitive version.

    Thanks for the suggestion,i ve heard about it too,will try it.My only reserve is that i think it lacks application filtering.I feel somewhat insecure without it.

    Yes,back in 2.6 series...Good times.

    My best wishes.I m sure that i m not the only one that wants just a firewall and nothing else in it.

    Thanks.I have Sygate 5.5.2710.I had tried 5.6 (the first release) and was locking down my internet.I like Sygate,but the issue is the same as with Kerio 2.Soon Sygate will be rebranded and its technology used in Norton.This means,no support,no search for vulnerabilities or improvements.I also have one reserve about Sygate.It seems to confuse my antivirus pop3 scanner with my mail notifier.I mean,it asks permission for the antivirus (out port 110 as should) but not for my mail notifier(which again should ask permission for outgoing 110) which actually doesn't appear in the active programs that are going out either.This together with the local proxy issue,makes me wonder on how well the outbound filtering works.So,if i have to stay with an "old" firewall,i prefer Kerio2,that might have this fragmented packets issue,but at least psychologically,seems more reliable to me,since it asks me for outbound permit for both mail notifier and antivirus pop3 scanner.

    Anyway,i m thinking of abbandoning for good the sporadic use of p2p that i still do and this would make me calmer in using a firewall without application filtering.I think it's the best thing to do,because i really can't stand the feeling of the browser sweating to open a page.Then you also go to the task manager and see 20Mb+ ram,2-3% CPU and you compare it to the 5MB ram and 0% CPU of Kerio and think "Why?Where is the improvement here?"So maybe simpler firewalls even if they lack application filtering is the way for me to go.

    Thank you all guys.
     
  6. Arup

    Arup Guest

    Have you considered adding Kerio 2.15 for outbound and CHX for inbound, that way you have a combo which would be hard pressed to beat, CHX's SPI is far superior to any and combined with Kerio's tight rule making, you still have a very viable and free solution left for you.
     
  7. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    Have you considered using an old version of ZoneAlarm? I'm sure it would still provide good protection.
     
  8. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,565
    Probably obvious question, but have cleaned out everything from the registry when changing to a different f/w. I know some leave stuff behind, ZA, Norton, and recently discovered Netveda or Filescab (can't remember which).

    I have recently changed from Kerio 2 to 4 and have not noticed any slowdown though the extras are disabled.

    Have you tried the latest Lavasoft f/w which looks like a cut down Outpost.
     
  9. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I visited yesterday the site of CHX,but in the download section there was only a 30 days trial...

    That would be a solution,the question is how old...I mean,probably they ve fixed several vulnerability issues since my beloved 2.6

    Yes,actually i a maniac in keeping everything clean myself.Apart from using RegCleaner and RegSeeker,when i try new programs that dig into the system,i use ERunt first,make an image of my registry and when i uninstall the new product i revert to the old registry image to be sure nothing is left.

    Apart the fact that Kerio 4 is about to die too,i don't like it.I ve been trying to use it since early beta versions and i only had problems with it.Actually the whole Kerio forum was full of problems.Mine were BSOD and 100% CPU when using p2p and trying to open the GUI with the connections.Even the trick of disabling "resolve DNS address" wasn't enough.FInally tried the 4.1 something,and it was slowww (apart being bloated over 30Mb).

    No,i might do that.But first i think i ll google around to find the last ZA without vulnerabilties,and then check Ghostwall maybe put together with PG or Antihook to have some application control.

    Thanks

    I have recently changed from Kerio 2 to 4 and have not noticed any slowdown though the extras are disabled.

    Have you tried the latest Lavasoft f/w which looks like a cut down Outpost
     
  10. Beef

    Beef Guest

    Hyperion

    Have you considered a Router?

    From your postings..if you have been around since ZA 2.6 you most likely have enough experience not to need Support........
    Kerio 2.15 and this fragmented packets issue.....how many people have you heard of that has been hacked because of it. Personally I am not awear of anyone who has been. Besides, everyone should have their firewall protected.....un fortunately not many people do.
    Yes the firewall situation has changed...the vendors gave the public what the public demanded.....
    ZA 2.6 isn't so bad....I still install it on older computers....the kids love it....as do the parents.......add alittle protection an you have a fair firewall..as you know
    Best of luck.........hope you locate what fits your needs
     
  11. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I would try a router if I were you. Software firewalls are for outbound protection, whereas routers protect you from inbound attacks. I would be more concerned about attacks from the outside than what is on the inside trying to get out. Most security prone folks know what they have loaded on their computers that need or use internet access and don't have a problem with it getting out or they wouldn't have it running, and don't download and run anything they know might give them any problems.
     
  12. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I ve thought about router in the past,my main concern was the possibility to slow down further the browsing speed.But at this point,it may be the solution.

    Yeah,this fragmented packet is something i ve never seen nor know exactly how dangerous can be ,but it's not pleasant to know it exists :) You are right about support ,my main fear is security/fixing vulnerabilites.For me Kerio 2 is the perfect firewall.Has all that i want(well ,i could use a better log system but anyway) but this fragmented packet thing is starting to scare me maybe exactly i don't know how serious it is...Anyway,right now i ve installed Ghostwall.This with application filtering would be even better than Kerio.Making/modifying rules is sooooo easy and runs at 1,5MB ram!!!If i could i would run it together with Kerio 2 :) Anyway,i think i ll buy a router and keep my beloved Kerio 2 for outbound.But gee,this Ghostwall is REALLY nice.Just with a handful of rules i already passed stealth in Shields up.What a pitty not having app control...

    Thanks to all of you.Finally i see the light (of a router) :)
     
  13. smf

    smf Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    31
    Almost any of the current mainstream firewalls can be tweaked to full stealth. You may try some less well know products like:

    Softperfect Personal Firewall
    NetPeeker
    NetLimiter

    If your considering CHX, you might also look at 8Signs new beta.
     
  14. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    No slowdowns here with my router, but I always seemed to get a slowdown with with a software firewall, even if it was ever so slight a slowdown.
     
  15. Beef

    Beef Guest

    Hyperion

    NEVER.. no, not ever...run two firewalls at the same time.....doing so actually makes both firewalls weak and very easily hackable.........at the moment I am down with the Flu so wont offer a further explaination...my head hurts LOL


    If you prefer Kerio then use Kerio.....just add some protection to cover it from being knocked off......

    ROUTER AND KERIO
     
  16. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    It's free for personal use. I would recommend the 2.8.2 version at this point rather than the beta. Once you have the appropriate rules created you shouldn't have to mess with it again. Since no app control, make sure you use one of the best antivirus programs with it.


    2.6.362 if you don't mind no component control
    4.5.594 otherwise if you want component control
    Recommend sticking with Pro or Plus versions. BUT.... may have problems with increasing memory use with P2P using most if not all ZA versions! The changelogs are available at Zonelabs web site to see what you're missing.


    Drive Image, Ghost or True Image might be better here.


    I'm not sure you should use Kerio 2.1.5 plus another firewall at same time (with CHX-I or Cfosspeed to block fragments) When I tried these combos, I got BSOD with:
    Kerio 2.1.5 + CHX-I 3.0 Oct 10 beta
    Kerio 2.1.5 + Cfosspeed 2.12
    but seemed to work ok (but I didn't try it for long!) with:
    Kerio 2.1.5 + CHX-I 2.8.2
    Kerio 2.1.5 + Cfosspeed 2.13 beta build 1059
    Both CHX-I or Cfosspeed were set up to block fragments only, with no other filtering.
    More info on these combos here:
    http://www.dslreports.com/forum/remark,14546585?hilite=chx-i
    http://www.dslreports.com/forum/remark,14640485?hilite=cfosspeed


    I am not as optimistic either as I used to be re finding a light firewall WITH application filtering THAT I LIKE, so I currently use CHX-I 2.8.2 only. I like it and it's free.
     
  17. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Hi,

    When you get Sygate's Personal Firewall, visit the SPFGuide website:
    http://www.kotiposti.net/string/SPF_eng/SPFGuide.html
    and you might even want to download/save the webpage for local reference.

    -- Tom
     
  18. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Hi Hyperion,

    If you use Total Uninstall to both install/uninstall your apps, you can avoid the situation whereby when you use ERUNT and either forget that you are testing multiple new softwares even though you used ERUNT several times - which saved restoration one will get you back while retaining the other one, e.g. if you want to delete the first of two and retain the second, you cannot do this without reinstalling the second. Link to Total Uninstall on this webpage:
    http://www.martau.com/tu.html (must install w/tu) (v2.35 is free, otherwise paid):
    http://www.321download.com/LastFreeware/page10.html#Total Uninstall

    -- Tom
     
  19. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    As others have pointed out, the vendors - and I would add security testers - have convinced us that what you have described is what we need in a firewall, which takes the concept of a firewall way beyond it's packet filtering function, which was it's original intention.

    Since you like Kerio 2 - if you are concerned about stronger outbound protection, then Arup's suggestion should work for you.

    As for the fragmented packet issue - there is still a lack of concensus about the seriousness of this issue.

    Out of curiosity I tried the Registry tweak here and sucessfully passed the PC flank tests with Kerio 2.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The only time you should notice a slowdown with a router is if you set your DNS servers to the router, letting it re-route the DNS requests to the real DNS servers. I've noticed a fair slowdown doing this, but once I set the DNS servers on my system directly to the ISPs, there was no problem.

    I'm using Look'n'Stop with Phant0m's ruleset and don't have any problems with stealth (when DMZ'ing this computer), it seems strange to me that you would.. it's also been ideal for me w/ p2p. At any rate, I do recommend using Harden-It with any firewall.. it will fix a variety of problems, including fragmented packets.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    Hi,
    I'm using the latest Sygate on several computers. I'm very pleased.
    It's a good firewall, and has enough tweaking to please everyone.
    Mrk
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Hyperion, I believe that Arup's solution would probably be your best bet. CHX is indeed free and not just a 30 day trial, all you need to do is register and they send you a serial via email. Very easy. Running Kerio 2 and CHX is a great combo. Don't listen to anyone who tells you you shouldn't do it. I have run CHX with every one of the firewalls out there and never had 1 single problem of any kind. There are some firewalls I would not run together, sure. However CHX is not one of them. So no problems there.

    What the 2 will do for you is allow you to use Kerio 2 as you like, with CHX catching any inbound fragmented packets that Kerio allows thru, if indeed this ever happens.

    Both Kerio and CHX are very light, neither one will slow down your browser speed whatsoever. You know Kerio already, CHX is even more so. CHX uses something like 3mb ram, Kerio was 5 on my system.

    For CHX, you should read thru the online docs for a general overview and how to go about doing things, and then download the sample rule set and start with that. Add any rules you need (usually Force Allow rules for inbound stuff you might require). Enable SPI for all protocols in the Interface Properties menu. Fairly simple really.

    At any rate, please do give this combo a try. I don't think you will be sorry. :)
     
  23. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    CHX adds only to blocking those fragmented packets that there has been no real evidence are a real danger with Kerio 2.1.5?

    I would rather try Kerio 4.2.2 that just came not so long time ago. In a free version it adds Application behaviour blocking that is missing in KPF 2.1.5.
    A very powerfull feature. It makes possible to have IE on ask basis for starting but allowed in internet connection rules among other things.
    Kerio 2.1.5 always ask about every connection needed to make.

    I am currently running KPF 4.2.2 and only issue I have and that might make me go back to my much liked Sygate 5.5.2710 is that sometimes Kerio just stops working. Only reboot helps. Might be something in my computer although it is not another firewall causing it. Happens I suspect with too much Skype traffic. So now Skype has no server access and still works :p

    I have made BZ's packet rules customized from Kerio 2.1.4 to 2.4.4.
    DLL authentication that Sygate has is missing though in Kerio 4.2.2.

    Memory usage with Kerio 4.2.2 is not too much, the firewall engine stays below 10 MB mostly and CPU usage most time zero. GUI components, there are 2 of them, one for SYSTEM and another for the current user take some added values
     
  24. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Thanks guys.I ll give Harden-it a try and thanks for the info about CHX Kerodo.Now i got registered and downloaded the sample set too.I must read the manual and then give it a try cause looking at the interface alone i m a bit lost.

    If i fail,i ll go with the router following Notok's advice about the DNS.

    Thanks once more all of you.
     
  25. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    @Kerodo

    Can you please check your PM?
    Thanks
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.