Another what's best firewall thread

Discussion in 'other firewalls' started by halcy, Jul 26, 2003.

Thread Status:
Not open for further replies.
  1. halcy

    halcy Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    10
    I need your help.

    I've been out of the personal firewall loop for some time, having used Kerio Personal 2.15 and a dedicated ICSA certified harware firewall for some time now.

    Now, I may have to give up the hardware firewall for at least some time to come (various reasons and not desirable, but a trade-off as everything else in computer security).

    Now, I'm wondering if I should beef up my last line of firewall defence: my personal firewall, which is currently Kerio 2.1.5.

    So, what I'm looking for is:

    - absolute system stability (Kerio has been flawless on all my systems)

    - very low system resource use (must NOT hog cpu time nor a lot of RAM)

    - as secure as possible for all kinds of exploits, force quits, leaktests - imaginary, proof of concept or real

    - can be hard to configure, I'm willing to learn

    - must have a track record longer than 6 months (i.e. not something brand spanking new that almost nobody has ever tested)

    - can't be Agnitum Outpost (sorry, don't trust them anymore)

    - must work flawlessly on XP Pro

    - must work flawlessly alongside with Proxomitron, NOD32 and TDS-3.

    What are my choices? What should I look into?

    I've tried to look at most of the recent leak tests, proof of concept attacks, firewall round ups and such, but I haven't been able to come up with any conclusion.

    Sygate Pro looks as if it has improved and many seem to like Look 'n Stop as well.

    However, I can't even decide between the two.

    So, I need your justified opinions on the issue of what is the best (using above criteria) personal firewall to get.

    Fanboy opinions, like "Get xxx, it's the best" aren't going to be very useful :)

    All help appreciated.

    regards,
    Halcyon
     
  2. keysurfer

    keysurfer Registered Member

    Joined:
    Jul 22, 2003
    Posts:
    5
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey halcy

    I don’t see any harm in trying both out (not at the same time), to get an efficient answer to your Questions.

    I favour Look ‘n’ Stop; my Personal opinions is Look ‘n’ Stop one of the smallest fastest and most stable Software Firewalls existing today, it uses very little System resources and it does not have an “noticeable” impact on your Internet Performance either.

    I dislike Sygate Personal Firewall; my Personal opinions are Sygate contains a lot of unnecessary bloating Features which in the long run makes Sygate Personal Firewall requiring quite a bit of System Resources. And if your computer isn’t being fully properly maintained Sygate Personal Firewall can be liability to your Internet Performance.

    I’m running Microsoft Windows XP Professional Corp with Service Pack 1 Installed and all the SP2 hotfixes and I’ve not had any problems with Look ‘n’ Stop, I’ve not encountered any conflicts with Look ‘n’ Stop and the Software I use along side. I’m very confident that you won’t find any conflicts with Software you could possibly use.

    Like all Software Firewalls or Software in general it may be of some problem usually generated by the User (…Like installing more then one Software Firewall at once), and if and when Frederic is more then excited to acknowledge and assist either by E-mail or the Official Forums on Wilders. If you discovered an actual anomaly he will admit and fix it quickly as humanly possible. And there are a lot of capable Look ‘n’ Stop Customers who are eager to provide their assistances also…

    Look ‘n’ Stop may lack in a specific Feature like proper “Rule-base Application Filtering” but it makes up for it with all it’s incredible unique Features that other Software Firewalls still don’t have implemented…

    It’s not exactly newbie welcoming type of Firewall; I’ve never personally had any difficulties in understanding Look ‘n’ Stop but there are number of folks who do, then again you can create one of the most basic Applications and publicly release it and notice people having problems and Questions anyways… Look ‘n’ Stop Software Firewall was built for Information accuracy unlike other Software Firewalls so if you don’t understand the true notions then of course it’ll be difficult anyhows… And of course much Features to explore as time goes bye (Not ASAP requirement), and that’s one of the reasons Customers don’t get bored with Look ‘n’ Stop.

    A lot of useful Information on the Forums and few sites one could easily absorb, and if anything not available to your fingertips one could easily E-mail Frederic or preferably post on the Forums to get the Information you seek…

    Anyways I better stop or I might get a booting, hope this helps you some… ;)
     
  4. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I've been using Kerio to protect my computer with nothing else, and it has been working fine here. You might try some others out, but currently I don't like any of the other mainstream firewalls out there with bloating, making simple things too complex, and useless features.

    If you were to switch I might only suggest SyGate with others have said to be somewhat bloated, but I haven't see their latest version. LnS still doesn't have rule based application filtering so I won't even consider it since I don't want my mail program getting out on http when I only want my browser to be given permision for that connection.

    Kerio is a great bang for your buck as its still free :cool:
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    At a Packet-Filtering Layer you can easily Control the Outgoings.

    In any case Look ‘n’ Stop v2.05 will be officially released which contains “Rule-base Application Filtering” ;)
     
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I use LooknStop.

    It gives me stealth,which is a must IMO.

    It is light on resources.

    It has been compatable with every program that I use.

    I like the log features and advanced mode options.

    While it may not be the most newbie friendly,LnS isn't hard to set-up or load rules.
    It installed easily!

    Support from Frederic(LnS developer) and Phantom is dedicated and a real plus for LnS users!!!
     
  7. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    However if you allow outbound on tcp 80, you allow all the applicaions out on that port which you might not want to allow.

    I have used LnS before, I found it more like a router configuration which was ok, but even before LnS I was using Personal firewalls with rule based application filtering. One you might remember was called AtGuard before it was bought out by Symantec for their Norton firewall, and they still can't get anything right.

    Well I will have to check it out when it finnaly comes out, as it appears its still in beta testing.
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Food for thought...if it runs that well on your systems and you have been happy with it, do you need to change?

    If leaktest protection or sandboxing capabilities are now something you are looking for in a firewall, you may want to consider looking at others.

    As you mention a concern for potential exploits and that you use Proxo, you will need to look at how any of the others handle loopback and if you can restrict access to the proxy (if that is a concern for you).

    You will be the only one able to decide which of those two would be best for you. Both are excellent firewalls and it really boils down to trying them and then determine which one best suits your needs.

    Regards,

    CrazyM
     
  9. iCQ

    iCQ Registered Member

    Joined:
    Jul 28, 2003
    Posts:
    8
    Location:
    The Netherlands
    Now first i have to say; its not wise to tell people (in public) what kind of protection you are using.

    If you ask me what i find to be a good firewall its indeed also Kerio as my first choice (been using it on and off since it still was named 'tpf').

    As a good second blackice (bid) from www.iss.net. They have even better firewall (alike) products but they are awfully expensive (but 1000% better costumer service support).

    To be honest, personally im not using either one of these two firewalls ;)
     
  10. halcy

    halcy Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    10
    Thank you for your replies. I really want application specific rules (as with Kerio). I'll have to wait for Look 'n Stop update on that.

    Sygate has been labelled as somewhat a resource hog by some, maybe I'll skip it for now (until I have better idea or can test on my soon to be secondary system).

    I hadn't thought about the Proxo access control thing.

    To be honest, there are so many leak test, proof of concept attacks and various spoofs that I am not up to date with them all.

    I'm more concerend with attacks coming from outside (because I think I have decent protection from attacks from inside).

    However, now on retrospect it looks like I'll just have to get another hardware firewall for that purpose.

    Thanks again!

    cheers,
    Halcyon
     
  11. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    LooknStop uses 2 drivers which combine to 70KB in size. Sygate uses at least one driver (depends on what you have loaded iirc) which is over 600KB in size. Sygate does affect network performance, noticeably on narrowband like 56K, but pretty much unnoticable on broadband and lan. LooknStop is totally unnoticable, especially in regards to latency even on dialup.

    I used to use Zone Alarm, then Sygate until I realized that they were slowing down my networks. LooknStop contains nearly everything you need in a "firewall" and with the new version it will complete the list of what a firewall should have. Personally I think cpu/resource use and network performance are the two most important things in a software firewall.

    One thing I totally dislike about Sygate and other similar firewalls like ZoneAlarm, is when you disable them they aren't properly disabled and if you try and uninstall them they leave their drivers on your system. Whilst the driver's aren't "active" they still get loaded by the OS and hence consume resources and increase boot-time. I cannot see a valid reason why they would leave their drivers on your system anyhow. When I had to uninstall LooknStop once it completly removed itself, that is what it should be like.

    -Jason-
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I agree totally with what Jason / DiamondCS has said!

    Look ‘n’ Stop Personal Firewall is one of the most incredibly smallest today’s Software Firewalls existing which incredibly fast and smooth, it does not have a “noticeable” impact on the Internet Performance. It’s very Lite on the Systems Performance and I would too consider these factors here the most important factors in a Software Firewall…

    And regardless the fact it does not yet have “Rule-base Application Filtering” Feature it has many other Features, like Features which allows you to have Ultimate Controls of packets that other rule-base Software Firewalls still doesn’t have yet. And further more to my point Sygate Personal Firewall for an example does not allow you complete Control over more then 10-18? Different ICMP Types when in fact Look ‘n’ Stop Personal Firewall allows complete Control over ALL ICMP Types (0-255)! And this is only one example of many. ;)
     
  13. Dean

    Dean Guest

    It depends on how much security do you really want! Your ISP lives in your Computer. I found tiny 2.15.A to be the fastest and honest!
    See new Post Maximum Security FW Rules for Win98SE this tells all!
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I use Look ‘n’ Stop! That should say it all (Maximum Software Security); otherwise I would use an “original” Software Firewall like tiny then obviously I wouldn’t really want much Software Security…

    Another paranoia; “ISP = Internet Service Provider”, I never seen a paid 4 ISP attempt to “Hack?” its customers. And if you assumptions are based on number of ISP supplying its own Software, and we say for a second their Software was used to allow the ISP access to its customers Machine then I wouldn’t identify this as “Hack”. And I’m sure there are many intelligent folks on this forum who are capable of jumping in here and explain how this is so…

    Frankly I don’t share your opinion, and neither does my 486/20mhz with 8MB of RAM.
    Look ‘n’ Stop Personal Firewall is capable of running on my 486/20mhz with 8MB of RAM while Tiny cannot.

    I’ve glanced at the topic but I couldn’t stand following that type of topic.
     
Loading...
Thread Status:
Not open for further replies.