Any Difference Between Application-based and Rule-based Firewall?

Hi, folks: I used OutPost Pro 3.5 before and use ZA Pro(part of ZASS 6.5). Both give me adequate protection and are considered reliable. I believe these two operate under completely different principles. Can folks with in-depth knowledge share some of your knowhow with viewers here? in the area of technology and pro/con of their uses, and also illustrate the catagory of current available F.W. in the market? such as comodo, ZA, KIS, etc. Thanks.

 

I'm not that knowledgeable but heres my 2 cents.

As the names imply one controls an apps access to the internet where the other one does controls data based on certain rules you have set.

For example Look'n'Stop has both application control and network rules control, a user can control what apps may access the net as well as control where that data may go.

 

Have a look:
https://www.wilderssecurity.com/showpost.php?p=826060&postcount=3

For further informations have a look at the Firewall FAQ:
http://www.vicomsoft.com/knowledge/reference/firewalls1.html

 

As a person new to rules based firewalls, I'd like to follow this thread to see if I can learn anything. I'll be quiet.

 

Sorry to hijack this thread but which one offers better protection?

 

I wouldn't know which one is better but i do know that used together they offer great protection, which is one reason why i use look'n'stop.

 

For me, the most logical method is that followed by AtGuard and Kerio 2.1.5.
This involves having all the rules on one page with the opportunity to move each rule up and down according to priority and the possibility of associating any of these rules with/without an application.

Unfortunately, firewall designers today seem more concerned with spreading the rules around several panels...I guess to create the ILLUSION that you are getting more value for the money.

My current firewall of choice, NPF2004, uses 3 rule priority levels (called General, Application, Trojan Horse). Therefore, it's not quite as logical as AtGuard or Kerio 2.1.5 but it provides some other advantages (at the expense of 24 MB RAM!) over these two.

 

All else being equal and limiting this comparison to the internet firewall component, rule based firewalls can offer greater security. This is primarily because of their greater configurability. Rule based firewalls do give the user more control over what traffic is and is not allowed on a per application basis. That additional control can translate into better security if the user can write good, specific rules. A rule based firewall with poorly written rules is only slightly better than no firewall at all. Many of the firewalls available are more accurately described as hybrids of both types, having both basic application settings and the ability to enforce more specific rules.
This doesn't take into account any additional features that may be combined with a given firewall, such as HIPS. At the risk of causing confusion, HIPS is also referred to as application firewalling, referring to the actual control of applications. Application based firewalls usually refer to internet traffic firewalls. Some vendors are getting a bit loose with the terms which although similar, refer to entirely different things.
Rick

 

I switched from ZoneAlarm Free to Look 'n' Stop.
Both offer Application filtering, but Look 'n' Stop also offers Internet filtering, which I don't understand yet. So Look 'n' Stop will keep me busy until I understand that part and hopefully I will be able to work with rule-based firewalls in the future.