Firewall Scorecard

Separate sandbox does work well, but if it is integrated with a firewall it's even better.
With sandbox alone it's difficult to controll apps connecting to the net. You may just set up rules for spawning, registry/file access etc but you won't be able to prevent a program to call home or hackers site. With a packet filter alone you controll the TCP/IP access, but these are general rules, you can't tie them to a specific application or make different rules for different progs. That's why I would prefer Outpost over LnS for example. The latter has both TCP/IP and application filters, but they are separate.

Come on, I am sure you would do it better than me
But the difficulty depends how deep you want to dig in your system to protect it. With few exceptions, I would not create separate rules for every program on my PC . I'd rather define several program groups and make more general rules for each one. Even if you don't have full controll this way, it is much less tedious without much sacrifice of your security.
Yes, Tiny can really replace a whole bunch of security programs, but I still keep PG/RD combo as well. It's not much overload and I feel better, especially with PG, because Tiny does not replace its termination control. I still have an AV scanner also, but I got rid of everything else, like RegRun, PrevX, or installation monitoring progs.

 

Windows network subsystem vulnerabilities are fixed by Microsoft, when they get around to it. For our information, please name a windows networking subsystem vulnerability Kerio 2.15 does not address due to its age, but is widely dealt with by recent releases of other firewalls.

The whole leak test thing is a focus on the worst possible point in the time line. The system has been compromised and the trojan is caught trying to phone home. The focus needs to be on not compromising the system in the first place. Some of the sand box features integrated into firewalls like Tiny are intended to deal with this, however any user smart enough to set up Tiny has the mental tools to keep malware from executing by not clicking on the email attachment, downloaded executable or browser warning in the first place.

 

Under System Privileges (I think thats where its at) Tiny gives you the option to restrict Advanced Process Termination in the usual manner (Allow, Ask, Prevent)

The one program I like to combine Tiny with (apart from an AV scanner) is Anti-Hook. Would be hard to replicate its level of DLL control in Tiny without spending literally *hours* and *hours*. Anti-Hook is far from a finished product though

But, unlike Process Guard, you don't have to turn it off every time you install something...

 

Good point ! But I like having something behind me just in case I can't stop myself from clicking somewhere Prevention is always better than cure, but common sense is not always sufficient. If it was, I would be the first to get rid of all those security progs which only take the RAM and CPU on my PC.

You are right, I just forgot about it. Nevertheless, I am not sure at what level it works and if it gives the same security as PG (user or system level hooking). Tiny protects itself well, so normally it's a good sign, but they don't give you details about it at Tiny's place. Probably you don't need both, but I like PG so I keep it.

 

By the way, Kerio 2.15 when properly set up does manage to block Tooleaky and Leaktest althoug to me, that is an un-important factor. With Avast now doing real time web scanning, chances of a known malware slipping through and calling home is hihgly unlikely.

 

Is there an argument in here or what ? IsNoGood makes very good points and cannot see why anyone would argue his points unless they just love their own firewall . It is simple . Tiny IS the top of the line ! Whether you can use it is another argument for another time . My goodness . Kerio 2 . 15 ? Yes it works . Is it good ? It is JUST ok . ZA ? Forget it . Protection is lackluster . Sygate ? Need I really comment on this ? Learn how to do your own tests and see how " good " Sygate is . LnS ? Yes . Good choice . Strong protection . 8 Signs ? Good at what it does . But does not do alot . CHX-1 . Look at what exactly this particular firewall is . Is this all you want as a firewall ? And YES , Jetico is VERY promising . A ways to go but , VERY promising . You may argue this and that all you want . What is easier . Which is more transparent . Bottom line is , you use a firewall for protection . Protection should be first and foremost . Once you find a strong one YOU CAN UNDERSTAND , look at resource useage and ease of use for yourself and see if your system can handle it . Just trying to end an ongoing thread that will go on forever . Everyone has differing opinions on what is best . But , it still comes down to one thing . What is a firewall for ? Answer that , do your research , and you will see which outclasses which . Very simple actually . Good luck on finding one that suits .

 

Arup- I think CHX-I has a separate NAT component you can also download and install? I know nothing of NAT, but I noticed it on their web site..

 

Thanks K,

By the way, hollywoodPC, if Tiny suits you, then it is fine, don't think it is the best out there, far from it.I trialled it a while back with my dual P-III and dual K-9 PC, both have 1GB of RAM, it managed to slow both of them down considerably. Also, the VC++ debugger would put Tiny in a tizzy. When alternatives are there for free and do an equally good job, why bother, Firewall ratings will remain like pulchritude, politics and religion. We all tend to loose our objectivity when rating them. For some, least amount of intrusion and resource load is the desire, for others it would be features, each has its own pros and cons.

 

Arup:

CHX-1 is designed to work in a gateway enviornment & they have a nat component and other stuff.

Hollywoodpc:

So, how many ^'s for each of those firewalls?

 

CrazyM - Thanks for fixing those quote tags.. I tried, but couldn't figure out how to do it...

 

I did not push Tiny because I believe in it . Sorry you disagree . For Level of protection there is NONE better . That is a fact . No opinion . Want an opinion ? I love Outpost . It is excellent . Another fact : Outpost is at the top too . And I never said paid is better than free . I will now though . It is better as there is more configurability . If you wish to argue over opinions , I am not going to . Everybody has them . But , facts are facts . If you know about software protection , then you know you gave an opinion . I respect your OPINION for what it is . One more time . Tiny gives a better level of protection than ANY other software firewall on the market ~! Bar none . I care not whether you agree or not . It is a fact . Learn your protection avenues before telling me that Tiny is NOT at the top . It is and it is alone . And I do not use it . If you feel Tiny is poor , I feel sorry for your computer . I can only imagine what you would use . Hmmm . Zone Alarm maybe ? No argument . trying to make you realize that a fact is a fact . An opinion is an opinion . Worlds apart .

 

Hi Diver .
Um . It depends on what they are marked for . For level of protection ? Name them out and I will tell you . As I have used them all and do not give in to opinions . I know how they work and how well they work . If I must give an opinion , I will and I will tell you it is only an opinion . I can tell you right now , AGAIn , for level of protection , Tiny ^^^^^ ! Question is , do you have the time and patience to configure it ? Wooooo

 

hollywoodPC, what is fact to you may not be the absolute word to other, ever wondered that. This is the same reflection in religion and politics and like in those fields, I feel, there is no absolute in this field either. You are not pushing Tiny and I am not pushing Kerio. The point here is that your opinion is your fact as is mine and they are due to different expectations from the products, we all weigh in our priorities and then decide on the pros and cons.

 

You still do not get it . A fact is something that is true REGARDLESS of who believes it . Is there a GOD ? That is an opinion as noone can be 100% sure . I do not understand why you cannot grasp the concept of what a fact is . I have opinions . Tiny being the best level of protection in a firewall is not my opinion . It is a fact . Oh well . Enough of this . This forum is full of opinions . I try to add facts in as well , as opinions can be bothersome and lead people the wrong way . Enjoy whatever you think is good . As I will

Cheers

 

I dont get it?? question is do you, fact is relative term, widely mis-used sadly, it is not a dictum, dogma and neither is it absolute. Why not go for an opinion poll and then come to the consensus about Tiny? Let us see how many here consider it to be the absolute protection, you will see the word absolute has different meanings for different people, ever heard the term, different strokes for different folks.

End of discussion as far as I am concerned and Tiny to me will remain a bloatware worse than ZAP, far more intrusive than Zone Alarm will ever be and takes the entire pleasure of running a PC out.

 

As the likelihood of agreeing on what is fact and what is opinion is probably on par with what is the best firewall let's keep to the OP's original request:

Regards,

CrazyM

 

fact (fakt)
n.
Something demonstrated to exist or known to have existed: Genetic engineering is now a fact. That George Washington was a real person is an undisputed fact.
It is a fact that humans exist; it is an opinion that other life may exist elsewhere in the universe.

o·pin·ion (o-pnyn)
n.
A belief or conclusion held with confidence but not substantiated by positive knowledge or proof: “The world is not run by thought, nor by imagination, but by opinion” (Elizabeth Drew).
A judgment based on special knowledge and given by an expert: a medical opinion.
The prevailing view: public opinion.
A judgement based on individual experience: Both performances were excellent, it's simply a matter of opinion as to whose was better.



I give fact ^^^^^ and opinion ^

 

I am going to interpret Hollywoodpc's ^^^^^ rating of Tiny as also meeting the "keeper" requirement. It seems clear that he has it in use.

Hipgnosis,

How philosophical. What facts would you like to share with us today? Actually, your definition of opinion recognizes there are different levels of opinion, as in the expert opinion which often turns out to be fact.

In this discussion things like ease of use and understandability are going to be in the area of opinion as they are based on the perceptions of the user. However, a claim that protection is maximum from firewall xyz has the sound of fact, but is nothing more than an opinion of little value, unless there are some objective tests and comparisons to back it up.

We get ourselves into trouble by representing an opinion as fact when there appears to be little to substantiate the opinion, and obvious bias in its formation.

Of course, you could say that is just my opinion...

But you don't know me, and you do not know what I know. [Ancient Chinese philosophy]

 

Nicely put, couldn't' have said it any better myself. In life I feel there is nothing absolute and the one who is willing to accept something as absolute is severely limiting oneself. What is fact today can be totally wrong tomorrow, history has shown that to us many a times.

By the way, newer studies printed in last month's Nature magazine on a particular variety of plant is shaking up the standard accepted theory on genetics, this plant not only does not inherit the genetic traits from its' parents, it develops its own unique newer gene structure.

 

My post was taken from various dictionary definitions (not my opinions) and was simply meant to inject some humor, which it appears was only seen in a humorous light to me.

 

^^^^ 4 sharks.

That's what I would rate Sygate. Its easy-to-use, fast and reliable, safe and secure. I've never had any proxy issues with it myself, its my firewall of choice.

 

And , I see you guys do not get it . What did Crazy write ? Back to the ^^^^^ . Diver , I do not use Tiny . I have . It offers more protection modules than any other . I do not use it as it is a bit heavy . Not overly so . It is a keeper but , I go with Outpost . I definately give Tiny ^^^^^ . Outpost gets ^^^^^ from me as well .

 

Hollywoodpc-

Tiny a bit heavy? Five processes and 32mb sounds very heavy to me. Perhaps OK if the PC has a gig of memory. The interface has got to be the most confusing that I have ever seen. Some folks manage to make sense of it, perhaps some day I will. However, I get the feeling that I do not what Tiny is doing, and that makes me uncomfortable. The other thing I am not too wild about is the large number of red warning boxes Tiny produces, but I need more time with it to get a better idea of what is going on in that department.

I am a bit confused as to why Tiny being a bit heavy would cause you to switch to outpost. You have long list of security applications on your signature. Some of these are active and require system memory. I suspect that with Tiny you could eliminate one or more and wind up with the same amouunt of memory as Outpost combined with something else.

For the moment I am going to hold off on giving Tiny a final rating based on insufficient time with the app. I don't think that a steep learning curve in itself is reason for a low rating as I never would have found out how nice CHX-1 was had I not spent some time and mental effort to understand how it works.

I have Outpost Pro running on my beater PC. I don't know where that one will come out either, but it is definitely more transparent than tiny.

My provisional ratings are Outpost Pro ^^^^ and Tiny 6.5 ^^^. As these ratings are provisional, they could change after further testing, so dont call me a Kerio, or a Kerry.

 

I rate Tiny lower because it is fairly heavy and fairly confusing to the average user, myself included.

By the way Diver, you can pretty much configure Tiny so that those red warnings go away. It is nice in that respect. You can allow code injection and termination on an app by app basis, so those apps which need it can have it.

 

Diver .
Keep in mind that your system and mine are probably very different . 34 megs for you . Only 26 on mine . And my system did not really feel it . It was absorbed easily . I may go back to it soon . I will always keep Outpost , barring something really bad happening in the future . Too good to give up . Just wanted to clarify . " A little bit heavy " . Yes ! On MY system . Remember too though . And this goes back to what I stated as fact . Tiny gives you what a firewall should PLUS it provides the protection of PG and RD and some of Prevx . You are getting all of that in one application . When that is taken into consideration , is it really that heavy to you ? And this is WHY it IS a fact that this firewall offers more protection than ANY other software firewall on the market . Now . Was that really so difficult . lol . I do not push firewalls on people . I answer questions . You're statement of being heavy is true . But not completely as it depends upon what you take into consideration as well as the system setup . And yes . Tiny is difficult to setup . This is why my very first post on this asked about it being a rating of what is easiest as Tiny was put toward the bottom . Someone referred to Tiny as bloatware . Not hardly as it contains many programs security experts depend on in SEPARATE applications . So , I understand your rating of Tiny . Just wanted to tell you why I think it is a little heavy but , not like what you felt or saw . Hope that helps . And I enjoyed the ratings . Just trying to grasp what it was rated on completely .