Firewall with good outgoing application control, please

Discussion in 'other firewalls' started by SirDracula, Apr 20, 2007.

Thread Status:
Not open for further replies.
  1. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    Could someone please recommend a good firewall that meets the following requiements?

    - It has both packet control *and* outgoing application control, like Kerio, ZA Pro

    - It can keep track of both Trusted and Internet zones and the applications can have individual settings for each zone (e.g. allow connections from the Trusted zone but deny connections for the Internet zone) - e.g. like ZA Pro

    - No extra bloatware in the firewall. I don't care for HIPS or antivirus or antispyware or web filtering, etc. to be built-in. All I want is just a very good powerful firewall, nothing more.

    - I'd prefer FREE or very cheap to purchase.

    So far I tried Sunbelt Kerio, ZA 7, Comodo and none worked well for me or had the control I needed or were too bloated with extra crap that I don't need (some let you disable some features, but I don't even want the code there, sometimes they leave their hooks in and they still get invoked but just do nothing or so they claim, until they cause problems).

    Does something like this exist as a standalone firewall? Even an older version I'm fine with as long as it's stable, has no major bugs and works well with XP Pro SP2.

    Thank you for your help.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Jetico v1. It requires a above-average knowledge and some patience, but it's perhaps the best firewall.
     
  3. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    I tried Jetico, way too complicated for my taste. Even though I'm an advanced user, it's a pain to use it and configure it on multiple computers.

    The closest one for my taste was Kerio. The problem with it was that it had problems with Firefox, it would slow down Firefox, pages would not fully load, requests would be messed up, etc. Yes, I disabled the web filtering, HIPS and application interaction control. Still no luck with it. I think it's just plain buggy, I got no answer from their support, you can't easily find a change list, etc.

    Long time ago I used something called Tiny/Kerio I believe version 2.1.5 or something that I really liked, too bad it's no longer maintained.

    Why can't someone just build a simple to use, good firewall? Just a firewall with outgoing app control, nothing more ...
     
  4. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Try Sygate Personal Firewall, Filseclab, or Kerio 2.15.
     
  5. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    508
    Sir D. What didn't you like about ZA-Free? It's extremely easy to use, has all of the ougoing granular program-control you could want and you can't beat the price!
     
  6. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    No expert rules. In the free version I cannot get NTP time synchronization to work, or my Cisco VPN client or my Cisco IP Communicator (VOIP) or TFTP. It seems that there is no way to configure applications that rely on UDP. If it allowed advanced rules, it would be perfect.
     
  7. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    Do Sygate and Kerio 2.1.5 still work well with XP SP2? I assume I would not get any integration with the SP2 Security Center, right? Not that it adds any security value anyway but it's useful in case the firewall crashes, at least I'd know it's dead.

    I'm asking because I don't want to keep trying software and turn my computer into a mess (uninstallers never work completely).
     
  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada
    I've been using Kerio 2.1.5 on one of my machine with XP SP2 for over a year without any problems.

    I have Security Center turned off as I find it useless anyway.

    Together with this I have SSM paid and Antivir and as I said no conflicts whatsoever.:)
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    If you want no HIPS, IDS or anything, nowadays is hard.
    Comodo comes with some extras, like Application Behavior Analysis, but you can turn it off easily.
    Comodo divides into 2 sepparate monitors: Network Monitor (packet filter) and Application Monitor. Network Monitor is king, and it's the one with SPI. If something is not allowed in it, it's blocked.

    Version 2, present, can't be password protected, nor backup the rules. Version 3 should have that (and optional HIPS lol).

    It identifies source and destination, instead of local and remote. This can be confusing at start. I hope ver.3 brings this too, but i don't know if it will.
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I forgot to add, Kerio 2.1.5 and Sygate are good too. Different. You should try these too.
     
  11. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    Comodo doesn't seem to be flexible with the application control. The rules for the same app pile up like there's no tomorrow, depending on the mode. No trusted/internet zone either that I can quickly get prompted for and save a rule (or create an advanced rule right there during an alert). Comodo looks very promising, maybe I should wait until v3.
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    - Yes, both work well. However, their application control is "weak" compared to what Jetico or Comodo can provide if this is what you are looking for. Other options could be Online Armor, Outpost Firewall, LnS.
    - I don't care about the Security Center. I disable it.
    Three solutions:
    - Use a install monitor.
    - Use a imaging software and do backups before installing anything.
    - Test software in a virtual or spare machine
     
  13. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada
    I tried Comodo a couple of month ago but I came back to Kerio 2.1.5. But again this is personal.:)
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    True, but until IPv6 becomes standard, Kerio 2 should work fine on anything pre-Vista. (I use on both Win2K and WinXP)

    The question of the ages. This question can apply to lots of other software.


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Trusted zone is easy to make. Security- Tasks if you want a wizard.
    Alternatively, if you know what you're doing, build rules for trusted zone in NetMon.

    I've highlighted what's wrong with the rules. You also can change them at will, i don't follow you on that.
     
  16. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    All I want is to have control on a per app basis for the Trusted and Internet zones. I want this to keep an eye on what's connecting where and when. I practice safe Internet browsing so I'm not too worried about spyware that's already installed trying to phone home. If I get that far, something else has failed and I should be addressing that problem instead.

    LnS doesn't seem to make the difference between trusted/internet zones. I want to allow some apps to only connect to my LAN but not interenet, or act as servers just for my LAN, but not the Internet zone.
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Seems that Kerio 2.1.5 is what you need. Control on a per app basis (path, name of executable, MD5 checksum), local/remote IP/ports, low footprint.
    It's a pity that the open source project created to improve Kerio 2.1.5 seems inactive.
     
  18. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    Not wanting to change the subject, but I would recommend forgetting firewalls for a few days until you buy and become familiar with a good disk imaging program. You might want to format first...create an image...then configure/install apps a few at a time, making lots of images along the way...installing your most stable/trusted/long-term apps first. Then make an image and go testing some firewalls, restoring the "no-firewall" image inbetween tests.

    You may have to prioritize your requirements, since it is impossible to find all those things in one firewall. Also, they all have bugs...your tolerance of each specific bug will be different from other users, so you have to try them yourself and make sure they don't interract badly with whatever other software and hardware you have on the system.

    In the past few years, the only software firewalls I have been (mostly) satisfied with that MIGHT meet your requirements have been:

    Zonealarm Plus 4.5.594
    Kerio 2.1.5
    Norton Personal Firewall 2004

    However, all of the above have at least one thing that bothers me. They are also all "old versions" although they are all still available in various places and are for the most part better than their newer replacements.
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,703
    Hello,
    Sounds to me like Kerio 2.1.5 or Sygate.
    Mrk
     
  20. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    As suggested, I'm trying this stuff in a vmware now.

    Sygate is out of the race, it doesn't make it easy to distinguish between Trusted and Internet zones and also between server and client. It seems that if you allow it, by default it allows everything for that app, both incoming and outgoing, you'd have to go edit the rule after the fact, when it could be too late. I like to be prompted 4 times per app, for the combination trusted/internet zone, client/server for each zone.

    I'll keep posting back my findings and what I decided to possibly use.

    Thanks everyone for your responses, very informative as usual.
     
    Last edited: Apr 20, 2007
  21. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Neither does kerio 2.1.5 so one does have to make some research how to do if having a LAN with many computers, but I am no expert to help you on that. I like both SPF and kerio 2.1.5.

    Yes to second one, unfortunately SPF allows server access by default. It is a bother. To delete all the app rules that come after install is recommended and then when running it block first after a prompt and go editing to deny 'Act as Server' is one way for a paranoid user. A paranoid user could do better though with something like Comodo or even adding HIPS to that.
    A paranoid user could also get more paranoid with Comodo, heh.
     
    Last edited: Apr 21, 2007
  22. SirDracula

    SirDracula Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    70
    Kerio 2.1.5 is out for the same reasons: no easy trusted/internet zones.
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,703
    Hello,

    Making a trusted zone in Sygate, as simple as milk:

    Tools > Advanced Rules
    New
    General > Allow this traffic
    Hosts > IP address of the second PC, ex. 192.168.44.2
    Ports and Protocols > All
    Scheduling > not needed
    Applications > select nothing, just click OK

    There you have a trusted zone.

    Now you can play with which app you want to allow, when, which ports etc...

    Mrk
     
  24. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    The final 2 builds of sygate are recognized by security center. the final build is 3408. Sygate has excellent logs.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You mention that you are an advanced user, also the fact that ZA free does not include "Expert rules", which would indicate some knowledge of rule creation. Why not then use Jetico and create your own rulesets for each zone?. This is very simple to do.
     
Loading...
Thread Status:
Not open for further replies.