Good app control / outbound access / low resource FIREWALL ?

Discussion in 'other firewalls' started by halcyon, Nov 7, 2004.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I've been running kerio 2.1x now for two years. Have tried Outpost Pro (not for me), ZAP (not for me) and some others (not worth meantioning).

    I've now become finally ready to accept that I may need to move on from Kerio 2.1x.

    My reasons:

    - recently discovered vulnerabilities (more probably coming, but most likely not updates for kerio 2.x)
    - sometimes the program loses my firewall application rules (all rules are lost). This has happened twice. I haven't found a solution for this
    - Kerio 2.x is vulnerable to various outbound attacks (and will probably never get a fix for them)

    My requirements for the new firewall software would be:

    - VERY LOW on resources (RAM and CPU). Preferably no more than kerio 2.x
    - Good application level control for outbound access (can haver other type controls as well, but application control is a must)
    - Catches most known outbound access variations
    - Firewall only (or configurable as such): no IDS, no anti-ad, no spyware blocking, no cookie cleaning, etc. I don't want a kitchen sink :)
    - From a company that has existed at least for a year and which is more than likely to exist for at least another year
    - Not too expensive (max. 50 euros)
    - Easy configurability is a plus, but not a requirement
    - Support available either via user groups or from the company itself
    - In active development by a company. Not done by a one man shop or receiving only an update once in a year. Known bugs fixed.

    Now, I don't like nor will I consider the following firewalls:

    - Outpost Pro (kitch sink & resource hog. I had kernel crashes with it and never received support from them and I was a paying customer when they were just starting out)

    - ZoneAlarm Pro (I'm a customer, but I don't like their interface or it's resource use, which is too high)

    - Kerio 4.x (I've tried it but it is again a kitchen sink. I've had problems with the various betas and I don't want to be a paying beta-tester)


    What other options are there for low resource usage / good application control / good outbound access control -firewall?

    I know there is no "best firewall" and I'm willing to play a bit with two test versions, but time probably doesn't allow me to try out three or more. I try to have a life as well and I'd like to get a solution that 'just works' (ideally).

    I'd appreciate all suggestions for or against various firewalls, but please try to fit my needs.

    I also won't participate in discussion about Outpost Pro, ZoneAlarm Pro or Kerio 4. If you like them, fine. However, do respect the fact that I don't like them or want them in my computer (even though I own the license for the them :)

    regards,
    halcyon
     
    Last edited: Nov 7, 2004
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  3. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    Look N Stop
    Kaspersky Anti-Hacker

    I'd suggest Look N Stop first, but both of these should have (or not have) just what you're looking for. Look N Stop is €32,00 & KAH is €26,30.
     
  4. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    BlackICE Defender. Best APP Control available. not much of a firewall as it only controls outbound access. low memory usage. seems perfect for you, as its IDS/IPS is simply the default rules of other firewalls, just a new name.
     
  5. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Thanks for the suggestions.

    The last time I looked, LnS had very limited application rules. Has this changed?

    As for BlackIce (I have a license). I was burned by them years ago, when they were about the only kid on the block (or so it semed). Also, their security track record (exploits, roots, etc) is just horrible. I won't touch them with a proverbial five foot pole :)

    Thanks for the tips though. Keep them rolling!
     
  6. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Try Jetico, though it is free for now and in beta.

    Has similiar ruleset capability as Kerio 2 which I like, though I must add that when you try to uninstall it, it stays in the control panel. Not too sure what other bits are left behind as well.

    Small memory footprint, almost similiar to LnS at 8 MB. Kerio 2 is the best at 5 MB on my system.

    Installed it on two XP2 PCs, one of which crashed (Northwood 2.:cool: but the other (Williamette 1.7) is working well. Can't figure out whether or not it is due to Jetico or due to Process Guard. I have a registered version of the application on the Northwood.
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    ssm with built in firewall of xp. then you have perfect outbound protection and the inbound is built in.
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    not completely correct though but I guess with ssm you have some serious app control...
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
    I am trialing LooknStop. So far, I really like this app. Small footprint on the hard drive and it is configurable down to the inth.
    Support is available right here on Wilders. Hard to beat combination!
     
  10. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    You can even get more support here

    h**p://www.fluxgfx.com/ssc/index.php?

    Ruben
     
  11. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    For those who have already tried them...

    Did Look'n'Stop have application control in it's current version?

    How about Jetico?
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yes, to both I believe. I think the free version of Look N Stop lacks app control, but the pay version has it. Jetico has it and is still in beta and free at this point.
     
  13. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Tiny is nice, it has great application control ("windows security"), but it comes with Snort IDS. Look 'n' Stop has great application protection and is very, very light on resources. Jetico is a good firewall that also has good application protection and is also light on resources, but is still in beta stage. Black Ice is decent, but it comes with IPS/IDS and the application control allows you to choose what can run, not what can access the interent and is highly recommended to only be used on a clean system since it makes a baseline when you turn application control on and does not let you choose what to baseline untill afterwards. 8Signs is a great firewall, but does not have application control. As Notok mentioned, x-wall may be worth a look. There are tons of choices out there, you just have to look. ATM I am using 8Signs with Look 'n' Stop's application control, but that is just a personal preference.
     
  14. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Good point AJ
    BUT BlackICE does control what apps can access "the network" which is LAN+WAN gateways (i think)
    About the baseline thingy... you CAN change what rules are created afterwards (but it takes too darn long) and you can even stop the baseline (NOT recommended)
    I don't really like Blackice, but its got one thing not many others have... called "component control" in ZA... it treats each DLL/OCX file as an executable and applies the same rules on those and it spots any kind of DLL "injection" into any process (provided its not a known dll or exe or both)... I like that, and i don't like ZA as ZA doesn't like Kerio and I like Kerio too much. ;)
    hope I obfuscated more than you guys learned ... ;) seriously!!!
     
  15. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    For those who like Kerio, are interested in Kerio or are simply trying to find a fully featured firewall........
    Kerio's Web filtering is good, but it removes cookies too much, and interferes with ur board posts. Sorry. Also, not many users give the firewall straight As... maybe B- and C+ grades.
    My love affair with KPF may be about to end.

    My experience with look 'n' stop AND Jetico....
    multiple install and uninstall problems, configuration difficulties, inability to detect new apps, and finally, BOTH screwed up my system pretty bad (led to clean reinstalls)

    My itenerary for firewall testing is.....
    1. Tiny Personal Firewall
    2. Outpost

    I've begun to hate BlackICE as well because it can't help but be heavy (but NO other item gives me component control)
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Good luck with Tiny. I tried installing the latest 6.xx and spent about an hour looking around and couldn't figure out anything. I guess it takes some time. I went to grc.com and scanned and it showed everything CLOSED with some ports OPEN. There's probably a way to stealth everything somehow, but I couldn't figure it out. The help file that comes with version 6 seemed to be the help file for version 5. Things apparently have changed from 5 to 6. At any rate, it doesn't appear to be easy to figure out.

    Outpost is good and fairly easy to use though...
     
  17. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    With BID you can always start the baseline/stop it, then turn application protection back on and clear the baseline manually from the .txt file in the BID folder, but I really dont like the whole way it is setup and that is too much of a hassle when you can use something like x-wall, L 'n' S, Outpost, Kerio or any other method much easier.
     
  18. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Hey AJ.... The ONLY reason i use BlackICE is that its got Component control.... show me any non-ZA firewall that uses it and I'll throw it out before u can count to... well... 13
    And you're right, it is a bit of a hassle, but if you baseline it, then only change some settings, and keep the rules to "ask for new app", then its pretty well behaved, except when you install SPs, then it goes kaplooey for hours and hours together, since after every restart it wants to know something new.
    Also, its component control ain't that great... it will only detect one new component PER time the program calling it starts.... which means if 2 BHOs attach themselves to IE and they're unknown to the BID rules, the alert is generated for only one of them, and if u allow, the other has temporarily slipped inside, and gets detected ONLY when the first has a rule for itself created. Only then it generates a fresh alert.
     
  19. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Good bye BID.

    http://www.abtrusion.com/

    As for firewalls that have component control...

    Look 'n' Stop
    Outpost
    Jetico
    and many more...
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I don't think Jetico has component control AJohn.. Don't know about Look N Stop either, but perhaps it does. Outpost does. Sygate also does....
     
  21. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Based on the below, I assumed that Jetico did.

    I do not see how it could stop all of these without component control, but please correct me if I am wrong.
     
  22. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Sygate Personal Firewall is a very good choice.
     
  23. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    AJ... memory injection and dll hooking are different AFAIK, but I'm no expert, just a kid with a Pentium 86 welded at the top...
     
  24. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I was under the impression that Jetico had both, sorry if I am wrong here.
     
  25. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    hey, why not test it... the awft test generates hooking in one of its tests...
     
Loading...
Thread Status:
Not open for further replies.