Discussion in 'other firewalls' started by mgaidia, Aug 20, 2006.
which is the lightest firewall?
I mean the one which uses minimum resources
Probably CHX (lightest) or Kerio 2.1.5 or perhaps LnS...
Agree with the above with an addition of Ghostwall and jetico v1
Netveda Safety Net was also a low usage firewall, however, the program seems to have been abandoned by the developers based on the website forum messages.
I'd say look'n'stop is the lightest, its also very secure and relatively easy to use. Jetico is also very light and very secure but a little harder to use imo.
Kerio 2.1.5 is my vote for the lightest
Do you have the new version lol (2.1.5 ).
Well here is look'n'stop's resource usage (RAM on the left, VM on the right), I can't show you chx-i since it can't be shown with any process monitor
That is low usage
For Kerio 2.1.5 (PERSFW.exe) I have
Mem- 1,172 k
VM- 3,216 k
How is kerio 2.1.5 compared to look'n'stop in regards to overall security? I know look'n'stop does quite well on the leaktests, how about kerio?
This link should answer your question:
No, it won't since kerio 2.1.5 is not tested by gkweb anymore. The one on the website is from the 4.3.x serires.
Kerio 2.1.5 has very basic application control which can be tightened up by restricitng local and remote ports, and ips. However, a nice addition to kerio 2.1.5 is any form of HIPS.
Look'n'stop has a much better leaktest detection, however, you have to pay for it.
True. But the program is free, so I don't see how using NetVeda Safety.Net is much different than using some of the other popular firewalls, such as Kerio PF 2.1.5 or Sygate PF.
Agreed. I don't think using Netveda would be that much different than using one of the other mentioned programs. I was making a comment that the program had a low resource usage requirement that would not hog up your system's memory.
Jetico vs. Kerio vs. Look'n'Stop vs. Comodo
Some comments from a long term non-advanced fw user. This is all imho, YMMV.
Comodo is not particularly low on CPU or MEM for older/slower systems (think Celeron 600-900Mhz, 256-368MB RAM).
In situation like these, a program like Kerio 2.1.5. takes the cake for cpu/mem usage.
However, Kerio has issues:
- slows down ethernet max throughput (to c. half of practical max 100Mb eth network)
- does not block outbound leak tests as well as modern ones (for those who care about such things)
- has a security hole in it, which remains unpatched (and will likely remain forever)
- tends to loose it's settings sometimes (although rarely)
Now, if one wants to get rid of these, one could try Look 'n' Stop. It's very low on cpu/mem, extremely fast, doesn't limit throughput, is still being supported/developed (?) and is very good (although not the best) on leaktests.
But look'n'stop has issues as well:
- issues in SPI mode with some p2p progs
- no good/easy/straightforward installer/configuration package for all the latest patches
- fairly kludgey interface (imho), somewhat hard to configure and make rules for (although perfectly doable, once you learn it)
- limited in it's amount of app filters (I think 100 or so, clearly too little for a modern installation which can have 300+ apps, more than half of which will try to access internet)
- NO app specific outbound/inbound rules for addresss/port/protocol (just separate app internet access rights and separate packet filter)
Now, one could then skip Look'n'Stop and go for Jetico. Jetico has more systematic UI, single install package, it's fairly small footprint, fast, is not limited in filters.
But, Jetico has some issues as well:
- very complicated to use for a beginner
- rule making is really complicated as well
- has compatibility issue swith some programs (then again, which doesn't)
- repeated and multiple pop ups in learning mode, which can drive you mad
What's my point in all this?
There are many choices, many preferences and no single right answer.
It depends on what one is after and which failings one is willing to tolerate.
I'm still waiting for the firewall that is:
- app level internet rule control (not just app ctrl + separate packet filter)
- stable as Look'n'stop
- cpu/memory footprint of Look'n'stop
- outbound protection of Jetico + KIS6
- nearly as easy to configure as Kerio 2 in learning mode
- as powerful as Jetico/KIS/Comodo/CHX in advanced rule mode
I know it's doable, although it may be hard and require a specific development language/environment and coding crucial parts in assembly.
I hope Jetico 2.0 will be my next fw, but only time will tell.
I couldn't get Jetico v2 to work properly for some reason, it installed ok but upon restart kept freezing my windows for some reason.
Look n stop is probably the lightest and most secure of all the firewalls. Theres always ghostwall is which is super light.
CHX-I 3 was not very light.
I say this cause it got the windows process mmc.exe running.
It took something like 15 MB besides the chx process that took less than 2 MB.
I run kerio 2.1.5 and chx-i worked just fine with it i think.
I have some netphone program. If i put SPI on chx-i with UDP, it would not log in though. Same as with Comodo. I know that program must be an odd one. And I could had worked the chx-i rule to make it work.
But I found not much usage for chx-i since kerio 2.1.5 same as Sygate 5.5 always allowed me to have the needed inbound protection. And they worked straight out of box ... wel BZ ruleset of course applied to my connection and avast proxies of course took some time and work but I value that effort put into it. Fragmented packets passed or not in kerio. It was a frustration to know that while kerio 2.1.5 had passed that netphone program, it was still checked as all other connections with chx-i. But i saw no slowing down on my system. Or CPU usage from any processes involved.
And if there is a way to keep that mmc.exe from running, I stand corrected.
CHX-I is an interesting system rule packet filter for ports and protocols etc, many options. I might check it again another time and maybe also going to check that online manual for further investigation:
Re: Jetico vs. Kerio vs. Look'n'Stop vs. Comodo
my list would be:
- cpu/memory footprint of Look'n'stop
- rule presets of Outpost + KIS6
- good for p2p and gaming
unfortunately my second wish limits me to either Outpost or KIS (duh), each having its pros and cons.
Agree! Add in a router then you have Kerio 2.1.5 + HIPS + router = You can fly the flag!!!
(see image below)
Separate names with a comma.