light firewall?

Discussion in 'other firewalls' started by mgaidia, Aug 20, 2006.

Thread Status:
Not open for further replies.
  1. mgaidia

    mgaidia Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    26
    which is the lightest firewall?
    I mean the one which uses minimum resources
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Probably CHX (lightest) or Kerio 2.1.5 or perhaps LnS...
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Agree with the above with an addition of Ghostwall and jetico v1

    Cheers,

    Alphalutra1
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Netveda Safety Net was also a low usage firewall, however, the program seems to have been abandoned by the developers based on the website forum messages.
     
  5. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I'd say look'n'stop is the lightest, its also very secure and relatively easy to use. Jetico is also very light and very secure but a little harder to use imo.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Kerio 2.1.5 is my vote for the lightest
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Do you have the new version lol (2.1.5 ;)).

    Well here is look'n'stop's resource usage (RAM on the left, VM on the right), I can't show you chx-i since it can't be shown with any process monitor :cool:

    Cheers,

    Alphalutra1
     

    Attached Files:

  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    That is low usage :thumb:
     
  9. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    For Kerio 2.1.5 (PERSFW.exe) I have

    Mem- 1,172 k

    VM- 3,216 k
     
  10. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    How is kerio 2.1.5 compared to look'n'stop in regards to overall security? I know look'n'stop does quite well on the leaktests, how about kerio?
     
  11. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    Hi Farmerlee,

    This link should answer your question:

    http://www.firewallleaktester.com/tests.php


    KuSh
     
  12. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    No, it won't since kerio 2.1.5 is not tested by gkweb anymore. The one on the website is from the 4.3.x serires.

    Kerio 2.1.5 has very basic application control which can be tightened up by restricitng local and remote ports, and ips. However, a nice addition to kerio 2.1.5 is any form of HIPS.

    Look'n'stop has a much better leaktest detection, however, you have to pay for it.

    Cheers

    Alphalutra1
     
  13. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    True. But the program is free, so I don't see how using NetVeda Safety.Net is much different than using some of the other popular firewalls, such as Kerio PF 2.1.5 or Sygate PF.

    Phil
     
  14. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Agreed. I don't think using Netveda would be that much different than using one of the other mentioned programs. I was making a comment that the program had a low resource usage requirement that would not hog up your system's memory.
     
  15. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Jetico vs. Kerio vs. Look'n'Stop vs. Comodo

    Some comments from a long term non-advanced fw user. This is all imho, YMMV.

    Comodo is not particularly low on CPU or MEM for older/slower systems (think Celeron 600-900Mhz, 256-368MB RAM).

    In situation like these, a program like Kerio 2.1.5. takes the cake for cpu/mem usage.

    However, Kerio has issues:

    - slows down ethernet max throughput (to c. half of practical max 100Mb eth network)
    - does not block outbound leak tests as well as modern ones (for those who care about such things)
    - has a security hole in it, which remains unpatched (and will likely remain forever)
    - tends to loose it's settings sometimes (although rarely)

    Now, if one wants to get rid of these, one could try Look 'n' Stop. It's very low on cpu/mem, extremely fast, doesn't limit throughput, is still being supported/developed (?) and is very good (although not the best) on leaktests.

    But look'n'stop has issues as well:

    - issues in SPI mode with some p2p progs
    - no good/easy/straightforward installer/configuration package for all the latest patches
    - fairly kludgey interface (imho), somewhat hard to configure and make rules for (although perfectly doable, once you learn it)
    - limited in it's amount of app filters (I think 100 or so, clearly too little for a modern installation which can have 300+ apps, more than half of which will try to access internet)
    - NO app specific outbound/inbound rules for addresss/port/protocol (just separate app internet access rights and separate packet filter)

    Now, one could then skip Look'n'Stop and go for Jetico. Jetico has more systematic UI, single install package, it's fairly small footprint, fast, is not limited in filters.

    But, Jetico has some issues as well:

    - very complicated to use for a beginner
    - rule making is really complicated as well
    - has compatibility issue swith some programs (then again, which doesn't)
    - repeated and multiple pop ups in learning mode, which can drive you mad

    What's my point in all this?

    There are many choices, many preferences and no single right answer.

    It depends on what one is after and which failings one is willing to tolerate.

    I'm still waiting for the firewall that is:

    - app level internet rule control (not just app ctrl + separate packet filter)
    - stable as Look'n'stop
    - cpu/memory footprint of Look'n'stop
    - outbound protection of Jetico + KIS6
    - nearly as easy to configure as Kerio 2 in learning mode
    - as powerful as Jetico/KIS/Comodo/CHX in advanced rule mode

    I know it's doable, although it may be hard and require a specific development language/environment and coding crucial parts in assembly.

    I hope Jetico 2.0 will be my next fw, but only time will tell.
     
  16. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I couldn't get Jetico v2 to work properly for some reason, it installed ok but upon restart kept freezing my windows for some reason.
    Look n stop is probably the lightest and most secure of all the firewalls. Theres always ghostwall is which is super light.
     
  17. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,183
    CHX-I 3 was not very light.
    I say this cause it got the windows process mmc.exe running.
    It took something like 15 MB besides the chx process that took less than 2 MB.

    I run kerio 2.1.5 and chx-i worked just fine with it i think.
    I have some netphone program. If i put SPI on chx-i with UDP, it would not log in though. Same as with Comodo. I know that program must be an odd one. And I could had worked the chx-i rule to make it work.

    But I found not much usage for chx-i since kerio 2.1.5 same as Sygate 5.5 always allowed me to have the needed inbound protection. And they worked straight out of box ... wel BZ ruleset of course applied to my connection and avast proxies of course took some time and work but I value that effort put into it. Fragmented packets passed or not in kerio. It was a frustration to know that while kerio 2.1.5 had passed that netphone program, it was still checked as all other connections with chx-i. But i saw no slowing down on my system. Or CPU usage from any processes involved.

    And if there is a way to keep that mmc.exe from running, I stand corrected.
    CHX-I is an interesting system rule packet filter for ports and protocols etc, many options. I might check it again another time and maybe also going to check that online manual for further investigation:
    http://www.idrci.net/html/index.html

    Jarmo
     
    Last edited: Oct 5, 2006
  18. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Re: Jetico vs. Kerio vs. Look'n'Stop vs. Comodo

    my list would be:

    - cpu/memory footprint of Look'n'stop
    - rule presets of Outpost + KIS6
    - good for p2p and gaming

    unfortunately my second wish limits me to either Outpost or KIS (duh), each having its pros and cons.
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Agree! Add in a router then you have Kerio 2.1.5 + HIPS + router = You can fly the flag!!!

    (see image below)
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.