Light Outbound FW - granular rules

Discussion in 'other firewalls' started by luciddream, Aug 23, 2011.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Now that I'm running Sandboxie I'm finding much less of a need for a HIPS. I like to keep my setup as light as possible while still feeling safe. Is there anything that would run lighter than Comodo (just the FW), and allow the same type of granular rule setting? I don't care about it's inbound protection. My router takes care of that. In fact I'd prefer it not be bloated down with advanced inbound protection, like SPI, ect... since it's just overlap.

    Is there an option that would be lighter than simply removing the HIPS from my already existing Comodo?

    I'm thinking about ditching my real-time AV too... but that's for another thread.
     
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    What Operating System are you using?
     
  3. LODBROK

    LODBROK Guest

    Oh, come on. Everyone knows THAT! ;)
     
  4. LODBROK

    LODBROK Guest

    To answer the question generically, tho, if one is using a 32'er then Malware Defender has the bestest outbound rules granularity that ever was. Yes, it's a full blown HIPS but you can turn off everything except Network Protection.

    Attached are the superb rule sets I have for Firefox and Thunderbird. What really sets MD off from everything else around right now AFAIK is that one I set up for "Ask." Note the rules run from high to low (Priority 5, then 4, then 3, then... well, you know). So if an email or a Web site wants to connect to a server in "that" part of the globe on port 34812, then an extremely detailed best-in-class alert will pop up which will present an Allow or Block to test your intelligence (or in luciddream's case, his/her Cautiousness) with the options for creating a permanent or temporary (session) rule

    The 64 bit Outpost Firewall Pro 7.5 (not the free 7.1 suite) has almost the same level of control and not quite as much detail; I am satisfied with it but it doesn't give me the warm fuzzies that MD does.

    Every now and then I offer up a neighborhood creature to the gods in an attempt to have a 64 bit Malware Defender.
     

    Attached Files:

    • MD4.jpg
      MD4.jpg
      File size:
      62.5 KB
      Views:
      744
    • MD5.jpg
      MD5.jpg
      File size:
      26.4 KB
      Views:
      744
    Last edited by a moderator: Aug 23, 2011
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Sorry, that was thoughtless of me. I'm running XP Pro SP3. And I appreciate all the advice :thumb:

    Private Firewall is one I've had recommended in another thread. Can anyone else confirm that it is light? I mean I'm gonna try it myself because I realize individual results vary, but I'd still like as much feedback as possible first from a community I've grown to trust.

    If I were using Vista or 7 I'd use the Windows Firewall. Doesn't get any lighter than integrated. When they stop supporting XP I will no longer be using 3'rd party firewalls.
     
  6. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    LODBROK, let's not instill a false sense of security. Malware Defender lacks kernel level NDIS filtering.
    I think you're aware of this, but to refresh your memory...

    Sadly, xiaolin (Malware Defender's author) didn't intend MD to serve as a low-level packet filter.
    In his words: "The MD's firewall cannot block some low level packets"
    ref: https://www.wilderssecurity.com/showthread.php?p=1545985
     
  7. wat0114

    wat0114 Guest

    @LODBROK,

    I see you've got 8 separate rules for TCP to Port 8080 to different ip addreses. MD should allow you to condense them all in to one rule, which encompasses all those ip addresses. If not, then MD's fw isn't quite as granular as a few others I know of ;)
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Although it's no longer supported, have you looked at Kerio 2.1.5? They don't get any lighter, and as long as you don't require a HIPS component, it will give you good control over outbound traffic.
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    There's also some freeware versions of Jetico 1 on some download sites. It was exceptionally light and configurable. I'm not sure what all improvements version 2 has made or if that was essentially a Vista/W7 release. If you are not specifically looking for freeware maybe give look'n'stop a try.
     
  10. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    :thumb: Yes!! :rolleyes: :rolleyes:
    [Till IPv6, and nobody told me yet when that will really be required :(]
    Kerio also watches and alerts about application changes (by MD5)
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.