Lightest Firewall?

Discussion in 'other firewalls' started by Dr. Lucien Sanchez, Mar 3, 2007.

Thread Status:
Not open for further replies.
  1. Dr. Lucien Sanchez

    Dr. Lucien Sanchez Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    44
    Location:
    England
    I'm currently using Kerio 2.1.5, and I know it's pretty light on resources but is it the lightest? I only really want a firewall for outbound protection as well. I mean Kerio 2.1.5 is fine it's just that I want to make sure that I'm getting the most out of my firewall whilst keeping the resources spent at a minimum.

    Cheers.
     
  2. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    Kero 2 has to be the lightest of those providing outbound filtering.

    Others very light should be Look n stop (and probably PC Tools firewall which is based on it) and Ashampoo Free.
     
  3. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    As CReal put it.
     
  4. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    Oh,i 'd say Jetico 1 is also quite light.
     
  5. Dr. Lucien Sanchez

    Dr. Lucien Sanchez Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    44
    Location:
    England
    Cool. Cheers for these. Time now for some testing.
     
  6. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Do not know the resources used by the above mentioned. On my Win 2k PC running ZA Pro 5.5.094 with only the FW running, no AV monitoring, or e mail protection, memory usage comes in at just under 11 Mb. Since I set behind a router I really only count on it for outbound which it does quit well.
     
  7. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Does anyone know any working links for downloading Jetico 1? I'm having trouble finding one.

    Also, does anyone know if the inbound protection provided by Kerio and jetico is superior to the Windows XP firewall, or is the only advantage over XP firewall the outbound protection, configuration etc?

    Thanks,
    Londonbeat
     
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    http://www.jetico.com ( hxxp://www.jetico.com/jpfwall.exe )
     
  9. Dr. Lucien Sanchez

    Dr. Lucien Sanchez Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    44
    Location:
    England
    So far I've tested COMODO, Kerio 2.1.5 and Jetico, and Kerio and Jetico are about the same, about 7MB each. But for COMODO I get about 5MB which is surprising as most people say it's heavier than the other two. Now, I'd love to use COMODO but it keeps forgetting my settings, so really it's either Jetico or Kerio unless someone comes up with anything.
     
  10. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Filseclab quite light as well. A single process @ <7MB.
     
  11. Dr. Lucien Sanchez

    Dr. Lucien Sanchez Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    44
    Location:
    England
    I've heard lots of people say it crap, but I would consider if it has good outbound protection.
     
  12. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Outbound protection is not stellar compared with others, but it does pass some of the basic leaktests.
    (I doubt Kerio 2.1.5's outbound is that great either)
    However, Filseclab, in conjunction with HIPS here (Pro Security), and I pass virtualy all leaktests I've thrown at it.
    Interesting Filseclab thread here: https://www.wilderssecurity.com/showthread.php?t=92710&highlight=filseclab
    One thing I like about Filseclab (and the reason I keep returning to it) is that I can almost always figure out what's going wrong (should something go awry), thanks to it's excellent monitor / logging.
    It gives me the "warm and fuzzies" in that I am able to diagnose issues that arise. I find it's been a great learning tool.
     
  13. Dr. Lucien Sanchez

    Dr. Lucien Sanchez Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    44
    Location:
    England
    Well, I just tried Filseclab and I have to say I'm not really that impressed with it. The resource usage for me was about 13MB, plus it made my wireless connection go weird. But cheers for the recommendation though, it's good that I've been able to find out all of this first hand though.

    Now, though Jetico has passed more leak tests and is thought of as a safer firewall, I might stick with Kerio 2.1.5 as I prefer the way it handles outbound connections and it did pass the leak test at www.firewallleaktester.com. Anyway, cheers for the input guys, of course I'm still open to more suggestions.
     
  14. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    For me testing the lightness of a firewall isn't only RAM usage.The ultimate test is its behaviour in p2p.Filseclab from what i remember,has CPU spikes at 4-6%,even when downloading a single file through the browser,let alone p2p.

    While the really "light" firewalls,are "stuck" to 0% cpu even at full speed p2p.
    Same applies to ZAF.It's light,but under stress it oscillates from 0-2% cpu,so i don't put it at the same category with the super light Kerio.
     
  15. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    Ah,the pop up windows of Kerio 2 are exemplary.It's a shame that this firewall was abbandoned.It was the perfect way of setting up a rule based firewall.
     
  16. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Running LNS Lite on a 466Mhz Celeron laptop w/96MB of RAM.

    Using around 1.6MB VM.
     
  17. Dr. Lucien Sanchez

    Dr. Lucien Sanchez Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    44
    Location:
    England
    I gave LNS a go, but unfortunately it wouldn't allow me to connect to my wireless network. Shame, I've heard lots of good things about LNS.

    Also, go to agree that it's a shame that Kerio abandoned their firewall. It's seems odd that they'd do that, does anyone know why?
     
  18. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,400
    Location:
    California - USA
    It never ceases to befuddle me why so many people seem to put 'lightness' above other (more important) FW properties. o_O

    Unless you are stuck with an old PC with limited resources, even the 'heaviest' of FWs isn't going to result in much of a performance 'hit' on your system. I would gladly allocate an extra several MB to gain a user-friendly interface, ease-of-use to the point where you can quickly get to not even noticing it's there, and of course, inbound/outbound protection that survives reputable independent testing with flying colors!
     
    Last edited: Mar 3, 2007
  19. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    The "more important" features,is something subjective.One may prefer Kerio 2,despite the fact that fails most leak tests.Because some users have different defences,so that having a firewall leak-stopper isn't a priority.As a matter of fact,i would be curious to know just how many REAL life cases there are where the fancy antileak features of some firewalls are really needed and kick in.

    Some people even prefer no outbound filtering at all.After all,a firewall,originally was conceived to close the door to those "outside".Personally i want outbound application filtering,but i understand those who don't.

    The extra several MB of RAM aren't much of an issue,but extra CPU is still today.Because the PC isn't supposed to run FOR the security applications.The power of the Pcs has become an excuse for bloated,untrimmed code that eats resources for doing something that shouldn't burdon the pc at all and in a perfect world ,where Windows would be a very secure OS,they wouldn't have reason to exist at all.

    Unfortunately,the reasoning of "come on,you have a paleolithic pc or what?" has made,firewalls,avs,hips and even the OS itself ,become bloated.You spend 3-4% Cpu for the firewall ,2-3% for the Antivirus,1-2% for the antitrojan ,2% for the HIPS and there you go with 10% of your CPU eaten for "background tasks".When most of these tasks,combined with appropriate applications and habbits can be done at much lesser cost.So why not do it?

    It's the same story with Vista coming out now and which of course requires a new pc practically.Is it necessary really?Well,the easy answer is "come on,buy a modern pc".Another view is "why would Vista require all that hardware and hence resources,when Linux does the same things on much more humble hardware?".

    So,there is the person that prefers switch to Linux or stay with XP ,in order to avoid the increased resources required for Vista and at the same way ,there is the person that doesn't think that spending too many resources for various security applications in necessary.Because most things that Vista or a heavy firewall do,can also be done in XP or with Kerio 2.

    Regards
     
  20. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I certainly appreciate those who want a Firewall that does not eat into their resources. It seems right to me? Sure old systems are always going to be out there that need protection too. Where there is a need there should be a market.;)
     
  21. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,400
    Location:
    California - USA
    CReal, while I found your commentary quite interesting, I would point out that I did not indicate that my remarks were anything other than my belief.

    However, speaking as a Software QA Specialist, my objective is to determine whether or not a particular software product satisfies its intended design purpose, is free of development flaws (bugs) and coexists well with other installed software. All programs require computer resources to execute, but imho we just have to keep that in its proper perspecive in the overall scheme of things.

    And please don't get me started talking about Vista!
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    A lightweight firewall is not only a firewall with low memory footprint. IMHO, the lightest firewalls are:
    - Packet filters such as Ghostwall and CHX-I (haven´t tried this last though).
    - Rule-based firewalls such as Kerio 2.1.5, Jetico v1 and LnS.
    - Application-based firewalls: older versions of Zone Alarm.
    I also suspect that Filseclab, Sygate and Online Armor FW are lightweight too.
     
  23. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    Hi again pvsurfer.Of course it is your belief and you did well to post it.It's a forum ,so everyone speaks his mind.So did i.I don't mind people wanting the super anti-leak test firewall or the antivirus with 50MB ram.I simply say that users differ.Just like some forum members have countless security applications ,while others prefer just a router and an antivirus.I am somewhere in between,but generally speaking,i want my pc as clean and fast at "default" as possible.So i use nlite and try to minimize the startup programs and use those with less impact on resources.Do i have to?No.I have dual core Cpu and plenty of RAM.But this is the way i like it.I can also "sense" even small variation in speed when using different applications.Also,my needs are different.I ve been using Kerio 2,ZAF,Sygate for years,none of them is a champion of leak tests,yet nothing bad happened to me.So,it's a calculated risk i can take.So i prefer to use as light applications as possible and Pg free,which is a big watch dog that allows me to do that.So,let's say i want to buy an antivirus.KAV is better in detection rate than NOD32.But i would buy NOD32,because it's lighter and i can afford the "risk" of slightly lower detection rates.
     
  24. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    Ghostwall is in deed ridiculously light.Less than 1MB Ram,0% CPU.But it has no outbound application control.

    Sygate is also very light,but eats up CPU if you use p2p,proportionally to the download speed.If you use it only for browsing it's fine and only about 8MB Ram.Only problem the local proxy hole and the fact that ,like Kerio 2,is now out of development.
     
  25. Sealord

    Sealord Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    37
    I've seen others here and elsewhere saying Ghostwall has no outbound application control. Sure it has no control over installed software but it DOES control outbound connections. eg block all outbound TCP to port 80 at IP xxx.xxx.xxx.xxx and it will do just that.
     
Loading...
Thread Status:
Not open for further replies.