I have been doing alot of firewall testing and while am very inexperianced with them I have found some to be very very difficult for me to configure and get to work properly. I have tested: Kerio, Look-N-Stop, Zone Alarm, Outpost, sygate. Outpost and Sygate gave me the most fits trying to figure out so I didnt use them very long. Kerio was kind of middle of road I could get it to work but it took alot of time and patience getting my programs to work right online. Look-N-Stop and Zone Alarm were about the easiest for me and I could manually add stuff to the safe list without any problems. So I am probably going to go with one of these 2 choices. What one do you think is better and has the lighter footprint?
>What one do you think is better and has the lighter footprint? Definitely LnS has the smallest footprint.. I think zonealarm has some kind of memory leak. For example, the VM size of vsmon.exe currently on my machine is 60mb (I have seen it much higher) and the zlclient.exe is at 10mb. Some people on the zonealrm forum have reported vsmon as high as 100-250mb when using p2p programs.
That memory leak definatly isnt a good thing. I currently have look n stop on my PC but it just doesnt seem very easy to configure and for some reason I am skeptical about it.
Outpost seemed pretty easy to use... In fact I use it on mt laptop. Did you try the outpost forum for configurations and rulesets? http://www.outpostfirewall.com/forum/ You can also try pcflank for making rules for some common programs. check under "firewall rulesets" on the left. http://www.pcflank.com/
I didnt really give it that much of a chance I didnt really care for outpost and its footprint was kind of big.
ZA has good credentials as a firewall. It des very well on leak tests. However, I have no idea of what kind of expert rules they used and it is hard to find usable advice on the topic. As far as using tons of memory, it may be suffering from the old code syndrome. My system used to get totally bogged down when running bittorrent applications until I shut off the network protection module in KAV. P2P, especially bittorrent opens up a lot of connections and can do strange things to firewalls, IDS and sandboxes.