Low resources firewall

Hello members
I am looking for a low CPU usage firewall for VmWare fusion XP guest OS.
Any suggestions are very much appreciated.
Thanks
NT

 

Hi NT, Welcome to Wilders,

You would need to give more details, such as what resources are available (cpu used as example) as what may have little impact on one setup may slow down another.

Also, what type of firewall are you looking for, free_ware/paid, application control etc.


- Stem

 

Hi stem, thanks!
At the moment I am using CFP(comodo) free firewall. It does what I want as it has application control. I just find that it uses often to much CPU between 5-20%. CPU is crucial because I do my work on the VM and any high CPU justloads the VM usage in OSX. This is the same with memory use(24,700k).
So any firewall that provides the same level and preferably a free.
NT

 

It should not use none probably it conflicted with other app.You should have uninstalled right away and not let it damage your system.I did not get this when i used comodo,but i've got it with many other software firewalls.
The only software firewalls that i am not affraid to recommand and from other users reports work smooth on most systems(xp) ,and if u accept that every system is different and they might not work on yours are: sygate,and kerio 2.15.
If i was stil on XP i'll definetly use one of them as i don't have a router.
Over 800 connections with u torrent and the Ram(Working Set as i use ProcessExplorer) was under 10,000k on both,and the CPU rarely hit 1% from their proceses.
The big downside is that both of them are long discontinued,but there are a couple of threads here at wilders,if u need more info about those two,and the firewall experts will assist you .
Online armor is a firewall which offers similar application control to comodo,but for my tastes the free version offers too limited firewall(not aplication)rules.The paid version is great .

 

Hi NT,

It does sound like a possible conflict between the HIPS of comodo and the VM. Maybe look at disabling the HIPS to see if that resolves the problem.

virtumonde mentions OA free
You could give OA free a try, but virtumonde is mistaken as OA free does have application firewall rules.


- Stem

 

Thanks, would you mind explaining HIPS?

 

Thanks virtumonde
Looks like my firewall does have some sort of problem that the Mem usage and CPU usage is so high. I will have a look at OA.
Is the setup with OA comparable to CPF?

 

HIPS stands for Host Intrusion Prevention System. Products such as these deal with the individial user computer, or host system. The idea is to have an application that forces the user to 'allow' or 'deny' certain events, such as starting an application or modifying critical registry entries. In that way, the user is in control of everything that happens on their system.

I hope that helps.
Nate

 

In my opinion, both application bite off more than they can chew; they both attempt to do too much. Instead, I prefer a true layered approach rather than relying too much on one applications. I use single apps for single fuctions.

Obviously, I recommend what I use. I have used LooknStop firewall in the past and have liked it very much. If you are intent on using a true HIPS, as opposed to a sandbox, I recommend you use LnS and EQSecure 4. Both of these are extremely low resource.

 

Hi n8chavez
Thanks a lot, I would start trying with a free one first, if possible. Are any of the recommended free?
Also thank you for the explanation of HIPS!
NT

 

Yes, of course. A lot of people still use Kerio 2.15, with the appropriate config set. You can gran that here. You might also want to look at Jetico 1. Both are freeware rule-based firewalls that fit your criteria.

 

Well
That gives me two choices. Is Kerio reasonably easy to setup and configure?
So I will deinstall my CPF and see how I get on with Kerio.
Thanks for now!
NT

 

Get Kerio 2.1.5 HERE.

As to using EQSecure (EQS) for your HIPS -- The default settings of EQS are sparse, & (IMO) they do not provide adequate protection. Ergo, many folks are using Alcyon's rule set because EQS is very complicated to configure.

For a HIPS that has good protection right from the get-go (with its default configuration) I recommend...

RealTime Defender (RTD)
OR
DriveSentry.

By the way, RTD has network protection. Hence RTD offers a degree of control over applications making outgoing connections. Thus, if you use a router or the Windows firewall (for incoming protection) you can get along without any software firewall.

 

bellgamin, thanks
I have downloaded and installed kerio.
Is there a way for adding outgoing application controls?
I had a look at the filter rules and have not managed yet to add any applications? If I add an application I cannot link it to the relevant exe file?

How does that work?

Thanks

 

I used Kerio for a while, but no longer use ANY software firewall. Therefore, I cannot do a step-by-step for you. Of course, Kerio will ask about each application that attempts to connect out.

Hopefully a Kerio-user will step in to help you.

 

Thanks for your fast reply.
I found it and , it is fairly easy.
Any reason that you are not using soft firewall? Just through the hardware?
NT

 

My SPI/NAT router monitors incoming. RealTime Defender monitors outgoing. Fast & simple. No need for a software firewall.

 

notechyet,

Possibly this link will help you set up some rules:

http://www.urs2.net/rsj/computing/kerio/index.html

 

Since you also mention kerio and Jetico in other posts, and I now see that you now use Jetico, which of the three do you prefer ?
(Look'n Stop ,kerio or Jetico ?)

 

If only I knew the answer to that question. Right now I'd have to say I prefer Jetico (v2) over LnS. Howver, that is just because there are a few 'quirks' with with my system and Phantom's latest config. That might change; I hear that there are some very interesting things on the horizon for LnS.

That being said, it's important that you understand that LnS is the better of the two from a strict firewall standpoint. Although, Jetico is quite good. JPF, in my opinion, is 'better' for me right now because it also has behavorial HIPS capabilities, which LnS refuses to implement.

 

This is where the defintion of a firewall can get a bit dicey. Being that Real-Time Defender monitors outgoing traffic, could that not be considered your firewall? After all that is one of the major fuctions of a firewall.

Bellgamin brings up a good point here, probably without knowing it. Certain HIPS applications can monitor outgoing traffic permisions, thus acting as a firewall. Real-Time Defender and SSM Pro come to mind as having that feature. Those that are interested in an HIPS and firewall, who are behind a decent router, might want to consider this approach in an effort to simplify.

 

At least with SSM, this is simply a "Go/No Go" permission for all applications attempting outbound connections. There are no options to restrict this traffic to protocols, ip addresses or ports. But, indeed, it is as mentioned a simple approach that can be satisfactory for those who don't care to govern their application's network traffic as stringently as a good software firewall can.

 

You can set both RTD & SSM to either allow, block, or ask. Examples: I set "block" for explorer.exe, "ask" for iexplore.exe, & "allow" for Avira updater.

 

hi bellgamin
that sounds the setup i'm looking for. No frills and thrills!
Basic, solid!
Thanks a lot for your input, very much appreciated.
NT

 

Would you rate a Linksys WRT54GC as proper router for those standards?
I find myself buying increasingly faster CPUs, with low latency memories, huge HDDs and less and less software running lol - I like simple and light