Low resources firewall

Discussion in 'other firewalls' started by notechyet, Sep 5, 2008.

Thread Status:
Not open for further replies.
  1. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Hello members
    I am looking for a low CPU usage firewall for VmWare fusion XP guest OS.
    Any suggestions are very much appreciated.
    Thanks
    NT
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi NT, Welcome to Wilders,

    You would need to give more details, such as what resources are available (cpu used as example) as what may have little impact on one setup may slow down another.

    Also, what type of firewall are you looking for, free_ware/paid, application control etc.


    - Stem
     
  3. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Hi stem, thanks!
    At the moment I am using CFP(comodo) free firewall. It does what I want as it has application control. I just find that it uses often to much CPU between 5-20%. CPU is crucial because I do my work on the VM and any high CPU justloads the VM usage in OSX. This is the same with memory use(24,700k).
    So any firewall that provides the same level and preferably a free.
    NT
     
  4. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    It should not use none probably it conflicted with other app.You should have uninstalled right away and not let it damage your system.I did not get this when i used comodo,but i've got it with many other software firewalls.
    The only software firewalls that i am not affraid to recommand and from other users reports work smooth on most systems(xp) ,and if u accept that every system is different and they might not work on yours are: sygate,and kerio 2.15.
    If i was stil on XP i'll definetly use one of them as i don't have a router.
    Over 800 connections with u torrent and the Ram(Working Set as i use ProcessExplorer) was under 10,000k on both,and the CPU rarely hit 1% from their proceses.
    The big downside is that both of them are long discontinued,but there are a couple of threads here at wilders,if u need more info about those two,and the firewall experts will assist you .
    Online armor is a firewall which offers similar application control to comodo,but for my tastes the free version offers too limited firewall(not aplication)rules.The paid version is great .
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi NT,

    It does sound like a possible conflict between the HIPS of comodo and the VM. Maybe look at disabling the HIPS to see if that resolves the problem.

    virtumonde mentions OA free
    You could give OA free a try, but virtumonde is mistaken as OA free does have application firewall rules.


    - Stem
     
  6. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Thanks, would you mind explaining HIPS?
     
  7. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Thanks virtumonde
    Looks like my firewall does have some sort of problem that the Mem usage and CPU usage is so high. I will have a look at OA.
    Is the setup with OA comparable to CPF?
     
  8. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    HIPS stands for Host Intrusion Prevention System. Products such as these deal with the individial user computer, or host system. The idea is to have an application that forces the user to 'allow' or 'deny' certain events, such as starting an application or modifying critical registry entries. In that way, the user is in control of everything that happens on their system.

    I hope that helps.
    Nate
     
    Last edited: Sep 8, 2008
  9. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    In my opinion, both application bite off more than they can chew; they both attempt to do too much. Instead, I prefer a true layered approach rather than relying too much on one applications. I use single apps for single fuctions.

    Obviously, I recommend what I use. I have used LooknStop firewall in the past and have liked it very much. If you are intent on using a true HIPS, as opposed to a sandbox, I recommend you use LnS and EQSecure 4. Both of these are extremely low resource.
     
  10. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Hi n8chavez
    Thanks a lot, I would start trying with a free one first, if possible. Are any of the recommended free?
    Also thank you for the explanation of HIPS!
    NT
     
  11. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Yes, of course. A lot of people still use Kerio 2.15, with the appropriate config set. You can gran that here. You might also want to look at Jetico 1. Both are freeware rule-based firewalls that fit your criteria.
     
    Last edited: Sep 5, 2008
  12. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Well
    That gives me two choices. Is Kerio reasonably easy to setup and configure?
    So I will deinstall my CPF and see how I get on with Kerio.
    Thanks for now!
    NT
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Get Kerio 2.1.5 HERE.

    As to using EQSecure (EQS) for your HIPS -- The default settings of EQS are sparse, & (IMO) they do not provide adequate protection. Ergo, many folks are using Alcyon's rule set because EQS is very complicated to configure.

    For a HIPS that has good protection right from the get-go (with its default configuration) I recommend...

    RealTime Defender (RTD)
    OR
    DriveSentry.

    By the way, RTD has network protection. Hence RTD offers a degree of control over applications making outgoing connections. Thus, if you use a router or the Windows firewall (for incoming protection) you can get along without any software firewall.
     
  14. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    bellgamin, thanks
    I have downloaded and installed kerio.
    Is there a way for adding outgoing application controls?
    I had a look at the filter rules and have not managed yet to add any applications? If I add an application I cannot link it to the relevant exe file?

    How does that work?

    Thanks
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I used Kerio for a while, but no longer use ANY software firewall. Therefore, I cannot do a step-by-step for you. Of course, Kerio will ask about each application that attempts to connect out.

    Hopefully a Kerio-user will step in to help you.
     
  16. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    Thanks for your fast reply.
    I found it and , it is fairly easy.
    Any reason that you are not using soft firewall? Just through the hardware?
    NT
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    My SPI/NAT router monitors incoming. RealTime Defender monitors outgoing. Fast & simple. No need for a software firewall.
     
  18. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    527
    Location:
    USA
    Last edited: Sep 5, 2008
  19. Livio

    Livio Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    20
    Since you also mention kerio and Jetico in other posts, and I now see that you now use Jetico, which of the three do you prefer ?
    (Look'n Stop ,kerio or Jetico ?)
     
  20. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    If only I knew the answer to that question. Right now I'd have to say I prefer Jetico (v2) over LnS. Howver, that is just because there are a few 'quirks' with with my system and Phantom's latest config. That might change; I hear that there are some very interesting things on the horizon for LnS.

    That being said, it's important that you understand that LnS is the better of the two from a strict firewall standpoint. Although, Jetico is quite good. JPF, in my opinion, is 'better' for me right now because it also has behavorial HIPS capabilities, which LnS refuses to implement.
     
  21. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    This is where the defintion of a firewall can get a bit dicey. Being that Real-Time Defender monitors outgoing traffic, could that not be considered your firewall? After all that is one of the major fuctions of a firewall.

    Bellgamin brings up a good point here, probably without knowing it. Certain HIPS applications can monitor outgoing traffic permisions, thus acting as a firewall. Real-Time Defender and SSM Pro come to mind as having that feature. Those that are interested in an HIPS and firewall, who are behind a decent router, might want to consider this approach in an effort to simplify.
     
  22. wat0114

    wat0114 Guest

    At least with SSM, this is simply a "Go/No Go" permission for all applications attempting outbound connections. There are no options to restrict this traffic to protocols, ip addresses or ports. But, indeed, it is as mentioned a simple approach that can be satisfactory for those who don't care to govern their application's network traffic as stringently as a good software firewall can.
     
    Last edited by a moderator: Sep 6, 2008
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    You can set both RTD & SSM to either allow, block, or ask. Examples: I set "block" for explorer.exe, "ask" for iexplore.exe, & "allow" for Avira updater.
     
  24. notechyet

    notechyet Registered Member

    Joined:
    Sep 5, 2008
    Posts:
    11
    Location:
    Downunder
    hi bellgamin
    that sounds the setup i'm looking for. No frills and thrills!
    Basic, solid!
    Thanks a lot for your input, very much appreciated.
    NT
     
  25. bombing

    bombing Registered Member

    Joined:
    Aug 7, 2007
    Posts:
    32
    Location:
    Lisbon
    Would you rate a Linksys WRT54GC as proper router for those standards?
    I find myself buying increasingly faster CPUs, with low latency memories, huge HDDs and less and less software running lol - I like simple and light :D
     
Loading...
Thread Status:
Not open for further replies.