Need a good firewall -- not a crapwall

OK ... I'm in foul mood. But anyway.

1.
I will not use Outpost. In principle, this is a real firewall. However, it's incredibly bloated. And even worse, it's a buggy mess. It's really embarrassing that Agnitum cannot hire at least one talented coder. Outpost has been a crappy bug hell for many years. They simply don't get it. It makes your system unstable. Yesterday, my stable machine rebooted over night under heavy load because of this buggy application (and not for any other reason). I will simply not use it anymore. Never ever. I hate Outpost.

2.
I won't use Kerio 2.15. It was a great firewall. But it's outdated and I do not trust it anymore. Same applies to atguard. Sorry.

3.
I have tried KIS 7 but will deinstall it right now. Do you call this a firewall? It's a bad joke. There is not even a window that gives you a good overview over all your rules. (If you believe that such a window is unnecessary please stop using firewalls at all. They won't help you.) Moreover, I don't trust this wall. Why can avp.exe update it's database when I create a block rule with the firewall??

4.
I will not use a firewall without proper application filtering AND a good rules editor. This is a matter of security (not only convenience). I will also not use a car with a triangular steering wheel (again this is a matter of security).

In particular, firewalls like Look'n Stop insult my intelligence. Why should I use a firewall that can hardly do more than a hardware router? This picture says it all: http://www.looknstop.com/En/images/af_current.gif It does not show a rules editor ... it shows a hoax. You cannot even see the rules you have created. (If you believe "allow iexplore.exe" is a rule, please stop using firewalls at all.)

5.
I may revert to Kaspersky Anti-Hacker. Although it's pretty outdated and I am not sure whether it supports RAW sockets. At least, it's stable and a real firewall.

I would be more than happy to use a current firewall if such thing existed. Please help.

 

Hmmm...i thought it was possible to edit rules in Look 'n Stop, even to the point of specific direction, protocol and ports?? You will most certainly elicit responses from those who use it. I have not used it for a long time, so I can't remember, exactly, but I seem to remember having very granular control over application rules with it. IMO, it is one of the better software firewalls available.

Otherwise, you may want to try the latest release of Jetico 2, as long as you don't mind a bit of a steep learning curve. It runs very light and stable. However, you may not like its obligatory "indirect access" component. It is a bit puzzling that the developer does not allow the user better control with it. Basically if you don't allow a certain process to launch your browser, your browser will be permanently blocked from Internet access. That said, one should only, theoretically, allow only trusted processes to launch other trusted processes anyways. It's a bit of a catch 22.

 

For LooknStop you need to be in advanced mode to customize rules for apps.

Anyways I will second wat0114's suggestion of Jetico 2.

 

A good rules editor is absolutely mandatory. Certain firewalls like LnS don't have it. It's like driving a car with the steering wheel in the trunk. Prior to each corner you have to get it ... that's insecure. Most people will not understand what I am talking about. This is because 99.9% of the people use insecure firewalls rules. Example: a good rule is "allow outgoing dns connection (53) to the dns server address of your internet provider". a bad rule is "allow all for svchost.exe". I need a firewall that allows me to QUICKLY create good rules when the respective application tries to access the internet. And, moreover, I need a rules editor that gives me an immediate overview over the rules that I have created.

 

i love outpost pro its very strong but its haevy on my pc its take many recources
and i hear about zonealarm pro

any way i use kaspersky internet security now its very light on my pc

http://www.3tt3.net/up/uploads/AhK77032.jpg

xp pro sp2
processor 2800
ram 1.5G
vga 128

 

Sounds like you really want Kerio 2.1.5. If it still works then what's the problem? But if you can't use Kerio, then I would also recommend Jetico. Jetico can be a little annoying to deal with, but it's probably one of the few left that offer the flexibility with rules that you want.

 

Kerio may be old and no longer supported, but it's still a very effective firewall that has the configurability you're asking for. I've never found a reason to distrust it.
Rick

 

Never used this one but it has been around for years and is still being updated:
http://www.8signs.com/index.cfm

 

Yes, 8Signs is good so long as you're not interested in outbound app control of any kind. It's pretty much an inbound firewall only. Although you can make some generic outbound rules...

 

If i remember LNS properly, i think you missed some possibilities - internet filtering rules can have applications associated with them.
There is another firewall not mentioned here in development, but still RC/ beta. It will take some time to mature maybe, but i'll post here anyway when next RC comes out.
Then there's Comodo to look at.

 

"Yes, 8Signs is good so long as you're not interested in outbound app control of any kind."

Of course I am. It's pointless to use a SOFTWARE fw without outbound control. Go for a hardware router.

"If i remember LNS properly, i think you missed some possibilities - internet filtering rules can have applications associated with them."

This is not the point. The question is whether the steering wheel is in the trunk or in front of the driver seat. This is a huge difference when you drive a twisted road.

 

Hi!
I have seen you don't mention ZA in your list. No sure you are a lover or hater of ZA but I would give a spin to latest ZAPRO (7.0.408.000).

It works very well here and many bugs of the past have been ironed out.

http://www.ZoneAlarm.com/zapdownload

Fax

 

Hi ,.-

You're screen capture doesn't show the rules editing but the application filter.

The rules editing of LnS allow you to create (or modify existing rule) at different level of the DoD 5 Layer of TCP-IP:

Layer 2 (Data link layer) Ethernet, WiFi, ... with the raw editing plugin
Layer 3 (Network/Internet) IP including IPv6, IGMP, ICMP ARP...
Layer 4 (Transport layer) TCP, UDP,
Layer 5 (Application) DNS, DHCP, SIP , STUN and so on...

The LnS rules edition allow to control almost every characteristics of Internet packets :

Ethernet type:
IP, IPv4, IPv6, ARP and any other type from raw editing plug-in...

Protocol:
TCP, UDP, ICMP, IGMP, 47-GRE- 50-SIPP,

Packets:
in and out, fragmented or not, including the offset and frag. flag
including all TCP flags and their combination using masks (for example)

Ethernet addresses (local and remote)

Ip addresses (local and remote)

Port(s) local and remote

Etc.

Where is the HOAX here please ?
I guess LnS deserve a second look from you Sir.

Have a nice day.

 

KIS 7 a joke? Interesting, as Matousec likes it.

 

Well then, Jetico is about the only one left that you haven't discarded yet. Why not give it a try?

 

Thats probably because 99.9% of people are only concerned about application filtering...seeing what app is connecting out and dont care what port or ip address it connects to if the app is not considered threatening to them.Having a rule for DNS with just your ISPs server addresses in ,or going further and applying that to each app ,is all well and good if like yourself you know about these things.However ISPs have been known to change their DNS server addresses on occasions ,and the server not found error that would subsequently follow,would probably make the average joe call his local pc repair shop.If you like kerio 2.15 then i personally cant understand your dislike of looknstop as it has does all that kerio does and much much more.I can see your fondness for kerio and outpost (the rules creation parts anyway) because they basically make the rule for you and you decide whether to allow/deny or to add to the rule.Looknstop can do the same by right clicking the log entry (of course you would have to enable logging).These days i personally don't care about such and such a port,or such and such an address ,and prefer the less hassle approach of global allow to trusted apps.This in conjunction with a decent av and router is all thats needed IMO.If you are willing to try outpost again then maybe an earlier version such as 2.7 which is the firewall without the later version bloat may suffice?.
ellison

 

Hi ,.-

This is false.

If you want to choose a firewall (any) based on false information, nobodies here will be surprised if you never found what you're looking for...

Give us some details about what kind of rules editing features are important for you.

There's many users of popular FW at Wilders: Comodo, Jetico, ZA, Outpost, and many others.
They can help you to make a choice if you give us some feed-back ...

An other possibility is to ask directly at vendors forum ?

Other Firewalls Sticky Posts

There's a list of official forums for many of them.

Hope this help. Let us know...

 

Clarification: When I was talking about the rules editor I referred to a rules editor being part of the learning/training mode of the firewall. In other words, I want to create granular rules on the fly for each application trying to access the internet. Everything else would extremely painful (if not entirely mad .

ellison: good post.

Kerodo: will try it again. But I did already try it in the past and it did not work for me.

Climenole: Will try LnS again. But I tried already 3 or more times in the past. I always had a miserable experience.

Diver: Matousec's site/tests are quite interesting. I would assume that they liked KIS for other reasons. I was complaining about useability and that avp.exe seems to be automatically treated as a trusted app.

@all For the time being, I went back to Kaspersky Anti-Hacker. The rules editor is not perfect but usable. Unfortunately, this wall does not show you a very good overview over all the rules you have created. Moreover, it may be outdated. But at least, it's light and stable.

 

O.k. Now I tried LnS. Following the installation, I rebooted the machine. An LnS window pops up and asks me whether I want to allow or deny LSASS.exe to connect to internet. Just two options: authorize or block. No granular rules editor at all. Are you kidding me This is like Zone Alarm Free. An invitation to create insecure rules! Sorry...but this firewall is, has always been and will always be...a crapwall.

I am so disappointed now that I will not even try Jetico.

 

Hi ,.-

Wow ,.-: you are what we call a "fast fuse" !

Keep calm please.

LnS ask the authorisation for all programs with a possible or actual access to Internet. This is the "application filtering"...

There is an other level of filtering using general rules and specific rules when needed. Not "granular" enough ?

Anyway...

You can like or not LnS and choose an other FW: I don't care
BUT
How can you evaluate any FW in a couple of minutes ?

No FW are good for you:

Not Outpost
Not Jetico
Not LnS
Not ZA
Not KIS
Not Kerio
etc.

All crap. No one in the whole universe. Right?

LOL That's the funniest comment I ever read here!

LnS is so crap that this SO disappointing experience drive you to not trying Jetico !!!

LOL (really)

You know what? I guess your post here is a big TROLL.


Bye bye !

 

I read everything I could get my hands on when I was trying to find a firewall to replace my ZoneAlarm monster. I finally settled on Comodo, and never looked back.

 

Hi twl845

I really hope Comodo will fit to the need of ,.-.

I'm a bit skeptical...

 

I had always thought the KIS included a firewall (Antihacker) and that Kaspersky stopped offering it as a stand alone product. According to the product comparison chart, a firewall is a part of KIS, but it doesn't mention it by name though.

 

It works fine. I suspect you just didn't have the patience needed to go thru all the configuration. It isn't the easiest firewall in the world. If you do decide to try it again, check the forum here for previous Jetico threads, there's a lot of good help in them, particularly Stem's posts..

 

,.-,
You really went after OutPost....good for you. Yesterday myself I dumped the latest version and "dailed" all the way back to 2.7 493/416. So far, good.

I just got fed up with the system crashes when you logged out and then later logged back in. I have repeatedly sent reports in. This has been going on for well over a year. At times it would just give the report window got to shut down now...sorry... No I don't have malware shutting it down. I think post number one is closer to the problem.

I don't know if you are interested but like I say newest version is not always best.

Edit: I see I followed Ellison suggestion and did not even know it. Sounds like good advice.