On a hunt for a good firewall...

Discussion in 'other firewalls' started by GuardianofNight, Mar 16, 2005.

Thread Status:
Not open for further replies.
  1. GuardianofNight

    GuardianofNight Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    76
    Hi everyone... :)

    I am trying to find a good software firewall. I am connected through a home network (I am on wireless right now) I have 5 PCs with a router but I am trying to find a good software firewall. My network is WEP encrypted but I am still interested in having a software firewall. I've read reviews on many many websites on ZoneAlarm, Sygate, Kerio, Outpost. I heard ZoneAlarm was OK but not the greatest. But I decided I'd make a thread and get some feedback on all of these firewalls and a good solution for a software firewall. In my own mind, I would think that since so many people use ZoneAlarm and its been around for quite some time now, that hackers have already figured out ways to bypass the firewall... really all of these or am I wrong?

    I then decided to try Sygate and I was very very happy with it. But then I read that only with special configuration its a good firewall and it does NOT provide out of box protection. So I uninstalled it...

    I tried Kerio and I was ok with it, but then when I heard from a friend that it hasn't updated in awhile, I thought well... I better look for other firewalls.

    I really enjoyed Outpost... I'd have to say my best experience was with the latest version of Outpost but I am just concerned because even it, doesen't update as frequently as say ZoneAlarm for example...

    So I am just trying to get some feedback from all the friendly people here in Wilders and see what your opinion is on the products, the updating of them, and also mentioning maybe what product would be the best one to go with...

    Thanks! :)
     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Try Kerio again, and I mean the free 2.15 version. Yes it may be two years old, but it is less buggy than a lot of stuff that is coming out today.

    The only thing it will not do is pass some of the leaktests where internet explorer is launched by another program and patched in memory. This kind of attack is rare, and the type of precaustions used to prevent it, post infection, are very difficult to live with. However this kind of stuff is getting a lot of press in the various security forums for home computers. For the enterprise guys, it is completely different world.
     
  3. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i am debating between kerio and outpost right now they both have thier plus and minus points. do not be as concerned with it "updating" as often as it is a firewall not a av. a good firewall should be based on how well it protects your computer.

    i am using both outpost and kerio now on two different machines. i really like the overall layout of kerio much better than outpost but op is not bad at all i could get used to it. op does seem to offer better protection out of the box. with some work on configuring them they would both be very secure. kerio requires more work than op to do so. op does seem to run more lightly on my computer than kerio does. kerio is eating up ram like nododys business. op doesnt seem to be using so much. i found op's self configure to do a decent job of detecting whats on your computer. where as kerio needed to be taught most everything. kerio had pop ups all over the place for the first week or so but then it started to calm down.

    op's web filtering does work! this it does a much better job than kerio. kerio even set with the web filter on i still got most of the ads and pop ups. kerio is also supposed to protect you personal data, i tried this and it did not seem to work as advertised??

    op is great and kerio is very good. if you check my other recent posts you will get most of your questions answered as i just went through this myself. hope this helped
     
  4. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Hold on here my friend .
    Update ? Firewalls need not update like AV programs . Kerio is a good choice . Outpost is better . Not because I use it . I use it because it is the best I have found . There are one or two that compare well but , that is about it . People like to sing the praises of their favorite . I am not . I tell you Outpost because I have tested these . And Outpost is outstanding at protection PLUS , once you get used to it , you can set rules until your heart is content . It is fairly straightforward enough for a beginner but , powerful enough for anyone . Sygate has never lived up to it's hype . Dumping it was a good choice if you want a high level of protection . And you dumped because it needs special configuration . That tells me that you might be kinda new to this . Outpost is pretty easy as you can tell it upon install , to auto configure . Then . Once using it , put it in wizard mode . Meaning it will ask you about everything wanting to come in or go out . That way it learns what to allow for you , the user . Very nice . I mentioned in another post that it has something called open process control . This little baby is nice . It can actually protect you from rootkits and other nasties . Awesome . Just PLEASE remember : I do NOT recommend this because I like it . That is crap . I use it because it is THAT good ! I hope this helps and good luck . You may be in for an innteresting ride as alot of people may try to lead you to their " favorite " firewall . There are some good ones so take my advice , and everyone elses , with a grain of salt and use your judgement on how to choose . You will be fine . Good luck in your quest
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi GuardianofNight, I am trying Tiny V6 at the moment, this is a lot more than just a straight forward firewall it has fine granular control over applications and network settings amongst other things.
    In this latest version Tiny appear to have addressed many of the usability issues that plagued earlier versions thus making this sophisticated application simpler to use for the average user. Having said that it still has quite a learning curve to get the best out it which I am trying to come to grips with ATM :)

    Pilli
     
  6. GuardianofNight

    GuardianofNight Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    76
    Thank you so much everyone for your very kind replys to my question and hunt for a firewall. You all seem very knowledgeable, and I will give Tiny and Outpost a try. I will also remember that its not like an antivirus so its not normal for it to recieve ALOT of updates...

    Thanks again everyone!!! :)
     
  7. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    There may be no update for a year or more . You never know . Do not worry though . And Tiny is excellent . Great protection with that one as well .
     
  8. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    tiny does have a difficult learning curve depending on how experienced you are with fireall setting, just be aware before you jump in
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Don't forget - with Outpost Pro there's the Family license pack - Can be installed on up to five computers owned by user and/or his family members (straight from the Agnitum website) - for ~$80.

    This was the main thing that pushed me to buy, I stayed with it for performance reasons.

    Blue
     
  10. GuardianofNight

    GuardianofNight Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    76
    Zfactor, I will remember that... I may stick with Outpost as I am on my 30-day trial right now and loving it so far! :)

    Blue, hello again :) and thanks for the reply. I will consider the family pack since I have more than one computer.
     
  11. One nice thing I liked about Outpost....that if you're FW challenged like me
    if you goof up....you can make a new configuration in a minute or so that will
    start you from scratch.
     
  12. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Excellent point . That post may well help newbies
     
  13. GuardianofNight

    GuardianofNight Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    76
    Thats true... :) I did see Outpost has a feature where you can make different configurations and I thought that was pretty neat. Especially if you were to make a mistake, its easy to fix that mistake.
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Tiny also has a nice feature that allows you to save your configuration at various points, so you can start off with a fresh install, save that config, and then make changes as you like, doing periodic config saves along the way. Then if something goes wrong, it's easy to restore to a previous config. Nice handy feature built-in..
     
  15. Arup

    Arup Guest

    Of all the new firewalls out there, NetVeda is showing very good promise, this company is also serious about developing it further into a truly good product. It is among the few left today that is free and supports ICS, router or proxy configuration as well as content filtering and LAN rights for administrator.

    Check it out at www.netveda.com
     
  16. GuardianofNight

    GuardianofNight Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    76
    I will look into NetVeda :). Thanks Arup
     
  17. Arup

    Arup Guest

    Great,

    When you do get to test it, remember, it is a fairly new product and the developers are keen on improving it further so any suggestions and problems should be sent out to support@netveda.com This way, we all get to benefit from a truly promising product since Kerio 2.15
     
  18. budfox

    budfox Guest

    I may be late to this forum, but check out Netop. the only thing netop will not do out of the box is ghost port 113, so do it at the router level through port forwarding.

    Netop w/ processguard and micorsoft antispy passed every leaktest, and every port scan i have thrown at it. Netop says that they are the only firewall out that runs at the driver level....but people on this site will debate that one. Lastly, the coolest feature to me is, the only way to shut the firewall down is to uninstall and reboot the system. If you kill the program, the firewall is still working. I have shut it down and run port scans and the firewall still stealths all ports.

    Here is a great site that has tested many firewalls..Netop is new so its not on the list. You can still download the leaktests from this guys site.
    http://www.firewallleaktester.com/
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks budfox, Both Tiny and BitGuard run at the kernel level, ZA & Sygate also afford kernel level protection. :)

    Cheers. Pilli
     
  20. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Nice post Pilli !
     
  21. Budfox

    Budfox Guest

    Netop is driver-centric...I am pretty sure the firewalls you mentioned are not. Kernel based firewalls can still allow a hacker to violate the system during startup when the system is not protected.

    Also, Netop is one fo the few firewalls with process controll. It is a bit more complicated to setup correctly, but once set up, it has passed every leak test I have thrown at it.

    For anyone who posts after this, I would like to know what firewall you are running.

    http://www.firewallleaktester.com/

    Netop, ProcessGuard, SafeNSecure, Anon Total Net Shield, Kasp AntiVirus, SpySweeper, PortExplorer, TDS-3 (the near perfect combo)
     
  22. budfox

    budfox Guest

    New news on netop. I have been going back and forth w/ their "customer support" concerning a weakness in the way Netop handles scvhost. Their reply is that due to their process control (not allowing a unknown program to run) that this is their solution to a svchost leak. I think this is a copout.

    Netop is a good firewall, but due to their lack of enthusiasm, I will discontinue to back it on this site. I do like the drivercentric aspect of netop, but at this point I am going to start testing jetico.
     
  23. Arup

    Arup Guest

    Just wondering why Sygate which is a very good firewall on its own, either the free or pro finds very little mention in these forums. The free supports DLL authentication as well as ICS and the Pro adds many more features including IDS.
     
  24. hpguru

    hpguru Privacy Expert

    Joined:
    Apr 6, 2003
    Posts:
    7
    Is NetVeda an SPI firewall?
     
  25. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    budfox... What do you mean by svchost "leaks".

    One problem I discovered with NetOp is that is has trouble with some FTP downloads not working at sites using port numbers higher than 40000.

    According to their tech support a fix for that problem won't be out til June or later.

    When a fix comes out for the FTP problem I'll d/l the updated version an give a test drive... the firewall has some nice features, so it is worth a look.:)
     
Loading...
Thread Status:
Not open for further replies.