Outpost, Comodo or Online Armor?

Good morning friends.

This is my first post so I apologise if I'm in the wrong section or the question was asked already.

To go straight to the point, I am a Windows XP user about to upgrade to Windows 7, 64-bit. As a firewall solution I've been loyal to Sygate from day one and I consider it the best personal firewall ever developed. But that is maybe because I never tried others.

Anyway, Sygate is a no-no in Windows 7 so I want your advice on the best, most-similar-to-Sygate firewall available on the market, not necessarily free.

Based on what I've been reading in the website Outpost, Comodo and Online Armor are highly rated.

But .... which one shall I go for? Are these three the best of the best or are there others? As virus scanner I own Kaspersky so I need one which is compatible with it. Also, I'm not behind any router.

Thank you.

 

Welcome to Wilders Security Forums
You can go with Private Firewall. It is compatible with Kaspersky and is lightweight.

 

Cheers

I knew I forgot one of the "popular" ones. How does this one compare with the other three?

 

What about ZoneAlarm?

 

Hello:

There is no such product as the best of the best.

My advice to you is simple:

1) Get your upgrade to W7 64 bit working FIRST! (I've done what you have done and it has enough issues without trying to select a "new" 3rd party FW in the midst of it.)

2) Get behind a router NOW.


3) When all is working then try the free 2 way FW in windows 7 there is a thread here on that.

4) If #3 is toooo much for you try the 3 products in 30 day trials 1 by 1 and pick the one you feel most comfortable with.

5) I have worked all 3 products and each has it's own little features added some of those might match your www risk profile.

For transparency I'm using OP FW 7.0. I like the id block feature it has. The newest OA and Comodo products may have that as well, I'd have to check but at the moment I'm too busy with MS Office 2010 to do that work.

Let the thread know what you decide to do and share your learnings if you like!

 

Just use Windows 7 firewall. It is absolutely great, at doing the job a firewall should do: keeping hackers away. Windows 7 firewall, certainly combined with a modern router (you should definately get one, they contain great firewalls to block unsafe traffic) = bulletproof firewall protection. Also Win 7 firewall is the lightest one available, and very easy to use (doesn't throw popups, only when you install a new program, to allow inbound access). There is a not a single reason why third-party "firewalls" are better. The Windows Filtering Platform (which is what the firewall is based on) is really good, a lot of third-party firewall vendors just use that platform, for example PC Tools Firewall Plus (so they basically give you Windows firewall + an easier to use dialog for creating rules, and maybe other features).
If you want a pure firewall, I would just stick to Win 7 firewall. If you want an HIPS, you should indeed pick a different one. If you want HIPS, just test them all out. Everybody their own taste.

Windows Firewall also had advanced settings, in this forum is a thread about Windows Firewall with Advanced Security (Guide for Vista) which contains lots of interesting information. That guid also applies to Win7, since Vista and Win7 both have Windows Filtering Platform (which XP lacks).

 

Great thinking there

Btw, I am in this same 7x64 migrating process myself and my choice should be between the OS own firewall and Look 'n' Stop. I have set each on it's own experimental system's snapshot and I am progressively building each their setup. I have to say that for now I like L'n'S allot. I also find this one easier to implement but it couls well be because I started from Phant0m's nice ruleset...

I am complementing this setup with Sandboxie (sully tweaked), virtualisations and usual system back-ups, so I think I should not have a real need to add any HIPS, at least untill defensewall x64 was available (having some more licensing year already unrunning...)!

 

Thank you for all replies.

What router would you recommend if I may ask?

 

I see you own Kaspersky Anti-Virus, you could also consider upgrading to Kaspersky Internet Security when your current license ends. The firewall in Kaspersky is a really good one, probably the best one of all the Internet Security suites.

If you really want to spend money on a router, you are not obliged to ofcourse, just pick one of the well-known brands, for example Linksys (I got a Linksys one), D-link, Sitecom or Belkin.
(So I am using Windows 7 64-bit firewall, behind a Linksys WRT54G2 router, in combination with ESET NOD32 Antivirus.)

 

Yes, this one has some nice reviews over at newegg:
http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190

And are there any settings I would have to change in the router, tweaks that is?

Ultimately I believe I would end up with the OS, the Linksys WRT54GL, KAV 2011 and Comodo. Should be enough I believe ...

 

make a backup image for your system then try all these firewalls form few days and then restore your image and install the firewall which you found suitable for you.

 

Is Acronis the best for the job?

And please don't ask me to take an image with three different types of software and restore them one by one to find which one is more suitable for me!

 

just one image to go back for it after trying all firewalls.
acronis is the most popular these days but any other software will do the job.

 

Online Armor, Outpost, and Comodo all work well. I would only suggest you add Private Firewall to your list of firewalls to try. They are all very good quality firewalls that also incorporate HIPS (Host Intrusion Prevention System) as an added layer of security. HIPS can be very effective in blocking new or unknown malware by giving the user more control over what is allowed to execute or run on a user's computer. One should just be aware that HIPS requires more knowledge on the user's part to be effective because you will be prompted to make decisions to allow or deny various potential threats. Some HIPS will prompt you more than others, and this is usually because of a lack of white listing of safe applications or in other cases due to the application settings that the user has chosen to use with the HIPS program itself. Some HIPS gives you a range of control on what decisions are left up to the user to decide, and what decisions are decided by default by the HIPS itself. Some HIPS will prompt you to make a decisions about almost every activity that runs on your computer if you don't configure it to what you deem as being acceptable in a balance of security, and productivity. Some people just get tired of making sure an activity is safe or dangerous and get click happy allowing an action wither they know it is safe or not. For them it becomes too big of a hassle to take the extra time to confirm wither an activity is really a threat. If you are not a very knowledgeable user then you should not let anything I have said detour you from trying a HIPS program. My first HIPS was ProcessGuard, and I had to learn as I went along just like all of us had to do at one time or another. We are all still doing so everyday. Also what may work best for myself or someone else may not necessarily work best for you because we all use our computers for different purposes. We also have additional software installed on our computers that could interfere with the usability or correct functioning of other programs on our computer. Similar products running on your computer could also potentially have incompatibility issues. It's impossible for the developers to find them all. Its an ungoing process of bugs being found, and fixed after them being discovered many times by users. You can also take an unacceptable hit in your computer's performance when running any application in combination with any security software. No one person has the same system profile, and may have varying results. What may perform bad on my computer may perform very well on yours. I highly suggest you try them all if possible, and decide for yourself. Its the only way to know for sure. Its good to see old Sygate user's here. I used Sygate myself back in the day. I loved Sygate, and I was very disappointed when Symantec bought them out. Who knows where the firewall would be now if it's development was continued.

 

Ahh i loved sygate too.You may want to consider fortknox firewall as it is basically sygate with a slightly different gui ,but it supports windows 7 32 and 64 bit.There are a few threads here regarding fortknox firewall,but i guess trialing it would be better for you.
ellison

 

Million thanks Cutting_Edgetech, very detailed friend.

That's nice ellison, it *IS* Sygate based on the interface, it's almost identical. But I read one of the threads on Fortknox but it seems it's still buggy and only scores 100 in the Comodo Leak Test...

And going back to my earlier question - if I may - Linksys WRT54GL? I believe this is a very good router, isn't it?

 

Sygate would score the same .The only way to test whether its buggy is to try it .An earlier poster gave some sound advice to image your windows before trying these firewalls in case of any problems.
ellison

 

Ah yes, I was also under the impression Sygate would score the same

Excellent - will give this one a try together with KAV 2011 in a Windows 7 machine and see how it goes.

PS: Incidentally, on my XP machine, I can run KAV, Sygate AND Windows Firewall and never had any conflicts. Hopefully I can achieve the same set-up with Fortknox.

Cheers.

 

Yes they all gave you very sound advices, and you will now have to experiment from that and test this on your own computing habits/needs and hardware to make your best choice, as was already said.

I think it's a good one but I don't know much about router. Maybe you could be better toalso ask in the hardware section of the forum if you don't have a good anough answer here...

 

I believe W7 has a built in recovery function / image ?

 

Good evening friends.

I went on and installed Windows 7 on an "old" machine on which I can safely do tests. I installed Kaspersky Anti Virus 2011 followed by Comodo.

Three things I noticed:

1. grc.com's IMCP Ping Test failed. I was connected via a router and I believe that's why all ports were stealth but the IMCP ping failed.

2. Comodo didn't warn me when I opened Firefox or IE. I was expecting a popup asking me if I wanted to allow the application to connect to the Internet but nada. I believe this is because of Kaspersky's proxy layer.

3. Leaktest score, 150/340. In order to run the tool I clicked ALLOW to all questions asked by Windows 7 and Comodo, as soon as it started I always opted for BLOCK in Comodo. The below all failed:
RootkitInstallation: ChangeDrvPath, Invasion: Runner, Invasion: RawDisk, Invasion: FileDrop, Injection: SetWinEventHook, Injection: SetWindowsHookEx, Injection: SetThreadContext, Injection: Services, Injection: KnownDlls, Injection: APC dll injection, Injection: AdvancedProcessTermination, Impersonation: DDE, Impersonation: Coat, Impersonation: BITS, Hijacking: Userinit, Hijacking: SupersedeServiceDll, Hijacking: StartupPrograms, Hijacking: AppinitDlls.

All this leaves me with a simple question: Was this bad leaktest result due to the fact that Comodo was running in basic settings, due to the fact that I installed Comodo Firewall or it's because Comodo is not compatible with Kaspersky?

I would appreciate feedback on the best Antivirus + Firewall combination, I am ready to stop using Kaspersky if that's required.

Thank you.

 

I am not really I firewall expert. I don't care about leaktests and so on, a firewall has to stealth my ports and keep hackers away, my Windows Firewall does that perfectly.
So on Comodo and leaktests I cannot really comment.

But how about Kaspersky Internet Security 2011, it contains a great firewall (with great application control), which will probably pass the leaktests, especially if you tweak the settings a little.
Next to that Windows 7 64-bit + a Linksys router + Kaspersky Internet Security 2011 is absolutely bulletproof (you could consider adding an on-demand second opinion scanner: Malwarebytes' Anti-Malware/SUPERAntiSpyware.)

Especially if you use the potential of Windows 7 64-bit.
(1): 64-bit already gives an extra layer of protection, for example there are just a few rootkits which target 64-bit; also 64-bit gives natural self-defense (32-bit processes can't touch 64-bit);
(2): using UAC on full on an Admin account, or an Standard user account with medium UAC; will give you another layer of protection, as long as you don't simply click the popups away;
(3): simply enabling Data Execution Prevention through Advanced Computer Settings, and using the SEHOP Fix-it tool will give you another layer of protection; with absolutely no effects on usability and performance.

 

Ouch.

First of all, million thanks for the reply. But there are some terms I am not familiar with.

So, let's start with what I know

KIS is indeed a solution I was considering, it's ultimately antivirus and firewall in the same product which of course will create no conflicts whatsoever. One question I have is when you say "especially if you tweak the settings a little". How exactly? I mean is this a one-time settings change or do I have to change settings all the time depending on what I am doing with my machine?

I didn't know about this advantage of 64-bit OSs, that's fantastic. Elsewhere in the forums I read about someone who enabled SEHOP, enabled DEP and enabled UAC. What exactly are these? I only recognise User Account Control in the list, is that just a matter of removing the GUEST account from the OS or I'm wrong here?

EDIT: Ah yes, one final thing. I did purchase a LinkSys router, it's on its way(the WRT54GL one). Where can I find a guide about the best security measures to adopt? Googling around I found that it is always a good idea to change the name of SSID - Wireless Network Name - not the factory standard, change the IP address on which you can change your Router's setting, change the user and admin password and apply Mac Address Control also when using wireless connections and finally, shut down unnecessary protocols.

Is that enough, hardware-wise?

Cheers!

 

Considering the Kaspersky Internet Security 2011 settings, the default settings will do for most home users. But a great thing about Kaspersky is it gives you a lot of configuration options, however overconfiguring can make it slow your system down. You only have to apply them once, see this topic on a Kaspersky fan website. They are optional though, for most users the default settings will do: http://forum.kasperskyclub.com/index.php?showtopic=7393&st=0

Considering the Linksys firewall: following the guide Linksys includes in the package will do, it contains the most important things. Also the router will include an setup assist, which makes it very easy to step up and will protect it well.
However, if you wish to do it manual, or want to check it, the most important things to do/check are in my eyes are:
- at Wireless -> Basic Wireless settings:
* change the Network Name / SSID: you can do everything you want: for example thehawkLAN;
* wireless channel: using channel 11 is the best;
* disable wireless SSID broadcat, for a little extra security.

- at Wireless/WLAN -> WLAN Security settings:
* Security Mode: choose WPA2 Personal;
* at the next options (under Security Mode): choose TKIP+AES encryption;
* at the next option: choose a good password (this will be the password needed to enter the network).

- at Administration -> Management:
* make sure you choose a different password than the default one to enter the admin panel;
* disable Remote router access, so you have to be ON the network to change settings;
* don't disable UPnP althought some guides on the Internet might recommend it; it as a good option, which makes life a lot easier.

In my eyes MAC Address Control is optional, if you want to do it, no problem. But you have to find the MAC addresses of all the computers you want to allow. Configuring the above mentioned will do for all home users. Note like I said earlier: Linksys can guide you through the initial setup. After that check the settings with the above mentioned list, most likely you will only have to change like 3 settings.

Considering UAC/DEP/SEHOP:
-About UAC: http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac

-About DEP and how to enable that, you won't even notice you have it enabled. You only have to change one setting, one time:
http://windows.microsoft.com/en-US/windows-vista/Change-Data-Execution-Prevention-settings

-About SEHOP and how to enable that, you won't even notice you have it enabled. You only have to change one setting, one time (easiest way is through the Fix-it tool):
http://blogs.technet.com/b/srd/archive/2009/11/20/sehop-per-process-opt-in-support-in-windows-7.aspx

So for DEP/SEHOP: this is just an option, it is nothing which runs in realtime, it doesn't effect performance in anyway. You won't notice anything. However there might be an application which won't work with DEP, however you can set an exception for that. But I have never encountered one yet.

A good read: Windows 7 security options in general, small overview/guide: http://www.dedoimedo.com/computers/windows-7-security.html

 

Perfect my friend, all printed out.

Thanks!