outpost vs kerio 4 narrowed it to these...

Discussion in 'other firewalls' started by zfactor, Mar 12, 2005.

Thread Status:
Not open for further replies.
  1. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i have tried both and like both, i also tried a few others but was not sure of them. i did not like sygate, tiny seemed a bit overkill for my retail point of sale pc's at my stores. jetico had its good and bad but being it is still beta i would not want to install it on these just in case. i cant afford to loose info.

    so unless you guys could make any other reccomendations i would be glad to hear them, but what is the general opinion on these two firewalls here??
    they both seem about as resource hungry as the other and both relative easy. are there any real security benefits from one to the other? is one more secure than the other? i have seem many "tests" done on both of these some kerio passes and some outpost passes and visa versa.

    i do like kerios layout but going on the forum at kerio.com there are SO MANY people that are having issues. this is why i do not want to run jetico. then you guys through look n stop into the picture and it looks decent, many forums put this product down i do not know why? i have not used it and have been told it is a pain to get rid of if i dont like it? if you have different views on lns i would be open to hearing them!! i just wish there was a current firewall without such a resource need. in another post lowatermark said try kerio 2 or lns. i dont want to use kerio2 because these are my store comps and they said they will not offer support for kerio2 if i have a issue. and lns being a not very well known company (i could be wrong here please correct me if i am) i am also worried about support. i have three stores each with multiple pc's so support is a good thing "in case" so far you guys have really helped me in the av side of things after talking to a few av experts. i need some help here now.

    experience i do have with firewalls so setting them up is not an issue. like i said with tiny i just think tiny is overkill in this situation. thanks all
     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Try the free Kerio 2.15.
     
  3. Hazeleyze

    Hazeleyze Guest

    I use Outpost Pro and run it with no problems. Made the switch from Sygate and never looked back. I've had no trouble with getting support and they have a great forum for helping with any problems you might have. Yeah, it uses a little memory but it runs great on my system and does it job.
     
  4. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I run Outpost Pro after running Sygate Pro. I had a few issues at the beginning with hyperthreading but this was fixed with the last release.

    I narrowed my choices down to Kerio and Outpost at the time as both were attractive to me. Kerio had several issues when I was looking and others told me to use their previous version without bugs - this concerned me and made me turn to OP.

    I try to keep my logging down and can close and start again if I feel it is using too much but to be truthful I haven't looked for ages. I like the way it clean ups adverts. Good forum for asking if you do have concerns etc I have to admit when looking for a firewall and you go to the forums it can really make you doubt as most who go there will be there because they have problems. If only we could go and read about the satisfied users of the software - I am the same look at the forum and then start to worry.

    I can only recommend Outpost Pro as it works well for me but as with all firewalls/AV's they can depend on the setup of your computer. I didn't test Kerio so I cannot confirm any issues with this.
     
  5. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Hi Z . First , the facts . Kerio is very good . The 4.xx version is more configurable making it a good choice for later down the road . Sygate was mentioned . Sygate is not in the same class as the 2 you mentioned . Now . My opinion . I test firewalls . Constantly . Without getting longwinded as so many do , it is like this . Outpost is stronger than Kerio . The configurabilty and the extras WITHOUT dragging down your system is awesome . It even has an open process control that you tick and it will protect from possible rootkits and other nasties . AWESOME little thing that is ! Anyway , if you consider Kerio , I have to recommend the 4.xx version . That is only an opinion though . 2.15 is good . Outpost is better than either of them . Good luck my friend . It has been a pleasure reading your posts . You are trying to make a well informed decision . KUDOS to you
     
  6. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    From those two I like Kerio the most, Outpost let me down many times, and I don't like the price... You can use a limited but still good Kerio 4.x for free :)
    I look forward to the Kerio v4.2... I heard good things about the beta's already...
     
  7. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    Kerio 4.x is the one I replaced with Outpost Pro 2.5. Much better choice for me.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I would have to say that you would probably get better support for sure with Outpost. Kerio's support isn't very good unfortunately. My experience with the Kerio 4.2 beta's is that they have bugs, but most beta's do, so that's not too unusual. Hopefully Kerio 4.2 final will be ok. Kerio 4 is basically free, whereas Outpost Pro is not and requires annual update fees. Kerio 4 will give you all but the web filtering stuff after 30 days basically. That plus a few other things they've disabled, generally of no consequence. So it's basically free.

    Both aren't too bad though. Try 'em and take your pick I guess. :)
     
  9. musicman

    musicman Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    199
    If may add another suggestion. I run 8Signs firewall v.2.26. Consumes very little resources, and by default passes all stealth scans. Set it and forget it....its my opnion one of the best. I have tried Outpost, Kerio, Look N Stop, Sygate to mention a few and I keep coming back to 8Signs. Just a humble opnion.
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    No it doesn't...
     
  11. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    thanks paranoid what is you unbiased reccomendation?? and this 8signs they speak of what of it? i appreciate all the help from you guys here on wilders
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Everyone has their biases here - especially with firewalls. The decision has to be an individual one since each product has its strengths and weaknesses (which may or may not be significant) - for example Kerio (I believe) has a limit on the number of rules you can create which could cause problems if you have lots of applications needing network access while Outpost has problems with Fast User Switching. 8signs does not offer the ability to restrict access by application which means it can do little to alert you to any malware on your machine attempting network access (it is designed for servers rather than enduser PCs).

    If you do not wish to trial each product first, then checking out the Kerio manual and Outpost documentation (plus the Web-Hiker's Guide - it covers version 1 but 80% of it applies to version 2 also) should give you a good idea of each products' capabilities.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If you want to continue upgrading to the latest versions though, doesn't that require that you pay the annual fee? If not, then my mistake P2k...
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    This is not true.. Kerio 4 has no limit on rules, free or otherwise.. The old version 2.1.5 I believe does have some limits though. But as far as I know, Kerio 4 has no limits.
     
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Yes, but this is optional. Outpost will not stop functioning after a year which your post seemed to suggest.
    Thanks for the clarification. :)
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Thanks also P2k.
     
  17. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I may stop functioning after a...

    I don't see anyting wrong with 8Signs, or not having app control in general. The concept is of some value, but overrated IMO. The malware has to get past both one's AV and common sense before it can be in a position to phone home. Setting up app control takes effort, even when done by someone with a lot of practice, and I have a lot of practice since I started experimenting with firewalls. Dealing with the various leak prevention schemes is a process of pop-up warnings that never ends. In some cases applictions or components that access network components without ever communicating out need to be approved. These leak prevention sandboxes need to have more inteligence built in before the are actually useful.

    No wonder that large corporate networks generally do not use application aware firewalls on each workstation. It is too much trouble and too disruptive. Every pop-up alert would be a call to IT with time wasted until advice is received. It may only be the firewall doing its job, but it is as disruptive as a virus false alarm.

    If you still believe in app control (and it is not worthless by any means) the go with zone alarm because it is the easiest to set up provided none of the dvanced features are used. Anything else turns the firewall into a hobby.

    And for those who like stuff like 8signs, CHX-1 is free and is every bit as good IMO. It is just that setting up rules for CHX-1 is practically a spiritual experience as a lot of logic is required.
     
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Diver - I tend to agree with you on app control. However, I think it is mainly a matter of individual needs. Those who practice safe computing like you and I may not need it much, however those who don't may need it desperately. It pretty much boils down to common sense.. But given a choice, I kinda like to be alerted when something connects out. Right now I have that with LNS. I'm tempted to try CHX-I for packet filtering because of it's superior SPI and then combine that concurrently with LNS app filtering and see how I like that. I see no reason why the two would conflict. So that may just be my next experiment... ;)
     
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    There are a number of reasons for application filtering/control - some of which I mentioned here.
    AV scanners can never be 100% effective and "common sense" comes down more to "technical expertise". Windows by default is promiscuously insecure and offers far too many methods of running software without user intervention. Even with process control software like Process Guard or SSM, it is still possible to fall foul of malware hidden within legitimate software.
    The simplest application filtering scheme (offered by ZoneAlarm) involves deciding whether or not to allow network access and, if so, whether to allow unsolicited incoming traffic ("server privileges") - can this really be considered as serious effort when, typically, only a dozen or so applications need setting up like this?
    Some firewalls do give far too many popups, but progress is being made and such features can be disabled if "proper" process control software is in use.
    Well there must be quite a few that do, given the number of "enterprise" firewall management tools offered (e.g. Tiny's Host Security Server, Checkpoint Integrity, etc). Those that don't have to rely on other techniques like using group security policies to lock down workstations to prevent surreptitious malware installations, and these are not 100% effective.
     
  20. hayc59

    hayc59 Guest

    Tried them all and then found Outpost
    and have never looked back!!;)
    Its a heck of a firewall
     
  21. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Amen .
     
  22. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    hallelujah!
     
  23. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    P2K, your points are all in the right areas and the right spirit, I just am weighting the factors differently.

    ZA is not a serious effort if the advanced program control features are turned off. But, just try and limit your SMTP to a list of servers and watch the sparks fly. Actually, I recommended ZA in this thread due to its simplicity.

    I don't think common sense and technical expertise are the same thing. Most of the damage being done today is done via social engineering. Just ask Kevin Mitnick. I get several phishing emails per week. My AV finds stuff less often than that, and I know it is working. How technical do you have to be to Google: Kazaa spyware, or something like that before you click on the thing. Would you like to buy some land in Florida, it is very near the water, sometimes under it?

    As far as making progress with reducing firewall pop ups, amen. They can't improve things too fast for me.

    I am aware that some entreprise tools deal with applicaion level issues, but usually not in the sense that the personal firewalls do. It is more like being service aware and having the ability to shut down Kazaa without blockiing too many ports to legitimate traffic. One area I wish I knew more about is what the enterprise IT guys are doing with notebooks that connect off the corporate network. Unfortunately, I don't have access to these products and their web descriptions are rather vague. Anyway, just because it is for sale, it does not mean that the company IT guys are buying it.

    There are a few important tricks that are possible without a firewall being application aware. How about limiting SMTP connections to trusted addresses?

    Policy restrictions and lockdowns are effective measures. A lot of the problem is that most windows users (me included) want the flexibility of running in the adminsitrative mode and making changes to their machines willy nilly. Then, they try to cover the problem with some kind of automated solution, which is kind of like failing to take responsibility for the user who is the problem.

    It is too bad that MS did not build NT (2k, XP etc) so that a limited account was the rule, and root/admin was the exception with good facilities for accessing root functions when needed. Not just that run as menu. Even burning a CD requires special provisions.

    Perhaps we should ask: is the cure worse than the disease?
     
  24. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    hollywood any conflicts with outpost i did try it out and i kind of like it. it is very different in a firewall sense of how it is laid out. kerio reminds me of most others. you say outpost is not a memory hog? and what do you know of kerios gui leako_O i have heard and read much about this on thier forums. have you seen this or know of this. are there any issues like this with outpost? i know its a lot of questions but a) i can use kerio for free, b) im not cheap so i dont mind paying for outpost if it is that good c) most firewalls leave lots of crap behind so i dont want to be installing and uninstalling all of them one after the other. also what do you know of look n stop. is it even in the same league (most will say yes but i am not sure i have not tried it and do not wish to if its not up to kerio and outpost) thanks so much
     
  25. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    I actually own a (Xmas special) licence for Outpost and I think it's a superb firewall but for one thing: it does the " IRQ_not_equal..." BSOD on my machine every few days to a week. I've been trialling Kerio 4 for 17 days now and so far it hasn't missed a beat (though I seem to remember others reporting BSODs with it).

    I also trialled LooknStop and I like both of these though for me Kerio seems to have the edge (except in footprint). I might try Sygate too, or just stick with Kerio if it doesn't do anything wrong.
     
Loading...
Similar Threads
  1. jhr76
    Replies:
    20
    Views:
    1,497
Thread Status:
Not open for further replies.