Pure firewalls list

Discussion in 'other firewalls' started by kareldjag, Jul 10, 2011.

Thread Status:
Not open for further replies.
  1. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi,

    Just a list of Pure firewalls as an incomplete echo to Bellgamin last post
    With the vogue of firewallleaktesting (by Guillaume, a long time before Matousec: http://www.firewallleaktester.com/ ), firewalls include more and more HIPS features;and HIPS more and more firewall features.
    And this marketing and technical impact of leaktesting has seen the evolution of many popular products to HIPS suite: Comodo, OA are known examples.
    And i understand those who might complain about this perverse evolution: the job of a firewall isn't packet filtering first ?
    For this kind of users, here is a list of pure firewalls that are not polluted by an HIPS engine.
    As usual, check systems requirements before any try.

    Free:
    -AS3 Personal Firewall: http://www.software4u.tk/
    -nDispatcher: http://www.ndispatcher.com/2products/ndispatcher.asp?lang=en
    -SoftPerfect Personal Firewal: http://www.softperfect.com/products/firewall/
    -RusRoute (free key): http://www.rusroute.com/
    -r-firewall: http://www.r-tt.com/r-firewall/

    Paid:
    -NeT Firewall: http://www.ntkernel.com/w&p.php?id=18
    -Protoport Personal Firewall: http://www.protoport.com/index.firewall
    -PortsLock: http://www.devicelock.com/pl/?from=prog_pl
    -VisNetic Firewall: http://www.deerfield.com/products/visnetic-firewall/
    -Injoy Firewall: http://www.fx.dk/firewall/
    -WinCerber Firewall: http://www.wincerber.com/fr/presentation.htm (french)
    In english: http://fr.babelfish.yahoo.com/trans...r/presentation.htm&lp=fr_en&btnTrUrl=Traduire
    -NetworkShield Firewall: http://www.networkshield.com/firewall/features.htm

    Some of these firewalls are more suited in a Gateway, and require for most of them a solid experience even if a few of them make the configuration task easier like Injoy and its security levels.
    I do not mention big av suite editors which sell stand alone firewall like Rising, Norman or Lavasoft.
    Neither open source and/or abandoned projects like iSAFER, IPFW, Firecops++, CHX or Openfirewall...

    I guess that a software firewall is not absolutely required, just quite recommended.
    Windows is network talkative by default.
    And before looking for the most rated or ultimate firewall ( http://www.ranum.com/fun/bsu/ultimatefirewall/index.html ), the first step for security is to harden the system.
    This means hardening TCP/IP stack, disabling all unnecessary services and protocols etc..
    Is there a lot of users here who have heard of Teredo tunnel and have turned it off?
    Without being as paranoid as some Symantec researchers ( http://www.symantec.com/avcenter/reference/Teredo_Security.pdf ),it might be safer to disable it to give less career opportunities for OS fingerprint in case of remote scans.
    Here an easy "how to" page: http://www.mydigitallife.info/how-to-disable-tcpipv6-teredo-tunneling-in-vista/
    The hardening phase done, just get a solid router and a good packet analyser (there's plenty, from the free edition of Capsa to the MST network monitor).

    Hope this list will be added into the Guizmo/Techsupportalert list to be profitable for all...and i am still seriously curious to see how theses firewalls performs with Matousec tests...

    Regards
     
  2. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    Quite right.

    Thanks for this thread. I read your post with great pleasure. I'm still going through all the links.

    Regards.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Great!!! Many thanks, kareldjag.

    Now. . . if only you would denote those firewalls on your list which are IPv6-ready. :)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    What about Ft Knox FW?
     
    Last edited: Jul 10, 2011
  4. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Comodo could be on the list, installing the firewall version and deactivating permanently (uninstalling) D+ makes Comodo firewall just a firewall.
     
  5. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Does it just deactivate it or does it actually completely uninstall the D+ code?
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    When I trialed Comodo FW, the only entry on Add/Remove was the FW itself. There was no separate entry for D+.

    Ergo, how do you uninstall D+? Will doing this (assuming it is feasible) cause any & all references to "Proactive" to no longer appear on Comodo FW's screens & check-blocks?

    When I decided to trial Comodo FW, I began by clicking on the firewall download -- which made NO mention of the D+/Proactive component being included therewith. Even so, D+/Proactive evidently was included in the download because the FW's installer still asked if I wanted the firewall to be "Proactive" or if I just wanted it to be Basic. I clicked on the Basic option. However -- even though I had declined D+/Proactive during the install -- when I ran the FW its rules screens STILL had "Proactive" check-blocks.

    I do not want D+/Proactive. Neither do I want Comodo to cause Proactive to remain on its menus. Comodo's persistence in retaining references & check-blocks for Proactive, throughout many of its screens, leads me to wonder if Comodo has an agenda of some sort. :cautious:
     
    Last edited: Jul 10, 2011
  7. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I'm a long time Comodo firewall user and IMO there is simply no better software firewall than Comodo.
    And I've tried them all.

    There's no hidden agenda , firewall is just one part of the 'suite'.
    You can't opt to install or not D+ and Sandbox , only thing you can opt out is AV.
    However, I'm only using firewall part with everything else disabled, and I mean everything (D+, Sandbox, cloud scanning and everything non firewall related).
    I even blocked Comodo to call home (which it doesn't anyway if you disable cloud scanning).

    To simplify things ..... you can use just the firewall part and nothing else will be resident in the memory (active).
    Yes, you're still going to see other features in the interface, but I don't see how that can be a problem, that's just text on the screen and that's how it is, there's no way around that, but like I said, with everything else disabled, only thing you care about is a firewall tab in the interface.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    You should add LnS to that list. It just wouldn't be complete without it. Its a great pure light weight Firewall.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    All of the FW+HIPS apps (e.g., Private FW, Outpost, Online Armor, etc) have the option to *disable* their HIPS, but they still load it. They do not belong on a list of "pure firewalls" & (according to what pabrate wrote) neither does Comodo FW.

    I'm not saying Comodo isn't a good FW, but only that it apparently isn't "pure FW".
     
  10. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I see what you mean now , kinda rushed through the thread and didn't realized the title of the thread at first.
    Guess you're right about "disable but still loading" , however I'm not sure whether you can "measure" its load.
    As for Comodo's Sandbox I'm sure you need to reboot after enabling it, so I guess that it's not "loaded" , but whether D+ is somehow "loaded" even if disabled, I really can't tell. But I'm pretty sure it's not.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Bold statement.

    We are referring to a packet filtering firewall, not an HIPS. So, please tell me your findings on the firewall, and how you tested to get to your statement.
    Some (initial) questions to help clarify:-

    1. Does the firewall filter out invalid flags in TCP.?
    2. Can you create a rule to block a specific TCP flag combination?
    3. Does UDP contain validation of ID number for such as DNS/DHCP?
    4. Can a ruleset be place on more than one NIC(such as placing a second ruleset on a VPN connection)?
    5. Do TCP packets have the sequence number checked?
    6. Can a rule be made for any protocol/packet type?
    7 Can packet filtering be made on any Layer with defined rules?


    edit: I nearly forgot. Does Comodo actually filter IPV6 yet? (and I mean actual packet filter per rule, not allow/deny all IPV6)


    - Stem
     
    Last edited: Jul 10, 2011
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi bellgamin,

    The last time I checked, (with Comodo), on installation, you had the option to install just the firewall, or, Firewall+leaktest prevention, or install all(with D+).
    Have not checked recently, but can do later if you would like.


    - Stem
     
  13. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Well, let me answer your question with a question ...
    Is there any other firewall which does all those things you stated above ?

    I mean, you know, even if you say "Yes, there is one" , I'm sure I'll find the same amount of questions for you which that firewall doesn't do.
    And we can go in circles that way.

    What I said was that IMO (keyword is IMO) I've never seen better firewall , which doesn't mean that there isn't better one out there.
    If there are any , I would like to know their names and what's their advantages over Comodo's FW.

    Edit: Oh, and please let's don't talk here about corporate "needs" with large networks , I think that the "needs" for a single PC home users or small LAN's are the keyword here.
     
    Last edited: Jul 10, 2011
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    No.

    Your opinion must be based on some testing, must it not?



    - Stem
     
  15. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    No, it's based on some blog reading about it.

    Forget it , it's the worst firewall ever, there you go :thumb:
     
  16. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I'm kind of curious. Stem what is the best firewall, in your opinion?
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    Some of these are not longer developed, but can still be used.

    Look 'n' Stop
    Sygate
    Bitguard
    FortKnox
    Zonealarm (Free)
    Prisma
    Filseclab
     
  18. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Sygate is still around?
    What about kerio? Didn't that get added to vipre?
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Do you have a link?
    By any chance, is the blog by comodo?



    -Stem
     
  20. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    I think WIPFW should be included on this list.

    Unfortunately, I haven't tested the said firewall.

    Edit: Ooops! This is open source. Ignore this one.
     
    Last edited: Jul 10, 2011
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, you're correct. The last time I tried Comodo - I believe it was version 3.x - and it was possible to install just the firewall without Defense+.
     
  22. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    That is actually not a question with an easy answer. I do check firewalls for their packet filtering ability, also for the ability to create rules, for simple example, to be able to block specific flag combinations and check ID numbers for UDP. But (yes there usually is), what I may find to be the best for me, because it gives me that ability, may not be good (the best) for others.
    One of the main defining points of what is best for a user, is their ability to use it correctly.

    Yes, I got out of answering the question.


    - Stem
     
  23. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Actually it is an easy answer. You either have a firewall you perfer or you don't. I'm not looking to copy you, only to wonder what firewall you like.
     
  24. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Look N Stop definitely needs to be added to the paid for app list here.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Currently I prefer:- Look and Stop.


    - Stem
     
Loading...
Thread Status:
Not open for further replies.