Questions about GeSWall

Hi all,

I've been struggling with some firewalls to find the right one for me. I first used Comodo, and it was pretty good, but I noticed some slowdown in the program itself after I added a lot of rules. Maybe it's my computer, but for now I have uninstalled it.

So now I've tried Jetico, however, I think I do not have enough knowledge of how the internet works to setup Jetico. With Jetico my browsers couldn't browse even though I made rules for them, and they wouldn't shut down either. So, I uninstalled it.

Now, I've heard about GeSWall, but what kind of program is it (IDS/HIPS/FW)? If I understand correctly, if I want more control (limiting access to certain ports, blocking access completely etc.), I'll need a firewall with this program. Is this true?
Does this program overlap with ST's HIPS or Realtime Shield feature?

 

GeSWall is a sandbox, so yes u would need a firewall.

afaik it would not overlap with Spyware Terminator.

 

I don't see how it would overlap, but GeSWall has nothing to do with firewall. It's just for sandboxing.

If you're really stuck for free firewalls you might try the (somewhat heavier) Zonealarm free one or perhaps Kerio free, which is fairly light.

 

Ahh okay. Then, how does this compare to an application like Sandboxie?

 

Sandboxie and GeSWall are very similar but AFAIK Sandboxie does better on some tests.

 

if u go for the free versions, geswall is good because u wont have to remember to always sandbox your browser.

OTOH, sandboxie is good for testing individual files.

 

A couple of light and easy to use firewalls are Filseclab and Kerio 2.1.5.
Theres also the latest version of sunbelt kerio firewall which is pretty good imo.

 

Software firewalls seem to always create issues with sandboxes. I am guessing that the nonPNP drivers they both install may over time cause issues with each other. I found it best to run a hardware firewall/IPS/AV with sandboxie.

For all of you who will start ranting ....what about outbound control? To be honest after all of the years running outbound control, I never once had any alert of any malware trying to call out. Still think inbound protection is way more important.

Right now it seems that most malware are being installed via the browsers, thus I believe that a sandbox is better protection then any outbound firewall protection.

Remember to always NAT your ports!