Software Firewalls!

Hello all!

I've been looking at the various Software Firewalls available and have downloaded a few Trials, there are so many which makes the decision a little tricky. I know each Firewall has features that it excels at which makes choosing a firewall user specific. I'm after a Firewall that:

* Doesn't hog my PC's resources.
* Has superb IDS.
* Flexible both way traffic control.
* Good logging.

How it protects is more important than ease of use . I have looked at two Firewalls so far, Outpost Firewall Pro v2.1 and Sygate Personal Firewall Pro v5.5. I really like Sygate for its simplicity and it seems to be very effective with its intrusion detection system. The rule creation is good but not as good as Outpost. Sygate also seems to take a little more resources than Outpost. I was very impressed with Outpost the rule creation is awesome, the only main problem is the BSODs with SP2, but it is an all around great Firewall.

I must also add that i'm considering purchasing a router with 'built-in' firewall features. I'm looking at purchasing and not concerned whether its Free or not. I see alot of people are using Look 'n' Stop and Tiny. Are the any good? is there any other advice people could give me?

Current Setup:
Dual Pentium III 1GHz
Windows XP Professional SP2
Mozilla Firefox 0.9.3 (cookies disabled, using Permit Cookies extension, this allows the user to accept cookies simply by pressing 'Alt+C')
Sygate Personal Firewall Pro v5.5 (30-Day Trial)
SpyBot - S&D v1.3
SpywareBlaster v3.2

Many Thx!

TL

 

I use ZoneAlarm (free) 4.5.594 it works really well, I have SP2 as well and a Netgear FR328S Hardware Firewall/Router for use with Cable, ADSL and Serial Modems.

You can see my Software setup in the following thread (post 14):

https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

Hope this helps...

Cheers

 

I used Sygate Pro but found a few bugs with it even though I have a router firewall and also another year to my license. I was having to make rules to allow my AV to update even when it trusted it before plus I was getting the smc.exe error when shutting down unless I cleaned out my prefetch folder!

I am now using Outpost Pro + my router but have had the Blue Screen since installing SP2 (I hope it is fixed in the next release which is in beta just now) I have now disbled Outpost from starting at boot and placed the shortcut in my Start folder hoping this will overcome the Blue Screen; saying that I only have had 2. I also shut Outpost and close down before shutting down for the night which I feel may help. I am not sure if it is SP2 or the fact I have Hyper threading just know it is the same error as reported on their forum.

If Outpost fix this bug I will be more than happy to keep running it as the GUI is much beter than Sygate and a lot more scope for rules and tighting the whole setup down (learning curve) If I knew all the tweaks and setting Outpost would be my choice.

 

IDS? A superb one? What exactly are you looking for? Most personal software firewalls don't offer anything approaching a decent IDS, mainly because it is not needed. If you are running some large corportate site with several email servers, web servers etc than IDS becomes important IMHO.

 

Kerio Personal Firewall has IDS...

 

Robyn, take a look at this from Agnitum.
SP2 support

 

Thanks Don, I had this already done but do appreciate your post as it has been useful to see that the new version will be fully compatible. I 'think' I have got round my blue screen - it may have been related to my hyper threading or the fact I had to change some DCOM settings now I am running XP Pro and the way Outpost was starting. I think the hyper threading issue is also being addressed in the new version.

 

Hey,

Sorry for posting in the wrong area again!

Thx for all your replies!

Outpost was the one I really wanted to use I really liked the rules system, but these BSODs I couldn't seem to stop them. I read the outpost forums and a few people have delt with them, maybe i'll hold on till 2.5 is released.

Justhelpiung I assumed that IDS was a must with firewalls, but you know alot more about these features than I, i'm just trying to understand how it all works and what I won't out of a firewall.

Is Look 'n' Stop up there with the best of them? From what i've read so far its amazingly light on resources.

I'm a little dubious about trying ZoneAlarm i've heard some horror stories, it must be a good firewall or else people wouldn't use it, but would this also mean its more prone to exploits.

I still see people are using the older Kerio Personal Firewall but there is so much choice...

TL

 

Ok Robyn, it was worth a shot . It very well could be a combination of SP2+Hyper threading, as others are having issue's with both, have you tried deactivating Hyper threading? or is that not something you want to be without? Well in any case, let's hope 2.5 will lay these issue's to rest.(sooner rather than later ). Take care.

 

Thanks Don I would 'prefer' to have my hyper threading and am living with the hope that the new version will have taken this into consideration. I really do hope so as I searched long enough for the new firewall which I am getting used to (learning stages) and would not want to have to start my search all over again I am trying to keep to a routine of shut down and start up with Outpost to see if this will limit the blue screen issues - so far I am hopefull but don't want to speak too soon Thanks for your input.

 

Hello TOn3LaB, I believe the BSODs will be gone when 2.5 come's out, why don't you try a couple of other firewalls until then, like Kaspersky or Looknstop , they are both light in "footprint". BTW outpost use from 1.6 to 8.6 mb on my antiquated machine.

This is a firewall with a steep learningcurve, so unless you into rulescreating , or are willing to learn fast, i would shy away.

I hope this helps.

 

My pleasure Robyn.

 

I've had bluescreens with Kerio Free and Server 2003. Switched to Outpost Free, which worked fine. It's likely that neither was intended for 2003.

As far as hardware firewalls, they vary in effectiveness. The newer Linksys do some amount of SPI (stateful packet inspection), but how much? SPI is also a double-edge sword in some cases, the BlackIce exploit was based on a vulnerability in the inspection of ICQ traffic.

The term IDS gets used a lot, but if it modifies the firewall ruleset or drops packets, it's more like an IPS (intrusion prevention system). I believe a strict HIDS or NIDS simply logs.

A good IDS would recognize buffer overflows, reads of the password file, javascript exploits, etc.

 

I use the Computer associates ( ZoneAlarm, CA packages it with their EZArmor product ) fiewall. I used to use Sygate pro.
I found Sygate didn't offer me as much control over what I wanted to allow to connect to the internet without server privlages and what I wanted to allow to connect with server privilages, so I'm sticking to the CA/ZoneAlarm firewall running behind my router.
The one two punch has worked well for me.

 

Hello all,

Cheers for all your replies!

I've gone back to Outpost and did what was suggested with the DEP setting no BSODs so far. Outpost rules system has won me over its awesome, I tried Look 'n' Stop and just didn't like the way it worked. If all goes well i'll probably take the plunge and buy Outpost 2.5, but is this still a little OTT if I have a Firewall router?

Many thx!

TL

 

Hi TOn3LaB,

It is definately not over the top to have both a hradware and software firewall.
The hardware FW will handle inbound attacks and the software FW will handle outbound attacks. It's an important part of layered security.

 

Thankyou, now I gotta decide whether the Linksys BEFSX41 is the correct choice!

hmmmmmmmm

TL