Software Firewalls!

Discussion in 'other firewalls' started by TOn3LaB, Aug 24, 2004.

Thread Status:
Not open for further replies.
  1. TOn3LaB

    TOn3LaB Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Hello all!

    I've been looking at the various Software Firewalls available and have downloaded a few Trials, there are so many which makes the decision a little tricky. I know each Firewall has features that it excels at which makes choosing a firewall user specific. I'm after a Firewall that:

    * Doesn't hog my PC's resources.
    * Has superb IDS.
    * Flexible both way traffic control.
    * Good logging.

    How it protects is more important than ease of use . I have looked at two Firewalls so far, Outpost Firewall Pro v2.1 and Sygate Personal Firewall Pro v5.5. I really like Sygate for its simplicity and it seems to be very effective with its intrusion detection system. The rule creation is good but not as good as Outpost. Sygate also seems to take a little more resources than Outpost. I was very impressed with Outpost the rule creation is awesome, the only main problem is the BSODs with SP2, but it is an all around great Firewall.

    I must also add that i'm considering purchasing a router with 'built-in' firewall features. I'm looking at purchasing and not concerned whether its Free or not. I see alot of people are using Look 'n' Stop and Tiny. Are the any good? is there any other advice people could give me?

    Current Setup:
    Dual Pentium III 1GHz
    Windows XP Professional SP2
    Mozilla Firefox 0.9.3 (cookies disabled, using Permit Cookies extension, this allows the user to accept cookies simply by pressing 'Alt+C')
    Sygate Personal Firewall Pro v5.5 (30-Day Trial)
    SpyBot - S&D v1.3
    SpywareBlaster v3.2

    Many Thx!

    TL
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  3. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I used Sygate Pro but found a few bugs with it even though I have a router firewall and also another year to my license. I was having to make rules to allow my AV to update even when it trusted it before plus I was getting the smc.exe error when shutting down unless I cleaned out my prefetch folder!

    I am now using Outpost Pro + my router but have had the Blue Screen since installing SP2 (I hope it is fixed in the next release which is in beta just now) I have now disbled Outpost from starting at boot and placed the shortcut in my Start folder hoping this will overcome the Blue Screen; saying that I only have had 2. I also shut Outpost and close down before shutting down for the night which I feel may help. I am not sure if it is SP2 or the fact I have Hyper threading just know it is the same error as reported on their forum.

    If Outpost fix this bug I will be more than happy to keep running it as the GUI is much beter than Sygate and a lot more scope for rules and tighting the whole setup down (learning curve) If I knew all the tweaks and setting Outpost would be my choice.
     
  4. Justhelpiung

    Justhelpiung Guest

    IDS? A superb one? What exactly are you looking for? Most personal software firewalls don't offer anything approaching a decent IDS, mainly because it is not needed. If you are running some large corportate site with several email servers, web servers etc than IDS becomes important IMHO.
     
  5. squash

    squash Guest

    Kerio Personal Firewall has IDS...
     
  6. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Robyn, take a look at this from Agnitum.
    SP2 support :)
     
  7. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks Don, I had this already done but do appreciate your post as it has been useful to see that the new version will be fully compatible. I 'think' I have got round my blue screen - it may have been related to my hyper threading or the fact I had to change some DCOM settings now I am running XP Pro and the way Outpost was starting. I think the hyper threading issue is also being addressed in the new version.
     
  8. TOn3LaB

    TOn3LaB Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Hey,

    Sorry for posting in the wrong area again!

    Thx for all your replies!

    Outpost was the one I really wanted to use I really liked the rules system, but these BSODs I couldn't seem to stop them. I read the outpost forums and a few people have delt with them, maybe i'll hold on till 2.5 is released.

    Justhelpiung I assumed that IDS was a must with firewalls, but you know alot more about these features than I, i'm just trying to understand how it all works and what I won't out of a firewall.

    Is Look 'n' Stop up there with the best of them? From what i've read so far its amazingly light on resources.

    I'm a little dubious about trying ZoneAlarm i've heard some horror stories, it must be a good firewall or else people wouldn't use it, but would this also mean its more prone to exploits.

    I still see people are using the older Kerio Personal Firewall but there is so much choice...

    TL
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Ok Robyn, it was worth a shot :). It very well could be a combination of SP2+Hyper threading, as others are having issue's with both, have you tried deactivating Hyper threading? or is that not something you want to be without? Well in any case, let's hope 2.5 will lay these issue's to rest.(sooner rather than later ;) ). Take care. :)
     
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks Don I would 'prefer' to have my hyper threading and am living with the hope that the new version will have taken this into consideration. I really do hope so as I searched long enough for the new firewall which I am getting used to (learning stages) and would not want to have to start my search all over again :'( I am trying to keep to a routine of shut down and start up with Outpost to see if this will limit the blue screen issues - so far I am hopefull but don't want to speak too soon :doubt: Thanks for your input.
     
  11. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Hello TOn3LaB, I believe the BSODs will be gone when 2.5 come's out, why don't you try a couple of other firewalls until then, like Kaspersky or Looknstop , they are both light in "footprint". BTW outpost use from 1.6 to 8.6 mb on my antiquated machine.
    This is a firewall with a steep learningcurve, so unless you into rulescreating , or are willing to learn fast, i would shy away.

    I hope this helps. :)
     
  12. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    My pleasure Robyn. :)
     
  13. xmp

    xmp Guest

    I've had bluescreens with Kerio Free and Server 2003. Switched to Outpost Free, which worked fine. It's likely that neither was intended for 2003.

    As far as hardware firewalls, they vary in effectiveness. The newer Linksys do some amount of SPI (stateful packet inspection), but how much? SPI is also a double-edge sword in some cases, the BlackIce exploit was based on a vulnerability in the inspection of ICQ traffic.

    The term IDS gets used a lot, but if it modifies the firewall ruleset or drops packets, it's more like an IPS (intrusion prevention system). I believe a strict HIDS or NIDS simply logs.

    A good IDS would recognize buffer overflows, reads of the password file, javascript exploits, etc.
     
  14. Frostfell Grimm

    Frostfell Grimm Registered Member

    Joined:
    Aug 25, 2004
    Posts:
    2
    Location:
    Largo, Fla
    I use the Computer associates ( ZoneAlarm, CA packages it with their EZArmor product ) fiewall. I used to use Sygate pro.
    I found Sygate didn't offer me as much control over what I wanted to allow to connect to the internet without server privlages and what I wanted to allow to connect with server privilages, so I'm sticking to the CA/ZoneAlarm firewall running behind my router.
    The one two punch has worked well for me.
     
  15. TOn3LaB

    TOn3LaB Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Hello all,

    Cheers for all your replies!

    I've gone back to Outpost and did what was suggested with the DEP setting no BSODs so far. Outpost rules system has won me over its awesome, I tried Look 'n' Stop and just didn't like the way it worked. If all goes well i'll probably take the plunge and buy Outpost 2.5, but is this still a little OTT if I have a Firewall router?

    Many thx!

    TL
     
  16. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi TOn3LaB,

    It is definately not over the top to have both a hradware and software firewall.
    The hardware FW will handle inbound attacks and the software FW will handle outbound attacks. It's an important part of layered security.
     
  17. TOn3LaB

    TOn3LaB Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Thankyou, now I gotta decide whether the Linksys BEFSX41 is the correct choice!

    hmmmmmmmm

    TL
     
Loading...
Thread Status:
Not open for further replies.