What is the Best Firewall to Compliment NOD32?

Discussion in 'other firewalls' started by Triple Helix, Feb 26, 2005.

Thread Status:
Not open for further replies.
  1. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    As the Title says. There are so my firewalls which one to choose from!!

    All input can help me and others that have the same QQQQQ!!

    Thanks,

    dagolag :eek:
     
  2. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    I've run the current version of NOD32 with Kerio 4.12 and Outpost Pro 2.5.xxx.xxx. Had no troubles with either program. IMHO, Outpost Pro 2.5 and NOD32 are a very good combination along with a quality AT for a good system defense. :D
     
  3. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    This will probably be moved to the firewall forum. If your a newbie. Zonealarm. in my opinion.
     
  4. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    In the absence of any other information about what you are doing, the answer you are going to get is whatever someone's favorite firewall is. If you like NOD32 you probably want something that uses few system resources. Try Kerio 2.15, or for some process controll with more complexity , Jetico.
     
  5. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I do NOT give opinions of what I believe in . I give advice . There is a difference . Opinion is Mr2cents saying ZA for a newbie . The professional response ( advice ) is this .: ZA is very good for a novice . As is Outpost . ZA a bit simpler but not by much . Outpost , from the install menu , will walk you through . It will set rules for the well known stuff . Then , all you do is put it in rules wizard mode and everytime you access something or something wants to " call " out , it will ask if you want this too happen or not . Very simple . And once you get very comfortable , you can set your own rules , if you wish . Or change it to ' block most " mode or leave it as is . great protection right out of the box . Kerio is fairly good for novices too . The best firewalls are Outpost , Kerio , LnS , and Tiny . These are far and beyond anything else out there in their capabilities . And as for the person that said since you are using NOD , you want a LIGHT firewall , I am confused . NOD is light in itself . Leaving you plenty of room for a " heavy " firewall . Outpost is light . Tiny is light BASED on all it does . LnS is very light as well . For the best protection , use any of the 4 . For ease of use AND best protection , my OPINION would be as follows : 1 Outpost 2 LnS 3 Kerio . I will not put Tiny in because it is very difficult to configure if you do not understand it . Tiny is hard to learn . Hope that helps . Good luck in your quest .
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I've NOD32 with Look'n'Stop. Look'n'Stop a.k.a LNS is the best firewall in my opinion. It's light on resources, protect your computer very well, it has no problems with other programs (including NOD32, of course), it let you to create new rules if you're an advanded user or to use custom or load predefined rules if you're novice, and has the best outbound protection.
    www.looknstop.com
    In Wilders, you can find the official LNS forum in english and french.
     
  7. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I am also a NOD32 user and still on my FW hunt, so far I have tried Kerio 2.1.5 and Outpost 2.5. Outpost has a much nicer interface than Kerio and is easier to setup, but Kerio is a bit lighter. I am really not sure which offers better protection, but it should be noted that also everyone who recommends Kerio 2.1.5 recommends using BZ’s ruleset for it http://www.broadbandreports.com/forum/remark,8023708~mode=flat I am probably going to go with Kerio, just because it is simple and works. Outpost is very nice but it is $40 and also does something’s I don’t need it to do such as block ad’s. I was also going to give Sygate a try, hollywoodpc, is there any reason Sygate is not in your top four?
     
  8. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Sygate continues to progress . But it has always been a step or two behind the others . Not that they try what everyone else does AFTER the fact . It is because they do their own thing and sometimes have missed the mark . What I mean is , the level of inbound protection has been questioned in past years . People that are in the know of firewalls , do not use Sygate . The protection is decent . Anything can let you down . ANYTHING . But , Sygate has a higher percentage or probability of a let down than the others mentioned . The people that push Sygate ONLY use Sygate and swear by it . Ok . I choose to have that best probability of staying safe . Question to you would be : Two firewalls , each going through the same tests . One has a 99.3 percent chance of passing . The other has a 91 percent chance of passing . Those percentages are BOTH high . But , one IS better . Better chance of Sygate being compromised . And , as of yet , do not know if they protect themselves from being attacked and shut down . If they do , they were one of the last biggies to do so . But PG can remedy that . All of that for one simple thing : Sygate is easier to break than the other 4 . Is Sygate good ? Maybe . I say decent . But the other 4 are excellent .
     
  9. sagittarius

    sagittarius Registered Member

    Joined:
    Apr 19, 2003
    Posts:
    136
    Location:
    Queensland, Australia
    I've tried Outpost & Kerio in the past, but never took to them.
    I now use ZoneAlarm Pro on my desktop PC & Sygate Personal (free) version on my laptop, which spends most of it's time networked behind a hardware firewall anyway.
    I hadn't used Sygate until recently when I saw it written up as the best (in that magazine's opinion) so thought I'd give it a try .. so far I'm very happy with it.
    It seems to me to be the most user-friendly (read "novice friendly") one and I've put it on a couple of client's machines ... so far the feedback is all positive.
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Sygate is fairly good... I actually bought the Pro version about a year ago before I got into trying all these other firewalls..

    I think people criticize Sygate mostly for that loopback/proxy issue, which I don't know much about and can't explain myself, but I hear it mentioned often. Maybe someone else can explain it.

    Sygate also tends to use more cpu% in my experience, more than most others.

    Sygate also allows inbound traffic to apps by default, so one has to go into the advanced options for each app and turn this off. It's a little bit of a hassle, but necessary.

    I have also noticed Sygate 5.5 Pro not logging incoming packets to open ports on some occasions, and once it failed to ask if I wanted to allow such an incoming connection. Something's amiss there..

    All in all though, it's a pretty good firewall. Fairly intelligent about how it handles DNS and DHCP. There are many others to choose from though...
     
  11. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Dagolag .
    Saw in another post where you are also using a router . No problem . I use a router as well . Along with Outpost and pcIP . Lots of protection there
     
  12. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I have to agree with Sir_Carew and go with Look n Stop. It's the closest of firewalls in the firewall world equaling NOD32 in the AV world, IMO.. light, fast, very effective, and unproblematic. The difficulty only really begins when you try to configure it for maximum protection beyond your own level of knowledge (of rules, etc.) I've been using it for a while now and loving it. Install the beta driver and service for unsurpassable outbound protection without much added complexity.
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    But is there any conflicks since There are 2 Firewalls?
    Outpost and pcInternet patrol?
    And thanks to all for there feedback!!! Cheers!!!! :D
     
  14. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    NOOOO . Because pcIP is a different kind of firewall . They work very well together . pcIP is made to be used alone OR with most any firewall made . Hope that helps
     
  15. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    :D

    Great to know Thanks for your help!!! Cheers!!!! :D :D
     
  16. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Let me know what you decide and if I can be of further assistance .
     
  17. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Well I just got pcIP and so far so good with ZA Pro 5.5

    I will post more tomorrow,

    TIA,

    dagolag :D
     
  18. stephentony

    stephentony Registered Member

    Joined:
    Oct 2, 2003
    Posts:
    142
    Location:
    USA
    Call it what you like, it's opinion. I'm a professional too, and all I can do is give recommendations based on my opinion of what is a good product. That's why we all use the products we do. Advise is based on personal opinion, and not necessarily all of it fact. Just wanted to clarify that.
     
  19. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    dagolag - for reference so you can refer back to the other replies given, I will place a link here to your other thread, which I have now closed: The best Firewall?

    Please continue in this thread and avoid starting new threads on the same topic. Thank you.

    Regards,

    snap
     
  20. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The problem is if you run "local proxy" software that makes Internet connections on behalf of other programs (for example the Proxomitron web-filter would make Internet connections on behalf of your browser, filtering the incoming HTML to remove webpage annoyances like ads). Sygate cannot restrict what connects to such proxies, so any program (including malware) could connect to them and use their Sygate rules to gain Internet access. Malware would have to check for such proxies first obviously, but there are trojans out there that use other more complex methods to try to bypass firewalls.

    If you do not run local proxies then this is a non-issue (though Sygate not fixing this after 2-3 years may suggest a certain lack of attention on their part). However some anti-virus software runs a local proxy for scanning email, so this could be a hidden problem for some.

    As for firewall advice generally, all firewalls have strong and weak points. Look'n'Stop is the only major firewall not offering Stateful Inspection by default (you have to enable it specifically, and if you do you are limited to 128 network connections which may be a problem for P2P applications) - however this does mean it can run faster and be leaner on resource usage. I understand that you also have to use a separate program LnSSvc to provide protection right from Windows startup (which is an issue for those with "always-on" Internet connections).

    Outpost Pro (not free) does offer protection during Windows startup but contains little protection from being terminated by malware already running on your system (not a major concern in my view since the free version of Process Guard will cover this and other programs, and does a far better job too). Outpost is particularly strong in local proxy control (applications require an outgoing rule to contact the proxy, included by default, and the proxy requires an incoming rule also) and has excellent logging (though this may cause problems with some anti-virus scanners - see Resolving High CPU Utilisation Issues with Outpost). The plugins are nice too, though standalone programs can do their tasks more thoroughly as others have pointed out.

    Tiny offers process and file control so goes well beyond other firewalls - however its configuration is correspondingly difficult as well so it is not a good choice for new users (learning about network traffic is enough work, having to learn about Windows Registry usage and process permission requirements also would put most sane people off firewalls for life).

    Jetico is one to watch for now - it is more complex (though not up there with Tiny) so again, new users should look elsewhere. It is also quite new so issues like system compatibility, security vulnerabilities and company support don't have an established track record like the others. While currently free, it almost certainly going to become a chargeable product at some point.
     
  21. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Sorry .
    I give facts . My opinions are A , B , C . Facts are facts . That is what I point out and let THEM choose . If you read some of my posts a bit closer , you will see when I offer an opinion and when I offer fact .
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Ok, thanks for that P2k...
     
  23. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I have noticed the email proxy thing. If outbound email is scanned it goes out without the email client ever trying to make an outbound connection so long as the AV has permission to send email. Perhaps there is a way around this in FW's other than Sygate. With Jetico the annoying "network access" thing will alert the user.
     
  24. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Many firewalls do have default rules allowing such traffic - removing them should then require the email client to have its own rules for proxy access (e.g. Outpost has a global default "Allow Loopback" - though in Outpost's case the virus email scanner would need a rule to accept incoming traffic also, regardless of the global default).
     
  25. stephentony

    stephentony Registered Member

    Joined:
    Oct 2, 2003
    Posts:
    142
    Location:
    USA
    No Hollywoodpc, you quite often have condescending attitude to offer, some fact, and lot's of opinion. Your comments about newbies not being able to handle a rules based firewall.
    Example:
    A reply from "MickeyTheMan"
    This kind of attitude has become the norm for you. I'm not the only member who shares this sentiment either. I have no wish to start a flame war here, so I will say nothing more about the subject after this. Please try to show a little more respect to all people in this forum, no matter what their experience is, or what you perceive it to be. When you post a response to a question from anyone, be respectful. I'm a hardware technician in a large insurance company IT department, and if I used the same condescending approach in dealing with people who don't have the same technical knowledge that I do, then not only would I alienate people, I'd probably be out of a job. I think at heart you probably mean well so please don't look at this as an attack on you personally.
     
Loading...
Thread Status:
Not open for further replies.