What's the best firewall taking these things into consideration?

Discussion in 'other firewalls' started by msingle, Jan 30, 2003.

Thread Status:
Not open for further replies.
  1. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    I'm looking for suggestions on a software firewall that is best in these categories in order of importance:

    1. Protecting computer
    2. Resources used
    3. Ease of use and configuring/setup
    4. Support (doesn't have to be "personal" - self support is ok)
    5. Configurability
    6. Price
    7. Plays well with other software

    I know that program XXX may be the best at protecting your computer but may be a memory/resource hog. Program YYY may be easy to use and have great support but doesn't protect very well.

    I'm currently using ZA free but looking elsewhere because it seems to really slow down my clunker PC and it has very limited configurability. I've been reading these forums and it seems to get the best configurability you need to use a rule based firewall but many people have said that they are hard to set up.

    I've considered looking at Outpost free/paid, Sygate free (even though when I installed the paid trial several months ago it kept locking everything up on me and I went for a couple days not knowing it wasn't running), Norton personal firewall or NIS (probably both resource hogs) but I'm wide open for suggestions.

    So taking all these factors into consideration, which would you recommend?

    Thanks.
     
  2. hi msingle, have in your travels, you trialed the latest Look@stop2.04, Its very lite and can be simply set after loading to enharnced ruleset and left to look after your system. There is a new look@Stop forum here in the room above .Paul recommends it in the recommendations as one of the best also. I am trying it and will be buying it when the trial time is up , I find it really good and really compatable with everything else that I run. It may be worth a look .
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D soalrpowered firewall
     
  4. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
  5. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    :)

    but, I guess hardly any fw has the support that Outpost has on it's forum.
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Msingle from Firefighter!

    I have tried Look'n'Stop 2.0.4, McAfee 4.0, Norton PFW newest version, Kerio 3 beta 5, Zone Alarm Pro latest version, Sygate Pro latest version but the best was Outpost Pro with those plug ins loaded from (http://www.outpostfirewall.com/guide/) sites.

    Outpost was the only program that passed for me all PcFlank's tests and you can load the 5000 port fix program unpnp.exe (to WinXP) from Steve Gibson web sites. :D

    "The truth is out there, but it hurts!"

    Regards,
    Firefighter!
     
  7. hayc59

    hayc59 Guest

    I Will Have To Say..OutPost by Agnitum!!
    Not To Mention The Great Support They Have Over At Thier Forum.....Type On Over And Check It Out, You Will Be Very Happy.... :D


    EASE OF USE - no learning curve. Outpost Firewall is very similar to Microsoft's Windows Explorer that almost every user is familiar with.
    PERFORMANCE - it is the most feature-packed Personal Firewall for Windows in the world.
    SECURITY - it gives peace of mind from every threat by Cookies, Ads, E-mail viruses, Backdoors, Spyware, Crackers, and virtually every other Internet danger.
    OPEN DEVELOPMENT - it is the first firewall with an open architecture, partially open source and support for plug-ins, so its capabilities can easily be extended by thousands of developers worldwide.
    ALL-IN-ONE DESIGN - it comes with Attack Detection, Privacy Guard, E-mail Protection, Ads blocking, DNS Cache and Parental Controls plug-ins.
    COMPATIBILITY - You can take Outpost Firewall with you when you upgrade your computer or connection, no matter what connection type you are using or what MS Windows version or applications you are running.


    not ot mention the price!!
    http://www.agnitum.com/purchase/migrate.html
     
  8. CARCHARODON

    CARCHARODON Registered Member

    Joined:
    Oct 1, 2002
    Posts:
    68
    Location:
    Portland, Or. USA
    What everyone here is failing to mention is that Outpost has several known issues that agnitum has not fixed. They have essentially dropped support (by not doing patchs) for version 1 as they try to get version 2 out the door. hummm... sound familiar... cough.. cough.. Ad-Aware.

    There is no way I would recommend outpost until agnitum gets their stuff together.
     
  9. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I suspect the different products mentioned have different pros and cons. And probably trying them out is the only way to find which one is right for you and your system. (Just be sure if you uninstall a firewall to first check if there are any specific instructions in the help section or vendor's site that should be followed. And completely remove all bits of the firewall before installing another. Use a reg cleaner, etc. This will prevent potential problems if you install another firewall.)

    Lightest on resources is probably Kerio, but it is rules based. There is a Kerio forum at

    http://www.dslreports.com/forum/kerio

    that I would recommend to a new user. There is a FAQ section there that has sample rules sets as I recall. But as far as I can discern (having used the old Tiny for a while) someone just using the default configuration and not taking the time to properly set up a tight rules set could leave themselves vulnerable without realizing it. Kerio wouldn't be an install, just approve programs net access and forget app like ZA free. Initially IMO it would take some effort to get a handle on the way it works and a proper rules set. Not terribly hard and a rewarding learning effort, but I would definitely use the resources available for info on how to best set it up.

    I've used ZA Plus which was OK on my older Win 98 system and has more configurability than the free ZA. I've been curious about Outpost but I've read other comments elsewhere similar to CARCHARODON's so I'll do a wait and see about that. I also wondered about Sygate, but heard about an issue (if I remember correctly) using a local proxy like Proxomtron with Sygate....things work, but programs can connect to the net via the proxy without Sygate catching them? As I use a local proxy and ZA doesn't allow that behavior, I've to date passed on Sygate.

    I've used ZA (first free and then Plus) for years with no problems to speak of. But from time to time I just get curious about the other firewalls out there. Best of luck on your hunt. :)
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Carcharodon from Firefighter!

    You are right in those Outpost upgrade issues. But for me, all that counts, is that the firewall has passed all the PcFlank tests and Steve Gibson's Leak Test and IP Agent shields test.

    If you have found some other product, which could block referers, ads, pop ups, cookies and is stealth in normal use, Please tell me and I'll try it? :)


    "The truth is out there, but it hurts!"

    Regards,
    Firefighter!
     
  11. Firefighter;

    I have gone back and forth so many times between ZAPRO and Outpost Pro, I lose count... {Sigh}... Now I'm back to Outpost...

    Admittedly, Outpost is better.. The controls are better, the privacy features are much much more to my liking, and the computer doesn't freeze up and lock up with Outpost. I have been doing exhaustive testing between ZAPRO, and Outpost , and also, I had a hyposthesis that it could have been the registry cleaners I use.. After a couple of more testing, I am saddenned to say I think ZAPRO, even 3.5, is just too intensive...

    Am I happy with Outpost? Support looks superb, through the forum (I will not buy any software now without forum support), even though I never used it, and the basic configuration is okay. I am perplexed why they stopped support with patches in ver 1, just because they are working on ver 2.. I think they are hurting their reputation.. Yeah, they got a great product, but something bothers me with their whole approach of "stick around with our orphaned firewall, while we keep promising to bring you the new improved Outpost, same bat time, same bat channel!..."

    However, you're right. In spite of the outdated-ness, it is the best firewall I have used, and I probably will renew again, unless they fold or get bought out by Symantec... (LOL!!!)
     
  12. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Straight Shooter from Firefighter!


    I agree with you about Outpost, but you must remember, that it is still one program among others, when there will be the new superb one, Outpost may go! :rolleyes: ;)


    "The truth is out there, but it hurts!"

    Best regards,
    Firefighter!
     
  13. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Straight Shooter from Firefighter again!

    About Symantec, stay cool, you can't buy competence forever, if you are doing so constantly, you are actually dying! So what I have said before, about the top, there is only one way, and the direction is.......?

    So what kind of prediction it is about Symantec at all! ;)


    "The truth is out there, but it hurts!"

    Best regards,
    Firefighter!
     
  14. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I just switched firewalls a few days ago.Sygate free to Kerio 2.14.I did a lot of research on Outpost and Kerio_Outpost is intriguing!I was a bit concerned with some issues with Outpost and to date I have not tested the free version.I'm not saying that I won't test it in the future though.Kerio is performing well.CPU usage and system hangs/slowdowns don't occur with this firewall.I set some rules and Kerio is doing a good job.Setting the rules is easier than I thought after browsing different sites in addition to some helpful posts in this forum.My point is that when I was looking for a firewall I had a lot of the same criteria.In my mind the two programs that "fit the bill" are Kerio and Outpost.I did look at a lot of reviews and these two looked like the best choices in my opinion.
     
  15. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    I have experience of Sygate Pro, Outpost Pro, Kerio and Tiny 4.0 (I haven't tried LooknStop, so I can't comment on that).

    1. Protecting computer. They all perform well in this regard, and all can be configured to provide full port stealth (though there are contrasting arguments as to whether 'stealthing' is really more secure than 'closing'). Sygate's IDS (Intrusion Detection System), anti-Mac spoofing and anti-IP spoofing capabilities are probably the most effective in its class. I do find that the latest update, though, gives some false positives (for instance, I encounter problems running FrontPage with the latest Sygate).

    2. Resources used. All of them perform reasonably well in this regard.

    3. Ease of use and configuring/setup. IMHO, Outpost is the best from an ease-of-use viewpoint, and Tiny by far the worst. Kerio has the 'cleanest' UI of them all, I believe. Irrespective of which one you choose, moving from ZA to a rules-based firewall can involve a high learning curve. It can take a long time to create a ruleset that is secure but not overly-restrictive on your personal internet use.

    4. Support. Agnitum have all but abandoned their current Outpost users for some time now, but there is an active user participation in their on-line forums to compensate. Sygate's support is very poor, but again, there is an active forum where fellow users compensate for the manufaturer's ambivalence. I have not had good experience with Kerio's direct support, but - is there a theme here? - they have a peer user forum at DSL Reports. Tiny's 'support' stinks, frankly.

    5. Configurability. Being rule-based, they are all highly configurable. See my comments in 3., though.

    6. Price. Well, the free versions are obviously good value ;-) but the fee-based products are not earth-shatteringly expensive, nor do they vary signifcantly in price. Look carefully at the difference between the free and paid versions, to see which ones suit your requirements best.

    7. Plays well with other software.None of the firewalls seem to have any basic incompatibilities with application software, but there are some issues to consider:

    a. Don't try and install one before the previous one has been fully and completely uninstalled. ZA's installation is particularly invasive, and it's uninstaller is very poor at eradicating traces.

    b. If you are intending to use ICS, be aware that Outpost does not support this, and Outpost apparently has issues with WinXP.

    c. Kerio (which would otherwise be my preferred firewall) has issues for some people. I trialled it extensively, but found it unstable on my Win2K system.

    d. Do you intend running a local proxy, such as AdSubtract, Proxomitron, or one of the others? If so, be aware that Sygate and Outpost will not provide protection for apps (such as your web browser) routing out through the proxy. Kerio does, however, work well in this regard.

    Now, some people will say that the next version of their favourite firewall is expected to resolve some of the issues I have detailed, but these considerations are largely irrevant, I would say. There are new versions of Outpost, Sygate and Kerio in the pipeline, but there are no expected release dates for any of these, and the expected feature sets are either unknown or at least very fluid.

    If you are looking to choose now, you would do best to choose the firewall that best suits you now. There will always be a 'better' product on the horizon - over time you will build up an effective ruleset of your own, which you can more or less apply to any rules-based firewall, so changing from one to another (which seems to be a frequent pastime of many) will not be too arduous.

    Hope this helps.
     
  16. J-Pop

    J-Pop Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    7
    msingle,

    I am somewhat hesitant to offer my two cents as:

    --I am not as technically savvy as many (most?) of the people at this forum and,

    --There have been some excellent points made already in response to your questions regarding a good firewall. I really like a number of the points made by Steve Moss, the one just before this. There have been a number of other good points made by others too.

    However, I have been going through a similar type of questioning. I especially attach importance to the first 3 criteria--probably in the same order as you have them listed.

    So, as others have indicated, your choice will depend on YOUR system, and what type of software you already have installed, level of technical skills and knowledge, etc.

    I am using a WinME system, with dial-up connection. The two applications I rely on most regularly are TrojanHunter (TH) and Eset (NOD32). Just today, I installed Outpost (free) from Agnitum. I am really and truly impressed with Outpost, for these reasons:

    1. The amount of resources used! Very low, especially in comparison with "the other firewall" I had been using. It really uses VERY little of my computer resources; I am quite pleased. For the amount of critically important protection it provides--it is GREAT.

    2. According to grc "shields up" and "pcflank" I am running with 100% "stealth" when connected to the internet. I checked, then double-checked this matter.

    3. It seems to work perfectly (flawlessly) with both TH and NOD 32. No problems AT ALL, in any way. It has worked flawlessly from the beginning, from right "out of the box," so to speak.

    4. Because others here, and at other forums, (more knowledgeable than me) had referred to Outpost, I thought--certainly-- it would be a somewhat difficult fw to configure. Nope, not at all!! I was way wrong. I just let the "rule wizard" (correct name?) do its thing--and it set up everything for me very easily, quickly, and correctly.

    Finally, I have also heard good things (in connection with the first 3 criteria you mentioned) about 1. LooknStop (correct?) and 2. Kerio.

    I chose Outpost (and I am really glad I did now) because it seemed easier to configure and use than Kerio--at least for someone like me. I don't have the time to learn a rule-based firewall system, I wish I did, but I have other important duties that claim greater priority on my time and energy. Yet I want, and feel I need, good sound protection, too.

    And--based on the comparison chart at the Agnitum website--it seemed that the Outpost system provided more built in functions (and, possibly, greater robustness?) than does the free LooknStop. That was my impression, anyway, I really am not an expert and thus want to avoid "this" FW really is "better" than that one. But, it is truly impressive how many excellent features are built into the Outpost FW, very nice, and truly functional too.

    But, based on what you are looking for, those are the other two you might want to consider. (Kerio, LooknStop)

    Me, JPop? I am very happy with Outpost and plan to stick with it. It seems the forum members there are very active, helpful, and also, nice. I am not worried that the "new & improved" version (#2?) is not yet out--as I have all the protection I need. It is effective & easy to use--and there is complete compatibility with the software and OS I am using.

    Don't be afraid to try one of the programs you are considering on a trial basis, too. Take it out for a "test drive," so to speak. See if the "fit" is comfortable, and still provides you the level of protection you want, and also corresponds roughly to your technical knowledge and skills.

    I am starting to see that in:
    a. Firewalls,
    b. Anti-Virus protection, and
    c. Anti-Trojan protection, there are at least 2-3 outstanding programs (in each category). We all have different machines, different needs, and different levels of technical proficiency. I am confident that--for me and my machine, and how I use it--I have installed one each of the very top performers in those 3 categories. It is a great feeling.

    Good luck in your search.

    Sincerely,
    Walter
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi J-Pop,

    Thank you for a very well thought out and insightful post!! Worth much more than 2 cents. ;) If you were eligible to receive karma points, (you need to have 50 posts in order to get or give karma), I'm sure you'd have received some here.

    Thanks and Welcome,
    LowWaterMark
     
  18. J-Pop

    J-Pop Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    7
    LowWaterMark,

    Thanks for the kind words! :)

    I have always received an abundance of good and timely assistance whenever I have needed it, so it is nice to try and do something similar for someone(s) else.

    But...ah...as far as being able to earn karma...after..uh...50 posts?!? did you say? I'm not sure if I will EVER have THAT much to say!! (not about software, I mean !) ha! :D

    Thanks again. Till next time,
     
  19. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    WE vote for OUTPOST. No probs with it. Looking for feedback regarding TGB::BOB from Europe. They are at:
    http://www.thegreenbow.com/bob.html
     
Loading...
Thread Status:
Not open for further replies.