Which third-party firewall do you prefer?

View previous topic View next topic Go down

Which third-party firewall do you prefer?

Post by Binky on 27/12/2010, 06:27

Since there is the separate topic http://ssj100.fullsubject.com/t316-why-use-a-third-party-software-firewall
this topic is only on which third-party firewall you prefer.

For inbound protection, I prefer a hardware firewall. It provides protection:
1. During Windows boot-up, when there is a window of no protection by software firewalls.
2. During installation of Windows, where it is good to download Windows Updates before installing the software firewall.
3. During installation of software firewalls, as some of them require downloading an update.
4. Independently of what software/malware is installed on the PC

On cable internet, virus-containing neighbors PCs are constantly trying to break into my PC. A hardware firewall prevents such attempts without slowing down my PC. With the hardware firewall installed, the LED showing traffic to my PC only blinks when my PC is intentionally uploading or downloading. While the LED showing traffic on my internet modem is constantly blinking...

The box containing the hardware firewall also provides a router function, so multiple computers and other devices can share an internet connection. I prefer a hardware firewall with SPI and NAT features. See https://secure.wikimedia.org/wikipedia/en/wiki/Stateful_firewall

Firewall/router boxes have become low-cost commodity items in the home market. I started off with a Linksys box. It was good to learn on, but it died after about 3 years. I went to replace it with the same model, but NewEgg and Amazon reviewers said they have a high failure rate after a redesign for lower cost. When I checked reviews on similarly-priced boxes, the same theme arose. Given the security importance and the amount of time I spend learning about each box, I allowed myself to spend a little extra money on a reliable one. I found a gem in ZyXEL. Most of their sales are for expensive professional boxes, but their least expensive models are within reach of home users. I have been using the ZyWALL 2 PLUS for several years, and I am very satisfied. It is far more configurable than the Linksys. I have 7-Mbps internet. When doing an internet speed test, the ZyXEL is a faster than the Linksys. Where the ZyXEL really shines is when two or more PCs are downloading simultaneously. For example, when one is watching streaming video and doesn't want drop-outs or distortions. The ZyXEL has low overhead and gracefully shares bandwidth so that each PC user is satisfied.
See http://www.newegg.com/Product/Product.aspx?Item=N82E16833181021

For software firewalls, here are some sites that list some free and paid software:
http://www.matousec.com/projects/proactive-security-challenge/results.php
http://www.techsupportalert.com/best-free-firewall.htm
http://www.majorgeeks.com/download.php?id=34&sort=25
http://blog.scotsnewsletter.com/2008/03/24/the-best-firewall-software-of-2008-online-armor/

I started my adventure into PC security by reading mainstream computer magazine web sites. Based on the good reviews, and that it was an integrated suite (good compatibility between the AV and firewall), I ran Norton Internet Security for many years. I learned a lot by using it. I especially liked the power and flexibility of its firewall rules.

When I started reading reviews that mention self protection of firewalls, NIS looked poor. By this time, I was getting very frustrated with Symantec's support being overly polite but unhelpful with bugs I found. Their first assumption is that it is the customer's problem. So I switched to Avira AV and the Comodo firewall, which includes HIPS. A year later, I dumped Avira and went with Comodo Internet Security, a suite of AV+firewall+HIPS. I had been happy with CIS for several years. I liked dealing with the Comodo forum much better than Symantec or Avira support.

What I noticed was that the Comodo firewall was perfected by the time I jumped on board. The AV and HIPS are the parts have been rapidly evolving. The frequency of updates that require a fresh install has been increasing. This is really frustrating when I have a lot of custom rules to type in or retrain. Also frustrating was Comodo's increasing reliance on users' trust of Comodo to decide what is safe for the HIPS. I saw in the forum many cases of companies being trusted by Comodo because they are large, but that they employ underhanded spying on users.

When I investigated Sandboxie, I found that it could offer protection against reading and writing of data files by the internet browser, which CIS cannot do. Also, it provides much of the protection offered by CIS, but in a way that is easier for non-technical users to understand, especially without alerts. Sandboxie caused me to rethink my security strategy. Now my strategy is to build the rest of my strategy around Sandboxie as the primary protection. Basically, now, I rely on Sandboxie+LUA+SRP+NoScript to protect against unintentional downloads. I am looking for the software firewall to prevent or catch behaviors against my interest by software that I intentionally installed. A HIPS wouldn't offer any additional protection because I already tested it with VirusTotal and trust it, so I would allow every pop-up anyway. (I plan to learn how to use Buster Sandbox Analyzer for installations.)

Recognition that I don't need a HIPS (or want its annoying pop-ups) is a very important part of my strategy. Since the matousec.com tests are about self protection, they are really tests of HIPS. Thus, the matousec.com tests are irrelevant in my choice of a firewall!

What I look for in a software firewall is the following:
1. Rules-based architecture
2. Global and application-specific rules.
3. Default deny
4. Rules support for protocols, ports and IP addresses
5. Lightweight
6. Actively developed (important when broken by a Windows Update)
7. Free
8. Good forum support
9. Reliable
10. Supports Windows XP & Windows 7, 32-bit and 64-bit
11. Compatible with a competent AV (AV needed to alert non-technical user of an evil site)
12. Compatible with Comodo buffer overflow protection (helps prevent unintentional executions by scripts)

The Comodo firewall meets all of the above, while the Symantec product does not on many points. While I can install the Comodo firewall without the AV or HIPS, I do actually want them. With the heuristics disabled, I find the Comodo AV lightweight, quiet and competent. I also configure the Comodo HIPS (called Defense+) to just provide the buffer overflow protection feature. See http://ssj100.fullsubject.com/t294-dep-vs-comodo-memory-firewall

Firewalls other than Comodo may be less compatible with the separate Comodo Memory Firewall software mentioned in the above link. For those who don't care about #11 and #12, there are other good choices that I haven't tried.

Binky
Member
Member

Posts : 35
Join date : 2010-11-10

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by ssj100 on 27/12/2010, 07:50

Thanks for a most detailed introductory post to a good topic. Readers of this forum should know by now what I personally think of third party software firewalls.

Currently, I am investigating into Sandboxie's Port Blocking mechanism (newly introduced in version 3.50):
http://www.sandboxie.com/phpbb/viewtopic.php?t=9627

I will try to post back some findings later. I actually did some brief testing of it when it first came out (I was curious!), but I've forgotten what happened now. Since I run all internet facing applications of significance sandboxed with Sandboxie, this Blocked Port setting may come in handy. Of course, my "explorer.exe" sandbox, CD/USB/DVD sandboxes etc strictly disallow any internet access. However, using this setting (denying all internet access) in a eg. browser sandbox is a bit silly haha. But perhaps Sandboxie can now be configured to only allow certain ports.

EDIT: currently, I can only see a way to block specific individual Ports with Sandboxie. It's a good start I suppose, but I doubt tzuk will be developing this much further (in the forseeable future anyway).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 27/12/2010, 09:24

Binky wrote:Which third-party firewall do you prefer?
I like firewalls that can log all outgoing traffic, even if the rules haven't been defined yet. Not all firewalls do that equally well.
I especially like the Sunbelt Firewall (disable 'Predefined' and set all the rules in the packet filter!) because it kept the best of the Kerio Firewall, which was a winner (together with Sygate Firewall). The only problem with SBF Free is that even limited users can change the rules (no password protection). If you plan on using it, disable the HIPS and Application Behavior modules. They're close to useless. The firewall is strong because the packet rules are directly linked to the application that needs them (path+MD5). You can also set a closing rule 'Block all other and log' and you won't get any nagging alerts. No easter eggs (hidden 'allowed' rules for business partners, etc.) I like that very much. If configured correctly, it passes all existing leaktests and more, notwithstanding Matousec's judgement 'Poor - Not recommended'.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by ssj100 on 27/12/2010, 09:34

Actually, in the latest test, Sunbelt Firewall gets a "None - Not recommended" grading. Regardless, I didn't think Matousec's tests were on Firewall capability only. In fact, I thought their testing wasn't related to Firewall capability anymore - they've titled their testing "Proactive Security Challenge" for quite some time now.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 27/12/2010, 10:07

ssj100 wrote:Actually, in the latest test, Sunbelt Firewall gets a "None - Not recommended" grading. Regardless, I didn't think Matousec's tests were on Firewall capability only. In fact, I thought their testing wasn't related to Firewall capability anymore - they've titled their testing "Proactive Security Challenge" for quite some time now.
The problem with Matousec's test is that it ASSUMES that the user has no knowledge at all of how firewalls work and how the system works. At the same time it ASSUMES that the average user understands the cryptic firewall alerts and will always take the right decision. It's up to you to decide what to think of such a principle. Matousec even refused to test DefenseWall because there are no alerts (?!). Yes, and then there is the unfair point system. Sunbelt can't take part in level X because it didn't pass level Y. Here is a nice analysis:
Matousec Personal Firewall Tests Analyzed
If you set Sunbelt's Firewall rules like this:



it's a winner. Perfect protection with no alerts at all, so no hard decisions to take. Matousec should be ashamed of himself. The average user can't do anything useful with HIPS, except for 'passing' tests where you know in advance that you have to hit the 'block' button.
P.S.: Sunbelt doesn't run on Win7 as far as I know. It's XP and Vista. For Win7 I can only recommend the in-built firewal with Advanced security. One minus: the logs for outgoing packets don't report applications; traffic only.

Paul


Last edited by p2u on 27/12/2010, 11:34; edited 1 time in total (Reason for editing : Grammar mistake corrected)

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by ssj100 on 27/12/2010, 10:15

If using Windows XP, what are the advantages/disadvantages of using Kerio Personal Firewall 2.1.5 (as opposed to Sunbelt's latest?)

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 27/12/2010, 10:39

ssj100 wrote:If using Windows XP, what are the advantages/disadvantages of using Kerio Personal Firewall 2.1.5 (as opposed to Sunbelt's latest?)
Since it is not further developed, it might not be compatible anymore with XP SP3 (haven't checked that) and with continuously developing applications, which may lead to BSoD's. It also has problems with certain types of VPN. It is still a good firewall though. While using XP, I actually created a topic that caused quite something in Russia: How to beat leaktests with an old firewall. Some firewall vendors got really upset. It's in Russian, but with the help of google translate you may be able to figure out what it is about. The point was not to recommend using old firewalls, but to show that leaktests are nothing but marketing, have nothing to do with real security, and that you can pass them without HIPS. "XP User" is "p2u". I just asked them to change my user name and disable my account because I got some really unpleasant (and very personal!) threats at that time. Real security people got the message, of course, and laughed their heads off...
P.S.: About BSoD's. As a matter of fact, if anyone wants to try Sunbelt, I would highly recommend disabling the HIPS driver since it seems to conflict with several video cards:
Cmd as admin:
Code:
sc config sbhips start= disabled
Reboot the system.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by Binky on 27/12/2010, 21:48

p2u wrote:I like firewalls that can log all outgoing traffic, even if the rules haven't been defined yet. Not all firewalls do that equally well.
I especially like the Sunbelt Firewall (disable 'Predefined' and set all the rules in the packet filter!) because it kept the best of the Kerio Firewall, which was a winner (together with Sygate Firewall). The only problem with SBF Free is that even limited users can change the rules (no password protection). If you plan on using it, disable the HIPS and Application Behavior modules. They're close to useless. The firewall is strong because the packet rules are directly linked to the application that needs them (path+MD5). You can also set a closing rule 'Block all other and log' and you won't get any nagging alerts. No easter eggs (hidden 'allowed' rules for business partners, etc.) I like that very much. If configured correctly, it passes all existing leaktests and more, notwithstanding Matousec's judgement 'Poor - Not recommended'.

Paul

Glad to know that Sunbelt Firewall is a good one. If you are comfortable with it, I see no reason to change. I notice that it is no longer developed. If Windows Update breaks it, or there is a conflict with another actively-developed software, then the company may not fix it. Sunbelt Firewall doesn't support Windows 7, and I need that for my spouse's new PC and my work PC.

Others may be interested to know that the free Comodo firewall has all the features you mentioned in this topic, except MD5 matching. MD5 matching (a HIPS-like feature) seems useful for those who don't have a way to prevent unintentional installations. Comodo supports password protection. I use "Custom Policy Mode," which only allows applications that I define. It has an implied rule to block and log any traffic that doesn't match any application rule. It has options for whether to alert or not when blocking unknown apps. Comodo also supports My Network Zones, where I name groups of IP addresses. Naming makes the rules easier to understand when there are a lot of them. When I need to change the IP address of a device or server, I only need to change it in one place (My Network Zones). IP address ranges can be defined in terms of a mask, so one mask can replace a lot of separate rules. One example of where I put this to good use is in defining a zone of dozens of IP addresses for VeriSign Global Registry Services, which both explorer.exe and consent.exe in Windows 7 access to validate certificates before running executables downloaded from the internet. Security is improved because I don't allow explorer.exe to connect to any other IP addresses. Lastly, Comodo's license agreement allows business use for the free firewall. It saves me time to have one firewall that works on all my home and work PCs.

Binky
Member
Member

Posts : 35
Join date : 2010-11-10

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by ssj100 on 27/12/2010, 22:06

Does Comodo support IPv6 yet?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 27/12/2010, 23:23

Binky wrote:the free Comodo firewall has all the features you mentioned in this topic, except MD5 matching.
I had trouble getting the firewall to work with my L2TP (kind of VPN) protocol. It only logged UDP 53 connections (DNS). Since quality egress logging is essential for a firewall, I was forced to uninstall this otherwise wonderful security suite.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by Binky on 30/12/2010, 05:30


Binky
Member
Member

Posts : 35
Join date : 2010-11-10

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by ssj100 on 30/12/2010, 07:55

Yes, I just noticed that - they certainly took their time to implement it!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by wat0114 on 31/12/2010, 08:02

p2u wrote: For Win7 I can only recommend the in-built firewal with Advanced security. One minus: the logs for outgoing packets don't report applications; traffic only.

Paul

Hi Paul,

At least in Win7 Ultimate (and probably Pro) application traffic can be logged:

http://www.wilderssecurity.com/showpost.php?p=1717632&postcount=135

It works, although there are no convenient pop-ups. I like Win7 with advanced security the best, but from 3rd party vendors I feel Jetico 2 is excellent (I disable the HIPS features in it, though), and I also give a nod to Outpost.

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 31/12/2010, 16:03

wat0114 wrote:from 3rd party vendors I feel Jetico 2 is excellent (I disable the HIPS features in it, though), and I also give a nod to Outpost.
Good firewalls, but ideally, services should not have a user interface; just a console that can be accessed by the administrator only. Apart from the unique "Service Hardening" element (splitting svchost up into different services with different access rights), this is one more argument in favor of the in-built firewall. And then there is the compatibility issue, of course, which may arise with every new update with any of the programs on the computer. I think that programmers should be required by law to provide a complete list of all the crap they spread around the system because the poor user often has a hard time removing everything, even with the so-called removal tools provided. A good exception is Agnitum Outpost; I saw a complete list in the interface of the Security Suite, which is a good sign. The problem is that even after removal, modules and drivers left behind may still conflict with newly installed security software or hamper its full productivity.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by wat0114 on 31/12/2010, 22:13

p2u wrote:[And then there is the compatibility issue, of course, which may arise with every new update with any of the programs on the computer.

Always an on-going problem with 3rd party security apps. It's no wonder why the forums are filled with users reporting buggy behaviour of one kind or another.

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by Rico on 11/1/2011, 09:10

I have been using comodo for some time now, but I keep wondering what online armor free version misses in terms of features if i were to switch. wht are advanced mode settings not available to free users of OA?

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 11/1/2011, 09:41

Rico wrote:I have been using comodo for some time now, but I keep wondering what online armor free version misses in terms of features if i were to switch. wht are advanced mode settings not available to free users of OA?
You can find a comparison here: OA products comparison and there is a good web-help (scripts required) that explains everything in detail
* Free doesn't support updates, so you have to do a new install each time
* Free doesn't have a Phishing Filter, but do you need one when your browser comes with one?
* Free doesn't have Advanced Mode, which allows for more granular settings.
* You can't Import/Export your settings with Free
* Free doesn't have Transparent blocking
* Free doesn't have DNS Spoofing Protection
* You don't get personal technical support with Free

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by Rico on 11/1/2011, 09:49

ty for your reply,; could you please explain transparent blocking for me?

btw curiosity pushed me to install it in a VM. My first impression is that I did not like its clunky interface nor its activation request for the free version. I feel the comodo one is easier to understand.One thing I wanna hammer down on is; I dont understand why people dumped comodo. I know it is sthg to do with Melih's outbursts on Wilders, but all personal issues aside; Is comodo really the best out there? its selection seems irresistable esp. for a free product scratch

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by p2u on 11/1/2011, 10:32

Rico wrote:could you please explain transparent blocking for me?
Mike Nash explains it like this.

Rico wrote:btw curiosity pushed me to install it in a VM. My first impression is that I did not like its clunky interface nor its activation request for the free version. I feel the comodo one is easier to understand.
Well, it's new to you. Give it a chance and you may get used to it. Besides, tastes differ.

Rico wrote:One thing I wanna hammer down on is; I dont understand why people dumped comodo. I know it is sthg to do with Melih's outbursts on Wilders, but all personal issues aside; Is comodo really the best out there? its selection seems irresistable esp. for a free product scratch
Sometimes, people just get too "religious" about defending their product. There is no "best" anti-this and anti-that. Security is mainly between the user's ears. Of course, the will to learn helps a lot. I know that's not much of a reply, but I'd like to avoid religious hair-picking here. Comodo is quite good (especially if you look at the price Wink), but nothing is perfect, especially out of the context of your general system setup. Besides, it's third-party software, and I prefer using in-built system functionality to protect my computer. That's all I'd like to say about this.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Which third-party firewall do you prefer?

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum