Hi, i need a new software firewall, but there are so many, so which do you use and what is the best

i think ZoneAlarm does the job pretty well

ZA 5 is full of bugs. turn ur attention to Sygate personal firewall

i mostly use Sygate Personal Firewall Pro v5.5
i tried just about every firewall you can think of and this is the best i found

Currently I'm using Kerio Personal Firewall.

pro:
+ free (limited edition lacks Web Filter and some other things I do not need at all)
+ can ask everytime you (or some app) is starting a program to permit or deny execution (you can set rules, of course)
+ same applies to network connections
+ no trouble yet with any type of application (p2p etc.)
+ monitor incoming/outgoing bandwidth usage of every single app/process

con:
- err, didn't encounter any
(- GUI could be a bit cleaner, but is acceptable)


That goes for the Personal Firewall, Kerio also offers a firewall for a shared connection. I gave that one only a quick look and it seemed to be quite nice with easy remote administration and clear interface. Based on my experience using KPF I would recommend this version as well.
If you're looking for that kind of firewall and not a personal one, take a look at Kerio.com to get a more detailed overview.

Sygate Personal Firewall is my favourite too,
but it crashes sometimes(newest version) :/

ZA is very easy to setup and handle with, but it's not the best firewall out there. As a advanced user I would prefer Kerio.

Sygate is the best if u have some knowledge of making rules . Also tiny is good but if u want a simple but not complicated then try zone alarm .

www.idrci.net, a bit technical but does a very good job. Checkout the NAT module as well. Free for personal use.

Cheers...

Port Explorer..is worth a look at... i use it

http://www.diamondcs.com.au/portexplorer/

also

if you like playing with the rule sets... write your own plugin ..using OutPost !

http://www.agnitum.com/products/outpost/

I've used zonealarm , blackice, sygate , kerio and for a short terrible period norton.
the best in my opinion ar kerio and blackice. sygate takes up way to much system recources. the more traffic, the more sygate takes. up to 20% on a Pentium IV 3ghz.
Blackice i good for a fast safe system. but kerio lets you se emore of what is actually happening.

yeah comsec outpost is goooood . very customizable me tooo use it . but i had some problems with it sometimes so do not recommend it .

Use Look n Stop
It can be difficult to config in first time but it's a realy good fw
Look at this page http://www.firewall-net.com/tools/compare....1a111782432e35c
I've teste ZA and it's a shit ... like norton ...

There is no firewall needet!!!
I hack already since i was 12 (Damn jung scripten kiddy )
I use retina to scan computer's for vulnerbility's then i go hack them trough that way.
But sysgate only blocks such attacks!, But sysgate is also so stupid to give people administrator access!
I wont tell you my secret but i still can tell my way of seccuring your puter with the best way.

You can download an free trial of retina at: http://www.eeye.com/html/products/retina/index.html
go to www.whatismyip.com
Then note your ip, launch retina, let here update anny thing she reboots checks for updates aggain (let here do it!).
Then go to "Scanner"
Alright
Up there is an fill stroke "address" put your ip in there.
Now let it do an full scan (Then it will show your status how vulnerble you are!)
You know how microsoft is loads and loads of vulnerbility's!
There will come few registry stuff (DONT FIX THESE ECCEPT YOU REALY KNOW WHAT YOUR DOING!!!!)

When you klik on the vulnerbility or lack on seccurity (Red, Orrange, Yellow, Green)
There will be an discription and howto fix it (Most of the times), And when you are done reboot and scan your hiney aggain and see if its fixed.
DONT STOP UNTILL YOU ARE DONE!

Srry for my bad english, Enjoy seccuring your puter(s)

-Fly

I use outpost firewall too. Nice and customizable. U just need to know what u are doing

I personally use Look 'n' Stop Lite because it seems to be the only one that allows you to set rules based on mac addresses (such as only allowing communication with the router on a lan environment). Sygate is pretty good, but I though it needed options to create more advance rules. Also, Jetico Personal Firewall seems like it's worth a look, but it is still too buggy for practical use.

Honest there is no "best" software firewall. Yes some are better than others but it all comes down to personal preference and what you want to do. Whether that be set your own rules, be notified of everything, or not be notified of anything or very little. Personally I use Norton Internet Security, its very good. I do not use NAV with that I chose to not install it, I just use the firewall. I must say it is very well done, I get notified of anything "high priority" but port scans, and nothing major I do not get notified. I have tried ZoneAlarm and Sygate but never liked it as much. I also tried Kaspersky Anti-Hacker and Kerio Personal Firewall, but none of them have seemed to compare to Norton's firewall.

Vort3x

I use outpost and port explorer too. For extra protection there is a router also.

About the rules of mac address`s. You can enable a plugin in outpost that`ll block all traffic from computers not on the trusted mac list.

I use Tiny it does the job but it sont have fancy gui like ZA 5 or others i used

but as said before software is personal flavour !

Anyone had a good look at the firewall that comes on nForce 3 chipsets?

On firstlook it appears to allow you to make rules for just about anything you want, but i'm wondering how well it does work (given that you have configured it right)?

I used to use outpost until agnitum stoped releasing new free versions. As for superstealth, it only blocks ARP requests from untrusted computers (at least that was all it blocked the last time I checked). Anyone with the slighted motive could sniff (maybe use arp cache poisoning), find your MAC address, and add a static entry... thus defeating Superstealth. But, giving dmut his credit, it is fairly effective and it did give me the idea to block almost all ARP trafic to and from my computer (I only permit ARP to the router and have antispoof installed to keep it's MAC address in my ARP table). The only thing I wish I had now was sygate's connection hijacking protecion, but I am fairly sastified with begin able to set rules based on Port, IP address & MAC address (therefore making it more difficult to use a spoofed attack against my computer). However, if you aren't on a shared lan then the MAC address filtering wouldn't be that important. If that were the case for me then I'd probably use Kerio or Sygate.

I'm a fan of Zone Alarm because of the program alerts that I receive. I have BlackIce, I think I going to take it for a spin sometime.

Outpost has a plugin for blocking mac addressess tooo (didnt remember that) . But what i dont like in it is when u end process and shut it down completely the also its working in background . It is like u shut it down and then start a program that is not authorized by it and it wont connect till u restart firewall and authorize connection so when u want shell or something then it may (filtered) connection even if it is off .
I had this problems in win98 with latest version. I dont now if prob is in win nt and 2k.

I use Kerio Personal Firewall. Its small and easy. Only thing with firewalls is that you need to know what you will allow and what you wont.. IF you dont know that every firewall sucks

I downloaded kerio personal firewall, it looks nice lets see if it works nice too
Thanks

the best software firewall i ever used was handsdown atguard/@guard. its a damned shame it's no longer being supported/developed. since it dissapeared, i've stopped using software fws completely :/

Yeah, Atguard used to be good (had some trouble with NetBIOS though). Norton bought the company out and uses it in Norton Internet Security.
I don't like to use cracks on firewalls because it's a pain to keep finding cracks everytime a new version comes out (not to mention the time lag between a version release and a crack release). Also, unless you crack the program yourself, then you just have to hope the cracker didn't add any backdoors to the program. Also, I've never tried BlackICE because of the sneaky thing they did with leaktest ( http://www.grc.com/lt/leaktest.htm ), kinda makes you wonder about the rest of their firewall.

I've tended to combine personal firewalls in the past (eg ZA plus Tiny FWs)
At least if you have problems in one, then the other should provide a backup.

Does anyone have any other combinations of personal firewalls that'll work together?

Well, i recommend Sygate Personal Firewall. ..Im using it...
Anyway, its free, and what it does is:

* Protects against Trojans, spyware, worms and other known & unknown threats
* Prevents unauthorized or malicious applications from bypassing the firewall
* Enables even inexperienced users to easily customize and fine-tune security policies
* Provides best of breed evidence logs for intrusion analysis
* Easiest-to-use PC firewall and still free for personal/home use
You can view all Features here: http://smb.sygate.com/products/spf/whatsnew_spf.htm

(any you can download there too)
..recently it had one exploit, but i think they released new version after it. Its really good! Install it and then take any of those firewall tests!

I use Zone Alarm, It had 2nd place in "Komputer Świat"s magazine. First place - Norton firewall, but it takes to much RAM for my comp.


ps: It doesn't mean I bought this shitty magazine

Guys,

To be frank, Sygate is the BEST ...!! I tried almost each and every available SOFTWARE firewalls and OUTPOST and SYGATE really impressed me, KERIO too scored well ..!!

But I recommend, SYGATE, It is the best...! I never had problems with it..!! Never..!! Very simple and it wont suck your Memmory too..!!

Manu

It might not use too much memory, but when I used it the CPU usage was unacceptable. I happen to be on a rather large school lan, so the NetBIOS traffic alone is staggering. Blocking so much caused Sygate to eat a moderate amount of CPU continously. In the end, I would say that there is no firewall perfect for everyone, it really depends on what you are protecting your computer from and personal preference.

I'm confused, how restrictive are you being on an internal school LAN?

Firewall rules should be tuned to your environment, and if you are on a 'trusted' LAN, you should have a different ruleset than if you are on an 'untrusted' LAN.

Just my opinion, but you would save your CPU considerably.

If you're that worried about NetBIOS traffic you could just disable the NetBIOS service (All depends on what OS you are on/Environment you are in of course).

Well, now I'm using Look 'n' Stop lite to filter most everything, and Kerio to deal with what gets through. Since there are about 16,000 students at my school I would assume that at least a few have both the skill and desire to do something malicious. Therefore, I block everything that I don't need (including ARP to anything but the router and I run a DNS server on localhost). I did disable NetBIOS, but I still want to block it because I don't need it, don't want programs listening on it, and am not sure that some program or update might re-enable it without telling me. I may also want to access someone's file shares or let them access mine from time to time, so I may need to re-enable it then. NetBIOS was only an example though. I also filter UPnP traffic, UDP broadcasts, various game broadcasts, most ICMP, and most ARP. The intent is to stop any traffic that I didn't initiate or don't need for what I do. My paranoia comes from my experiences with network security (or lack thereof in most cases). At my old school, for instance, the techies gave everyone laptops with the same administrator password and then gave it out! The next year they used one so simple that I was able to guess it. (Changing it would be a violation of their AUP, so that was mostly out of the question.) I also remember several exploits that have come out over the years that make a computer that you thought was secure yesterday seem like it's wide-open today (such as pqwak, which could crack most share passwords in under a second). I'd rather block everything and use a less feature-rich firewall then leave potential holes in my security to save CPU.

I take your point, but surely ensuring that your machine is restricted to only the services that you use and that the latest and greatest patches are applied (And this is OS independant) will reduce your exposure far better than applying a rigid ruleset.

I understand your paranoia, and if you are satisfied with your performance then fine, but others reading this thread should be advised of the alternatives. That is all that I am doing, not in any way undermining your descision.

It's knowledge gained from resources such as these that provide a level of assurance, not technology. You will, I am sure, also be aware that all software can be compromised, even firewalls.

Also, on the point of the threat within your school, would a NIDS like Snort not be in order to track the activity of your students if there is a real threat out there?

It may be a moot point, but if you can harness the crackers within your school, you could then utilise that resource to secure your environment with the motivation that it would gain them valuable experience from 'the other side' so to speak.

Just a thought and my £0.05 worth

I understand your point, and agree with your idea, only I still feel that a restrictive firewall is needed even if it's a bit redundant. Also, an IDS, no matter how good, isn't perfect protection. I choose to have some much redundancy because, as you said, all software can be comprimised. I would even assume that someone with enough time and skill could even bypass my defenses. The point in having multiple layers of protection is to prevent most attacks, and be too much of a hassle for a skilled cracker to mess with. Software firewalls are a good start at this. Properly configured, on a well patched/secured machine they can serve as a deterent that would ward off all but the most dedicated cracker (and perhaps even detect them and warn you before the system is comprimised). Being only a student I have virtually no legitimate control over the network I'm connected to or the type of people who have access to it. Therefore, by keeping my machine as secure and stealthy as possible I can hope that nobody ever has the time, reason, or skill to crack it.

ok, seeing this posting, i ran my own tests on my network.

i installed the following firewalls. and stuck a router up to make my tests harder.
the firewalls installed were zone alarm. norton mgaffe tiny stop sign sygate and black ice.

i then went to my remote laptop. did some wireless trolling found me an unsecure network and started my firewall test.

first i hit the firewal and ran an internal ip scan. tiny, and blackice failed. i was able to detect them and grab an ip range to run.

next i hit tiny and went right through in about 2.5 minutes.

black ice took 1.6 minutes using known exploits for the firewall.

next i turned to norton and ran several Dos type attacks and it seemed to hold up.
i then did a connect sync flood on noront. and crasch the entire computer.

next i went to mgafee and rant the same patten, and it too failed.
and crashed the computer.

stop sign did not crash. so i probed it, and Did a fore ping and scan. still nothing.
Ran retna, and ofunt 5 openings on that box. and went right through Via cross scripting.

i hit zone alarm and kept getting blocked. so again i ran to retna, and found netbios was open. i then did a netbios attack Via zonealarm, an after 45 minutes was finally able ro run a non malicious application through the zone alarm application.

in this case it was calc.exe

lastly i used sygate. 5.5
i tried a dos attack, and got locked out.
ran an ip scan and was blocked for 60 seconds. seeing this one was over zelous for blocking ip addresses. i tried cros scripting, Xss attacks, and othier things. and to my suprise it held up. seeing i tried everything i knew, i decided to get help. and got googles help. i looked up exploits for sygate. and found some.
and found out you can use sygate against its self. using the log filer. this attack is seen in sygate, and reports intrusion. but the exploit wipes the log file. so when the admin looks at the log to see what happens. it comes up blank.

over all, sygate did the best taking me 17.8 hours to break in to.

and you see the worst ones.
there are other firewalls i have not tested yet. but will.

remember, no firewall is full proof, but get the ones hardest to break in to, and add other protections and rules and it will make most hackers find another target.

Good going com-techs! I'm curious about what you find on the ones you haven't checked yet. I was just wondering, did you use the default settings, or something more restrictive? Here's a list of some of the (better?) ones you didn't check: Kerio ( similar to, but better than Tiny), Outpost, Look 'n' Stop (I'll give you a better ruleset if you'd like), and Jetico (if it doesn't crash on its own, it's still in beta). There's actually a fairly complete list at: http://www.spychecker.com/software/firewall.html (most aren't worth checking out though).

always using zone-alarm. find it the best but thats my opinion

Well an IDS can be protection. Kerio incorperates some version of Snort so that anything it detects can be blocked. Also, an IDS should warn you of a prolonged attack so you can take measures to stop it.

I use Zone Alarm, too... I´m contented with it, never had any problems.

FYI, all firewalls were at default settings. and no rules applied.

you can use the rules and sripts to make intrusion harder.

I use the newest McAfee VirusScan. It is Enterprise 8.0. It is extremly simply, unlike the security center one, which is also 8.0. What i like about it is that it blocks ports that are traditionally used by viruses + any port that you specify. I block port 445 and a couple others. It works the best and is integrated into one of the best virusscanners i have ever used. If you need a dl link to this pm me and ill hook you up. Hope this helps. Peace

i use kerio 2.15

my favorite

cheers
secmaster

zonealarm is one of the best i think

Point of view guys, but could you edit your threads to state why you think it's better. That way people can then make an informed desicion? It would also be helpful if you could say what other ones you've used in the past.

Just my 0.0001p worth.