I would make this a poll, but I don't know much about firewalls, I just would like everyones opinion on the firewalls you guys know about and what are the high and low points?
Printable View
I would make this a poll, but I don't know much about firewalls, I just would like everyones opinion on the firewalls you guys know about and what are the high and low points?
the best firewall is the power switch
Application layer proxy firewalls like Raptor (Symantec) and Gauntlet are more secure than stateful inspection firewalls like PIX and Checkpoint. The biggest drawback is performance though. Just about any firewall can do the job.......it's a matter of how your security infrastructure is designed. Just having a firewall is not enough.
I enjoy my zone alarm pro! I will look into PIX, tiny and checkpoint... but thus far zone alarm pro has my heart! Anyone care to comment on zone alarm pro????
I *think* he meant THE power switch i.e. a computer thats not switched on cannot be hacked... which is very true!!!!
Ok cheez_cake. I got the free version and I think it's ok. Best, it's easy to configure and don't give you any hassle once you've done it.
None of the software firewalls are totally secure, though. Negative knows a whole lot about this. Go to his homepage for further details.
And markfox, you seem like you know something about the difference between software FWs and hardware FWs. Perhaps you have a good link you wanna share?
nevermind... sorry guys...
The powerswitch is a horrible firewall.. your computers unusable when you run the powerswitch firewall (really when you not runnning it)
I use currently use Tiny.. I like it, very customizable..
I used to use ZA Pro, and it was nice and easy, unfortunately, in the end it stopped playing nice...
The "best firewall" posts have been so frequent is in annoying! Please, there are a million posts in the AO forums on this subject. So please, look before you post. :(
This is the 1,000,000th "What is the best firewall?" thread!
*quietly rips out huge handfuls of hair*
I guess I can respond to one of these again.
These are the firewalls I have tried, and the ups and downs I have observed of each.
ZoneAlarm: (freeware) I like this firewall for it's ease of use. It has a very user-friendly interface, and the logging and reporting are both very good. I like its ability to engage its "lock" either on your command or on a timer. Another nice feature of its lock is that you can tell it to let some programs through it. So if you wanted to cut yourself off, but still leave your website up, ZoneAlarm would let you do that. I also like the fact that it can give you details on the activity that it has blocked. It can also alert you when it has blocked activity by either displaying a pop-up, or flashing its icon in the system tray. This firewall is generally best for beginners, or somebody who doesn't feel like taking the time to configure a firewall. You can get this firewall (for Windows) here.
Tiny: (freeware) I like this firewall for its controllability. Unlike ZoneAlarm, Tiny can set rules based on port, protocol, remote address, program, and the direction of the traffic. ZoneAlarm only sets rules by program, unless you get ZoneAlarm Pro. It is also supposedly more secure than ZoneAlarm and BlackICE, but I have never confirmed that. Unlike ZoneAlarm, Tiny will not alert you when you receive an attack, but it can still log the activity it filters. I like the fact that it is always the first application to start (at least on my machine), so there is little chance of some traffic slipping past while the machine is booting up. The only downside (besdes no alerts) is that its interface isn't
newbie-friendly. This firewall is generally best for intermediate to advanced users, or those who need more control than ZoneAlarm can offer. If you're interested, you can download Tiny (for Windows) here.
BlackICE: This firewall is basically the best of both Tiny and ZoneAlarm. Its rule-setting is wonderful. For beginners, there are four basic settings; trusting, cautious, nervous, and paranoid. That's all. For extra control, its advanced rule-setting is much like Tiny's. When you're attacked, it can sound an audible alert, and logs the activity, and will display the attack for you, categorized by severity. If you want, it will let you block the attacker for a set amount of time, or forever. It can alse give you detailed information on the attack, and whether or not it's worth fussing over. I have heard that it doesn't block the Sub 7 trojan, but have not confirmed that, so separate trojan protection with this firewall wouldn't be a bad idea. Other than that, it's a magnificant firewall. You can learn more about BlackICE here.
That having been said, please, everybody, quit posting these threads.
Good Post sftlook.
My recommendation is Tiny Personal Firewall, available from http://www.tinysoftware.com (that was the URL...rite?)
Until others get better....
if this is the 1,000,000th "what's the best firewall?" thread, I wasn't around for the old ones so it needed to be asked again. Maybe there should be a page talking about firewalls, or a bigger archive of old posts.
I'm currently using PGP Desktop 7.1 with VPN, firewall (IDS), disk and mail encryption. I'm quite satisfied, and the premier bonus is that it's a whole packet of security :-). It's aint free but so far it has been worth the price.
//micael
OpenBSD running ipfilter AND a proxy level firewall of your choice.
P.S. OpenBSD has not had a remote exploit (base install with included packages) for over 4 years. Can any OS/firewall app beat that?
Thanks ppl. I tried to get the tiny software firewall and when I downloaded it, it turned out to be some trojan trap thing. Did I download the wrong thing or what?
BTW what good FREE firewalls are there, (not trials, i mean completely free.)
Yes there are good free ones.
ZoneAlarm - Easy to use
http://www.zonelabs.com/
Tiny Personal - Highly configurable
http://www.tinysoftware.com/
thanks for that. What sort of configurations do they have, I won't be able to download until the weekend so I must thrive on what people think about them and knowing what they can do.
I just heard about a software firewall that uses linux technology to protect your computer. I think it was called L.E.A.F. Im not exactly sure how it works, but I believe it tricks potential hackers into thinking you are running a linux box while using a windows system.
For me...the BEST firewall I've ever used was - and still is for that matter - Zone Alarm Pro. Yea yea yea...it's the paid version. But it's WELL worth the price. This little baby has everything in it from allowing program's priviledged internet rights to hiding all your ports and detecting when even a ping hits you. Gives you their IP address...the port THEY were trying to connect to you too, and the port THEY were going to use if connected. And if you know your trojan port-list, this comes in Very handy.
Tiny is pretty nice too...lot of options to choose for cofigurability. I'm not complaining. But what I really does think wreak havok amoungst computer security is BlackICE. I had a version of that, alas, it was my first *Top 'o the line Firewalls*. And I thought it was very good at first. But then all the beeping...all the alerts got to me. While ZoneAlarm Pro keeps them in their little program, you can configure it to not bleep or pop-up or whatever else it can do. I'm not to sure for BlackICE...BlackICE gave me a flase sense of security too, always told me somebody was trying to break into my computer, when really all I got was a cookie. Not to cool. I thought it was working...for a while. Then I just trashed it. All in all...Zone Alarm Pro is the way to go.
...hey, that rhymed...
Why only use one firewall. I currently use ZA and Black Ice and have found that they run well together.
Or get Smoothwall, a small Linux firewall distro that works on old boxes and is easy to configure.
Zone Alarm and BlackICE are what i use....
i like blackice especially because i can get the 'intruders' ip quickly and it also tells you exactly what the 'intruder' was attempting to do to you as well as the severity of the attack...
Another nice feature is that it keeps track of all the info that it has gathered on the 'intruder'
speaking of which, i am beginning to see a pattern...and the same people coming back several times...not sure what i should do about that...
(as for zone alarm, when i type in my own ip address, it keeps telling me that i'm in the middle of Lake Ontario........lol)
:p
Smoothwall is a nice firewall and it's loaded with features not seen in many personal firewalls.Quote:
Originally posted by Focmaester
Or get Smoothwall, a small Linux firewall distro that works on old boxes and is easy to configure.
It can be found at www.smoothwall.org.
.Quote:
SmoothWall being an automated and remotely managed hardware firewall allows our users (globally in fourteen supported languages) to create themselves a physical hardware firewall that is fast to install and fast to get to grips with. It has proved very popular in arenas from the home worker environment with the need to have secure internet connectivity and peace of mind - all the way up to commercial companies requiring a firewall with intrusion detection and support for Demilitarised Zones (DMZs).
power switch, maybe?
I recommend Zone alarm pro or zone alarm.
if (u have bucks )
zone alarm pro;
else
zone alarm;
Agreed with Psionic, if you have a box ready to do that job, install in under FreeBSD and configure packet filtering.
1) you will learn how TCP/IP and Firewalls works.
2) you will be secure.
3) your girlfriend will be soooo in love you're running FreeBSD
4) you have a 100% chance to win the next lottery.
A+ hantiz.
No one here seems to use Sygate products like sygate personal firewall?
It's free for personal use and passes the grc site with glance.
http://www.sygate.com
I use Zone Alarm on most of my windowz machines except on those that had troubles to get started when ZA was installed, there I use Sygate and it works fine.
If someone has really bad news about sygate progs (vulnerabilities) always welcome offcourse.
Some info on Zone Alarm before you just rush out and download it! I know a lot of people here use ZoneAlarm but please take into consideration it too has its flaws.
But this new worm ("Goner") actually deletes the firewall.Quote:
By creating amemory-resident Mutex,Zonealarm and Zonealarm Pro can be stopped from loading. Uninstalling\reinstalling ZoneAlarm even in a different path has zero effect what so ever.
What this means is that a trojan can stop ZAP from loading which means Joe script kiddie and his buddies can have a free for all,cause your firewall isnt there,leaving your computor completely vulnerable.
Its writers are now caught btw as Im sure you all know.
Some small things to note about ZoneAlarmQuote:
Goner is a script kiddie-inspired worm that disables firewalls, antivirus
By Robert Vamosi
December 4, 2001
A fast-spreading worm that looks like a malicious user Web-site defacement could also disable your antivirus and firewall protection.
Let there be no doubt that script kiddies--inexperienced malicious programmers--have taken up the once lowly skill of virus writing. Goner's (w32.Goner.A@mm) pop-up displays look like a typical script kiddie Web-site defacement, complete with the typical script kiddie "greetz." Besides spreading rapidly by e-mail, and therefore posing a threat to e-mail servers, Goner spreads via ICQ and also shuts down antivirus and firewall protection, leaving your Windows computer vulnerable to other attacks. Because it deletes files, Goner ranks a 7 on the ZDNet Virus Meter.
How it works
Goner arrives by ICQ or e-mail bearing a subject line of "Hi" with the body text of "How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it!" The attached file is gone.scr.
The payload of Goner is written in Visual Basic 6, packed with a UPX file compressor, and is 39KB in size. If executed, the worm makes copies of itself in the Windows System directory under the name gone.scr. It also adds itself to the Registry so that it executes each time the computer reboots.
Goner uses the Outbook Address Book to find addresses to send e-mail copies of itself. If ICQ, a favorite program of script kiddies, is also present on the infected computer, Goner will attempt to spread copies of itself through that service as well.
Besides displaying a message taking credit for the worm--"Pentagone coded by: suid tested by: ThE_SkuLL and Isatanl"--and a traditional script kiddie greetz--"greetings to TraceWar, k9unit, stef16, ^Reno. Greetings also to nonick2 out there where ever you are." This worm also displays a fake error message.
Goner disables antivirus and firewall protection by attempting to delete the following files:
aplica32.exe
zonealarm.exe
esafe.exe
cfiadmin.exe
cfiaudit.exe
cfinet32.exe
pcfwallicon.exe
frw.exe
vshwin32.exe
vsecomr.exe
webscanx.exe
avconsol.exe
vsstat.exe
pw32.exe
vw32.exe
vp32.exe
vpcc.exe
vpm.exe
avp32.exe
avpcc.exe
avpm.exe
avp.exe
lockdown2000.exe
icload95.exe
icmon.exe
icsupp95.exe
icloadnt.exe
icsuppnt.exe
tds2-98.exe
tds2-nt.exe
safeweb.exe
If Goner can't delete the files immediately, it will create a WININIT.INI file to delete the files upon reboot.
Removal
Most of the antivirus software companies have updated their signature files to include this worm. For more information on removing this Goner from your system, see Central Command, F-Secure, Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.
1) It's a resource hog (no other commercial software firewall consumes the amount of resources that ZoneAlarm does).
2) It has a long history of trojans and viruses being able to disable it.
Just some arguments, no need to defend Zone Alarm now, Im just making it an even argument that's all.
Zone Alarm would be a great firewall to start out with. I have been using it for sometime and I found very esay to configure.
Mical :confused:
I will honest with you. I represent a competing product of PGP. We don't offer all the bells and whistles (E.g. firewall), but I am a little confused with your point. First of all, Personally when you deal with Security, my personal opinion is to go with products that focus on one type of expertise. This way all of their efforts are focused in one area. Most importantly, why would you suggest a product that is up for sale by the vendor and direction of the product is unknown? I wouldn't be calling you out if the software is free, but we all know it is fairly expensive.
If you are looking for a firewall. There are better ones out their that are free.
I'm with you on that..Quote:
Originally posted by psi0nic
OpenBSD running ipfilter AND a proxy level firewall of your choice.
P.S. OpenBSD has not had a remote exploit (base install with included packages) for over 4 years. Can any OS/firewall app beat that?
Ammo
i use za pro and have had blackice but got rid of it after it's refusal to address outbound packets as a threat.
za pro is a good f/w but no software f/w is as effective as a properly configured hardware f/w.
za is my third firewall, i had conseal, then blackice, now za pro and I have had no problems other than my son disabling it because he is too lazy to set it up when a new application trys to connect and za asks if it is ok.
Hi ISC.
You are right, it's mostly best to go with products that focus on one type of expertice and I'm sorry if I offended you and other people with my earlier post.
In my opinion everyone should have the opurtunity to know of all competing products both free aswell as comercial products. In that way everybody can choose what suits them best.Quote:
Originally posted by ISC
Mical :confused:
I will honest with you. I represent a competing product of PGP. We don't offer all the bells and whistles (E.g. firewall), but I am a little confused with your point. First of all, Personally when you deal with Security, my personal opinion is to go with products that focus on one type of expertise. This way all of their efforts are focused in one area. Most importantly, why would you suggest a product that is up for sale by the vendor and direction of the product is unknown? I wouldn't be calling you out if the software is free, but we all know it is fairly expensive.
If you are looking for a firewall. There are better ones out their that are free.
I'm sorry that I mentioned aditional security products in a forum for firewalls. I can only tell that I'm satisfied with PGPfire as a personal firewall. I also have to say that I would not trust a personal firewall at 100%. But as a second way of defence I would recomend to have a personal firewall or another port-filtering software.
I have a linux box as gateway and firewall and on my internal computers personal firewalls. And that's what I would recomend for everyone who has a old box to use as a firewall and gateway.
But the opinions are many and it's nice to hear them here on AO :-).
I agree with the config Micael gives; It seems not to difficult to set up and pretty secure.
You can actually get PGP for free at http://www.pgpi.org/ I didn't use the firewall, so I have no comments over it. I use ZoneAlarm, which is quite good, Tiny's good too, but if you're a beginner and won't like to mess with the rules, ZoneAlarm is betterQuote:
Originally posted by micael
I'm currently using PGP Desktop 7.1 with VPN, firewall (IDS), disk and mail encryption. I'm quite satisfied, and the premier bonus is that it's a whole packet of security :-). It's aint free but so far it has been worth the price.
//micael
Yes you can get it for free if you not are using it in a company. If you are using it in a company then you are obligated to buy the commercial version. You do also need to buy the commercial version if you want to have the latest version of PGP and PGPdisk.Quote:
But if you only are using PGP for mail then the latest version 7.03 is good enough. And all commercial versions are backward compatible with the older non-commercial versions (to 6.x I think).
I like PGPfire since it can act both as ZoneAlarm with learning state enabled or more like a corporate firewall if you'll leave out the learning option.Quote:
I didn't use the firewall, so I have no comments over it.
This is nice when dealing with users who don't knnow their best. I guess that most of the people at AO who currently works with security knows a lot about users who just hit the button asap a popup occurs. Users don't like to be interupted, it's a sad fact.
Both of them are excelent choices and I have nothing against them. I just want to make a point that there are several other products out on the market and that a beginner aswell as a professional should test many of them and make up their own opinion and choose what fits them best.Quote:
I use ZoneAlarm, which is quite good, Tiny's good too, but if you're a beginner and won't like to mess with the rules, ZoneAlarm is better.
For example at the company I work so should I prefer simple port blocking instead of using ZoneAlarm since ZoneAlarm is self learning and my users don't have the knowledge to make up decisions every time a popup occurs. And our support department aswell as I and the other technicians have better things to do then instruct our users every time ZoneAlarm asks what the user want to do :-).
I have to admit that I have never used ZoneAlarm Pro. Is it possible to disable the selflearning function in it?
//micael
I prefer Neowatch.
www.neoworx.com
There is a way of filtering hosts, read something about IPChains, It would be useful ;)
I did a research a long time ago about personal firewalls. I found the old rewiew and updated it at some points.
What I did was look up the current version and the OS compability of the affected software which was missing from the old document.
The information in the doc is quite old (july-august 2000) but it can give you a hint about what problems to search for in the current version of the personal firewalls.
And if not then you have a stoneage documentation you can smile at when reading :-).
Personal firewalls reviewed in this doc:
Zone Alarm 2.1
Conseal PC Firewall 2.06
Sybergen Secure Desktop 2.1
eSafe Desktop 2.2
I have plans to write a new test about personal firewalls since it's a never ending concept and they'll become more and more advance and easier to administrate.
But I guess that the test review will be finished as earliest in the beginning of the next year.