i´d like to know wich are your favorite software firewall for win or linux
Printable View
i´d like to know wich are your favorite software firewall for win or linux
i would recommend either TINY Firewall, (...because it's so damn tiny!) or Sygate, as they're both...FREE!!!!
and good, i might add.
OK, first of all, Tiny isn't free anymore. It hasn't been since version 2. So at the moment I use Kerio Personal Firewall which is similar to Tiny, but free. I've heard that Sygate is good too, but I've had problems with it. However, I don't know anyone else who has, so it might just be me. These two and ZoneAlarm seem to be the best three free personal firewalls around. As for Linux, learn to set up iptables. It's more customizable than any other firewall package out there.
Cheers,
cgkanchi
I running Win 2000 Adv Server. it's hard enought to manage the Firewall ( Norton ) at the first time . I don't think that you will find a combination package suitable for Advanced Server. You may also find that a software firewall gets hard to manage as you connect more nodes to your server.
And i also included Norton Professional is the standard AV software for the enterprise or Norton Antivirus Corporate Edition (Win2000-adv). I recommend it highly. Zone Alarm is a powerful free firewall, but it must be mastered.
:)
well I personally use zone alarm pro and its pretty good and yes it must be mastered but after you have it gets easy
My personal feeling for Windows firewall, is defintely Sygate....
It has a bunch of options, and doesn´t slow down your system much, like NF2003 does.
The logs in Sygate are good, and also the appz and rulez control are good....
Btw, I´m sure there were more firewaal posts, but I don´t seem to find them ...
I've had this more times since the take-over, did they dump a lot of posts ????
Greetz,
IPTABLES is excellent. Better than any zone alarm or similar. Its the only way to get real detailed rules setup.
Cheers.
hello ,
I use VIsnetic Firewall ( pakcet inspection firewall ) .
to the others . sorry I will not offend you :
zonealarm -> crap, forget it.
tiny firewall -> it was a very good one ( IT WAS !! ) verison 2.x was free and today it can be easily penetrated
kerio firewall -> is a similar firewall to tiny . BUT this little bugger is a phone home firewall. it tries to connect to a chzechoslovakian ip , even if you do not want to update or the update funktion is disabled. I had a dispute with the kerio firewall programmer , he told me that if I switch the update funktion off, it will not phone home.
BUT : with my conseal firewall I found out , that kerio firewall STILL connects to his home ip!!
conseal firewall -> greatest firewall but not available anymore ( the visnetic company took signal9 over) so visnetic firewall is nothing else than a conseal firewall with easyer handling
so here my advice :
visnetic firewall for packet inspection, ( software) plus
trendmicro gatelock firewall ( hardware ) for cable or dsl connections
greetings
martin
Sygate is definitley my choice of FW too
The only negative thing about it IMHO is that it lacks some options in the log, and the rules-handeling is kind of akward.
But as previously said, It has almost no inpact on system performance, its easy to configure, even rules for specific ports and such and it works with anything and everything.
Personally I like something like Coyote Linux as my firewall. Because that can act as an Internet router/gateway and also be your server, plus it's Linux and you just need a working 486 computer with only a floppy drive and two ethernet cables (or ether and modem, etc)! I'm not a big *nix fan when it comes to my every day computer, but for Internet and general security usage *nix is the best! I just find that Coyote seems to be easy to deal with, plus it has an installer that can be used on a Windows plateform to setup the bootable server disk.
One of my personal firewalls for windows are Outpost. And for *nix FWTK.
For corporate protection Cisco, FW-1, BorderManager.
A long time ago in the beginning of this universe did I write a short text about Personal Firewalls and other. It's more like a link collection with a few comments then a tutorial. Anyway you can find the document here.
~micael
I'm a tiny personal firewall nut for windows and a basic lazy iptable set up for linux.
I'm another Sygate fan... at least with the win32 platform. If I knew all the ports that needed to be used for some simple services I would set up a dedicated OpenBSD 3.3-current box with pf as a firewall/router/maybeserver. To those that don't know: pf now supports load balancing rules that can round-robin all requests to even specific ports! AND ITS FREE!!! one catch--you have to learn OpenBSD first, at least a little, to use it :-P
My personal suggestion to you? Search the forums... that has been covered way too many times... I think you'll find all the information you are looking for, including in-depth analysis about each individual software firewall (both *nix and Windows) given by many respected, and knowledgable members.
AJ
I prefer Sygate Personal Firewall Pro for windows. It can detect port scan and dos.
IPchains for Linux or just use and OpenBSD or FreeBSD box as a gateway, running IPchains. (more robust IP stack).
For windblows:
Outpost (free, but some features are disabled) www.agnitum.com
Sygate www.sygate.com
Ao has a neat feature called "SEARCH". If you did a search of the forums you'd see info like this about 5000 times. Same question, same channel, same day of the week.
<edit>
I say ipchains for robustness, not necessarily ease of use. The 2.2 linux kernel is IMO a little better at handling large amounts of traffic. If you're only going to see a little traffic then the 2.4 kernel is fine with iptables. BTW, When implemented properly Iptables can be just as robust as most Checkpoint FW installs. ;)
On the year 2001 i was using Norton Internet Security 2001, it was really cool, blocking ads, closing all ports and waiting for your permission to open an exact port. I had few problems with net gaming, as it was asking all time to open ports... Now i'm using tiny too. But on my father's PC i have installed Sygate.
You know just as I've been reading this for the past few days, just a thought... Does Apple/Macintosh have any firewall type of software? Or really any need for it?
With respect, surely the situation of personal firewalls changes quite regularly, with opinions of each individual piece of software changing too? I apologise if i'm wrong, I haven't been around AO for a while!!Quote:
Originally posted here by avdven
My personal suggestion to you? Search the forums... that has been covered way too many times... I think you'll find all the information you are looking for, including in-depth analysis about each individual software firewall (both *nix and Windows) given by many respected, and knowledgable members.
AJ
I do agree that opinions about software may change frequently, but the technology used in personal firewalls does not change drastically over time. For instance, a search of the forums will bring up many similar threads with the most recent software (ZoneAlarm 3.x, Tiny 3.x, NIS 200x, etc.). Some users may change their firewall recommendations over time, but I would not base an important tool such as a firewall based purely upon someone's recommendation anynway. Once you know what other people are using, you should investigate each program and choose the one which is right for you (based on its security functions, usability, extra features, memory/CPU usage, etc.). Therefore, reading that someone prefers, for instance, Agnitum Outpost over Norton Internet Security, will not do anything for you because you may find NIS much more user-friendly, even if it doesn't have the same customization abilities as Outpost.Quote:
With respect, surely the situation of personal firewalls changes quite regularly, with opinions of each individual piece of software changing too?
AJ
A test that finds which firewall match to you will be great, don't you think???
Like an app that would runa nd say you have all of "these" security wholes, you really shoudl use "this" as your firewall? Yeah that would be a cool idea. Save people from paying for top end stuff when they don't need it, and a sales person just cons them into it.
Exactly...
I would have to say that Zone alarm is the best one that i have seen so far
ii-monk --> you any good at programming? Hehhe, maybe we should get together and make an app that does that and make billions. That is if we got lucky and Bill Gates bought us out ;-)
Daedalus2100 --> I would have to agree, if you are not going to setup your own router with firewall software built in (Like Coyote, Seawall, etc). As I said before I find it easy to use once you learn a little code... then again you have to know some code to run any *nix OS =) Plus I also like doing that because of how secure *nix types of systems are.
I was actually just talking to a friend over this past week about some problems they had. My friend had just setup Zone Alarms on his Windows XP Pro machine, which is also the router/gateway for his Internet to LAN. He had all types of problems, couldn't get his internal network to be able to access the Internet, actually he pretty much froze his XP machine from both the Internet and LAN. I laughed! Because I didn't know anything about how to setup IP chains and such whenever I setup my Coyote box, I will admit I lost the ability to do FTP and file sharing over chat clients, but my Internet worked and I could connect my LAN to the Internet and such. Then after finally taking the time to read through the website and learn a few things, I had a fully working router that would allow FTP, XP Remote Desktop, File Sharing with AIM and MSN, everything I needed to flow between my LAN and the Internet.
So you could kind of say that I like means that work over means that force you to sit and learn things right then and there or nothing works. Because my friend hasn't been the only person I've known who is a "user" that has had problems setting up Zone Alarms or anything of the sort.
Yeah i know some.
Important note: The founder of M$ was William Gates not Bill Gates.
I use Norton Personal Firewall it's an very good 1, and it's so easy to download (oops, illigall:D)
After reading through this I , at the time, had zone alarm. I checked out outpost and because I am broke grabbed the free version and it is infinetely better than zone alarm. It allows more control and a better interface. The logs are a lot clearer, also. I know this topic has been covered before but it is good to keep updated on the important stuff-thanks :D
i've used agnitum outpost (free)... since i'm using linux now i'm using iptables ;-)
btw. hi everybody, this's my first posting
As for windows firewalls:
I recommend using more than one. Some are better for some things than others. And since there are different approaches to security by firewalls using more than one increases your secutiry. Personally I use VisNetic and ZoneAlarm (and I'm considering adding Sygate). Between them I think I have a high level of intrusion protection.
Hi jupes. You said to use more than one firewall on windows? Thats about the one of the biggest mistakes one can do. There are more reasons why this is a bad idea. Let me try to explain the negative sides of what you have proposed.
1 - Two firewalls does not make you more secure. On the opposite, it makes you less secure.
2 - If you setup one firewall "CORRECTLY" then its safe enough, and its easier to administrate. Setting up 2 firewalls will cause you to lack attention on each one individually meaning that you would have 2 poorly setup firewalls which offer no real protetection. Also the thought of having 2 makes you "think" you are safer, which will cause less accuracy.
3 - Two firewalls might interefeer with each other. To maintain a firewall correctly takes some time and accuracy. But to maintain 2 firewalls is madness.
I hope that im making sense to you Jupes.
Cheers.
hey
zone alarm pro, I feel the best in my view, in commercial ones, ofcourse, the balck defender firewall is also fine.
Then coming to free ones, zone alarm the free version is fine,
I personally used zone alarm once , now using ZAP pro, which is nice.
it has many good features, I donot say, it is ultimate and i will block totally unauthorised traffic, but it is fine better than others.
instronics,
Thanks for the info. I admit I am no firewall jedi and had relied on the suggestions from the book 'Desktop Witness" which I don't have my copy here so I don't know the author. Unless I read it incorrectly (and in that case I don't deserve to have a computer!), it said that it was possible to run more than one firewall.
The book, which covers almost every aspect of securing information on a PC and I found to be excellent, describes extreme measures that can be taken when you have very valuable information (i.e. human rights workers in a totalitarian regieme) but suggests each person takes their own situation into account and only uses the level necessary. I personally don't have a need for such extreme protection but have been experimenting with some of them out of curiosity. I am therefore interested to hear if it is recommended against running more than one firewall?
I have taken some time to configure each firewall to my needs, although I must admit that I have not regularly reviewed VisNetic. What are peoples thought?
Thanks
Hi again Jupes. Indeed it is correct that one may run more than one firewall. But i do not think that this is related as in running 2 software firewalls on 1 computer. The word firewall may consist of many different types and kinds. One of these kinds is a simple software firewall. Other kinds consist of 2 routers, a bastion Host, and a proxy server (aka application level firewalls). I think that when you read the part with 2 firewalls it was refered to a network. An example:
<your-client-with-firewall> <----> <internet>
or
<your-client-> <----> <firewall> <-----> <internet>
Where the <firewall> is a dedicated hardware firewall, or just a computer running one.
or a more complex way.
<your-client> <--> <interior-router> <--> <Bastion-Host> <--> <exterior-router> <--> <internet>
Where by the 2 routers in combination with the bastion host are 1 large firewall setup ;)
or what i think you meant
<your-client-with-firewall> <----> <firewall> <----> <internet>
As you see there are many things called firewall. To run 2 software firewalls of one computer is nonsense. If you would like a deeper insight on firewalling (which by the way is a very good and interesting read) then i would recomend a book called "Building internet firewalls 2nd edition" by Oreilly www.oreilly.com .
Thats a great book which will cover *nix aswell as windows systems. Do not let the size or the price of the book scare you, its an excellent read.
Good luck :)
Cheers.
instronics
Thanks for the further pointers. I guess my understanding is a little off and I need to do some further reading. :)
cheers
Jupes
I have to agree with Vigge. Sygate is my personal choice. I think it has a very friendly interface, pretty easy to configure, and is very good at letting you know who and where your computer is connecting to. Some of the options are greyed out with the freeware, but you can upgrade. I think it might be a good idea to get your feet wet with a couple different FW, and then decide on your own which works best for you and what you are doing.
for me i have no favorate firewalls right now theres trojan dat able to destroy any anti virus and firewall just be aware of everything u do on the net
peace
Dwien....what are you talking about? Theres no such thing as a trojan that will destroy any AV and/or firewall. LOL, where do you get that information from?
I believe Dwien is referring to the fact that some of the recent virus threats have contained the ability to search out known personal firewall and antivirus software and delete their executables and shut down their services as a facet of the virus attack.
I also like Zone Alarm and use that on my home computers.
instronics:::: dats wat i do, hack computers! but 4 only good purposes.
tonybradley is correct there are tons of trojans and virus' out there more sophiscated then any anti-virus or firewall.
peace
if you want some sample just ask me ill post some K.
Peace