I have a question for the high end security masters in here.

This question is simple: What is the BEST Firewall out there ?

And please don't answer ZoneAlarm ;)

Sygate hands down!

Well first answer what you need to protect....and what your budget is.

Because "The Best Firewall"...besides the obvious of simply unplugging your computer....we can get into some pretty high end solutions here. ISA2000 and on up!

I don't really care of the budget as long as it is a software solution

Sygate for a software firewall.

:thumb:

:thumb: :thumb: :thumb:
Outpost Firewall by Agnitum
Keep Your Files out of Hacker Hands
With hacker attacks, data theft and privacy violations rampant on the Internet you need a comprehensive solution to safeguard your PC. With Outpost Firewall Pro, you get award-winning firewall software that takes care of your online security needs by:

Hiding your computer identity from hackers;
Stopping hacker attacks automatically;
Blocking private data from being transmitted;
Preventing mass-mailed worm infections; and
Removing ads and pop-ups.
Much, Much More--->
http://www.agnitum.com/
A great forum also--->
http://www.outpostfirewall.com/forum/index.php?s=

I have a question for the high end security masters in here.

This question is simple: What is the BEST Firewall out there ?

And please don't answer ZoneAlarm ;)
Sorry, but I've used many of the firewalls out there, and IMO Zonealarm is the best. Sorry that's not what you wanted to hear, but it is the best IMO. ;)

I don't really care of the budget as long as it is a software solution

OK, software solution, here ya go! Microsoft ISA2000 Internet Security and Acceleration Server
http://www.microsoft.com/isaserver/

Fully ISCA certified! Can be a handful to learn though. And the 2004 version is out soon. Can't wait to upgrade mine.

Personally I prefer hardware solutions and NAT for basic home setups.

"ISA Server 2000 Enterprise Edition" Is that what u mean, and is it compatible with XP & especially 2003 ?

What do u think of Kerio WinRoute Firewall 6 and Tiny Personal Firewall ?

Oh and, do u have some kind of screenshot for ISA Server, just to see what it looks like :)

Sygate has a free version available... it works thats what matters! Why argue with free/works??

Again Sygate Hands down!

:thumb: :thumb: :thumb:
Outpost Firewall by Agnitum

Much, Much More--->
http://www.agnitum.com/
A great forum also--->
http://www.outpostfirewall.com/forum/index.php?s=

I downloaded the latest version yesterday and it crashed my system (STOP screen) twice when I logged onto this site. Hence I've uninstalled it and am now looking for a replacement.
Maybe I could mess around with the settings to get it to operate reliably, but who needs the hassle?
:sleep:

Personally I use ZA Pro as a software firewall and have a router for hardware firewall. :)

I like sygate the best like markII to said outpost is good but you do have to toy with it to get to work right..

Take a look at checkpionts firewall-1, only rival it has is Cisco pix, but the cisco is a mess to configure.

I myself got the Checkpoint Express for the company I work for. I investigated differant firewalls for a long time and ended up with this. I am really happy with my investigation, I love everything about it, and there is nothing that I havent been able to do.

I'd also plump for hardware/software rather than running a firewall on your own machine. I have used both IPCop (http://www.ipcop.org) and smoothwall (http://www.smoothwall.org/) in the past, and to be honest I wouldn't trust any software solution that would run on an insecure OS (woo, a whole new debate ;p).

If money isn't an object you might even find it worthwhile forking out for a little 'puter to install a firewall on, and for either of the above two (or any similar ones) you don't need much to do it... p100 and 64MB RAM is fine unless you want to run a decent sized proxy, for which I'd recommend 128MB or more, and maybe a p2 class system.

there are linux based firewall distro's that will boot from cd/floppy (boot from cd, store config's on a floppy and then write protect it!) for really minimal systems.

you could also build a mini-itx system that boots from flash rom if you fancy something small and quiet.

If you have a small network and are not running many services behind it, don't waste your money on mentally expensive software (or hardware) a half-decent router that does NAT should work fine.

as for zonealarm, can't say I rate it at all (and yes, I know loads of people love it)

Are you trying to shield a single system, or are you playing with lots of client 'puters and a server or two?

There is no single perfect solution for every set of circumstances, so if you want any further feedback you should really say what kind of network you are running at home ;)

Bitdefender fast and save

Kerio 2.1.5

The mans firewall.

ZOneAlarm PRO
and Linksys Router

:thumb:

Well what about the best software only, free firewall? I'm also using kerio 2.1.5. And so far only a few days, its better than the so called paid for Bullguard. I used a free 6 month full trial.

I've got a dead PC in the corner and keep thinking about setting up a little hardware firewall for me self, but just dont get round to it.

How about a robust packet filter CHX-I v 2.8.2 it's free for home use after you register with them but you will have to configure the rules yourself to suit your own setup.

here's a couple of links where you can download it and another site where you will find all the information you need to get started.

http://www.idrci.net/idrci_products.htm

http://members.shaw.ca/BIND-PE_and_ICS/chxi.htm

I'm using the beta version 3 at the moment with a Router and Look n Stop as an application filter, I disabled the firewall in LnS so no conflicts running both together.

The other software firewall I use is 8signs with LnS or I use CHX-I with Kerio v2.1.5 all the information to set it up is at the link above.

If you don't like writing rules you would be better of with one of the mainstream firewalls mentioned earlier.

pclook :)

I think Kerio is the best firewall.. It's very good.

No one mentioned Black Ice Defender. I like it alot...very low resource use and runs silently in the background. Sygate is pretty good too, though the popup for outbound traffic approvals annoys the hell outta me.

This should answer all your questions--- :thumb:
Outpost Firewall Pro 2.7 (build 484/412) Released

On 31st May 2005, Agnitum released version Outpost 2.7. This includes the much-requested ability to set exceptions for the Hidden Process and Open Process control security features that were added in 2.5.

Following is a list of new features:
List of exclusions for Hidden Process Control
List of exclusions for Process Memory Control
GINA module for tracking user logon/logoff processes
Automatic rules configuration for servers with multiple IP addresses
Data transfer using DNS requests
Automatic smart rule naming
Following is a list of issues that were fixed (only major listed):
Issue with opening of renamed attachments in TheBat!
Windows Server 2003 SP1 issue showing up in inability to receive mail using TheBat!
Processing of fragmented packets (all fragments were processed according to the rules for the first fragment)
Product Info: Outpost Firewall (http://agnitum.com/products/outpost/newcontrols.html)
Download: Outpost Firewall PRO v.2.7 (http://agnitum.com/download/)
Please also review the Outpost 2.7 - what to expect (http://outpostfirewall.com/forum/showthread.php?t=14000) for upgrade/install recommendations and other known issues.

Take a look at checkpionts firewall-1, only rival it has is Cisco pix, but the cisco is a mess to configure.

I myself got the Checkpoint Express for the company I work for. I investigated differant firewalls for a long time and ended up with this. I am really happy with my investigation, I love everything about it, and there is nothing that I havent been able to do.
Only 'real' benefit CheckPoint's FW-1 has over Cisco is the ability to install it on a linux distro giving you a wide range of troubleshooting commands like fwmonitor and tcpdump. Our network uses several versions of Check point going back to the early fw-1 and up to the latest NG with AI. It's more difficult to manage than any pix in a large environment. In all honesty a pix is much easier to configure than cp.

However, NG w/ AI has some really interesting logic capabilities that allow it to do somewhat advanced deep packet inspections. Allowing you to block traffic based on trend while not having to restrict by port or ip address. This is useful for p2p/torrent blocking etc. It is no substitute for a solid IDS system though.

Small pluses:
SmartTracker log gui based log (only logs rules set to log)
SmartMonitor for real time analysis on network traffic

In any case, buy a pos computer and run a live version of Devil Linux. Cheap and secure.

:irate: ZA ,the best firewall

:irate: ZA ,the best firewall
:rotfl: :rotfl: :rotfl: :rotfl:
http://www.massamune.net/userfiles/hayc59/rofl.gif http://www.massamune.net/userfiles/hayc59/rofl.gif
http://www.massamune.net/userfiles/hayc59/giullare.gif http://www.massamune.net/userfiles/hayc59/giullare.gif

Its funny but I see all the time ZA is called rubbish and some people here even advocate its removal to amke your Connection faster? I have used the net (I have Cable) with and without ZA fitted, next to nothing difference? Tried Agnitum and didnt like it, too much tinkering.

I still think ZAP is the best, no matter how many people Laugh about it. Check out GRC.com and see HIS recommendations?

Well what about the best software only, free firewall? I'm also using kerio 2.1.5. And so far only a few days, its better than the so called paid for Bullguard. I used a free 6 month full trial. I've got a dead PC in the corner and keep thinking about setting up a little hardware firewall for me self, but just dont get round to it.
For all of you whom feel that your (free|paid) software firewall is the best, here's a set of 15 firewall leak tests with which to test your firewall.
http://www.firewallleaktester.com/ [You can learn a lot at this site!]
Note: Before taking the test, checkout how some of the supposedly top rated firewalls did in the testing by clicking on the Tests link in the left-hand panel-
Testing results are from Oct 13, 2004, so not necessarily up-to-date, and not all that you would guess are represented, and Look'n'Stop beats Outpost Pro.

When you get done testing post your results here, and post the version of your firewall release.

After you are done with testing your current firewall, checkout the Free for Personal Use Jetico Personal Firewall v1.0.1.59 at:

http://www.jetico.com released on 12 May, 2005

which now appears to pass all of the tests which v1.0.1.21 did not last Oct.

Note: Configuration may require you uninstall your current firewall, and hopefully you are fully cognizant of your trusted software as configuring it, is a bit repetitive, but probably well worth it, if you decide to stay with it.

-- Tom

P.S. I have been using a combination of PC-Cillin Internet Security 2005 AV which comes with its own rule-based firewall and ZoneAlarm Free for some while, ZA to stealth the ports - which is a must for all firewalls - test yours at http://scan.sygate.com to see if all of your ports are blocked.

P.P.S. My AV blocks the download of the Copycat.exe test, so expect that your AV might do the same.

P.P.P.S. I am currently getting ready to run all of the tests I was able to download after I uninstall ZoneAlarm, and test the stealthedness of port blocking at the sygate scanning site with the Jetico firewall.

Here's the results of the ZoneAlarm Free/PC-Cillin rule-based firewall tests I ran:

ZoneAlarm Free v5.5.094 leaktest(15) results w/o AV & Email capabilities, with PC-Cillin Internet Security 2005 AV running:
passed 4 test;
failed 5 tests; 6 failed after WinPcap w/packet.dll installed
2 tests failed to start due to no packet.dll; needs retest w/dll;
downloaded WinPcap_3_1_beta4.exe for packet.dll installation, but one indicates ZoneAlarm fails, so ZoneAlarm Free is vulnerable to 6 of the tests
1 test intercepted by AV;
3 tests not executed: shareware limit 10, do not have; too complicated to execute

1) Leaktest1.2: passed; ZoneAlarm Free blocked access to outbound
2) TooLeaky: failed
3) FireHole: PC-Cillin intercepted troj_small.a in FireDll.dll and quarantined it; pressed Start for test; firehole encountered a problem and needed to close - no doubt, lacked access to dll.
4) Yalta: passed, i.e. asked for permission to send outbound comm.
5) Outbound: Packet.dll not found; w/packet.dll in windows\system, outbound launched default browser window to hackbusters, but since no ethernet adapter(have) is connected could execute no further; ZoneAlarm Free is vulnerable according to Hackbusters website
6) pcaudit: passed
7) awft: not tested - shareware
8) Thermite: no firewall notification, no securityfocus.html; failed
9) Copycat: PC-Cillin prevents download
10) MBTest: failed to start - packet.dll not found; w/packet.dll, the procedure entry point PacketSetMinToCopy could not be located in the dll library, packet.dll downloaded from WinPcap Lib also http://www.dll-files.com/dllindex/index.shtml
11) WallBreaker: failed; window IE successful
12) PCAudit2: too complicated to execute
13) Ghost: failed
14) DNStester: passed; caught by firewall
15) Surfer: failed; Surfer test page downloaded

Has anyone tried LightSpeed Systems? The firewall at my school works pretty damned well and I can't remember where the heck it came from, but just search for it and you should find it.

Sygate Personal Firewall :thumb:

Its funny but I see all the time ZA is called rubbish and some people here even advocate its removal to amke your Connection faster? I have used the net (I have Cable) with and without ZA fitted, next to nothing difference? Tried Agnitum and didnt like it, too much tinkering.

I still think ZAP is the best, no matter how many people Laugh about it. Check out GRC.com and see HIS recommendations?


Look at grcsucks.com and remember that Leo Laporte says you dont even need a firewall... :eek: I guess if you totally trust your operating system. Sorry I dont trust Steves opinion.

Personally I use Kerio 2.15. I know I S people that dont trust any of em...

I think's ISA 2004
:thumb:

ereryone friends ,i from in china :)
english is not't good
I think your's teach english ,thanks
msn:qzdmail@hotmail.com

All of the software fire walls do a fair job of hiding your ports. Using a hard ware firewall plus your favorite software firewall is the best combo. I'm currently using McAfee. it does a fair job of stopping outbound traffic and the inbound is stoped by the hardware firewall. Not that i sware by McAfee, but it does a good job. I've also used ZoneAlarm and it does a good job, also Nortons. just pick one you like and use a good hardware firewall to cover your ports.

I have tried several firewalls. Everytime I install one I test them using sites like hackers.org. to find out how secure my pc is. The results were always the same with all of them. Port 25 smtp was open. None of them told me how I could secure it.
The only firewall that secured that port was Bitdefender security suite 9.
It is good

Zone Alarm hands down is the absolute best. You cannot compare to it's tech. support or it's security. Unless u unplug your compu.

Zone Alarm hands down is the absolute best. You cannot compare to it's tech. support or it's security. Unless u unplug your compu.

ZA is horrendous, it slows your pc and connection down tremendously.

:nope:

Hi Forum,

I am a Security Specialist, I have been using ZoneAlarm for along time. Till
now! At this point I think all software has holes and doors that the creators
can access anytime. Microsoft is a prime example with over 4 million lines of code for XP how many unfound bugs do you think they have? I guess thats why Vista is coming! it should be called Mista or Pista because were all getting Fista from the big MS.

Hope this Helps!
Blastfire

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite’s communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software -- even though instructions to contact the servers were set out in the program’s XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there’s no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

http://www.trimmail.com/news/elsewhere/data/1138076936.86/

I'm trying out Kerio right now, I think I like it the most so far

Kerio firewall is the best hands down, Easy as hell to use and is small and fast. It comes free with Cyberscrub anti-virus another great product. Five years of protection for fifty dollars. Bolth programs have no affect on speed. If you call Cyberscrub or Kerio you may catch the guys at home or eating lunch but they will still help you out with any problems (with no charge i may add), Now that to me is worth its weight in gold.:thumb: :thumb:

Well, I can't reproduce those fail test results indicated by that website. I find zonealarm to be very bloated, leaving a tonne of registries that are difficult to remove if there's need to uninstall the application.

I found sygate(5.5 build 2710) with my router to fit the bill.

I won't touch Sygate now cause Symantec got it

Maybe the following site, will help u decide, which is the best....;)

http://www.firewallleaktester.com/tests.htm

I remain steadfast..ISA 2004 blows all those in the above list away.

I want to know what the masters think about Kaspersky Anti-Hacker i use it , so far no ports are shown as open with extensive scans.

Also although we can take measures stop intruders what about someone blocking outside IP . its appears to me some do this whilst I'm gaming

I want to know what the masters think about Kaspersky Anti-Hacker i use it , so far no ports are shown as open with extensive scans.

Also although we can take measures stop intruders what about someone blocking outside IP . its appears to me some do this whilst I'm gaming


KAV Antihacker is an excellent firewall, I have been using it for a while now. I prefer it's simplicity, simply a firewall and nothing else. It uses next to no resources, never more then 5mb of RAM and doesn't slow your pc or connection speed. The newer version coming out soon will even be much better.

KAV Antihacker and Kerio 2.1.5 are all that I will recommend (paid and free).

:thumb:

Hi there,

I will add another useful resources about personal firewall.

********************
http://www.r-firewall.com/
(freeware)
http://www.agnitum.com/products/outpostfree/index.php
(free version)
http://www.all-internet-security.com/top_10_firewall_software.html
(detailed review)
**********************

As for me, i use Zone Alarm Pro. One of the best on the market in term of price :)

I hope this helps.

Cendrillon2

Hello,

In the following review (http://www.speedguide.net/read_reviews.php?id=97), it was said that there's lots of good firewall programs, including a good free one.

And then I was expecting it to have a URL where all of those are listed. But none are.
Does anyone know which one was being talked about?

Also, I see many say Sygate. But now Sygate is old-time, and now it isn't free.

Also, I see many say Sygate. But now Sygate is old-time, and now it isn't free.

Give Comodo a try.
http://www.personalfirewall.comodo.com/ :thumb:

Give Comodo a try.
http://www.personalfirewall.comodo.com/ :thumb:

lol, the only thing with trying these is I hate installing and reinstalling. :P

lol, the only thing with trying these is I hate installing and reinstalling. :P

Yeah....true.

I've used this one...quite nice, rather lightweight, and most importantly..under support and often being updated (through a live update mechanism)

Tiny was good...I haven't caught up on it lately..but I know CA bought them out a while ago...so dunno about the future of the product, if any....

Sygate..sucked up my Symantec. Booo..hiss....

Kerio..picked up by Sunbelt....decent company though.

Outpost...decent...

Zone Alarm....I'd format my PC if that ever came near it.

Yup.

Tiny is gone. Their website proves it.
Sygate was good (I used it back in it's heyday.)
Kerio is not freeware.
Comodo, didn't try.
Outpost, didn't.

I just want a good freeware one, that's all.

I just want a good freeware one, that's all.

Comodo! ;)

Comodo! ;)

lol, I think I'm gonna try it out once I get home.

Just put on comodo. Looks good so far.
I was using AVG AV + FW, and it looked amazing.
Till I think I can pay for it, I gotta use comodo.

I might stick with comodo. ;-)

I installed Kerio at work - I was amazed at the looks right away, lol.
Let's see how both of them fare respectively.

BTW, many people keep saying Kerio.
But I think the one I downloaded at work is Kerio Winroute Firewall.
Isn't that a corporate/small business one?

Is there a Kerio for home users too, or am I mistaken?

PS: I just went to kerio.com, and got their firewall that had VPN, etc. And just now, I went to sunbelt-software.com, and there's a KPF (Kerio Personal Firewall).. which one was being recommended?!

Ok, lol, sorry for so many posts.
But I think I figured it out.

Kerio made KPF before, but now has been acquired by Sunbelt.
Kerio Winroute is still under devel by Kerio itself, but more for corp purposes (not for me.)

I need to go after KPF then.
Hmm, tomorrow, uninstall KWF and install KPF.

McAfee SecurityCenter is the best IMO. I use it and it has been working great ever since I installed it on my computer.

reading this after going through hell with zone alarm pro. Uninstalling it was pure hell. I'll NEVER use it again!!!

Comodo

Just installed it recently after I decided that Sygate is getting a bit long in the tooth and I'm not going to touch the new version now that Symantec has got hold of it.

I'm very impressed so far and the reviews back up what I'm experiencing.

blaack ice...2 words you need to know

blaack ice...2 words you need to know

Black Ice performed terribly in the testing done by www.matousec.com, which is the best firewall testing site I have seen. Also, Steve Gibson (ShieldsUP) caught them blatantly skirting his testing software without actually fixing the underlying security flaw. That's disturbing whether or not you agree with Gibson on the whole.
My vote goes to Comodo because Kaspersky, the best performer at Matousec, is only available as part of their $70 security package whereas as Comodo offers the full, unhandicapped version of their firewall for free.

If you're looking for free software, then go with Sygate.

If you don't mind going out and buying some software then I suggest you go do that, although just because it costs money doesn't necessarily mean it will be "better".

If you're looking for free software, then go with Sygate.

If you don't mind going out and buying some software then I suggest you go do that, although just because it costs money doesn't necessarily mean it will be "better".

Although sygate is still around there are no updates for it and the sygate company was taken over by norton.

Comodo gets my vote too.

Comodo FTW! They just released the new 3.0 version which I think it very nice, although I turned off that defense+ feature cause it got annoying

http://www.personalfirewall.comodo.com/download_firewall.html?currency=USD&region=North%20America&country=US