What is the best firewall?

[ming]

I don't think this has been posted before, but if it has, here it is again.
I've been playing about with a small number of different software firewalls in the past and would like to know what others think is better.

 

[Evil Marge]

According to this poll Zone alarm http://forum.osnn.net/showthread.php?t=94

I don't think there is a best one as we all have different opinions :laugh:

 

[ming]

I don't think there is a best one as we all have different opinions :laugh:

True, but there's always one or two that comes out top.
Probably better asking what opinion they have out of all those they have used before.

 

[SPeedY_B]

A hardware firewall.

 

[jpom]

I perfer kerio (www.kerio.com) myself. I also like outpost, but i found that outpost was a little bit too much work for me, i'm lazy. It's simple and works well, plus it had gotten some pretty good reviews as of the last time I searched google. Oh and they have a free version, it just doesn't include web filtering and system security.

 

[FishBoy]

zone alarm is bad, each time i used zone alarm back home the server went down, sygate and windows firewall are great firewalls

 

[fitz]

Let's see..

I've used Zone alarm, sygate, blackIce, Kerio, and couple of others... in all cases, it's a matter of how you configure it. Out of the box, I like Kerio or sygate.. ZoneAlarm (the paid one - not the free one) is a little more configurable but is also a resource hog..

BlackIce.. my opinion.. stay away.

The Bottom line, a personal software firewall is nice.. but if you don't know how to really configure it, you might as well just run the windows XP SP2 firewall..

If you really know what you are doing and how to configure and maintain a firewall properly, you probably would want to run a dedicated firewall box..

edit: The best firewall, of course, is the one unhackable one that hasn't been (and probably never will be) invented..

edit2: Or, you could say the best firewall is the pair of scissors that cuts the cable coming of the back of your computer insulating you from all matters of internet borne invasions (does not prevent attacks from console based attacks though..

 

[ming]

I duno.. I've used/tested Norton, McAfee, and Zone Alarm for the longest period of time and I must say that I enjoyed using the McAfee version out of the three. If you include Internet Security Suite into account, I'd probably prefer the McAfee 2004 version because it seems to be more flexible when configuring the settings.

Might try out Kerio and Outpost since a few of you guys mention these two.

 

[American Zombie]

Have you ever tried Look 'n' Stop?

 

[ming]

Nice UI. Any reviews on it?

 

[celticfan11]

get a hardware firewall

 

[_kC_]

hardware firewall or router/nat/spi firewall... then a software firewall to guard outbound applications etc..
(i personally use my netgear dg834's nat and firewall, and Sygate pro)
3 good software firewalls
1. sygate pro
2. agnitum outpost
3. kerio

 

[ming]

Yeah, I got SPI+NAT in my router. Just for extra comfort and kC mentioned, currently using McAfee Internet Security Suite.

 

[Johnny]

I don't use a soft firewall right now, just my nat router .. They are a pain ..

 

[lynchknot]

I use a router and Outpost pro (lookNstop is also a very good SFW)
A Guide to Producing a Secure Configuration for Outpost - here's some interesting info:

The US Government Law Enforcement agencies now insist that all firewalls, software and hardware, allow access to bypass them inbound. The firewall manufacturers are obliged to supply a "key" to this effect. Britain, among other countries, has given in to this request.
The Patriot Act gives the US Government the right to plant "spyware" in anybody's computer. This can be easily checked by reading the new Spyware Act, which specifically exempts the Law Enforcement Agencies from this Law, and specifically for this purpose.
Also, I am led to believe, and have no reason to doubt, that the US Government has a type of spyware that sits on another site, and by means of the "key" can leach information from any computer without actually being resident, and therefore remains undetectable.
If you ask any of the main FW manufacturers if any of this is true, which I have done, they absolutely refuse to reply. No specific denials, just no reply.
I was involved, for a short time, with a well known hardware firewall manufacturer, and I was able to get unofficial confirmation of my suspicions.
A thorough reading of the new US Spyware Law, however, shows quite clearly that this ability exists, as it is given total and specific exemption from the law.
Windows, and particularly SP2, is created to facilitate investigations by US Law Enforcement Agencies and the main "tool" it provides is Generic Host Process 32 for Windows.
Many Firewalls, and Windows itself, phone home via GHP to the extent that examination of a log reveals they chat continually throughout the duration of any connection. I am told the information they send is filtered by computers looking for key words that will automatically flag the user for further investigation.
I accept that there is a need to police the internet. However, I also believe in privacy. The new breed of firewall and Windows SP2 do an excellent job of protecting us in the internet, but who is protecting us from them?
I would like to see some honesty from the firewall manufacturers, and also from Microsoft. My specific questions to Microsoft on GHP have produced pathetic answers. I have addressed the same specific questions to certain FW manufacturers, and they either do not respond or they give very nebulous replies. If I produced a product and somebody questioned its integrity, I would happy make a public statement denying the allegations.
The British police have happily gone along with the US requirements, but as yet the British law doesn't allow the police to "tap" somebody's computer without a Court Order.... so they ask the US agencies to do it for them where they feel they have need. However, they are currently applying to change the law to allow this, and other activities. The application they have submitted clearly states that they want similar abilities to those given in the US Patriot Act. All this can be verified, as laws are in the public domain.
What happens if a law enforcement officer reveals to a friend the methods used?
There are many discussion groups in the internet who discuss this type of issue. Many of them just love conspiracy theories. However, careful reading of security laws brought out in the last couple of years make it quite clear what the police can do, and what more they want to do.
The key is in Generic Host Process for Windows and to a smaller extent in other similar applications that make connection difficult if not granted the permissions they seek.
GHP and similar applications are not able to be controlled by any other firewall apart from allow or disallow. Outpost gives the ability to control every aspect of how GHP communicates. I like it. I just wish my computer would operate without GHP. I am considering moving to a Linux based OS..

I have thoroughly tried out all the firewalls mentioned in the article. I used to use ZAPro, but ceased to do so after careful examination of version 5, which like nearly all commercial firewalls currently available, conforms to the US Patriot Law (you can work the rest out). I was a guru in the ZA Forum, and my knowledge of the product is extensive. Having tried all the other firewalls available, I have migrated to Outpost Pro 2,5. Outpost doesn't seem to conform to the requirements of the Patriot Law.
There were comments about SP2 and all the windows updates. I use them. Be aware that they, too, conform to the Patriot Law requirements. Yes they protect you from internet threats... but who protects you from them?
Outpost offers the most comprehensive rules based control compared to all the major software firewalls. With knowledge of what you should be protecting yourself against, there is no limit within Outpost to what you can control. It is a truly excellent piece of software. I played with it for some months, and waited for 2,5 before migrating. As long as Outpost retains its total independence in the face of US pressure on firewall manufacturers I will continue to use it.

 

[American Zombie]

Maybe should change title from "What is the best firewall?" to "What is the best software firewall?" as that is all the poll has in it.

 

[LeeJend]

If lynchknots post bothers anyone find an old copy of your favorite firewall. It will not have the backdoor.

 

[Enyo]

The US Government Law Enforcement agencies now insist that all firewalls, software and hardware, allow access to bypass them inbound. The firewall manufacturers are obliged to supply a "key" to this effect. Britain, among other countries, has given in to this request.

That and the following text is completely untrue.

 

[lynchknot]

I dunno, it was a post at Outpost firewall board. No one disputed it - not even admin of board. He did say

I was involved, for a short time, with a well known hardware firewall manufacturer, and I was able to get unofficial confirmation of my suspicions.

Anyway, not a firewall but to suppliment - a must have for me.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci914858,00.html Below you will find SearchSecurity.com expert Kevin Beaver's response to questions about how the PATRIOT Act affects individual security and civil liberties. This article is one of a group of SearchSecurity.com expert answers to questions on this legislation.

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism -- a.k.a. the USA PATRIOT Act -- is a huge program with a catchy little title that does more to increase the size of government than it does to fight terrorism. It was easy to pass -- everyone was emotional over the unfortunate September 11 terrorist attacks. It was developed behind closed doors between Congress and the Bush Administration, and there was initially no debate or amendments allowed. It just passed -- unfortunately, using terrorism as an excuse to attack our individuality and personal freedoms. It's anything but patriotic.

From tracking large bank transactions, to tracking what books we check out from the library, to listening in on our e-mail conversations, the PATRIOT Act and the subsequent Cyber Security Enhancement Act (CSEA) have done little (and probably never will do a lot) to actually fight terrorists. Here are a few reasons why I think it's bad:
# This legislation defines terrorists to include non-violent computer hackers and more. What happens when someone else sends a message threatening national security in your name!? That's going to be a tough one to prove.
# E-mail can now be snooped on without a court order.
# ISPs and other providers no longer have an incentive to protect our personal information (not that they had much before).
# Aren't we supposed to be the home of the free?
# The Internet, and even our own ability to hold private conversations, as we know them are gone.

 

[Perris Calderon]

I dunno, it was a post at Outpost firewall board. No one disputed it - not even admin of board. He did say

Anyway, not a firewall but to suppliment - a must have for me.

lynchnot, that application is a sandbox.

kerio has a VERY afffective sandbox in the free version.

take a look