• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Which Free Firewall

Hi ,ive used zonealarm for a couple of years now,its ok most of the time,but then plays up now & then,not letting me connect to the internet etc,Then i tried Sygate,no problems easy to use & set up,dont know about the other firewall you mentioned,forget the xp firewall its useless.Hope this may help.
Thats a good idea, i have not used the Beta outside of testing and would not suggest it :)

2.4 is stable and sufficent enougth.
Originally posted by Capricorn
Not a perfect test perhaps but not bad.
What was wrong? Remember Kerio requires the user to set the default rules correctly for his/her requirements in order to get the best results, get that rule set locked down and you will be sailing :cool:


what is the difference between tiny's and kerio's personal firewall as they are very similar in appearance and operation?

also, of the both is one better than the other?
Hi contentder,

Tiny is a very powerful solution but Kerio seems to be the popular choice. Kerio has taken over alot of Tinys other products.

Ive not used Tiny myself but have read alot about it in the Tiny forum. You may want to check out some old threads in the forum.


Kerio / Tiny Support FAQ:


Tiny thread, details:


Addressing your exact question:




Enyo when you say...Tiny is a very powerful solution .... are you referring to the newest version they have or are you also referring to the older free version that looks similar to the older Kerio version. I think the version numbers are something like 2.1.x
Sorry, Kerio is a replacement of the old Tiny firewalls, kerio 2.1.4 and above are indeed better than the old Tiny builds.

The new tiny firewall is often mentioned as the powerful one, it has stateful packet inspection and sandboxing for example.

gwion said:

Tiny's most notable for being a full blown "sandbox", with a somewhat confusing packet filter component (hint... dropping the straightforward rule structure that Kerio continued to use for that silly "object oriented" metaphor was a HUGE mistake, if you ask me... hint... go back to the simnple structure of Kerio ) ...

It's very good, though a packet filter's a packet filter, and if that's all you want (ports-IP's-apps-permissions), go with Kerio, it's a great packet filter, lots simpler, and free.

Tiny's biggest claim to fame, now, is the sandbox... and yes, that's entirely unique, in the current market. Best in class. It's also a little steep on the learning curve, for some.

What a sandbox does is to control access between applications and between apps and the OS at the application layer. That's quite powerful. To give a rough idea what it does, your trojan and virus scanners looks for ports, filenames, registry entries, and so forth, and then compares them with a database ("signature file") that has to be up to date, and can only reflect known exploits, and variations on known exploits. A sandbox works on the fly, looking for behaviors that are usually suspect, and are quantifiable because an OS and an API only has a certain set of potential activities. Therefore, no databases are needed, you simply force applications to "play in their own sandboxes." That is, you monitor and control what they can access outside of their own subset, and you monitor and control what can access them...

Crude explanation, I fear ... but hopefully gets the point across. There are really no other "consumer" apps, at least yet, that employ sandboxing effectively. Tiny's "Trojan Trap," the crown jewel of what's now the firewall, is a direct descendent of what was once called Secure4U, and drew inspiration from the CMDS enterprise security suite that Tiny has been developing in partnership with. Essentially, they're products of the high security enterprise environment. As of this time, my own opinion is best, if not "only", in class in this type of software. Others have released similar concepts, but Tiny's the only entry in the market available, right now, that's not a very limited, sort of buggy-iffy implementation.

Just to wrap up, Tiny split into two development threads, some time back. The new Tiny is built mainly around the sandbox. Kerio continues the old "basic packet filter" Tiny line of development, although it's adding new features in the 3.x beta releases, without sacrificing its legendary small resource profile by much doing it.

Hope that helps you sort out the players... as of this time, though, Tiny and Kerio are quite different animals in the firewall world. Both share a common ancestry, but they've definitely branched each into its own direction. As of now, Kerio is heir to the "old Tiny" simple packet filter model, and Tiny is heir to the "Trojan Trap" pedigree...
Originally posted by shaunj66
Quick question - which is less of a resource hog? Kerio or Norton Personal Firewall? :confused:

Kerio uses about 4MB mem (peak 4MB), very little CPU time indeed, normally does not even register on performance counters (remains on 0 secs time) after a full 8 hour session, so you see it needs very little processing time.

Kerio is also a single-process firewall, whereas NIS/NPF tend to use multi-process / multi-module adding to resource requirements.

Kerios low level driver is also very small, as i say above the process itself does not use much in the terms of CPU time, this is mainly because the low level driver does all the processing, again very little.

You wont notice a performance loss with Kerio but as it goes with Norton products your PC should be a little more able in order to run them well, i myself did not notice the differance between the two but in terms of raw data Kerio beats it.

Perris Calderon

Staff member
Political User
I was a big big fan of sygate, till I read a thread on kirio.

tried it.

the foorprint is so small, the differance is huge compared to other firewalls

I am using a version that has the sandbox, and let me tell you, this feature could make real time scanners obsolete.

enyo, your input please, on the neccessity of realtime scanners with an efficient sandbox

Originally posted by contender
Dealer, which version of Kerio are you currently using?
Must be a 3.x Beta - http://www.kerio.com/us/beta_section.html

Dealer, the two combined is great but i would not move to sandboxing and ditch the RT scanner just yet the implimentations right now dont really appeal to me. Kerios "Sandboxing" is not enougth for sure.

I have not spent much time with sandboxing applications, Kerio annoys the hell out of me with process spawning alerts its a pain and i dont like it.

Tiny is OK, too powerful for home use and complex, a little OTT in some respects.

Members online

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member