• 0

The Definitive "BEST FIREWALL" thread

Asked by MxxCon,

 Share

The Definitive "BEST FIREWALL"  

881 members have voted

  1. 1. The Definitive "BEST FIREWALL"

    • Black Ice
      23
    • Kerio/Tiny Personal Firewall
      99
    • Norton Firewall
      108
    • McAfee Firewall
      24
    • Zone Alarm (Pro)
      259
    • Sygate Firewall
      113
    • Outpost
      80
    • Any *nix solution
      35
    • Windows XP Built-In
      66
    • Other
      74

Question

351 answers to this question

Recommended Posts

  • 0
Experienced

carpediem

Posted
Posted

I''ve been forced to yet again try Zone Alarm and I hate it. Settings are spread out EVERYWHERE and there is bad control over what you really let your program do when you grant it access. I URGE everyone to try out Outpost 2.x pro instead and you will see how superior it is. Very easy to set up and it has pre-configured rules for alot of programs. When you run it in wizard mode it's very easy to let programs only communicate through specified ports as well. You see what processes and programs that are in use and what traffic they are causing individually.

  • 0
Grand Master

uniacid

Posted
Posted
Get your butt over to that server and config it or get someone else to do it for you. All you are going to do is lock yourself out if you aren't there configuring it yourself. Common sense.

if I could go to Tx sure.... anyways I did try Sygate and it did lock me out but my Server host disabled it so I could access it, but I tried connecting this morning and could not find an icon or control panel for it :| and I reloaded it a couple of times

  • 0
Mentor

YaZoR

Posted
Posted

No firewall.

Never had a computer virus/trojan/worm in my life. Never been hacked or exploited. Always keep everything upto date.

I suppose my firewall is either my power button or my rj45 jack.

I'm not saying at all that I'm safe. There are exploits that aren't known yet, or at least known by network security organisations.

If someone was to hack me and succeed, kudos to them. I find them either lucky or knowledgable. I'd just fix my machine and live with it, I have nothing of value or interest on any of my machines.

  • 0
Grand Master

PseudoRandomDragon

Posted
Posted

PCMag gave Mcafee like, a three. ZoneAlarm Pro and Norton got a 5. PCMag tests were a little messed up though, they said that both Norton and ZAP didn't pass the Tooleaky test. I know for a fact they both have protection against it.

I am glad that there isn't a monoculture of firewalls. That in itself makes the internet as a whole more secure.

  • 0
Proficient

PlagueWielder3k

Posted
Posted (edited)

I got a question about my router's (DLink DI-704P) firewall: On the log it has hundrends of lines saying 'Sunday, November 03, 2002 7:11:08 PM Unrecognized access from 62.25.99.20:80 to TCP port 5065' (every line is a differenct port and a different ip).

Does it mean that the firewall blocked it?

Thanks

BTW, don't pay attention to the date because I never took the time to set it right.

Edited by PlagueWielder3k
  • 0
Mentor

ring0

Posted
Posted

i've fallen in love with Outpost.

easy to configure/set up, it registers as "stealthed" on damn near every test i've run on it so far, and it doesn't kill my ISP connection like zonealarm did, even after i spent two months and countless hours in the ZA forums trying to get it properly configured.

i'd like to retract my previous ZA vote and put it towards Outpost 2.x :p

  • 0
Mentor

coresx

Posted
Posted
i've fallen in love with Outpost.

easy to configure/set up, it registers as "stealthed" on damn near every test i've run on it so far, and it doesn't kill my ISP connection like zonealarm did, even after i spent two months and countless hours in the ZA forums trying to get it properly configured.

i'd like to retract my previous ZA vote and put it towards Outpost 2.x :p

I just installed Outpost and went to Shields up to test it. Pratically all ports are closed and only 3 stealth. It said it failed. I don't know what I'm doing wrong when I configure it. All I have done is allow the programs which need access like IE, Firfox, email,WMP, etc...

What am I doing wrong ?

thanks.

  • 0
Mentor

coresx

Posted
Posted

Right, I just unistalled my firewall. Went back to shields up to see what results I would get with no firewall, windows xp firewall is not on either btw. I get the exact same results plus this result from another test. I am using a router to connect my computer wireless so has that got something to do with it. Here is what result I got for the other test.

"Attempting connection to your computer. . .

Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Your Internet port 139 does not appear to exist!

One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.

All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet."

So I don't need a firewall because I'm using a router ?

thanks

  • 0
Mentor

ring0

Posted
Posted
I just installed Outpost and went to Shields up to test it. Pratically all ports are closed and only 3 stealth. It said it failed. I don't know what I'm doing wrong when I configure it. All I have done is allow the programs which need access like IE, Firfox, email,WMP, etc...

What am I doing wrong ?

thanks.

i got an all-stealthed rating there, and all i did was tell it to apply the pre-set program rules, pre-set isp rules and then changed just a few things (not letting some windows system files connect to the web - explorer.exe doesn't need 'net access) - i don't think i did anything too special

  • 0
Grand Master

PseudoRandomDragon

Posted
Posted

I worked with some WinXP computers and found that explorer.exe needs access, or you will not be able to view web pages with any browser. SVCHOST.exe also needs access, but I found I could restrict it by only giving it access to localhost,trusted zone, the DNS servers.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Secure Boot

      By cork1958 · Posted

      Simple answer is yes, you will still get the Windows updates and as long as browser is up to date, you will be good. Only thing secure boot does is protect you against boot level threats and make it harder to install other OS's. I've been looking into this pretty thoroughly lately myself as wifes computer has secure boot disabled plus my other, older computers that run Linux, don't have secure boot enabled. Have seen all kinds of questions about this on the Linux Mint and MX Linux forums. Just don't suddenly enable secure boot now.
    • Ford execs say they made a mistake when they replaced human engineers with AI

      By TsarNikky · Posted

      How many other companies will follow Ford's lead? Or, have they already gotten lazy and become enslaved to AI--and now can't figure out how to get out of that mess.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By TsarNikky · Posted

      Why would any self-respecting intelligent person follow any recommendation by Donald's GOP administration? With almost two years of fabrications, deceit, and blatantly illegal behavior, why believe them now? They had best be gone after the November 2026 election, so we'll wait and see.
    • AltSendme 0.4.1

      By Copernic · Posted

      AltSendme 0.4.1 by Razvan Serea AltSendme is a minimal, cross-platform application designed for fast, secure, and private peer-to-peer file transfers. It allows users to send files or entire directories directly between devices without relying on cloud servers, accounts, or any personal information. Everything is encrypted end-to-end using modern protocols like QUIC and TLS 1.3, ensuring both strong security and low-latency performance. Transfers are verified with BLAKE3 for data integrity, and interrupted downloads automatically resume, making the experience reliable even on unstable connections. You can transfer anything—images, videos, documents, and more. Integrity checks are performed on both ends, so your files are automatically verified for correctness during both sending and receiving. AltSendme works seamlessly across local networks or long-distance links, capable of saturating multi-gigabit connections for extremely fast delivery. With built-in NAT traversal and encrypted relay fallback, it connects devices almost anywhere. The app integrates with the Sendme CLI and will soon support mobile and web platforms. Fully free and open-source, AltSendme offers a lightweight, privacy-first alternative to traditional cloud-based services, removing size limits, upload costs, and unnecessary data exposure. AltSendme 0.4.1 changelog: Release Highlights Self-hosted relays: Run your own iroh relay so transfers don't rely on public infrastructure. Includes a full deployment template in deploy/relay/ with Docker Compose for a VPS and configuration examples for production use. Fly.io support: One-click deploy template for Fly.io, including a quick-start config (fly.dev.toml) for testing without a custom domain, plus production setup with Let's Encrypt and your own hostname. Relay settings UI: New Settings → Network panel to choose how AltSendme connects: automatic public relays, custom self-hosted URLs (with optional auth token), or disabled. Test connections, verify latency, and see live relay status in the footer. Disable relays: Turn off relay servers entirely when you only need same-network transfers (e.g. LAN). Direct connections only. No relay hop required when devices can reach each other. Android graduates from beta: Android is now part of the regular release cycle alongside desktop. APKs ship with each version (universal, arm64, and armv7). Other improvements Private relay access control via shared auth token Relay fallback notifications when a custom relay is unreachable Broadcast mode toggle in sharing settings Android release build fixes (split-per-ABI APKs, universal APK preservation) UI polish: mobile safe-area insets, dropzone layout, transfer progress animation Bug fixes for minification-related serialization issues and system tray icon loading What's Changed feat(relay): add relay status functionality and settings UI (a120cdf) feat(relay): implement custom relay server configuration and verification (51276c7) feat(relay): add configuration for private relay access and enhance observability features (48fbabf) feat(relay): enhance relay URL validation, display connection status (d4fffa0) feat(relay): add RelayChangeGuard component and enhance relay-related translations (16ba514) feat(broadcast): add toggle setting for broadcast mode in sharing UI (ca6d977) fix(relay): correct QUIC discovery port, pin image, templatize fly.dev (52a2ba5) fix: More broken serialization due to minification (67491a9) fix(android): preserve true universal APK across per-ABI builds (e9f256f) fix(ui): conditional safe-area insets padding on mobile (1182f0e) refactor(transfer): CircularRing component animation fix (944572b) chore(android): drop x86 and x86_64 release APKs, keep universal+arm64+armv7 (34ada0b) Download: AltSendme 0.4.1 | ARM64 | ~9.0 MB (Open Source) Download: AltSendme for MacOS | Android Links: AltSendme Home Page | GitHub | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By zikalify · Posted

      You are mostly right about the ephemeral nature of it. As I mention in the article, if you dont add a second device or take a backup of your account before uninstalling it, then yes you will lose access to your account. That said, in terms of actual user experience when you sync multiple devices your message history carries across and there's also a Saved Messages chat like there is on Telegram to send messages and attachments between your installs. But yh, what you point out are correct and its not trying to emulate Messenger or Telegram.

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      225
    3. 3
      PsYcHoKiLLa
      149
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!