Definitive Best Firewall

[Si Veteran]

Please use this thread as a reference for this topic, as time goes on and availabilty changes, the poll will be updated.

[Saadu]

ZA must die. Im never ever ever putting that **** on my system again. They were good until their core business remained firewall. Ever since they ventured into things like av monitoring, spy ware checks, privacy protection, the package has just become too bloated. My system now takes a good two minutes to boot. What i need is a simple software to monitor incoming and outgoing traffic that i can control myself.

I warn you all, even through the poll is tilted towards ZA, their software has issues. I did installed the latest ZA after a clean install of XP with nothing but drivers and new updates from windows. Still it takes longer to boot. Remove ZA windows boots much much faster!!! Browsing their support forum only gives issues like clean your temp files, remove start up programs, WHAT TEMP FILES? this happens on new install!! what start up programs? i ain't got any except drivers and windows services. What ****es me off is they know that there is something wrong with the programs and it has been plaguing them since a year now which they refuse to solve. I even disabled the things in ZA that i dont need, thanks my AV does a good job of keeping upto date, i dont wnat u monitoring that, i dont use outlook and crap to download malware so i dont need u sniffing for that or checking downloads, just do a simple job of blocking incoming traffic and monitoring outgoing and let me have control over what u block and allow. thats all. ZoneAlarm, you're on my no-go list. Im going GPL for FW if i need to but i will avoid you like plague.

[Toology]

Years ago I would have said ZoneAlarm. I switched to Sygate after I got tired of ZA's bloat. Since Sygate was no longer being developed I switched yet again to Outpost in addition to my router's firewall.

[Tech Freak]

For all those who said "I prefer hardware firewalls so that I don't have a software one eating up resources on my PC" (and the like), keep this mind:

Ask any network security professional, and they will tell you (and prove to you) that you need BOTH a hardware firewall for the perimetre AS WELL AS software firewalls on each and any machines in the network.

Dig up ordinary network security literature and you will understand why. ALWAYS use both hardware and software firewalls for peripheral and internal security respectively!

As for antivirus progs, they are a totally different story and one should NOT think that a firewall or antivirus is enough on its own. Again, use BOTH.

ZA must die. Im never ever ever putting that **** on my system again. They were good until their core business remained firewall. Ever since they ventured into things like av monitoring, spy ware checks, privacy protection, the package has just become too bloated. My system now takes a good two minutes to boot. What i need is a simple software to monitor incoming and outgoing traffic that i can control myself.

I warn you all, even through the poll is tilted towards ZA, their software has issues. I did installed the latest ZA after a clean install of XP with nothing but drivers and new updates from windows. Still it takes longer to boot. Remove ZA windows boots much much faster!!! Browsing their support forum only gives issues like clean your temp files, remove start up programs, WHAT TEMP FILES? this happens on new install!! what start up programs? i ain't got any except drivers and windows services. What ****es me off is they know that there is something wrong with the programs and it has been plaguing them since a year now which they refuse to solve. I even disabled the things in ZA that i dont need, thanks my AV does a good job of keeping upto date, i dont wnat u monitoring that, i dont use outlook and crap to download malware so i dont need u sniffing for that or checking downloads, just do a simple job of blocking incoming traffic and monitoring outgoing and let me have control over what u block and allow. thats all. ZoneAlarm, you're on my no-go list. Im going GPL for FW if i need to but i will avoid you like plague.

I will have to agree to what Saadu said. ZA started as a near perfect firewall, and it ended up a bunch of bloatware c**p.

I'm also in search of a robust, SAFE, lightweight firewall....

Hardware firewall

IPCop for home / smal office, SonicWALL for small office - medium/large office, Cisco for large corporate installs

I've done a few SonicWall deployments for people and they work extremely well. Armed with content filtering, realtime antivirus scanning at packet level, IDS/IPS, fragmentation filters etc etc it's a VERY good guard at the network's entry point.

Higher models do get a bit pricey with subscriptions though...

[Toology]

I will have to agree to what Saadu said. ZA started as a near perfect firewall, and it ended up a bunch of bloatware c**p.

I'm also in search of a robust, SAFE, lightweight firewall....

I consider Outpost to be safe and lightweight. It comes bundled with 4 or so plugins (i.e: anti-spyware, ad-block etc.) that I find useless and can easily be disabled or removed entirely. The only plugin I leave installed and enabled is called Attack Detection. I take advantage that you can set it to run as a background process and all of that amounts to ~7 MB of memory usage. Since I set mine to run according to predefined rules the only time Outpost asks anything of me is when a program component has changed and is asking permission to access the network.

[Tech Freak]

Toology, thanks for your reply. I will check Outpost and let you know.

Also, for everyone in this thread, I've installed and trial-ing Kaspersky Internet Secuirty 6.0 and it's quite nice. It seems to be doing the job correctly, I've been to a few dodgy websites and it blocked popups and killed online "trojans", I even tested some firewall rules, anti-spam, e-mail scanning etc. It has nice integration with Outlook and it will let you "preview" e-mails as they are downloaded (show only the headers), and once you approve all/some of the e-mails you want, it will THEN let Outlook download the body.

The firewall is quite flexible, albeit I couldn't get it to block the simplest of things: ping.exe. I tried many rules and none of them seemed to block it for some odd reason.

[stockwiz]

router and outpost 4.0... because it works with windows x64, isn't bloated, is good and stable, and protects well.

[Toology]

I now recommend people use Comodo instead of Outpost. The new version of Outpost is extremely disappointing in terms of performance. It bogged down my system at startup by bloating another system process and sending CPU usage up to 97%. I thought none of it at first because I thought it would gradually deflate in terms of memory usage but it never did. Either stick with v3.51 or stay away from v4.0. Comodo is lightweight, has a free and full lifetime license, and does everything Outpost did for me. I also tried Sunbelt Kerio before I got to Comodo and that experience was terrible. Kerio is entirely too basic and does not allow for advanced or detailed configuration.

[Sniper101]

Windows Firewall + Hardware firewall (Networking only). There's Mine :) Never been Hacked, compromised nor bypassed. When i didn't have these and i had other Firewalls i was hacked nearly 6 times a month :) now since iv got them both hey presto nothing :) and if you want to Monitor whats connecting to your computer etc Get Microsoft Network Monitor 3 from Microsoft Connect :) its beta still but there are older versions i think.

[mtrftw]

I've been using Comodo lately and I love it.

[Master Shake]

Just installed Comodo... seems very nice so far.

[matthewds]

ZoneAlarm Pro, I really dont know what i'd do without the OSFirewall... "such and such malicious program is trying to install a new driver or service" DENIED.

[Tai]

Comodo looks interesting from what I've been reading .. might give it a try tonight.

Had Mcafee Personal Firewall plus .. I liked it, but not the control system (ZA was better on that aspect) .. and I think Mcaffee used IE as its ui engine .. which went iffy after I installed ie7 .. then went to ZA Pro .. which totally bogged down my system. if Mcafee improves, I might go back to it.

Anyone got any horror stories with Comodo I should know about beforehand ? :devil:

[Inplode]

Look 'n' Stop borked my sound settings NO clue why

Comodo installs fine but tell me the CWconfig.exe is missing ( or somthing like that ) and tells me to reinstall i do that and it still tells me to reinstall :(

[Tai]

Anyone with good/bad experiences to report on the lavasoft firewall ?

http://www.lavasoftusa.com/products/lavaso...al_firewall.php

[krmathis]

ipfw all the way! :)

[coolchan]

pfsense

try the live-cd

http://www.pfsense.com

[illicit]

I have been using Comodo Firewall lately on my system and it seems to be pretty good so far.

[Flavv]

In terms of software firewalls, Bitdefender 10 has one of the most robust firewalls I've ever used, and I've used plenty.

[ROM3000]

I love ZoneAlarm, and their security suite is great because it has everything I would ever need in one place without hogging too many resources.

[NEVER85]

I love ZoneAlarm, and their security suite is great because it has everything I would ever need in one place without hogging too many resources.

How is it you never came across the TrueVector crash? ZA works great for me for a couple days and then BOOM, TrueVector crashes.

[Snoopy2005uk]

Iv been using zone alarm for aboiut 3 years and iv only had it come up with the TrueVector crash once, a quick look on good and it was fixed.

[Aero Ultimate]

Outpost (now version 4) works great for me! :woot:

Powerful, extensive yet easy to use configuration possibilities, quick startup... all in one convenient package :cool:

I really hope they have a Vista version ready soon...

[THE BAT]

Hardware Firewall/NAT router + Outpost

:)

[Yourmum90]

well it said could i specify below so i thought i would, i use AVG pro as it seemed ok and did not come with 100 other programs like norton.

[flexy123]

nothing beats an WRTG54G L router flashed with 3rd party firmware, like dd-wrt. You get everything..NAT firewall, QoS etc...

Otherwise i am fine running XP2 firewall. Don't know....never been a huge fan of software firewalls.