Jump to content
CCleaner Community Forums
Sign in to follow this  
tommyk

Definitive Best Free Firewall Opinions

Recommended Posts

OK . . . since my system is finally up and running OK . . . I need a free firewall. I've read many posts here with a wide variety of what's the best. What do YOU use and why?

 

Kerio?

Sygate?

Outpost Free?

Zone Alarm?

 

Any others that are up there in rankings?

 

Thanks

Share this post


Link to post
Share on other sites

Kerio? <-- Never used it.

Sygate? <-- Never use it.

Outpost Free? <-- Never used it.

Zone Alarm? <-- Been using it for years.

 

Hope that kind of helps.

Share this post


Link to post
Share on other sites

Ditto, I am exactly the same as TwistedMetal.

Share this post


Link to post
Share on other sites

If you are adimate about staying with a freeware software firewall, my vote would go towards kerio (KPF 2.15). Find it here: http://www.kerio.com/dwn/kpf2-en-win.exe That is hands down the best freeware rule-based firewall there is. If you chose that one be sure and get help with your rule-set (PM me if you need help)

 

If you feel like spending a little cash and purchase a shareware firewall, I would strongly consider Agnitum Outpost Pro (www.agnitum.com). There is another option, which I personally use. Research LooknStop a.k.a. LnS (www.looknstop.com) It is the best firewall I have ever seen. It is rule based (as better firewalls are) and haave an extremely small footprint (uses little system resources). PM more is you want further details.

Share this post


Link to post
Share on other sites

If you're going to *buy* a firewall, buy a firewall -- a Stateful Packet Inspection (SPI) firewall [this is a piece of hardware]. Why waste money on software to bog your system down? Get a *real* firewall.

 

I knew back in the day when software firewalls were coming out that there'd be this kind of trouble... man I hate software firewalls :P

 

I use peerguardian.. that's my only firewall.

Share this post


Link to post
Share on other sites

Hardware firewalls are nice but can not take the place of software firewalls. You cannot have application filtering with them. Also, you cannot have some of the feartures of Outpost (ad blocking, reffer blocking, cookie blocking, etc) Also hardware firewalls, for whatever reason, always respong to ICMP echo pings, so you would not be COMPLETELY stealth.

 

FYI, PeerGuardian is not a firewall it is an IP address blocker, and a damn good one at that (v2)

Share this post


Link to post
Share on other sites

Yeah I know that it's not a "firewall". It's a kernel level blackhole filter. But effectively, it's a firewall. What else could "IP blocker" possibly mean? I put in an IP address, I get no IP packets from that address any longer. Yes, it's not stateful, and is fully manual. Oh well.

 

It's all I use. I don't use a hardware nor software firewall. Application filtering is probably nice for people who don't know anything about what their software is doing, but there's another edge to the sword. The application firewall is going to ask a lot of questions about what the user wants the application to be able to do, and invariably, the user is going to have to *guess*, because they don't understand firewalling, application behavior in general, or the application is named badly and is confusing, etc. I don't know how many customers I've had where they actually blocked Internet Explorer itself, as well as svchost/generic host process et al... Several times, a customer has had two or three antivirus/firewall combinations running at the same time, and they would constantly ask if the other one could do something. Norton Internet Security has a funny habit sometimes of asking if Norton Internet Security can access the internet.

 

Any hardware firewall that responds to ICMP when you tell it not to is not the firewall you'd want. Sounds like a piece of crap to me. You made it seem like ALL firewalls do this, when that is not the case.

Share this post


Link to post
Share on other sites

All Windows firewalls sucks, they're basically toys, often as trivial as having a ON and OFF button.

Often combined with a fancy IDS that tend to get people paranoid.

 

Best I've come across is iptables/netfilter on Linux, it's sweet. Because you can configure alot of aspects of it, reject/drop packets, define ICMP type to filter, SYN packet, ip/port/protocol, etc.

Share this post


Link to post
Share on other sites

got all but not using any coz i trust my isp

 

virtual firewall

Share this post


Link to post
Share on other sites
got all but not using any coz i trust my isp

 

virtual firewall

 

 

 

What if your ISP gets hacked, or infected? I'd be using something if I was you.

Share this post


Link to post
Share on other sites

if some 1 can hack Nasa, the US Army, US Navy, Department of Defence and the US Air Force. computer than i don't think

any fire wall can help me to protect my computer

Share this post


Link to post
Share on other sites

AND BEST OF ALL I'M USING PROXY IP

Share this post


Link to post
Share on other sites

DJ,

 

i checked out PeerGuardian, what do you mean by ...

Yes, it's not stateful, and is fully manual.  Oh well.

 

 

 

are you saying its too advanced for your tipical user to understand, or that theres too many things to manually set up? would you recomend it to anyone or just certain types of people?

 

thankx

Share this post


Link to post
Share on other sites

About manual: It's not a firewall, so blacholing an IP involves manually adding the IP to the database. (The program is designed to block 300+ million IP addresses that belong to spammers, P2P robots, US-government watchdogs, spyware sites, rogue advertisement sites, and more)

 

About stateful: It's not a firewall, so it doesn't deal with packets on an 'if-then-else' basis. It discards either all, or none, of the packets from a given IP address. It's not really that advanced for a user. A user can turn it on and forget about it, really. Until they have a problem connecting to a certain IP... then they have to turn off PG to see if PG is blocking it.

 

PS: If you use PG, you have to unblock my website. DjLizard.net's IP belongs to a range that used to belong to scammers/spammers/spyware peddlers, but since those kinds of people are fly-by-night, as soon as they got IP banned in the major lists, they left. Then comes some unfortunately soul (me) who has to deal with the fact that I'm on a banned IP range, all because of someone who was using the IP only for a few moments. IP blocks get bought and sold all the time, and blocklists really wreak havoc on those transactions. :/

Share this post


Link to post
Share on other sites

keep track of external connection

 

netstat

 

in command menu

 

 

netstat -N

 

to check connection with port deatail (active port detail)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...