+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: General Security (/forumdisplay.php?fid=21)
+--- Thread: What is a good free firewall? (/showthread.php?tid=437)
- Siamesecat - Mar. 23, 2005 11:44 PM
I decided to look for another firewall after finding out that Kerio 2.1.5 does
not block malformed packets or any intrusion other than SYN packets.
I tried Jetico firewall, but it caused system lockups and lost clusters on my computer. What is a good alternative which doesn't let everything out through the proxy localhost port?
- ProxRocks - Mar. 24, 2005 11:32 AM
IF you have the "resources", then Norton Internet Security simply can't be beat...
It IS a bit of a resource hog, but when you're running one machine at 1.8 GHz and the other at 2.7 GHz, both with 1.0 GB RAM at 333 MHz FSB, then the "resources" are not an issue...
When it comes to security on MY machine, there simply is no rule of thumb "better" than YOU GET WHAT YOU PAY FOR!!!
Feel "free" to jump from freebie to freebie, but you WILL encounter "malformed" activities with them as well (just keep looking at them CLOSELY, and you WILL find them)...
I've used ZoneAlarm, Kerio, and Outpost QUITE extensively - was NOT satisfied...
I've used trials of Sygate, Free Tiny, Xeon, and InJoy, all to a lesser degree - was dissatisfied almost IMMEDIATELY...
My download directory also shows that I tried PortsLock and AnalogX PortBlocker, but they must have left such a disstaste in my mouth that my mind cannot even visualize what they even look like...
- hpguru - Mar. 24, 2005 12:24 PM
Quote:IF you have the "resources", then Norton Internet Security simply can't be beat...
Unless they have fixed it NIS doesn't support HTTP/1.1. What that means to end users is that their pipe is going to be significantly slower than what it is capable of.
Siamesecat if you have a broadband connection you should seriously consider getting a router. I have gotten rid of my software firewall (Kerio) since purchasing a router. After carefully monitoring my logs for several months I have determined I no longer need it.
As far as free firewalls go, there is still Sygate Personal, Outpost Free and Look N Stop 1.0.
If you think you might want to purchase a firewall, give 8 Signs from the author of Conseal Personal Firewall a try.
http://www.consealfirewall.com/
- sidki3003 - Mar. 24, 2005 01:35 PM
I was on the way to ask the same question, i'm using Kerio 2.15 as well.
Can any of above mentioned firewalls log to the Syslog port?
sidki
- ProxRocks - Mar. 24, 2005 02:25 PM
"Syslog port" - hmm, the last time I heard that was when I was running UNIX...
edit: With some assistance from sidki, I have confirmed that NIS 2004 sends only HTTP/1.0 requests (either that, or the corporate firewall/router)... I shall check over the weekend whether NIS 2005 has the same "restriction" (if it can even be called that, for I'm not sure what 1.1 'gains' me)...
edit2: Correction: NIS 2004 has NOT been confirmed as sending only 1.0 requests... I am ALSO behind a corporate hardware firewall and with my NIS 2004 bypassed, I'm still only sending 1.0 requests... So I cannot verify that NIS 2004 is sending only 1.0 requests...
- sidki3003 - Mar. 24, 2005 03:34 PM
ProxRocks Wrote:"Syslog port" - hmm, the last time I heard that was when I was running UNIX...There are some Windows implementations of Syslog, "Kiwi Syslog Daemon" being one of them, one of the most useful programs on my machine.
sidki
- ProxRocks - Mar. 24, 2005 03:41 PM
BINGO!!!
NIS 2004 IS HTTP/1.1-compliant (as is NIS 2005)...
My Internet Options > Advanced tab needed "Use HTTP 1.1 through proxy connections" CHECKED (duh, don't figure)...
So the bottom line is - YES, NIS is 1.1-compliant...
Thus ENDING the "complaint" from hpguru
- Siamesecat - Mar. 24, 2005 09:52 PM
Quote:As far as free firewalls go, there is still Sygate Personal, Outpost Free and Look N Stop 1.0.I decided to try Outpost. It is very application oriented, but it does allow one to customize rules for the applications. I'll stick with that for a while, unless I have problems. It would be nice if one could have rules that may apply to any application (such as allow only certain DNSs). Doesn't Sygate allow everything to get out through the localhost?
- hpguru - Mar. 25, 2005 05:00 AM
ProxRocks Wrote:BINGO!!!Go here and scroll to the bottom of the page. Do you see the words "Page Compression OFF"? If so NIS still does not support HTTP/1.1. You may need to be logged in to see it. If you don't see anything about page compression, it is enabled.
NIS 2004 IS HTTP/1.1-compliant (as is NIS 2005)...
My Internet Options > Advanced tab needed "Use HTTP 1.1 through proxy connections" CHECKED (duh, don't figure)...
So the bottom line is - YES, NIS is 1.1-compliant...
Thus ENDING the "complaint" from hpguru
- hpguru - Mar. 25, 2005 05:54 AM
sidki3003 Wrote:I was on the way to ask the same question, i'm using Kerio 2.15 as well.Good question but I don't know.
Can any of above mentioned firewalls log to the Syslog port?
sidki
- hpguru - Mar. 25, 2005 06:02 AM
Siamesecat Wrote:Doesn't Sygate allow everything to get out through the localhost?Yes it does (the free version at least).
- ProxRocks - Mar. 25, 2005 01:54 PM
hpguru Wrote:Go here and scroll to the bottom of the page. Do you see the words "Page Compression OFF"? If so NIS still does not support HTTP/1.1. You may need to be logged in to see it. If you don't see anything about page compression, it is enabled.Ah, thanks...
Okay, NIS does NOT support HTTP/1.1 (hpguru "wins")...
And interestingly enough, from this morning's research, I cannot seem to find ANY software firewalls that ARE 1.1-compliant...
Granted, I do not "need" the software firewall here at the office (aside from it BLOCKING the IT department from "tampering" with my machine) because I am ALSO behind a corporate hardware firewall...
However, at home, I'm on dial-up - so I do need the software firewall - and NIS has been the best that I have run across...
But I will trade it in for a 1.1-compliant - if I can even find one...
- sidki3003 - Mar. 25, 2005 03:25 PM
hpguru Wrote:Okay. But thanks hp for the firewall list (btw. nice to see you heresidki3003 Wrote:I was on the way to ask the same question, i'm using Kerio 2.15 as well.Good question but I don't know.
Can any of above mentioned firewalls log to the Syslog port?
sidki
).ProxRocks Wrote:But I will trade it in for a 1.1-compliant - if I can even find one...Well, i didn't test other firewalls for a long while. (I do remember NIS almost killing my P166 tho, tested it when they took over Atguard and made bloat-ware out of it.
).However, Kerio 2.1.5 definitely supports HTTP/1.1 (besides logging to Syslog).
sidki
- ProxRocks - Mar. 25, 2005 03:45 PM
Yet it seems that this very thread was started due to DISADVANTAGES with Kerio???
Using the "page load timer", the 0.2 to 0.3 seconds gained with HTTP/1.1 over HTTP/1.0 really doesn't make it "worth" moving to another firewall - especially since it seems this very thread was initiated due to DISADVANTAGES thereof...
- no13 - Apr. 02, 2005 03:24 AM
free firewall?
8signs is pay...
* tried CHX-I yet? http://www.idrci.net .. hard to learn.
* http://www.softperfect.com :: another nice EASY TO LEARN packet filter style 'traditional' firewall. No app control.
* http://www.netveda.com ::: netveda safety.net is free for home use. again learnng curve is very flat... not much progress wrt time initially.. then it'll jump. promise. [www.wilderssecurity.com ... other firewalls has two or three very nice threads and their support email address gives VERY fast replies]... BRUTAL app control
* Look 'n' Stop ::: trial version has application control.. after 30 days.. you're left with ONLY internet filtering [it becomes like 8signs]
*** i will NOT recommend ZA or NIS... both have had numerous compatibilty and stabiltiy issues, apart from becoming more and more suspect. Older versions of ZA are still likeable, according to users. ZA is also easy to use. and FREE version's available.
Tip::: use Kerio 2.1.4 [lighter than 2.1.5... just don't use the flawed remote admin] together with an IDS like Snort http://www.winsnort.com to block the attacks you mentioned. Or get a router along with kerio 2.1.4