I'm looking for a software firewall that is very basic and only provides the ability to monitor inbound and outbound traffic from your PC. I don't want all the extras that many software firewalls have. I just want something that does what the Windows XP SP2 firewall does, and monitors outbound traffic. I'm looking for something that takes the least amount of system resources and is very clean and isn't bloated. I also want something that runs only one system process. ANy ideas and which software firewall would give me this?
Looking for basic software firewall that only runs one process and takes the least system resources
- Thread starter Link19
- Start date
Thank you, but is there anything newer that is like that? I mean will a firewall version almost two years old still work well and contain enough updates so it is comptible with Windows XP SP2 and doesn't have any security flaws?
v215 is a great product. The newer version of Kerio is a little heavier on recourses and the UI sucks. The one I linked to is extremely low on recourses and works very well. Don't be worried about using it just because of how old it is. It is an overall better product then the newer one.
How is it a marketting scam? I want oubound filtering on applications to ensure nothing tries to send any information to the Internet without my consent. But I just want that feature in addition to what the XP firewall provides.
Because you can't trust that the firewall is giving you an accurate picture of what is going out from your machine. An application that is already on your machine has to the potential to do anything, up to an including spoofing or disabling your firewall.
Another vote for Sygate, it uses about 8MB (if memory serves) but the UI is clean and easy to use.
BlueWeasel
Lifer
- Jun 2, 2000
- 15,944
- 475
- 126
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,574
- 10,211
- 126
Bahahahahahaha.
Not true.
That's like claiming that anti-spyware programs are a marketing scam too. Oh yeah, MS just recently purchased, and started pushing one themselves. Go figure.
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,574
- 10,211
- 126
Yes. And you can therefore use the same argument that any sort of anti-spyware software, running on the host machine, scanning for malware running on the system after-the-fact of "infection", is likewise a "marketing scam", couldn't you?
Regardless, no major software company (not just MS here - Lexmark, HP, Logitech, Creative, and others are also culpable), wants you to realize and see just how much "phone home" behavior current software has. They want unfettered access to "home base".
Whether or not the possibility exist for some kernel-mode rootkit to spoof the firewall and cause it to present an invalid picture of what is going on in the system - the monitoring that most software firewalls provide is useful in the general case.
An interesting question in parallel with this issue here, is the utility and validity of the new XP SP2 "Security Center" alert dialogs. Indeed, because that cannot be trusted either, and can be potentially spoofed, then it is also arguably useless. So why did MS add that feature then?
You assume I disagree with you here. I don't run anti-spyware programs. I've never needed them. And no I don't use Firefox.
Yes, I could. Other than some dubious heuristics scanning that many AV scanners have, they are largely reactive. I run an AV scanner on work laptop because I can't get onto the network otherwise, but I have no use for it.
Get over it. Do you own a Tivo? A credit card? Do you step outside? Ever think about how often you are on video? Do you ever think about how much is tracked by every single website you visit?
That's pretty much the entire point. If you run as admin, the least of your problems is someone spoofing the Security Center. And yes, the default behavior on XP is to make users administrators. Trust me, that's something being worked very hard. So, an outbound firewall may have some usefulness if you run as LUA, except that if you are running LUA, you are much more unlikely to see any evidence of malware on your machine. So then you are back to having an outbound scanning firewall exclusively to monitor activity that falls squarely into the tin foil hat category. And frankly, I have better things to do with my time than to watch that sort of traffic.
On the other hand, the SC has usefulness to people running LUA. It will tell them if they are out of date with critical updates, and it will tell them if their inbound scanning firewall is enabled.
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,574
- 10,211
- 126
My point exactly. Not every end-user wants to willingly prostrate themselves before their corporate masters. An outbound-monitoring software firewall is useful here, it allows you at least some capability to "watch the watchers".
No, no, yes, and yes.
That's kind of the point - if you have a firewall that suddenly alerts you to previously unknown/unseen outbound traffic, then you are alerted to something being amiss. You don't have to manually monitor it every second.
Not if it were spoofed. But even if it is spoofable, you seem to think that it has some value in the general case - why is that, and why don't you likewise think that a (potentially-spoofable) software firewall won't likewise provide at least some value to the user, in the general case? You've just contradicted the original premise for your argument.
And not every end-user is a paranoid tin-foil hat wearing obsessive compulsive. Most end-users just want to use their computers.
Except that the only type of unknown traffic an outbound firewall can reliably alert you to is unimportant (see above). As I have stated time and again, an outbound firewall on a host cannot be considered reliable for detecting viruses, worms, spyware, etc.
Read my post again. Yes, the SC is spoofable, but only with administrative access. A software firewall is spoofable in the same case..with admin access. So they are both of dubious value when running as admin, which is the case for anything running on your machine when you are admin. So what are we left with? We then need to determine their utility when running with least privilege. Since the risk of self-propagating worms, viruses, etc is greatly diminished when running LUA, the usefulness of an outbound scanning firewall is negligible (other than for paranoia, which I've already addressed). In the same LUA scenario, the SC does offer value to the user, namely by telling them if they are potentially out of date with critical updates by not having AU enabled, and by telling them if their inbound scanning firewall is disabled.
Just one system proccess. I dont think so. Anyways look into Look&Stop and Jetico. Both are complex rules based and easy on the resources.
I agree with VirtualLarry. The bottom line is, I don't want any software phoning home without my knowledge or consent. I don't care how harmless you may think it is, I don't like that. Everyone has a right to know what programs are doing what and if something is phoning home without my knowledge or consent, I better know about it. Privacy rights are important no matter how you look at it!! All I want is a firewall that provides that kind of outbound monitoring just so I can make sure nothing connects to the Internet without my consent. I DON't care how unimportant you think it is, that is what I am looking for. I take my privacy very seriously because you just never know what some corporate entities will try and do with that information.
I just want a firewall that provides basic outbound monitoring and inbound monitroing. Basically, I want what the WIndows firewall does, plus the ability to monitor outbound connections just to ensure no program tries to phone the Internet without my knowledge or consent. I don't want any of the extras besides just those things. The Windows firewall only uses one system process, so why wouldn't there be another software firewall that uses only one system process? Once again, all I want is what the Windows firewall offers, plus basic outbound monitoring for applications. I don't want any other clutter in the firewall.
I just want a firewall that provides basic outbound monitoring and inbound monitroing. Basically, I want what the WIndows firewall does, plus the ability to monitor outbound connections just to ensure no program tries to phone the Internet without my knowledge or consent. I don't want any of the extras besides just those things. The Windows firewall only uses one system process, so why wouldn't there be another software firewall that uses only one system process? Once again, all I want is what the Windows firewall offers, plus basic outbound monitoring for applications. I don't want any other clutter in the firewall.
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,574
- 10,211
- 126
Which means that they wouldn't have need of a host-based software firewall in the first place, just buy a router and be done with it. However, even most non-technical people, when presented with the information that MS is potentially logging every media file that they watch on their PCs, and their printer driver is monitoring the relative levels of ink used in everything they print, they tend to get offended regardless. They don't just hold up their hands and say, "oh well - that's life with an MS-controlled PC".
Not 100%, no - I agree with you there. But to make the counter-assumption, that it is 0% useful, would require that the malware running on the machine would be 100% perfectly stealthy. Given that most of it isn't, and in fact, some of it isn't even 3rd-party malware, but spyware components pre-installed as part of the OS itself - most of it is detectable. (Referring to Win XP here, mostly.)
Uhm, that totally ignores the possibility that said malware, might be able to obtain SYSTEM or Admin privs automatically, via one of the various many "local priviledge escalation vulnerabilities", as have been found and documented in the past, and I'm sure that there are still a few lurking in the shadows of the codebase somewhere.
Thus, in the presence of malware running on the local host, it could potentially have "root" privs regardless, and therefore *any* software-based defense mechanisms running on the host could also be suspect. In fact, it's a bit ironic, that just because of this small possibility, you are willing to disregard the utility of said software firewalls in the general case; that's a far more paranoid assessment of the situation than I present. Who is the real wearer of the tinfoil hat here? Just because spoofing is a technical possibility, doesn't mean that it will happen in 100% of the cases, and thus render software-based defense mechanisms completely useless. There's a fairly wide gap between what is theoretically possible, and what is realistically likely to happen.
Not to mention, running as LUA only protects against user-assisted trojans/viruses, it doesn't protect at all against network-borne worms, that directly attack exploitable holes in the networking components, which run as services with some variant of SYSTEM privs. So LUA doesn't do diddly there. So that's not a valid component of an argument either.
Virtual Larry:
Do you know of any software firewall that does just what I'm looking for? Any websites that have a list of all the software firewalls and a description of each one?
I just want a basic firewall that does what the Windows firewall does, plus provides Outbound monitoring only to stop programs from connecting to the Internet without my consent. I don't want any extras in the firewall. Basically, I just want what the Windows firewall does plus outbound monitoring and uses just a tiny bit of system resources.
Do you know of any software firewall that does just what I'm looking for? Any websites that have a list of all the software firewalls and a description of each one?
I just want a basic firewall that does what the Windows firewall does, plus provides Outbound monitoring only to stop programs from connecting to the Internet without my consent. I don't want any extras in the firewall. Basically, I just want what the Windows firewall does plus outbound monitoring and uses just a tiny bit of system resources.
That's like saying if someone wants to get into my house, they can even if I lock the door; so, I am not going to lock the door!
No it isn't. The whole idea is to keep stuff out, period. So you lock the door by having an inbound firewall, running LUA, keeping up to date with critical updates, etc. Doing these things will go a long way to keeping people out of your 'house'. But if you run as admin, for example, then any application you run is already in your house. Once something malicious gets on your machine, the game is over, and you can no longer trust that machine.
Are there any software firewalls you can run that integrate themselves natively into a Windows NT/2000/XP/2003 network subsystem and take very little resources? If only the Windows firewall provided basic outbound monitoring for applications trying to access the NET without my consent. That is the only thing that the Windows firewall doesn't have that I need.
Perahps are there any plugins for the Windows firewall that add the outbound monitoring capability? I mean what is the Application Layer Gateway service for then? That service specificlaly mentions it provides support for 3rd party protocol plugins for the WIndows firewall and Internet Connection Sharing. So, what would that service be for if there are no plugins that extend functionality for the Windows Firewall?
- Oct 25, 1999
- 29,547
- 423
- 126
There are things in computers that are not a matter of Valuable New. My computer is in an old beige case and it works well like any other computer with Blue Light sticking out of a Plexiglas Widows and Red Demons painted on the front.
The basics of Firewall did not change. Many upgrades (Without Upgrades there is No income) are a matter of adding few more capacities that are not related directly to basic Firewall and updating the Interface to what is currently the favorite Color Scheme (Gradient Blue).
As a basic Firewall that takes the least of system's resources, the old Kerio215 is the best (Actually At-Guard is the best but it does not work with WinXP).
As for STaSh remark. While it is statement is a general truth type of statement. I.e. at the ?Bitter End? nothing might help.
Using a good software Firewall would not prevent every BAD thing, but it will prevent a lot of things that otherwise would move freely In-Out.
:sun:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter