Software Firewall Comparison

darkjester · Feb 28, 2002

I threw this post up as a reply to a thread in Networking, but I figured since OT gets more visibility this could be of some benefit to more people if I also posted it here. It goes a little something like this...

...I'm looking for the best personal software firewall I can find (that's free, ideally

). I searched the popular firewall developer sites and found this comparison chart on Agnitum's (maker of the Outpost firewall) site. The chart lists 28 features of firewalls and compares the most popular firewalls against those features, giving each firewall one point for each feature it did have. Note that these features aren't weighed (some features are definitely more important than others), but this could be a good starting point for those of you looking for a software firewall. If that's not you, no need to hit the Reply button.

Personally, I'm going to evaluate Tiny Personal Firewall because it was the highest scoring FREE firewall on the chart and work my way down.

I found this chart very helpful... hopefully you guys do also.

EDIT: Here's a good article on firewall comparisons from PCMagazine. Just trying to help!

Doggiedog · Feb 28, 2002

I'm sure they are not biased at all about their products.

db · Feb 28, 2002

I'm guessing you have dial-up instead of broadband, otherwise you'd be using a hardware firewall.

NikPreviousAcct · Feb 28, 2002

<< I'm guessing you have dial-up instead of broadband, otherwise you'd be using a hardware firewall. >>

Hardware is the only way to go.

nik

killface · Feb 28, 2002

Well, the "points" awarded to each program is based on the number of features. It doesnt take anything else into account for the program such as stability or even effectiveness.

BDawg · Feb 28, 2002

<< I'm guessing you have dial-up instead of broadband, otherwise you'd be using a hardware firewall. >>

And let me clue you in. Those linksys routers everyone uses aren't hardware firewalls.

darkjester · Feb 28, 2002

<< I'm guessing you have dial-up instead of broadband, otherwise you'd be using a hardware firewall.
...
Hardware is the only way to go. >>

No, I just got broadband and that's why I'm evaluating the different firewalls. I've used Symantec Desktop Firewall and ZoneAlarm so far, and I'm planning on checking out these others in the coming days. Right now I don't have the resources (ie, money) to go and get a hardware firewall (unless you want to send me one for free... I'll even pay shipping). Besides, most people use just a software firewall and are doing okay. In fact, search this forum and you'll find lots of threads about software firewalls (that's what I did). I'm trying to help out those people, not start a hardware vs. software firewall debate.

Don't forget to flush...

[dJ]

MrBond · Feb 28, 2002

I'm on dialup and I use a hardware firewall

.

And of course, any company trying to sound legit isn't going to give themselves a perfect score. People see the imperfect score and think exactly what you did.

darkjester · Feb 28, 2002

<< Well, the "points" awarded to each program is based on the number of features. It doesnt take anything else into account for the program such as stability or even effectiveness. >>

You're absolutely right. It also doesn't weigh the features, because some features are certainly more important than others. But this chart could be a useful starting point for finding/evaluating firewalls. Especially the free ones, who each have their own following.

Electric Amish · Feb 28, 2002

I use BID. It's not free, but I haven't had any problem with it, unlike ZA.

amish

TheeeChosenOne · Feb 28, 2002

I understand from talking to Tech Support at Mcaffee that you can only use one firewall at a time.

They told me that if I combine Blackice with XP Firewall and Mcaffee Firewall, NONE of them would work and errors and instability would arise. Well, I've done tests and all three seem to keep my computer locked down.

Any opinions from MORE informed techies other than myself or Mcthrowup?............

Sachmho · Feb 28, 2002

Hardware is the only way to go.

My router has a firewall built in, and once i got zonealarm i still find zonealarm stopping a fairly consistent barrage of ads and most likely other spyware, coming from general ip's... bottom line; having both is better than having one

ThisIsMatt · Feb 28, 2002

I've used both Norton & Zone Alarm.

I like norton except that creating rules can be a total PITA. I like that you can disable it without shutting it down completely.

I like that ZA creates rules rather easily. I don't like that the new version likes to flash to it's little "Z/A" icon in the tray when nothing's going on (can kill it with a reg edit). Also, it keeps being lame & prevents internet access sometimes without me telling it to (have to shut it down and restart the app for it to work right). Also, it's not as customizable as I'd like.

Netopia · Feb 28, 2002

I would suggest that you all go to Gibson Research. Steve Gibson has been in the computer industry FOREVER and has done a LOT of stuff on security in the last couple of years. Microsloth HATES him because he keeps exposing the security flaws in their products.

Anyway... take a look. He's also got a great story on the sight about turning the tables and hacking into some hackers that were hacking him!

Joe

n0cmonkey · Feb 28, 2002

<< Hardware is the only way to go. >>

Nope, its not. Ive got a nice software firewall/router and sometimes a software firewall on my individual systems.

<< I understand from talking to Tech Support at Mcaffee that you can only use one firewall at a time.

They told me that if I combine Blackice with XP Firewall and Mcaffee Firewall, NONE of them would work and errors and instability would arise. Well, I've done tests and all three seem to keep my computer locked down.

Any opinions from MORE informed techies other than myself or Mcthrowup?............ >>

Ive talked to a couple of pro's that would run multiple firewalls at the same time. I think one of them was using ZA and BlackICE at the sametime. TPF seemed to be the best one when I was running Windows. IPF or PF now

wyvrn · Feb 28, 2002

<< And let me clue you in. Those linksys routers everyone uses aren't hardware firewalls. >>

Right. They have good features, but most users just plug them in and don't configure the advanced options, which is where most of the firewall-type features come in.

tim0thy · Mar 1, 2002

<< I would suggest that you all go to Gibson Research. Steve Gibson has been in the computer industry FOREVER and has done a LOT of stuff on security in the last couple of years. Microsloth HATES him because he keeps exposing the security flaws in their products.

Anyway... take a look. He's also got a great story on the sight about turning the tables and hacking into some hackers that were hacking him! >>

not to start any wars or anything, but security people do not recognize his work and his fight against microsoft if blown out of proportion. if you want to do some additional reading, go to grcsucks.com

enjoy.

as for firewalls, i am all for checkpoint (if you can harden and secure the OS that you are running that software on first). hardware firewalls are typically better though, because you don't have to worry about any security leaks in the OS. good luck.

joohang · Mar 1, 2002

I use ISA Server.

QTPie · Mar 1, 2002

Checkpoint is for professional use or for corporate environment. It's too expensive. I wish I have it for my home use.
For now, I use Norton Internet Security which included Norton Antivius. It seems to be OK.

rahvin · Mar 1, 2002

Got an old computer laying around? You have a hardware firewall, linux is a free download and has statefull packet inspection in the newest version (A simpler form of firewalling in older versions). Statefull inspection is something you will pay big $$$ for in the windows/appliance world.

n0cmonkey · Mar 5, 2002

<<

<< I would suggest that you all go to Gibson Research. Steve Gibson has been in the computer industry FOREVER and has done a LOT of stuff on security in the last couple of years. Microsloth HATES him because he keeps exposing the security flaws in their products.Anyway... take a look. He's also got a great story on the sight about turning the tables and hacking into some hackers that were hacking him! >>

not to start any wars or anything, but security people do not recognize his work and his fight against microsoft if blown out of proportion. if you want to do some additional reading, go to grcsucks.com enjoy.as for firewalls, i am all for checkpoint (if you can harden and secure the OS that you are running that software on first). hardware firewalls are typically better though, because you don't have to worry about any security leaks in the OS. good luck. >>

You say something about security people in the same breath as Checkpoint? HAHAHAHAHA

Do a search for "vanish" on phoneboy.com. Great reading. Hardware firewalls still have an OS. There is software to crash. There are still ways in. I can setup linux to be *SHUT DOWN* and still do firewalling. I can also setup OpenBSD in bridge mode (with PF/IPF) so the only way to do anything to/on the firewall is to login locally.

Anyhow, sorry about the checkpoint thing. It looks great for management

Software Firewall Comparison

Golden Member

Lifer

Lifer

No Lifer

Golden Member

Lifer

Golden Member

Diamond Member

Golden Member

Elite Member

Banned

Golden Member

Banned

Diamond Member

Elite Member

Lifer

Golden Member

Lifer

Golden Member

Elite Member

Elite Member