Which firewalls are actually worth using?

[Guest]

[jharris1993]

I realize that - by placing this thread on a Comodo forum - I'm sure to get inundated with the innumerable replies that the Comodo firewall walks on water, talks with the angels, sits at the right hand of God, etc. etc. etc.

However ("On the other hand...."  Tevye, Fiddler On The Roof )  My experience here has been that most everyone here is the "straight-shootin' kind of hombre" that I like to associate with, and I believe that I can get a reasonably straight answer from.

Question:

What firewalls are actually worth the effort required to press the "enter" key to install them?

AFAIK, firewalls fall into two very broad (and overlapping) categories:

First:  Those that are about as useful as [censored!] on a boar-hog.  (i.e. Windows Firewall and others like it.)

Second:  Those that are a total pain to use and configure.  These may actually do a decent job, but you get innundated with alerts every time you break wind, to the point that you develop a bad case of the "Alright already!" syndrome, and may actually allow things you don't want to.

It has also been my experience (at least with the freeware offerings by others), that after about a month or so of use, the system slowly becomes un-usable - as if the firewall is secretly blocking access to things to make the system crappy, so they can "fix" your problem with their payware version.  Uninstalling the firewall usually solves the problem.

What I want:

1.  A firewall that actually works.

2.  A firewall that doesn't interrupt me every 17 seconds because svchost is trying to do something... (and how am I supposed to know what svchost is proxying for THIS time?  Is it legit?  Is it something skanky?)

Ideally, especially in the case of things like svchost where the actual calling routine may be totally legit (doing a ping back to my domain controller), or something vile (ugly_skankware.exe phoning home, etc.) - a reference to WHAT is calling svchost would be useful.

3.  Some kind of MD5 hash for those apps that are allowed, so that app-spoofing can't occur. (leak test anyone?)

4.  One that won't go into the toilet after a month or so of use.

And so on.

In a nutshell, something that I can install on my wife's computer, or (gasp!) even my mom's computer, without worrying that they're going to get innundated with alerts, but still know they're being effectively protected.

An important "BTW":  I always advocate, at the very least, a decent hardware firewall between you and them - with NOTHING turned on.  (except the DMZ for my VoIP adapter!)

You know... yadda... yadda... yadda.....

I'd really like to see some (hopefully) unbiased comment on the various firewalls out there - how they compare to each other and the Comodo offerings, etc. etc. etc.

What say ye?

Jim

[Rotty]

There will always be a trade-off between security and usability.

Try all the firewalls and use the one that suites you best.

[JanPoko]

In my  experience,

from free products, Kerio is usable and stable enough, eventhough Matousec does not evaluate it too high. Comodo could become the best solution, if the expected v3 removes the current pending problems (especially in user's control area).

From paid fws, I aboslutely prefer Outpost, in spite what Matousec says.

[Soyabeaner]

Sorry, Jim.  I know you love your new cozy General Security Questions and Comments (not product related) board , but to this thread title just fits perfectly in this Computer Firewalls board where there will be actual names referenced.  So I had to move it here.

[Opus Dei]

Hey everybody

 When I found COMODO CPF I was very impressed with its layout and advanced Features. Its very configurable Network Monitor(NM) and seemingly almost equally configurable Application Monitor(AM).   I have not played with Component monitor yet.  I will probably just watch it and let it auto Configure

What I´m realy looking for is Opinions O f people who are experianced with several differnt Firewalls possiblly but not nessecarily even at the enterprise level.


 You could also post what you would like to see in COMODO to help make it a World class Firewall You may also post these coments Here
[/quote]

Subj:  Comodo Firewall Wishlist v5

Hello,

Please post any features that you would like to see in future versions of Comodo Firewall.

I look forward to seeing your suggestions!

Justin

Look'in forward to hearin' ya'lls comments
Thanks Opus Dei

PS I would like to say I think Comodo is the best consumer firewall I have seen and have great hopes for V3

[Opus Dei]

Jim

Ive tried Norton, Zone Alarm Pro, Had some faily large clients using Checkpoint 4-5 Years ago and had clients with others I cant remember which one exactlyI prefer CFP over them all. but I agree with JanPoko. Especially In AM filters

In my  experience,

from free products, Kerio is usable and stable enough, eventhough Matousec does not evaluate it too high. Comodo could become the best solution, if the expected v3 removes the current pending problems (especially in user's control area).

From paid fws, I aboslutely prefer Outpost, in spite what Matousec says.

What I want:

1.  A firewall that actually works.

2.  A firewall that doesn't interrupt me every 17 seconds because svchost is trying to do something... (and how am I supposed to know what svchost is proxying for THIS time?  Is it legit?  Is it something skanky?) Well, depending on your settings CPF Might Hit you with many prompts for this, however this can be changed

Ideally, especially in the case of things like svchost where the actual calling routine may be totally legit (doing a ping back to my domain controller), or something vile (ugly_skankware.exe phoning home, etc.) - a reference to WHAT is calling svchost would be useful. CPF will tell what the parent app is

3.  Some kind of MD5 hash for those apps that are allowed, so that app-spoofing can't occur. (leak test anyone?)CPF does this

4.  One that won't go into the toilet after a month or so of use.I don´t know about this yet

[Toggie]

I think it's a little harsh to compare something like CFP with Checkpoint. Whilst it's certainly possible  that your average Internet user might go out and buy Checkpoint, it's pretty unlikely. Might just as well go an buy a PIX 500.

I've been through a lot of different firewalls, both software and hardware, in terms of ease of use, CFP wins hands down. For most people, it's simply a matter of installing it, job done. For others, there is the ability to 'play' to take the configuration to the next level.

On the commercial side, how much ya wanna spend? I worked for a company where money was tight. so I set up several Linux boxes, no GUI, running IPChains, total cost, almost NIL, they were old 286 boxes, worked like a charm.

I worked for another company where only the best was good enough, CISCO PIX all over. I've also had the (mis)fortune to spend time with MS ISA server, nuf said.

For most home users CFP is great, it does what it says on the tin. Sure, there are things I'd like to see changed, but that's what the wish list is for...
 

[Toggie]

I seriously believe, that for most people, most of the time, CFP is perfect. You can more or less, set it and forget it. I'm not saying you'll never receive a pop-up, of course you will, but if your not into hacking away at rule creation, CFP works just fine.

[Opus Dei]

I guess I need to go back and rephrase my question I'm not so much wanting a comparison as opinions of network Profesionals
Maybe I will retitle it also

[Toggie]

Opus, do you not think this is pretty much the same question being asked here Which firewalls are actually worth using? ?

[Opus Dei]

Yea more Or less If you would like deleate this thread I thought that when I was replying to you post last night TRied to deleat the thread my self but I dont have the rights.

[Opus Dei]

I seriously believe, that for most people, most of the time, CFP is perfect. You can more of less, set it and forget it. I'm not saying you'll never receive a pop-up, of course you will, but if your not into hacking away at rule creation, CFP works just fine.

but where's the fun in that

[Soyabeaner]

but where's the fun in that

How about CF ver 3?

[panic]

I've used most PC based firewalls out there but my preferred firewall is CFP.

Of the others Jetico BETA2 is nice, very tight, very secure but aimed at the more experienced user.

I also liked the now defunct firewall from Wyvernworks.com, Firewall 2004 V5.2. Excellent user interface, easy to create rules manually with comprehensive protocol and logging support. Unfortunately it hasn't been updated since mid 2005. Real pity.

Cheers,
Ewen :-)

[Soyabeaner]

Yea more Or less If you would like deleate this thread I thought that when I was replying to you post last night TRied to deleat the thread my self but I dont have the rights.

I can also merge this thread with that other one, or if you think that's too confusing and just want to remove this thread, you can click the Remove Topic button at the bottom.

[Tags:]