Best free firewall for Windows?

[Curt]

Sorry for not making myself clear. I didn't care to download matousec's test report to see why this security suite from Eset presumably is totally worthless. To the best of my understanding Eset Smart Suite may be the best protection I can get at all.


Recent Eset Smart Suite awards:

Best free firewall for Windows?

[40hz]

Sorry for not making myself clear. I didn't care to download matousec's test report to see why this security suite from Eset presumably is totally worthless. To the best of my understanding Eset Smart Suite may be the best protection I can get at all.


Recent Eset Smart Suite awards:
(see attachment in previous post)

-Curt (July 27, 2008, 10:29 AM)

How can it be to the best of your understanding if you're deliberately not going to listen to what someone else has to say? Why not download the report, read it, and then rip Matousec a new orifice up here on the forum? I'd love to get your input, along with anybody else's, about anything related to the topic that could further my understanding.

Just a thought.

BTW: I don't buy into the whole leak-test argument either. Still, when the leak test notion first came out most of the security heavyweights seemed to give it a lot of credence. Besides, even if closing leaks were what it was all about, once that was fixed, somebody would just go and find a new flaw to exploit. What's relevant evolves or gets replaced. It's in the nature of the beast for priorities to keep changing.

[Dirhael]

My problem with Matousec is that he isn't really testing firewalls, he's testing several variants of HIPS products. It's telling that several (well at least two as far as I know) of the high-ranking products in his tests doesn't even include proper firewall functionality at all. This in itself wouldn't bother me were it not for the fact that he insists on calling it a "firewall challenge." These tests haven't really helped us as users of firewalls all that much either (if at all). His tests have caused many developers to focus like crazy on developing functionality to beat the tests, making the firewalls just about useless for anyone without enough technological insight to know how to answer the overload of (usually worthless) questions it presents you with.

[40hz]

His tests have caused many developers to focus like crazy on developing functionality to beat the tests, making the firewalls just about useless for anyone without enough technological insight to know how to answer the overload of (usually worthless) questions it presents you with.

-Dirhael (July 27, 2008, 04:17 PM)

Interesting. I had no idea Matousec packed so much clout. I just thought they were "yet another opinion" floating around out there. Live and learn.

It's telling that several (well at least two as far as I know) of the high-ranking products in his tests doesn't even include proper firewall functionality at all.

Even more interesting. Could you elaborate? Thx.

[cthorpe]

It's telling that several (well at least two as far as I know) of the high-ranking products in his tests doesn't even include proper firewall functionality at all.

Even more interesting. Could you elaborate? Thx.

-40hz (July 27, 2008, 11:45 PM)

ProSecurity in the Excellent category is a "HIPS that was clearly heavily influneced by Processguard."  It appears to have a yes or no check for accessing network in its rules.  No filtering that I see.  http://wiki.castlecops.com/Prosecurity

System Safety Monitor 2.3.0.612 is in the Good section.  It is a HIPS that has basic outbound internet protection.  It also lacks filtering.  http://www.syssafety.com/

FWIW, I use the paid version of System Safety Monitor on my PC.  It handles protection from termination and other HIPS duties while my firewall does firewall tasks.


C

[Dirhael]

Even more interesting. Could you elaborate? Thx.

-40hz (July 27, 2008, 11:45 PM)

Looks like cthorpe beat me to it

[40hz]

Even more interesting. Could you elaborate? Thx.

-40hz (July 27, 2008, 11:45 PM)

Looks like cthorpe beat me to it

-Dirhael (July 28, 2008, 06:21 AM)

Thankee Gentlemen. Looks like I've got some more reading to do.

Also appreciate the heads-up on System Safety Monitor. I usually run with HIPS turned off unless I'm doing something where I think I might need the additional layer of protection. But if there is a workable HIPS solution that is lighter on system resources than what I have, I'm all for it. Gonna have to buy me a copy and check it out.

Thanks again.

[f0dder]

Any security system that can be terminated without authorization is no security system at all. I really don't see how anyone can seriously advance the argument that it's not the responsibility of a security product to protect itself.

As soon as you have malware running on your system, you're game over. If a HIPS/firewall/antivirus solution can't keep stuff from coming in, forget about it. And yes, I believe that outbound filtering by software firewalls is basically useless.

HIPS may be yet another case of "putting lipstick on the pig," but until somebody in Redmond decides to audit and (potentially) rewrite something like 50+ million lines of source code, I'd like to have all options available.

Bullocks - NT is safe. You just need to run as a limited account instead of having admin privileges. Yes, this can be a pain because of how the non-kernel components of NT are done, but just drop your rights for internet-facing stuff, then.

At least NT has proper fine-grained permissions, unlike the owner/group/world crap from the *U*X mentality

[40hz]

As soon as you have malware running on your system, you're game over. If a HIPS/firewall/antivirus solution can't keep stuff from coming in, forget about it.

Isn't that why it would make sense to have HIPS active during an install?

At least NT has proper fine-grained permissions, unlike the owner/group/world crap from the *U*X mentality smiley

Hmmm....are you Tux baiting?

[f0dder]

Isn't that why it would make sense to have HIPS active during an install?

Yep, just don't get too caught up on the issue of whether there's outbound filtering or not, and whether the application can be auto-terminated or nto . IMHO power-users shouldn't really need anything but a NATing router and windows built-in firewall (in case you have a friend visiting you with an infected computer), but for the less techy (and more click-bloody-anything naïve), and corporate certification-hungry needs, it's of course another scenario.

At least NT has proper fine-grained permissions, unlike the owner/group/world crap from the *U*X mentality smiley

Hmmm....are you Tux baiting?

A bit - the NT kernel is (mostly) a pretty fine piece of work, and it's ACL security model is nice and flexible. The problem lies with the non-kernel part of the system

[Shades]

I do not totally agree with f0dder. Here I use a dedicated Linux (CentOs) gateway/DHCP/DNS machine which is firewalled/traffic shaped etc. etc. This machine is also behind a NAT...but last time a LAN party was held here, one of the guys brought his own system. Unfortunately the next monday a lot of my mail gets bounced because my IP was flagged as part of a spamming botnet.

When I asked around, the guilty one was running Vista with antivirus and a firewall. I don't think that guy was that dumb with computers, but still. My trust in Windows servers was already low...and this is not helping at all.

Not trying to be too friendly to the Linux crowd, I used to have a system with similar functionality but then FreeBSD based. That one was really rock solid and safe (but there is definitely a limit on how long the life from a 386 can be stretched ).

 

[f0dder]

Shades: in other words, a friend brought an infected machine to a LAN party? - but no other machines got infected? Sounds fine to me. You'd need a full-blown HIPS on your gateway device to prevent what happened... your Vista friend probably ran crappy AV, clicked too many links without thinking, and ran as admin instead of a non-privileged user.

That said, I tend to use linux for server needs. Not because it's more secure, but because it's less hassle for the stuff that I need. Sometimes, at least. Mostly because some of the software isn't available on windows, really.

[kartal]

Which software firewall is the best firewall nowadays for home office use?  I am also looking for a cheaper solutions, as of this year my software budget is very tight.

[Lashiec]

Windows Firewall. It totally fits your budget

Weren't you using Comodo anyway?

[kartal]

Lashiec I hope you are not making fun of me by offering WF as asolution, because I said that my budget is tight this year. I see no shame involved with being under funded nowadays.

I used Comodo for a week for testing, but that would not count as using really. It was good for what it was I guess. But once i found out about the practices of the company(adware installation) I gave up since then.

[Innuendo]

I think most people's budgets for anything is tight this year. No shame in that. Give Agnitum's free version of their Outpost firewall a try.

http://free.agnitum.com/

[sajman99]

The free version of Online Armor Personal Firewall suits my limited budget very well. OA offers excellent protection and solid customer support.

Hurry to their site before Oct. 31st for a 40% discount on their paid versions.

[f0dder]

Lashiec I hope you are not making fun of me by offering WF as asolution, because I said that my budget is tight this year. I see no shame involved with being under funded nowadays.

-kartal (October 23, 2009, 08:51 PM)

There's no shame in being under-funded, and there's not much reason to use anything but Windows' built-in firewall.

[Armando]

The free version of Online Armor Personal Firewall suits my limited budget very well. OA offers excellent protection and solid customer support.

Hurry to their site before Oct. 31st for a 40% discount on their paid versions.

-sajman99 (October 24, 2009, 12:16 AM)

Online Armor works very well for me too. (I posted about it a few times.)

[kartal]

Lashiec I hope you are not making fun of me by offering WF as asolution, because I said that my budget is tight this year. I see no shame involved with being under funded nowadays.

-kartal (October 23, 2009, 08:51 PM)

There's no shame in being under-funded, and there's not much reason to use anything but Windows' built-in firewall.

-f0dder (October 24, 2009, 05:53 AM)

Except that you do not know what the hell is going on, no  idea about what is comign what is going, who uses what.

[Innuendo]

Windows' firewall is very good at blocking incoming connections, but outgoing is a different story. It all depends on what the user needs.

I don't know if you need something completely free or if you are willing to pay something. What I do know is that if you need something to control outgoing connections if I were you I wouldn't consider anything other than Online Armor or Agnitum because last I heard those were the only two that could pass all leak tests.

Both companies have free versions of their firewalls and I think Agnitum is running a special right now selling lifetime licenses for their pay version of their firewall for a one-time price. I've never used Online Armor, but I can tell you that Agnitum's offering can let you be as paranoid and/or as granular with your permissions as you could ever want.

I hope this thread has helped you with your question.

EDIT: I missed in your original post where you say this is for home office use. Most freeware offerings don't allow use in commercial environments so be sure to check the EULAs if legal use is a concern for you.

[kartal]

Hi

Thanks for suggestions. I will then definetely check out Agnitum and Online Armour. I am fine with paying for app, I just can not spend too much.  So special deals are always welcomed here.

[Tuxman]

There is no "best firewall for Windows". Packet filters don't really make sense. An application which is intended to protect your system against attacks from outside can N E V E R work when it works on the computer you want to protect.

Don't use that stuff. It doesn't make sense at all.

[kartal]

Tuxman


How about linux ? I am also thinking to turn my laptop into a firewall with internet sharing. Would that be a good solution?

Actually one of the things I am really wanting is to see which application is trying to connect outside. I think most of these windows firewalls show that. Is there such thing under linux? I bet there is but something with a decent gui which is what I am interested in.

[Tuxman]

I am also thinking to turn my laptop into a firewall with internet sharing. Would that be a good solution?

-kartal (October 24, 2009, 06:10 PM)

If it only works as a firewall and any other internet devices are behind it: Yep. That's how a firewall works.

Actually one of the things I am really wanting is to see which application is trying to connect outside.

-kartal (October 24, 2009, 06:10 PM)

Trojans and worms usually run on your user account. What should keep them away from registering themselves in your "firewall" software?
Another thing that can't be solved this way... for that, I'd recommend TcpView (sysinternals.com) or similar software. Port blockers are not made for that.

I think most of these windows firewalls show that.

-kartal (October 24, 2009, 06:10 PM)

There is no Windows firewall.

Is there such thing under linux?

-kartal (October 24, 2009, 06:10 PM)

I don't actually hope so. Linux users don't tend to install anything anyone says of it's great.