Main Area and Open Discussion > General Software Discussion

Firewalls - please, i can't be bothered.

(1/17) > >>

nudone:
zone alarm sometimes give up on me - usually only if the machine has been on for more than 24 hours. i can live with this but it's a little annoying.

that Comodo thing works even less on my machine.

so, i thought i'd have a go with Ashampoo's free firewall. looked okay at first but then i found that my non pop3 email accounts wouldn't connect when using MS Outlook.

funny how Ashampoo's rule is to allow full access for outlook in and out.

do i want to know the solution, can i really be bothered. absolutely not. i've just uninstalled it and Outlook is working fine again.

will i go back to Zone Alarm, will i go back to Outpost? nah, i think i'll just not bother with a firewall (again). f0dder, gave me good reason not to believe in them, yet i keep looking for one that might work.

is there nothing that will simply monitor outbound connections and let me block them if i want to - how big a task is that?

f0dder:
Appearantly a hard task to get right :]

AndyM:
i think i'll just not bother with a firewall
--- End quote ---

Why not just use the Windows firewall?  No outbound blocking but surely better than nothing, no?

It's what I use.  I will say that every now and then I see outbound activity that I'm not sure about, but the trouble I see people going thru dealing with the other firewalls is not attractive.

tranglos:
i think i'll just not bother with a firewall
--- End quote ---
Why not just use the Windows firewall?  No outbound blocking but surely better than nothing, no?
-AndyM (February 25, 2007, 12:09 PM)
--- End quote ---

But the OP specifically wants outbound connection blocking :)

Nudone: Long ago I started with Zone Alarm, which was great until they moved to a new major version and ZA became bloated, slow and hard to configure. Then I used the free version of Kerio until I needed connection sharing, which the free version didn't support. I bought the pro version, but didn't like it at all. It caused bluescreen "STOP" errors and missed some applications which clearly were establishing connections without Kerio noticing them. I switched to Sygate but that didn't last long, about half of the net-enabled apps I use were happily connecting without Sygate ever knowing about them, and the interface was so obscure I became borderline paranoid, because I could not see clearly what was allowed and what wasn't.

If I were to try another firewall today, I'd try F-Secure Internet Security, simply because the same company makes F-Prot, a very good antivirus product. But instead, I happened upon what's nearly a perfect firewall for my needs: Agnitum Outpost. I've used it since 2004, had very few problems, nothing major.

For one thing, it's very nicely designed - the UI is very clear and logically laid out, you can easily access the various groups of settings. Great logging feature with filters, so I can always see exactly what is being allowed or blocked and why, as well as check which processes are holding ports open at any given time. Another good idea in Outpost is the plug-in architecture: if you don't want active content filtering for example (flash, activex, etc) you simply disable the plugin. It autoconfigures for most popular software, and offers detailed custom rules. It doesn't win most leaktests, but does rate high, and certainly hasn't failed me in three years.

Now for some problems. Like I said, I haven't experienced any showstoppers with Outpost, onlya few minor annoyances. After I run it for a long time and the configuration becomes large, with many rules, on two occasions I was unable to add a new "allow" rule for a newly installed app. The rule creates OK and Outpost claims to be using it, but the app can't reach out for some reason. It's happened to me twice, and the way around it was to drop the existing configuration and have Outpost create a new one from scratch. This has a positive side-effect in cleaning up all the stale rules for apps I once installed and since removed, but well, it's a bit annoying. However, Outpost autodetection is so good that the last time I barely needed to modify it.

There is an attack detection feature which is a little too eager: in the default configuration it won't let me post on Slashdot, for instance (maybe it's a good thing :) You can disable it altogether or restrict the detection though.

Version 2.5 had some issues with internet connection sharing, which required manual tweaks in an ini file, but it seems to have been corrected since then.

One caveat: I'm using version 3.5. The latest is 4.0, and I've seen a few disappointing comments on the support forum, so I'm waiting it out till they fix what they may have broken in this release. I would still recommend that you try Outpost, and in case of any problems you can try their support forum, it's quite lively.

marek

tranglos:
will i go back to Zone Alarm, will i go back to Outpost?-nudone (February 25, 2007, 11:13 AM)
--- End quote ---

Heh, I didn't notice you've already tried Outpost, so pls disregard the above. What was the reason you gave up on it?

One way of ridding oneself of a firewall completely would be to install a hardware router, but that's yet another device that consumes power and radiates heat and I already have anough of these at home...

Navigation

[0] Message Index

[#] Next page