Author Topic: What's your favorite firewall software for Windows?  (Read 8680 times)

0 Members and 1 Guest are viewing this topic.

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
What's your favorite firewall software for Windows?
« on: September 03, 2013, 07:55:07 pm »
I've been using Zone Alarm for many years. I use the subscription version, not the free version (though have used both). I've liked it because in side-by-side tests, I found that it caught threats that none of the other firewalls caught. Specifically, trojan horse type attacks where malicious software was reaching out to the "mothership". For that reason, I have put up with its bugs and ever-changing user interface for a long time.

Generally the bugs come in the form of blocking access when it shouldn't - which is better than the alternative (of letting things through that it shouldn't). For example, on one of my PCs, every time Zone Alarm goes out to check for its updates, it then blocks all internet access from that point forward until I reboot the PC. It's been that way for months, which forced me to turn off Zone Alarm's automatic updates since I'm not willing to reboot my PC every time it checks. There is another well-known bug which causes it to consume 100% of resources for 1 CPU. This bug has gone on for years, and requires at least closing and restarting the firewall (used to require a reinstall to fix it). Today, after doing its update, it learned a new and very annoying trick. It now blocks only "some" email accounts but not all - even though they are all coming from the same physical server. I've had it! Zone Alarm has finally become so incredibly buggy that I simply can't bare it any longer.

What firewall software do you like and why? I'm looking for the strictest possible protection, and happy to pay for it -  so not limiting the search to free versions.
« Last Edit: September 03, 2013, 07:57:06 pm by JoeyP »
 

Offline Fsck

  • Super Contributor
  • ***
  • Posts: 1157
  • Country: ca
  • sleep deprived
Re: What's your favorite firewall software for Windows?
« Reply #1 on: September 03, 2013, 08:03:13 pm »
for normal use systems: none.
for VMs where I may test software: comodo seems to work well
"This is a one line proof...if we start sufficiently far to the left."
 

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Re: What's your favorite firewall software for Windows?
« Reply #2 on: September 03, 2013, 08:17:00 pm »
Windows software? None.

Hardware with dedicated software from people who have a clue: Juniper SSG5 with ScreenOS. Or the old Netscreen 5GT (only available used). And If Cisco floats your boat then ASA 5505 (no idea if still available, didn't check recently).
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 

Offline Fsck

  • Super Contributor
  • ***
  • Posts: 1157
  • Country: ca
  • sleep deprived
Re: What's your favorite firewall software for Windows?
« Reply #3 on: September 03, 2013, 08:24:12 pm »
If we're talking appliances, I'd vote for rolling with pfSense. Or if you're more hardcore, just streamline your own FreeBSD setup.
Learning curve is a bit steep though, especially for an effective snort configuration.
"This is a one line proof...if we start sufficiently far to the left."
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #4 on: September 03, 2013, 08:29:05 pm »
I'm talking strictly *software* which protects individual PC(s). I have a hardware firewall which protects the entire network inbound, but those do absolutely nothing to prevent outbound malware, which in my mind is by far the bigger concern these days.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5499
  • Country: de
  • A qualified hobbyist ;)
Re: What's your favorite firewall software for Windows?
« Reply #5 on: September 03, 2013, 08:34:04 pm »
If we're talking appliances, I'd vote for rolling with pfSense. Or if you're more hardcore, just streamline your own FreeBSD setup.
Learning curve is a bit steep though, especially for an effective snort configuration.

I'd also highly recommend pfSense! It also allows to add additional software easily.
 

Offline Fsck

  • Super Contributor
  • ***
  • Posts: 1157
  • Country: ca
  • sleep deprived
Re: What's your favorite firewall software for Windows?
« Reply #6 on: September 03, 2013, 08:37:01 pm »
Actually, you can set outbound rules in pf (packet filter).
If you really are paranoid, you can log all outbound traffic using snort.
"This is a one line proof...if we start sufficiently far to the left."
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #7 on: September 03, 2013, 08:41:44 pm »
Actually, you can set outbound rules in pf (packet filter).
If you really are paranoid, you can log all outbound traffic using snort.

So it allows outbound rules which will identify the application on the PC which is originating the outbound request, and block one program on the PC while allowing other programs on that PC to get through?
 

Offline Fsck

  • Super Contributor
  • ***
  • Posts: 1157
  • Country: ca
  • sleep deprived
Re: What's your favorite firewall software for Windows?
« Reply #8 on: September 03, 2013, 08:46:36 pm »
Doesn't really do "application" per say. Think protocols and ports.
"This is a one line proof...if we start sufficiently far to the left."
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5499
  • Country: de
  • A qualified hobbyist ;)
Re: What's your favorite firewall software for Windows?
« Reply #9 on: September 03, 2013, 08:51:01 pm »
I'm talking strictly *software* which protects individual PC(s). I have a hardware firewall which protects the entire network inbound, but those do absolutely nothing to prevent outbound malware, which in my mind is by far the bigger concern these days.

There's no software or hardware which is capable of preventing everything malicious magically. If someone tries to sell you a "this product solves all your security problems" it's securityfoolery! Firewalls need rule sets! Network security requires a proper design. Yes, it's a complex task!
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #10 on: September 03, 2013, 08:55:35 pm »
Doesn't really do "application" per say. Think protocols and ports.

Then it won't protect you from a trojan horse. Here's the scenario:

1. You install some software on your PC from a not totally known vendor (perhaps for eval, or maybe the application software from a chinese product).

2. The application included a trojan horse which you have no way of knowing about.

3. The trojan attempts to access the "mothership".

How do you block this attack (or even know about it in real time)?

Here's how Zone Alarm handles that:

When your email client or browser attempts to access the internet, Zone Alarm reports e.g. "Outlook.exe is attempting to access the internet. Do you want to allow it?". Of course you answer yes.

When the trojan attempts to access the internet, Zone Alarm reports e.g. "xyz.exe is attempting to access the internet. Do you want to allow it?". If you don't recognize xyz.exe or feel it has no reason to be accessing the internet, you may research it and decide to answer no.

At this point, email can access, but trojan can't. In both cases, you were notified immediately in real time (without having to search any log) and asked to make the decision. That's what I'm looking for. I've not come across any hardware that offers this, but would be very interested if someone knows some.

 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #11 on: September 03, 2013, 09:00:07 pm »
I'm talking strictly *software* which protects individual PC(s). I have a hardware firewall which protects the entire network inbound, but those do absolutely nothing to prevent outbound malware, which in my mind is by far the bigger concern these days.

There's no software or hardware which is capable of preventing everything malicious magically. If someone tries to sell you a "this product solves all your security problems" it's securityfoolery! Firewalls need rule sets! Network security requires a proper design. Yes, it's a complex task!

Yes of course, but some products do a vastly better job than others, which is the reason I started the thread. I'm curious of other people's experiences.

I once tested a known trojan which I had isolated. 4 out of 5 firewalls I tested allowed the very simple trojan through without so much as a peep. Zone Alarm was the only one which caught it, which is why I've put up with it for so long, but it has become so ridiculously buggy that it's wasting too much of my time.
 

Offline Fsck

  • Super Contributor
  • ***
  • Posts: 1157
  • Country: ca
  • sleep deprived
Re: What's your favorite firewall software for Windows?
« Reply #12 on: September 03, 2013, 09:03:15 pm »
To solve 1: install it inside a VM.

Then, watch the snort log (logging all inbound and outbound). If you see traffic, delete VM.
"This is a one line proof...if we start sufficiently far to the left."
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5499
  • Country: de
  • A qualified hobbyist ;)
Re: What's your favorite firewall software for Windows?
« Reply #13 on: September 03, 2013, 09:07:28 pm »
1. You install some software on your PC from a not totally known vendor (perhaps for eval, or maybe the application software from a chinese product).

Thank you for installing our new root kit! In that case you may re-install your PC anyway.

Quote
When the trojan attempts to access the internet, Zone Alarm reports e.g. "xyz.exe is attempting to access the internet. Do you want to allow it?". If you don't recognize xyz.exe or feel it has no reason to be accessing the internet, you may research it and decide to answer no.

There are several proven ways to bypass ZoneAlarm.
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #14 on: September 03, 2013, 09:37:48 pm »
1. You install some software on your PC from a not totally known vendor (perhaps for eval, or maybe the application software from a chinese product).

Thank you for installing our new root kit! In that case you may re-install your PC anyway.

Quote
When the trojan attempts to access the internet, Zone Alarm reports e.g. "xyz.exe is attempting to access the internet. Do you want to allow it?". If you don't recognize xyz.exe or feel it has no reason to be accessing the internet, you may research it and decide to answer no.

There are several proven ways to bypass ZoneAlarm.

Yes, you've offered two extreme cases which I do agree with.  But in day-to-day use it isn't so black and white. Not all threats are root kits. Some are much less sophisticated but still can cause grief. Consider that each time you allow anything on your PC to update itself over the internet, the potential malware threat starts from zero.

I don't believe there is any security which is immune to all possible attacks, so I'd prefer to invest in  something which would reasonably catch as many as possible without spending my days running everything in VMs and manually searching logs.
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #15 on: September 03, 2013, 09:39:38 pm »
Our router runs DD-WRT which does a good job of blocking incoming connection attempts.

But each of the Windows PC's on the (W)LAN also have a software firewall to attempt to block (and display) unwanted out going connection attempts.

Windows XP .. Sunbelt Kerio Personal Firewall v4.6.xx
Windows 7 .... Windows 7 Firewall Control Plus (a GUI interface to the Windows 7 firewall)

Tried ZoneAlarm but it's awful compared to others.

Any websites and/or ip/port combinations that we want permanently blocking can be entered into the DD-WRT router.

Thanks Pippy. That's exactly the kind of feedback I was looking for. Your setup is similar to mine. I never looked at Sunbelt, but will check it out.
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #16 on: September 03, 2013, 09:52:04 pm »
I don't think the Sunbelt firewall (the best we've had) we use on Windows XP is available anymore, but you're welcome to a copy if you want - it is ONLY for Windows XP though.

That's really too bad to hear.
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #17 on: September 03, 2013, 10:55:56 pm »
It certainly is, because the Sunbelt firewall is our all time favorite. Was disappointed they never made a Windows 7 version.

Went to their website, and they seem to be pointing people to a product called "VIPRE" from a company called "ThreatTrack Security, Inc.":

http://www.sunbeltsoftware.com/home-home-office/sunbelt-personal-firewall/

Probably just a marketing agreement, but does any of that remind you of the original Sunbelt product? It looks like it might be a very similar product to Zone Alarm in terms of functionality - but hopefully with equal or better protection and without the bugs.
 

Online edpalmer42

  • Super Contributor
  • ***
  • Posts: 1820
  • Country: ca
Re: What's your favorite firewall software for Windows?
« Reply #18 on: September 04, 2013, 12:48:05 am »
You might want to take a look at http://www.matousec.com .  They continuously check software firewalls to see how they perform and they're not afraid to call a big name a dog.  ZoneAlarm gets a 'very poor' rating.  Some of the other big names get an even lower rating.

Ed
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 20121
  • Country: nl
    • NCT Developments
Re: What's your favorite firewall software for Windows?
« Reply #19 on: September 04, 2013, 01:07:31 am »
I've been using Zone Alarm for many years. I use the subscription version, not the free version (though have used both). I've liked it because in side-by-side tests, I found that it caught threats that none of the other firewalls caught. Specifically, trojan horse type attacks where malicious software was reaching out to the "mothership". For that reason, I have put up with its bugs and ever-changing user interface for a long time.

What firewall software do you like and why? I'm looking for the strictest possible protection, and happy to pay for it -  so not limiting the search to free versions.
Never use the computer with an administrator acount, AVG free virus scanner and a NAT router. My kids click anything they can but their computers never had a virus or malware.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline JoeyP

  • Frequent Contributor
  • **
  • Posts: 319
  • Country: us
Re: What's your favorite firewall software for Windows?
« Reply #20 on: September 04, 2013, 01:18:14 am »
You might want to take a look at http://www.matousec.com .  They continuously check software firewalls to see how they perform and they're not afraid to call a big name a dog.  ZoneAlarm gets a 'very poor' rating.  Some of the other big names get an even lower rating.

Ed

Thanks for the source Ed. I didn't know about that one. Here's their page with latest rankings for those interested:

http://www.matousec.com/projects/proactive-security-challenge-64/results.php

I noticed they ranked VIPRE dead last. Saw a similar rating on PC mag site, so can cross that one off. Also noticed that Comodo and Kaspersky rank high, but those are two of the four that failed my very simple trojan test a couple of years back. Maybe they've gotten better.

 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5499
  • Country: de
  • A qualified hobbyist ;)
Re: What's your favorite firewall software for Windows?
« Reply #21 on: September 04, 2013, 09:58:46 am »
Yes, you've offered two extreme cases which I do agree with.  But in day-to-day use it isn't so black and white. Not all threats are root kits. Some are much less sophisticated but still can cause grief. Consider that each time you allow anything on your PC to update itself over the internet, the potential malware threat starts from zero.

The common antivirus software takes care about the non so sophisticated or usual malware. A tool tracking programs which like to open network connections might help to detect malware too but most users simply see "click OK to make me go away" popups. Who reads all those popups very carefully if tons of programs are phoning home for updates? I'm not convinced that it adds any value. There is a lot of ransom ware over here which uses the webbrowser to get installed and simply blocks the GUI ("Send money for a key to unlock your PC!"). I doubt ZoneAlarm would detect that because the webbrowser is unblocked.

Quote
I don't believe there is any security which is immune to all possible attacks, so I'd prefer to invest in  something which would reasonably catch as many as possible without spending my days running everything in VMs and manually searching logs.

Another problem with ZoneAlarm and similar tools is the use of covert channels. Do you know how DNS works? The application asks the OS to look up the IP address(es) of www.some-domain.com. The malware could ask for <your eevblog login>.some-domain.com. The bad boy runs a modified authoritive nameserver for some-domain.com and gets your EEVblog credentials delivered free of charge. The application never needs to open a network connection to send any collected data, the OS will do it and no firewall tool like ZoneAlarm is able to detect or even block that.

nctnico's advice is the best choice for a user. But there is still enough malware which can't be defeated that way. The current standard ways for malware to enter your PC while browsing are flashplayer plugin, adobereader plugin and java (and the webbrowser itself with all the built-in extras like javascript).
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 20121
  • Country: nl
    • NCT Developments
Re: What's your favorite firewall software for Windows?
« Reply #22 on: September 04, 2013, 10:38:09 am »
That is not quite true. A regular Windows user can't write to system directories / registry which makes it impossible for malware to install itself. So even if the browser has a leak there is still no problem.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5499
  • Country: de
  • A qualified hobbyist ;)
Re: What's your favorite firewall software for Windows?
« Reply #23 on: September 04, 2013, 10:55:46 am »
That is not quite true. A regular Windows user can't write to system directories / registry which makes it impossible for malware to install itself. So even if the browser has a leak there is still no problem.

Ever heard of priviledge escalation?

BTW: A malware may install itself within the security/access context of the user logged in. It could be as simple as putting the exe in the user's directory and adding an entry to autostart :-)
« Last Edit: September 04, 2013, 11:02:35 am by madires »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf