Re: Firewalls

doug wrote:
> I've been happy with ZoneAlarm for years and haven't been keeping up 
> with recent reviews of competing products. My son is finding it a bit of 
> a resource hog and is looking for *free* alternatives. Comodo gets good 
> reviews. Suggestions?

"Good" or "best" firewall is a traditional question, and
it's really 
hard to respond to thoughtfully. This because the word "Firewall" has

become almost dysfunctional. E.G. A firewall can be:

1. a packet filter (traditional understanding).

or

2. a packet filter with stack-connecting-application monitoring and 
validation (W2K-era Windows standard).

or

3. a packet filter with stateful enforcement, possibly with item 2. above.

or

4. a packet filter with IDS rules and subroutines that provides warnings 
of Intrusion activity; possibly with 2 and/or 3 above.

or

5. a packet filter with 4 above, plus the ability to block the IDS activity.

or

6. a packet filter with 5 above,  plus the ability to both block the 
activity and kill any down/upload.

or

7. a packet filter with the ability to monitor ALL application 
signatures (e.g. MD5) and block the execution of new or changed 
applications 'til a popup is addressed, plua 2, and/or 3, and/or 4, 
and/or 5, and/or 6 above.

or

8. etc. etc. .................

Two points here:

- "firewalls" cover a broad range of functions, and increasingly
include 
what used to be classified as "anti-trojan", IDS, IPS, etc.
functions.

- One should not select a firewall in a vacuum. Rather, first define a 
list of protections that you want to add to your OS; then select a 
collection of tools to address that list (e.g. a tight definition of 
"users" and their privileges; an Anti-Malware scanner; Kernel
hardening; 
a "Firewall"; IPS; etc. that will work well together, use an
acceptable 
quantity of resources, and will not duplicate efforts (or can be 
configured so as to not duplicate efforts).

Suggest you ask your son what he wants from a "firewall"; what
security 
"voids" it is to address.

If he hasn't yet, or doesn't want to give it much thought, then simply 
suggest the first-generation Kerio firewall (IIRC, something release 
15?) which will approximate number 2 above.

Roger Parks wrote:
> doug wrote:
>> I've been happy with ZoneAlarm for years and haven't been keeping up 
>> with recent reviews of competing products. My son is finding it a bit 
>> of a resource hog and is looking for *free* alternatives. Comodo gets 
>> good reviews. Suggestions?
> 
> 
> 
> If he hasn't yet, or doesn't want to give it much thought, then simply 
> suggest the first-generation Kerio firewall (IIRC, something release 
> 15?) which will approximate number 2 above.
> 
> HTH

I personally find Comodo far too annoying, given that I'm behind a router.

To simply monitor anything trying to get outbound, it's hard to beat the old 
Kerio 2.1.5.

http://www.oldversion.com/program.php?n=keriopf

--