looking for a free/low cost firewall with low system requirements

[Todd Brassman]

I'm looking for a free or low cost firewall that hopefully would not put
much stress on an older system. This system has a 1.3Ghz processor and
512MB of RAM running XP. Does anyone know of a solid program that would
meet those requirements?

Thanks.

 

[MyName]

I'm looking for a free or low cost firewall that hopefully
would not put much stress on an older system. This system
has a 1.3Ghz processor and 512MB of RAM running XP. Does
anyone know of a solid program that would meet those
requirements?

Thanks.

http://www.agnitum.com/products/outpost/

 

[John Doe]

I'm looking for a free or low cost firewall that hopefully would
not put much stress on an older system. This system has a 1.3Ghz
processor and 512MB of RAM running XP. Does anyone know of a
solid program that would meet those requirements?

I've used ZoneAlarm (free version) for years. Still working very well
here.

 

[Blinky the Shark]

I'm looking for a free or low cost firewall that hopefully would not put
much stress on an older system. This system has a 1.3Ghz processor and
512MB of RAM running XP. Does anyone know of a solid program that would
meet those requirements?

Check out the free version of Kerio Personal Firewall. I moved from
Zone Alarm to that years ago, and I've been very very happy with the
switch.

 

[Eric Furness]

Check out the free version of Kerio Personal Firewall. I moved from
Zone Alarm to that years ago, and I've been very very happy with the
switch.

Try Sygate free version.

Eric

 

[Blinky the Shark]

Try Sygate free version.

Thanks, but LIS I'm perfectly happy with Kerio.

 

[JAD]

sygate free version 5, getting hard to find
spf.exe

 

[Matt]

I'm looking for a free or low cost firewall that hopefully would not put
much stress on an older system. This system has a 1.3Ghz processor and
512MB of RAM running XP. Does anyone know of a solid program that would
meet those requirements?
http://www.ipcop.org/
http://www.ipcop.org/modules.php?op=modload&name=phpWiki&file=index&pagename=IPCopInThePress
http://www.ipcop.org/modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=2

· Sounds Good. What gear will I need?

First, you'll need a whole new computer for IPCop itself. This is not as excessive as it sounds. For one thing, IPCop can run on obsolete hardware that many companies are literally throwing away as "useless". IPCop Firewall will be connected to the outside world, so you'll need a cable and whatever kind of card (modem, NIC, etc) that you would normally have in your computer. Exactly what you need for this connection depends on how you connect to the Internet, but you probably can simply move the existing cables and hardware from your current computer to IPCop Firewall.

Then, you'll need another cable and NIC in IPCop Firewall to connect to your computer, or to your switch/router if you have several desktops to hook up. Finally, you'll need a NIC in your desktop computer, or one in each desktop computer if you have several desktops to hook up. Check the Installation Guide for more information.

 

[Matt]

http://www.ipcop.org/

Oh, sorry, I thought you were building a dedicated firewall box. That's
what IPcop is for.

 

[John Weiss]

I'm looking for a free or low cost firewall that hopefully would not put
much stress on an older system. This system has a 1.3Ghz processor and
512MB of RAM running XP. Does anyone know of a solid program that would
meet those requirements?

Try Kerio. www.sunbelt-software.com

 

[Don Taylor]

Try Kerio. www.sunbelt-software.com

A related question, is there even a plausibly priced hardware firewall
that does more than just NAT and State on both incoming and outgoing
packets? Something that blocks all the usual malware holes.

I'm imagining something like one of the better software firewalls but
in a little dedicated case for maybe $100 or so, something where I
don't have to build another computer, install linux, get firewall
software, configure it and hope I haven't made any sort of mistake
that leaves open a hole.

I'm hoping there would be something that if adopted widely could
stem the tide of the millions of bot controlled machines out there
and block 99.99% of all the little net vandals out there.

thanks

 

[Eric Furness]

Thanks, but LIS I'm perfectly happy with Kerio.

Sorry.. I meant to reply to OP.
Eric

 

[John Weiss]

A related question, is there even a plausibly priced hardware firewall
that does more than just NAT and State on both incoming and outgoing
packets? Something that blocks all the usual malware holes.

I'm not sure what more you're looking for, but with just my Linksys WRT54GS and
Kerio (or ZoneAlarm) GRC's "Shields UP" (https://www.grc.com/x/ne.dll?bh0bkyd2)
shows all my ports as stealthed. AFAIK, "all the usual malware holes" are
inaccessible from the outside.

 

[Matt]

I'm looking for a free or low cost firewall that hopefully would not put
much stress on an older system. This system has a 1.3Ghz processor and
512MB of RAM running XP. Does anyone know of a solid program that would
meet those requirements?

Thanks.

Don't people just use the firewall that comes with XP? Why wouldn't
that be good enough?

 

[Blinky the Shark]

Don't people just use the firewall that comes with XP? Why wouldn't
that be good enough?

http://blinkynet.net/stuff/comp/winsecurity.jpg

 

[Don Taylor]

I'm not sure what more you're looking for, but with just my Linksys WRT54GS and
Kerio (or ZoneAlarm) GRC's "Shields UP" (https://www.grc.com/x/ne.dll?bh0bkyd2)
shows all my ports as stealthed. AFAIK, "all the usual malware holes" are
inaccessible from the outside.

Suppose by some accident your machine has been taken over by a
bot or a rootkit. My understanding, after a fair amount of
digging is that the Linksys does nothing to stop anything
outgoing.

Thus the bazillion of bots spewing pump-n-dump stock spam for
the last few months.

If you happen to click on some web page with a variety of net
scum there, doesn't NAT and State happily accept anything that
comes back in response to your outgoing packet requesting the
contents of that web page? That doesn't necessarily say it will
execute arbitrary binary as a response but if I understand
correctly State matching accepts anything back in response to
your out going packet.

And once inside if it finds a way to execute it, or gets you to
execute it then a number of the little net vandals disable
software protections on the machines and away you go.

 

[John Weiss]

Suppose by some accident your machine has been taken over by a
bot or a rootkit. My understanding, after a fair amount of
digging is that the Linksys does nothing to stop anything
outgoing.

That's why we all use software firewalls in addition; they take care of the
outgoing traffic.

Thus the bazillion of bots spewing pump-n-dump stock spam for
the last few months.

Most of them that infect home machines are viruses/Trojans that use recognized
paths of infection, and are stopped by most current Anti-virus apps.

With a modicum of intelligence in Internet use and a reasonable array of
anti-malware apps, most home users will remain uninfected for years (I think my
last virus infection was in '94 or '95). Unfortunately, those who insist on
downloading stuff from questionable P2P and/or porn sites will be infected much
more readily. I don't know what you expect beyond NAT and SPI from hardware in
the "free/low cost" realm...

If you happen to click on some web page with a variety of net
scum there, doesn't NAT and State happily accept anything that
comes back in response to your outgoing packet requesting the
contents of that web page? That doesn't necessarily say it will
execute arbitrary binary as a response but if I understand
correctly State matching accepts anything back in response to
your out going packet.

Yes, but your browser should be set to deny scripting by default for unknown
sites, so the most likely path of infection is closed. There is very little
that can be accomplished in the way of malware with simple HTML when Active-X
and JavaScript are denied, and automatic installation of plug-ins is disabled.

And once inside if it finds a way to execute it, or gets you to
execute it then a number of the little net vandals disable
software protections on the machines and away you go.

So, corporations spend big bux on dedicated hardware firewalls (that are
essentially computers running more robust and restrictive versions of the
anti-malware we use). I don't think you had that kind of payment in mind...