The best FREE firewall?

[Wishmaster]

Hello!

What is the best freeware firewall for Windows XP Professional SP2?

Windows' built-in firewall is too simple, sometimes applications bypass it.

 

[Krull]

What is the best freeware firewall for Windows XP Professional SP2?

Kerio Personal Firewall 4. I used to think ZoneAlarm, but got tired
of ZA's constant CPU-hogging (thanks to the buggy vsmon.exe module),
and got sick of ZA's constant forgetfulness about permissions (I always
had to tick "Remember this setting" between reboots, which sucks).

Kerio has the addded bonus of letting you prevent apps from launching
too, which is great if something you've run tries to launch a secret
keylogger in the background, etc.

(And yes, it's free if you don't want to pay for "pro" features).

 

[Wishmaster]

Kerio Personal Firewall 4. I used to think ZoneAlarm, but got tired
of ZA's constant CPU-hogging (thanks to the buggy vsmon.exe module),
and got sick of ZA's constant forgetfulness about permissions (I always
had to tick "Remember this setting" between reboots, which sucks).

I will try it. Thanks!


--
[]s Renan (aka Wishmaster) - Canoas, RS, Brazil
"NetHack is not a network hacking program (unless you consider hacking into
PC's with a blessed +7 axe)"

np: After Forever - Yield to Temptation

 

[melanie]

I will try it. Thanks!

What is wrong (if anything) with the windows xp sp2 added security firewall
enhancement?

 

[ceed]

What is wrong (if anything) with the windows xp sp2 added security
firewall
enhancement?

It's not freeware...

 

[John Corliss]

What is wrong (if anything) with the windows xp sp2 added security firewall
enhancement?

It only monitors incoming, not outgoing connection attempts. Kerio
catches Trojans by alerting the user to their attempts to call out.

 

[elaich]

Good luck!! Kerio 4 is a CPU hogging, bloated piece of crapware. I
wouldn't recommend that anybody install it. I tried it (1.2 GHz, 256M)
and it slowed my machine down to a crawl.

Google the groups to read the hundreds of horror stories about KPF
version 4.

 

[Wishmaster]

"melanie" <[email protected]> escreveu na mensagem

What is wrong (if anything) with the windows xp sp2 added security
firewall enhancement?

Too crippled for my taste; I found that some software manages to BYPASS the
firewall.

[]s

 

[Mike]

Good luck!! Kerio 4 is a CPU hogging, bloated piece of crapware. I
wouldn't recommend that anybody install it. I tried it (1.2 GHz, 256M)
and it slowed my machine down to a crawl.

Google the groups to read the hundreds of horror stories about KPF
version 4.

I agree with you, and so do many others, uncluding regs in
and
others.

The best free Kerio firewall IMHO is version 2.15, without any
doubt. It is so popular that Kerio have very kindly continued to
make it available for download...
http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

Kerio 2.1.5 does have one *small* security flaw in that it will
not block fragmented ICMP packets. However, it is simple enough
to suppliment Kerio v2.1.5 with XP's built in IP security feature
called "IPSec". More info on this here...
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

Further reading...
http://groups.google.co.uk/group/comp.security.firewalls/msg/fa5c9255ec0be2c0?hl=en&

Version 4 is utter pants IMHO.

 

[Mike]

http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

Kerio 2.1.5 does have one *small* security flaw in that it will
not block fragmented ICMP packets. However, it is simple enough
to suppliment Kerio v2.1.5 with XP's built in IP security feature
called "IPSec". More info on this here...
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

Forgot to include this one...
http://www.analogx.com/contents/articles/ipsec.htm

 

[Kerodo]

I agree with you, and so do many others, uncluding regs in
and
others.

The best free Kerio firewall IMHO is version 2.15, without any
doubt. It is so popular that Kerio have very kindly continued to
make it available for download...
http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

Kerio 2.1.5 does have one *small* security flaw in that it will
not block fragmented ICMP packets. However, it is simple enough
to suppliment Kerio v2.1.5 with XP's built in IP security feature
called "IPSec". More info on this here...
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

It's a little bit worse than that. Kerio 2.1.5 will not block ANY
fragmented packet. Let's them right thru, not just icmp, but TCP/UDP as
well. So IPSec won't help you there.

The best workaround for this problem is to run CHX-I 'behind' Kerio 2.
CHX will catch anything that Kerio let's thru, and the two work very
well together, no conflicts or problems.

CHX-I is available here for free. Just register and you'll get a free
license via email:

http://www.idrci.net/idrci_products.htm

And if you can do without Kerio 2's outbound app control, then CHX-I by
itself is far superior to Kerio 2 as a packet filter.

 

[Laurie Flack]

Hello!

What is the best freeware firewall for Windows XP Professional SP2?

Windows' built-in firewall is too simple, sometimes applications bypass it.

It's worth visiting Secunia to see what unresolved security issues there
are for any firewall (or browser etc) of interest.

http://secunia.com/product/#software is an excellent site with hundreds
of software (and hardware) versions investigated.

LF

 

[Wishmaster]

"Mike" <[email protected]> escreveu na mensagem

I agree with you, and so do many others, uncluding regs in
and
others.

The best free Kerio firewall IMHO is version 2.15, without any
doubt. It is so popular that Kerio have very kindly continued to
make it available for download...
http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

Does this work in Windows XP SP2? Seems a bit outdated.

 

[Mike]

"Mike" <[email protected]> escreveu na mensagem



Does this work in Windows XP SP2? Seems a bit outdated.

Yes, I've been using it for years, since Win98, through Win2000
and XP with all SP's. I'm using it now on XP Pro SP2.

Also, take note of Kerodo's comments as s/he may well be correct.

 

[Mike]

It's a little bit worse than that. Kerio 2.1.5 will not block ANY
fragmented packet. Let's them right thru, not just icmp, but TCP/UDP as
well. So IPSec won't help you there.

The best workaround for this problem is to run CHX-I 'behind' Kerio 2.
CHX will catch anything that Kerio let's thru, and the two work very
well together, no conflicts or problems.

CHX-I is available here for free. Just register and you'll get a free
license via email:

http://www.idrci.net/idrci_products.htm

And if you can do without Kerio 2's outbound app control, then CHX-I by
itself is far superior to Kerio 2 as a packet filter.

Thanks for that, I'll note your comments for future ref. It's not
something I've been concerned about for my own system as I'm
behind a router with built in security features which cover
Kerio's minor flaw.

 

[Wishmaster]

Wishmaster wrote:

Yes, I've been using it for years, since Win98, through Win2000
and XP with all SP's. I'm using it now on XP Pro SP2.

Also, take note of Kerodo's comments as s/he may well be correct.

Thanks! Will check!
I mainly want to block incoming and outgoing connections from some
applications.

--
[]s Renan (aka Wishmaster) - Canoas, RS, Brazil
"<VirtualServ> -±- CurrentSong: Linkin Park - A Place For My Head -±-
<[0G]ftwilli> told you Linkin Park was talking about sex the whole
time..."
--- quote from www.bash.org

np: Within Temptation - Caged

 

[Krull]

What is wrong (if anything) with the windows xp sp2 added security
firewall enhancement?

(1) It doesn't stop apps accessing the net -- it only blocks incoming attacks.
(2) It doesn't stop apps launching other apps in the background.

Kerio does both. ZoneAlarm only does (1).

 

[Krull]

Good luck!! Kerio 4 is a CPU hogging, bloated piece of crapware. I
wouldn't recommend that anybody install it. I tried it (1.2 GHz, 256M)
and it slowed my machine down to a crawl.

Different strokes for different folks: Kerio has made my PC much faster
and lighter than when I was using ZoneAlarm. In fact, ZoneAlarm caused
me to reset my PC due to 99% CPU lockups THREE TIMES in one day, which
was the final straw. Kerio is a superior app in my experience, and has
the added benefit of stopping apps from launching other apps without
your permission.

 

[Franklin]

On Sat 09 Jul 2005 19:33:31, Mike wrote:

The best free Kerio firewall IMHO is version 2.15, without any
doubt. It is so popular that Kerio have very kindly continued to
make it available for download...
http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

Kerio 2.1.5 does have one *small* security flaw in that it will
not block fragmented ICMP packets. However, it is simple enough
to suppliment Kerio v2.1.5 with XP's built in IP security
feature called "IPSec". More info on this here...
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

Further reading...
http://groups.google.co.uk/group/comp.security.firewalls/msg/fa5c
9255ec0be2c0?hl=en&

Aren't fragmented packets a bit of a problem to Kerio 2.1.5?

 

[Mike]

On Sat 09 Jul 2005 19:33:31, Mike wrote:



Aren't fragmented packets a bit of a problem to Kerio 2.1.5?

*thud*