Jump to content

Which is the best Standalone Firewall?


KotaXor

Recommended Posts

For me: Eset Smart Security + System Safety Monitor Free = one of best protection + lightest resources needed + high control.

ESS fail in "antileak firewall tests", but you can upgrade this with an HIPS program. I'm thinking the ESS firewall works OK and it's very configurable (advanced rules, control by application, IP ranges, etc), this is the original firewall works.

Eset firewall gives you the 'power' to configure it any way you want it, but with great power comes great responsibility. If you don't configure it right (and you're not behind a hardware firewall provided by a router or a standalone hardware firewall) then the Automatic mode suits you best. This probably won't give you maximum security but maximum -0.00000001. This can be exploited by something that has already came onto your computer and tries to connect to it's source (like a trojan, for example), but it's highly unlikely that Eset's antivirus/antispyware module will miss it AND that exactly that what is missed will be able to connect through your firewall.

Since this is the case, i think Eset Smart Security is (one of) the best security solution for every person that is either less experienced in configuring their security solutions or someone who doesn't want to spend much time on doing so, but is able to. Even if you're not one of those two kinds of persons, then ESS is still a good security solution because you can make it the BEST security solution for YOUR computer by configuring it to your needs, with advanced rules and stuff. You just have to know how and if you don't, you fall into the first category (less experienced).

This is why i like ESS so much, i can recommend it to my friends(with average computer knowledge or less) without having doubts about them configuring it properly or myself having to do so and at the same time i can use it myself as a much more advanced security solution.

Yes, I agree with this! ;)

ESS can do a decent work for experienced & unexperienced people, and this is more important than only choosing by reading an "antileak test". Frecuently, a good program is making a good work but "its manner working, interface, user options, etc" can be more important to decide, to choose it or another.

HIPS technology on the hands of unexperienced people can produce an "allways allowing all", because a less understanding or a poor HIPS program explanations about the can allow or block.

Most problems for "automatic mode" are related to using P2P and other applications that need "incooming requests".

I suggest for less experienced people that search & find on the web forums the well knowed advanced rules for this type applications needing "open ports for in traffic".

Thanks for your explanations!

Link to comment
Share on other sites


  • Replies 134
  • Views 42.2k
  • Created
  • Last Reply

Nowadays if you're into filesharing with torrents or any other kind of client based protocol you have to know your way around firewalls and routers. If you don't your speeds won't be maxed and you might not even be able to download a single bit, which is quite frustrating. But if you have a little patience and use some common sense you'll eventually get it and you'll be able to configure most firewall/connection related stuff for the rest of your life.

Almost completely off topic:

One note about ESS/EAV(maybe all AV's, but i don't know): When installing SUPER(Universal media converter) my ekrn.exe process takes up 99 % of my CPU because it's scanning all the files SUPER is creating... Which is perfectly normal, but it shouldn't use 99% of my CPU. Can anyone confirm that other AV have the same problem? If so the problems lies in the installer provided by eRightsoft(makers of SUPER) and if not then Eset has to do something about it.

Link to comment
Share on other sites


the best choice imo is to go with EAV + comodo

Link to comment
Share on other sites


the best choice imo is to go with EAV + comodo

That combo would use more resources then just taking ESS for what it is, right?

Link to comment
Share on other sites


the best choice imo is to go with EAV + comodo

That combo would use more resources then just taking ESS for what it is, right?

Yes, for me this combo needs more resources than just ESS.

I'm thinking ESS is the lightest of all this type security suites.

Link to comment
Share on other sites


Nowadays if you're into filesharing with torrents or any other kind of client based protocol you have to know your way around firewalls and routers. If you don't your speeds won't be maxed and you might not even be able to download a single bit, which is quite frustrating. But if you have a little patience and use some common sense you'll eventually get it and you'll be able to configure most firewall/connection related stuff for the rest of your life.

Almost completely off topic:

One note about ESS/EAV(maybe all AV's, but i don't know): When installing SUPER(Universal media converter) my ekrn.exe process takes up 99 % of my CPU because it's scanning all the files SUPER is creating... Which is perfectly normal, but it shouldn't use 99% of my CPU. Can anyone confirm that other AV have the same problem? If so the problems lies in the installer provided by eRightsoft(makers of SUPER) and if not then Eset has to do something about it.

Most of this CPU issues are about ESS/EAV antivirus real time configuration protection.

ESS/EAV can check every new created file with advanced heuristics enabled. Advanced heuristics (hig) needs a lot of CPU time, because (I'm thinking) uses "sandbox, virtualization" technology.

I currently only use advanced heuristics for on-demand and deep scanning (see profiles configuration), the same with "unwanted & dangerous" application detection.

I'm suggesting also not avoid to check "save or preserve last timestamp access" on all ThreathSense configurations. If unchecked (by default): after a scan the timestamp access be changed on the file/s. This is usefull for a lot of pourpouses and for people that uses UltimateDefrag for speed their system. Version 2 of NOd hasn't this feature, I believe, and I'm thinking very interesting to know what antivirus accomplish this and what not.

Link to comment
Share on other sites


two firewalls ? that isnt good idea :rolleyes:

EAV = Only antivirus/Antispyware

ESS = Antivirus/Antispyware + Firewall + Antispam

EAV + COMODO = Antivirus/Antispyware + Firewall + HIPS

There aren't two firewalls!

Link to comment
Share on other sites


new firewall FortKnox Personal Firewall 2008 v3.0.195

work great with EAV just like ESS firewall

i am using it with KAV v7

Link to comment
Share on other sites


I'm using ZoneAlarm Pro 7.0.470.000 and its works well for me (can't claim it's the best available - it did create waves 3-4 years ago.) I've also tried out the 'suite' for a couple of years but find the Pro version much more appealing.

Link to comment
Share on other sites


einstürzende

Eset (Nod32) firewall is piece of garbage, what is use of this firewall when it can be bypassed by most stupidest leak technique,

BTW, NOD is very bad AV also and I expected HIPS module at least to patch uncovered holes in AV base but FW department is good for nothing, just average packet filter with a nice interface, not a personal firewall.

Link to comment
Share on other sites


the best fw imo are either online armor or comodo

Link to comment
Share on other sites


I have a wireless modem so the windows service pack 2 XP firewall is all i am using...unless someone here can tell why i should not be :dance2:

Link to comment
Share on other sites


einstürzende
I have a wireless modem so the windows service pack 2 XP firewall is all i am using...unless someone here can tell why i should not be :dance2:

Because you can not filter outbound (per application) traffic, if your AV fails to catch malware, your personal data is in real danger...

Link to comment
Share on other sites


Eset (Nod32) firewall is piece of garbage, what is use of this firewall when it can be bypassed by most stupidest leak technique,

BTW, NOD is very bad AV also and I expected HIPS module at least to patch uncovered holes in AV base but FW department is good for nothing, just average packet filter with a nice interface, not a personal firewall.

Yes, ESS for antileak is bad. But a firewall, a personal firewall is about in/out traffic, rules per application, allow/denied, advanced IP ranges rules, etc.

Antileak tests are about HIPS, behavior, IDS....... For this, and it's my own opinion not a suggest for nobody, I current prefer ESS + System Safety Monitor. Less resources needed, less conflictivity and less bugs than Comodo with his HIPS in my system (I was experienced this more than once).

NOD its'nt very bad, it's just in the "top ten" AV's, and I'm thinking that his advanced heuristics still unsurpassed.

On the other hand, NOD achieves more 100% "In-The-Wild" than others can achieve. "In-The-Wild" tests are more usefull for current people that are internet normally surfing. This is also my opinion, not a suggest.

Link to comment
Share on other sites


Eset (Nod32) firewall is piece of garbage, what is use of this firewall when it can be bypassed by most stupidest leak technique,

BTW, NOD is very bad AV also and I expected HIPS module at least to patch uncovered holes in AV base but FW department is good for nothing, just average packet filter with a nice interface, not a personal firewall.

I guess you love kav / Kis more :rolleyes:

I use Eset / OP2008 & Kav / Kis

Eset AV is very good, but their firewall isn't good enough & always better than none.

We'll have our personal choices

:dance2:

Link to comment
Share on other sites


einstürzende
Eset (Nod32) firewall is piece of garbage, what is use of this firewall when it can be bypassed by most stupidest leak technique,

BTW, NOD is very bad AV also and I expected HIPS module at least to patch uncovered holes in AV base but FW department is good for nothing, just average packet filter with a nice interface, not a personal firewall.

Yes, ESS for antileak is bad. But a firewall, a personal firewall is about in/out traffic, rules per application, allow/denied, advanced IP ranges rules, etc.

Antileak tests are about HIPS, behavior, IDS....... For this, and it's my own opinion not a suggest for nobody, I current prefer ESS + System Safety Monitor. Less resources needed, less conflictivity and less bugs than Comodo with his HIPS in my system (I was experienced this more than once).

NOD its'nt very bad, it's just in the "top ten" AV's, and I'm thinking that his advanced heuristics still unsurpassed.

On the other hand, NOD achieves more 100% "In-The-Wild" than others can achieve. "In-The-Wild" tests are more usefull for current people that are internet normally surfing. This is also my opinion, not a suggest.

Personal firewall must distinguish which application requesting network access, leak tests are proof of concepts for firewall bypassing techniques, so if svchost or IE or any network enabled appz./service have network traffic (controlled by ESS "firewall") that does not mean those services/applications actually made request.

"Firewall" in ESS is so bad that it doesn't deserve to call it firewall, it is a packet filter who maybe yes and maybe not recognize network accessing application...

Sorry for bad Eanghleeze

Link to comment
Share on other sites


I have a wireless modem so the windows service pack 2 XP firewall is all i am using...unless someone here can tell why i should not be :)

Because you can not filter outbound (per application) traffic, if your AV fails to catch malware, your personal data is in real danger...

Yes but...i DO have a hardware firewall in the modem... if someone can get past that a software firewall will not stop them either

Link to comment
Share on other sites


einstürzende
I have a wireless modem so the windows service pack 2 XP firewall is all i am using...unless someone here can tell why i should not be :)

Because you can not filter outbound (per application) traffic, if your AV fails to catch malware, your personal data is in real danger...

Yes but...i DO have a hardware firewall in the modem... if someone can get past that a software firewall will not stop them either

negative, it is not about what someone requests from you, its about what you request from other, if you have outbound traffic for port 80 enabled for instance (and you have because you can not surf internet without it) then every outbound request (including malware) on that port will be granted by your hardware FW, Your hardware firewall can not distinguish what application tries to connect to internet, it know only (globally) on which port and ip addresses your PC tries to connect.

Per application outbound firewall is of essential value for potentially infected PC, Even MS acknowledge that and incorporated two way firewall in vista.

Link to comment
Share on other sites


Eset (Nod32) firewall is piece of garbage, what is use of this firewall when it can be bypassed by most stupidest leak technique,

BTW, NOD is very bad AV also and I expected HIPS module at least to patch uncovered holes in AV base but FW department is good for nothing, just average packet filter with a nice interface, not a personal firewall.

Yes, ESS for antileak is bad. But a firewall, a personal firewall is about in/out traffic, rules per application, allow/denied, advanced IP ranges rules, etc.

Antileak tests are about HIPS, behavior, IDS....... For this, and it's my own opinion not a suggest for nobody, I current prefer ESS + System Safety Monitor. Less resources needed, less conflictivity and less bugs than Comodo with his HIPS in my system (I was experienced this more than once).

NOD its'nt very bad, it's just in the "top ten" AV's, and I'm thinking that his advanced heuristics still unsurpassed.

On the other hand, NOD achieves more 100% "In-The-Wild" than others can achieve. "In-The-Wild" tests are more usefull for current people that are internet normally surfing. This is also my opinion, not a suggest.

Personal firewall must distinguish which application requesting network access, leak tests are proof of concepts for firewall bypassing techniques, so if svchost or IE or any network enabled appz./service have network traffic (controlled by ESS "firewall") that does not mean those services/applications actually made request.

"Firewall" in ESS is so bad that it doesn't deserve to call it firewall, it is a packet filter who maybe yes and maybe not recognize network accessing application...

Sorry for bad Eanghleeze

ESS (interactive mode enabled) recognizes all requests (inbound/outbound traffic) from "svchost", "IE", "Services", "MSI installers", "Processes", "Appz's"......! Have you tried & tested? I'm thinking not.

ESS also describes very well the IP attempt conexion (you can search it with "WhoIS" after), the protocol and the source signer and his location.

ESS also advert you if any appz/source for conexion was changed (Md5 checksum), and allow you to permit/denied the new changed appz/source for connect or not.

You can allow/denied for specific/general, single IP/IP ranges, protocols (TCP/UDP), single port/port ranges....

Anti leak tests are more than this! If I'm executing a suspicious file that create a process that write & inject some to a original system DLL, and this DLL is used by the system for some network work, this (I agree with you) sure cannot be detected by ESS, because this I'm using "System Safety Monitor" with ESS.

Firewall is firewall, protect surpass firewall is a HIPS, Behavior, IDS....others work. (It's only my own opinion).

Nowadays you can get:

Antiviruses with advanced behavior..... (Panda & others)

Antispys with HIPS, Behavior.......

Firewalls with HIPS, Behavior......

Internet Security Suites with.......

Separate programs for every thing with........

Virtualization engines

And..................

Only you can chosse the best for you, experience it for a time, and speak about this your experience & results with it.

You can't trust it, but say "a piece of garbage"?

Sorry my bad english too!!!

Link to comment
Share on other sites


Eset (Nod32) firewall is piece of garbage, what is use of this firewall when it can be bypassed by most stupidest leak technique,

BTW, NOD is very bad AV also and I expected HIPS module at least to patch uncovered holes in AV base but FW department is good for nothing, just average packet filter with a nice interface, not a personal firewall.

Yes, ESS for antileak is bad. But a firewall, a personal firewall is about in/out traffic, rules per application, allow/denied, advanced IP ranges rules, etc.

Antileak tests are about HIPS, behavior, IDS....... For this, and it's my own opinion not a suggest for nobody, I current prefer ESS + System Safety Monitor. Less resources needed, less conflictivity and less bugs than Comodo with his HIPS in my system (I was experienced this more than once).

NOD its'nt very bad, it's just in the "top ten" AV's, and I'm thinking that his advanced heuristics still unsurpassed.

On the other hand, NOD achieves more 100% "In-The-Wild" than others can achieve. "In-The-Wild" tests are more usefull for current people that are internet normally surfing. This is also my opinion, not a suggest.

Personal firewall must distinguish which application requesting network access, leak tests are proof of concepts for firewall bypassing techniques, so if svchost or IE or any network enabled appz./service have network traffic (controlled by ESS "firewall") that does not mean those services/applications actually made request.

"Firewall" in ESS is so bad that it doesn't deserve to call it firewall, it is a packet filter who maybe yes and maybe not recognize network accessing application...

Sorry for bad Eanghleeze

ESS (interactive mode enabled) recognizes all requests (inbound/outbound traffic) from "svchost", "IE", "Services", "MSI installers", "Processes", "Appz's"......! Have you tried & tested? I'm thinking not.

ESS also describes very well the IP attempt conexion (you can search it with "WhoIS" after), the protocol and the source signer and his location.

ESS also advert you if any appz/source for conexion was changed (Md5 checksum), and allow you to permit/denied the new changed appz/source for connect or not.

You can allow/denied for specific/general, single IP/IP ranges, protocols (TCP/UDP), single port/port ranges....

Anti leak tests are more than this! If I'm executing a suspicious file that create a process that write & inject some to a original system DLL, and this DLL is used by the system for some network work, this (I agree with you) sure cannot be detected by ESS, because this I'm using "System Safety Monitor" with ESS.

Firewall is firewall, protect surpass firewall is a HIPS, Behavior, IDS....others work. (It's only my own opinion).

Nowadays you can get:

Antiviruses with advanced behavior..... (Panda & others)

Antispys with HIPS, Behavior.......

Firewalls with HIPS, Behavior......

Internet Security Suites with.......

Separate programs for every thing with........

Virtualization engines

And..................

Only you can chosse the best for you, experience it for a time, and speak about this your experience & results with it.

You can't trust it, but say "a piece of garbage"?

Sorry my bad english too!!!

Link to comment
Share on other sites


einstürzende

It is a piece of garbage, when you buy personal firewall or security suite you should be able to control your network traffic properly (leak tests are also applications like viruses or spyware or rootkits), if you need some other software to patch holes then your suite or FW are piece of garbage because they do not fulfill purpose of their existence

Link to comment
Share on other sites


It is a piece of garbage, when you buy personal firewall or security suite you should be able to control your network traffic properly (leak tests are also applications like viruses or spyware or rootkits), if you need some other software to patch holes then your suite or FW are piece of garbage because they do not fulfill purpose of their existence

I get in the past a lot of bugs an 2 system crash from some of those FW that implement HIPS and scor hig on antileak tests, so I just starting with a my own well knowed HIPS program System Safety Monitor. So, I don't need another firewall with HIPS or Behavior, I need just a well configurable software firewall, and FW of ESS it's!

Most of others are needing more system resources than this combination, and need separate AV program = problems can success in many cases.

Other full integrated security suites need a highest resources also.

A piece of garbage for you, can be. Are you tested, sure? (you not answered this).

For me, really not! But it's welcome your opinion.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...