• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Looking for a new software firewall

AsRock

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
19,261 (2.95/day)
Location
UK\USA
System Specs
Processor AMD 3900X \ AMD 7700X
Motherboard ASRock AM4 X570 Pro 4 \ ASUS X670Xe TUF
Cooling D15
Memory Patriot 2x16GB PVS432G320C6K \ G.Skill Flare X5 F5-6000J3238F 2x16GB
Video Card(s) eVga GTX1060 SSC \ XFX RX 6950XT RX-695XATBD9
Storage Sammy 860, MX500, Sabrent Rocket 4 Sammy Evo 980 \ 1xSabrent Rocket 4+, Sammy 2x990 Pro
Display(s) Samsung 1080P \ LG 43UN700
Case Fractal Design Pop Air 2x140mm fans from Torrent \ Fractal Design Torrent 2 SilverStone FHP141x2
Audio Device(s) Yamaha RX-V677 \ Yamaha CX-830+Yamaha MX-630 \Paradigm 7se MKII, Paradigm 5SE MK1 , Blue Yeti
Power Supply Seasonic Prime TX-750 \ Corsair RM1000X Shift
Mouse Steelseries Sensei wireless \ Steelseries Sensei wireless
Keyboard Logitech K120 \ Wooting Two HE
Benchmark Scores Meh benchmarks.
Are you running the firewall locally on your PC? What about at your gateway?

If you really want to protect yourself, run a PFSense or Untangled solution at your gateway as both have solid firewalls, you could even run a VM of either, or of a Linux distro as they have firewalls that you can get into more advanced configurations with. VyOS on my UBNT ERL has a great stateful firewall that you can do advanced configurations in (mostly through CLI).

Frankly if you have a decent gateway firewall, Windows Firewall does the job just fine imho. And if you're better protected at your gateway/router, then your whole home/site is better off. Add into that OpenDNS for DNS filtering and you're that much better off.

I haven't used a local firewall program since ZoneAlarm many years ago...it was fun to track stuff but really didn't offer much of what I wanted or needed that wasn't already covered.

If you want complex, then get a network firewall appliance, and enjoy. If you can afford a Cisco, SonicWall, Juniper, UBNT, and beyond...then you'll find a lot to tweak and manage for how your firewall works on what networks and beyond. Sign up for OpenDNS Home (free), and manage what websites you can and can't browse, mitigating a lot of shit that would hit your PC before it can enter your network. Excellent options.

An ERL costs $99...worth every penny if you want a very good SoHo gateway/firewall. Add an AP for wireless, add a switch for more Ethernet ports. Then you have a real firewall, something that can handle more abuse. If you're into Virtualization and have a small home server with a couple of spare NIC ports, setup a PF Sense or Untangled VM, dedicate those ports to that VM (one LAN, one WAN) and filter to your heart's content. There's A LOT with each one, and it's worth the experience.

I guess my mentality goes to protecting my network at the gates, and relying on the OS solution locally. Has worked very very well for me, and my network, and has kept my kids from browsing stuff they shouldn't. The ERL + OpenDNS made a huge difference in that aspect. Really locally, I believe one should be utilizing AVAM (Anti-Virus/Anti-Malware) more-so than filtering ports and packets much beyond what the OS does with the provided solution...though that depends on the situation, site and needs. I will say Linux's firewall is pretty damn solid though, but then again, Windows Firewall is pretty good too once you get sorted how to configure it beyond its clunkiness...it gets the job done, it ain't pretty, it ain't informative, but it works. :)

:toast:
 
Well, until june last year I would have recommended Emsisoft Online Armor. It was the best damned firewall and gave you deep, total control, as well as having HIPS. Then they discontinued it and dumbed it down, incorporating it into their security suite. This seems to be a trend lately, and very few separate firewalls are left. I bit the bullet and upgraded my Avast Pro to Avast Internet Security to get the firewall.

Zone Alarm Free and Pro are very good, with Pro giving you tons of control. Be aware though, Zone Alarm makes Diskeeper not work. For some reason, despite my posting on their forums and writing to support, they refuse to get with diskeeper and do what needs to be done to not interfere with it. So I dumped them after ten years 2 years ago and they still have not fixed it.

Comodo gives you alot of control, but I don't like the layout. It's very confusing to me and is IMO only for experts. I believe it also still has HIPS. It might be right up your alley.

If you're of a mind to change AV solutions, the Bitdefender Internet Security firewall is one of the best quiet ones I've ever used, and scores highly on PC Mag reviews.
 
rtwjunkie said:
Zone Alarm Free and Pro are very good, with Pro giving you tons of control.
Click to expand...
Are you kidding ?
This is the worst firewall I've ever seen !
A big shit, badly designed and with a lot of bugs !
All their products require an online installation, this is an aberration for security.
Further more, as soon as you try to criticize them on their forum, your post is deleted and you're banned...

PrivateFirewall is much better !
 
Last edited by a moderator:
People still use firewalls on their local clients in a SOHO?

Eeep.
 
Using Comodo Firewall Free for years now.
 
Windows' built-in firewall is good enough honestly. TinyWall makes it even better.
Other than that the usual suspects: Privatefirewall & Comodo.

Kursah gave great insight as well!
 
Kursah said:
Are you running the firewall locally on your PC? What about at your gateway?

If you really want to protect yourself, run a PFSense or Untangled solution at your gateway as both have solid firewalls, you could even run a VM of either, or of a Linux distro as they have firewalls that you can get into more advanced configurations with. VyOS on my UBNT ERL has a great stateful firewall that you can do advanced configurations in (mostly through CLI).

Frankly if you have a decent gateway firewall, Windows Firewall does the job just fine imho. And if you're better protected at your gateway/router, then your whole home/site is better off. Add into that OpenDNS for DNS filtering and you're that much better off.

I haven't used a local firewall program since ZoneAlarm many years ago...it was fun to track stuff but really didn't offer much of what I wanted or needed that wasn't already covered.

If you want complex, then get a network firewall appliance, and enjoy. If you can afford a Cisco, SonicWall, Juniper, UBNT, and beyond...then you'll find a lot to tweak and manage for how your firewall works on what networks and beyond. Sign up for OpenDNS Home (free), and manage what websites you can and can't browse, mitigating a lot of shit that would hit your PC before it can enter your network. Excellent options.

An ERL costs $99...worth every penny if you want a very good SoHo gateway/firewall. Add an AP for wireless, add a switch for more Ethernet ports. Then you have a real firewall, something that can handle more abuse. If you're into Virtualization and have a small home server with a couple of spare NIC ports, setup a PF Sense or Untangled VM, dedicate those ports to that VM (one LAN, one WAN) and filter to your heart's content. There's A LOT with each one, and it's worth the experience.

I guess my mentality goes to protecting my network at the gates, and relying on the OS solution locally. Has worked very very well for me, and my network, and has kept my kids from browsing stuff they shouldn't. The ERL + OpenDNS made a huge difference in that aspect. Really locally, I believe one should be utilizing AVAM (Anti-Virus/Anti-Malware) more-so than filtering ports and packets much beyond what the OS does with the provided solution...though that depends on the situation, site and needs. I will say Linux's firewall is pretty damn solid though, but then again, Windows Firewall is pretty good too once you get sorted how to configure it beyond its clunkiness...it gets the job done, it ain't pretty, it ain't informative, but it works. :)

:toast:
Click to expand...

On each PC, i have thought about running some thing on a single system but power usage and other thing is another concern.

Dethroy said:
Windows' built-in firewall is good enough honestly. TinyWall makes it even better.
Other than that the usual suspects: Privatefirewall & Comodo.

Kursah gave great insight as well!
Click to expand...

Windows firewall is nothing but crap on a personal PC, on a server maybe if you know what you want to block\allow. but windows firewall allows all kinds of shit without asking.

HiSpeed said:
Are you kidding ?
This is the worst firewall I've ever seen !
A big shit, badly designed and with a lot of bugs !
All their products require an online installation, this is an aberration for security.
Further more, as soon as you try to criticize them on their forum, your post is deleted and you're banned...

PrivateFirewall is much better !
Click to expand...

Yeah passed experiences burned me so bad i will never try it again lol.

TinyWall, Any chance that used to be called Tiny Firewall ?, yet another i used to enjoy using ha.

rtwjunkie said:
Well, until june last year I would have recommended Emsisoft Online Armor. It was the best damned firewall and gave you deep, total control, as well as having HIPS. Then they discontinued it and dumbed it down, incorporating it into their security suite. This seems to be a trend lately, and very few separate firewalls are left. I bit the bullet and upgraded my Avast Pro to Avast Internet Security to get the firewall.

Zone Alarm Free and Pro are very good, with Pro giving you tons of control. Be aware though, Zone Alarm makes Diskeeper not work. For some reason, despite my posting on their forums and writing to support, they refuse to get with diskeeper and do what needs to be done to not interfere with it. So I dumped them after ten years 2 years ago and they still have not fixed it.

Comodo gives you alot of control, but I don't like the layout. It's very confusing to me and is IMO only for experts. I believe it also still has HIPS. It might be right up your alley.

If you're of a mind to change AV solutions, the Bitdefender Internet Security firewall is one of the best quiet ones I've ever used, and scores highly on PC Mag reviews.
Click to expand...

I may go the aVast way not to sure but it's much simpler than i am used to and lacks what i am after but it was very good back in the time i used to use torrent's a lot ;).
 
A good link : here !

Take care:
With WinXP, the MS firewall can't check the output accesses...
With Win7 and +, the MS firewall doesn't check the output accesses by default...
 
Glad to see this thread revived! :rockout:

I built a pfSense box that replaced my ERL a couple months ago...uses the Intel Celeron N3150 CPU, 8GB DDR3, a cheap 120GB SSD (overkill too I might add, but it was all cheap or I already had), a case with an SFX PSU...consumes around 20-25W at most I believe (if my UPS's consumption report is anything to go off of) and pfSense 2.3.1 is excellent. Not much of an issue for power consumption in my experience with it, runs cool, quiet, and has been excellent at filtering, providing extra features (Squid proxy, OpenVPN servers, site-to-site IPSec tunnels, etc). My ERL ran around 7W. For the security and capabilities offered, that's pennies for protection in the long run.

Honestly, Windows Firewall isn't bad if YOU manage it correctly, otherwise you're right and it is generally shit if not. It starts with how you manage your users and their access...no different than any other kind of network, SoHo, Enterprise, etc. This won't be fixed with different software in the end...

If you're allowing users to have admin accounts and blindly make system changes all the time instead of standard limited-user accounts and you're not keeping tabs or managing rules...then yes it is easy to allow shit through. Depends on how complex you want to get as well. Honestly bogging PC's down with a more complex firewall doesn't seem like the best answer to me...but everyone has a preference for what they need on their applications. :)

But really you should be doing better filtering in your gateway if you're concerned about protecting your network and its resources in the first place IMHO. Why even give shit a chance to get on your network when you can stop it? Why not do DNS filtering to stop malicious requests in AND out? Harden your gateway, and you might find less need to want to add more software to your workstations.

Another option? Ditch windows, install your preferred flavor of Linux and either install a GUI app to manage IPTables or learn CLI commands for IPTables. :D

Really all pfSense is, is a GUI that modifies IPTables...and adds a lot of functionality. Untangled is an excellent option as I mentioned earlier also.

:toast:
 
AsRock said:
Windows firewall is nothing but crap on a personal PC [...] windows firewall allows all kinds of shit without asking.
Click to expand...
That's gibberish.

AsRock said:
TinyWall, Any chance that used to be called Tiny Firewall ?
Click to expand...
No. Tiny Firewall was made by Tiny Software (acquired by Computer Associates in 2005).
 
Last edited:
TinyWall here.

PeerGuardian is a simple IP blocker.

with these two and Win10 Firewall you dont need much else, well except a trick or two to get Tinywall loaded first when booting.
 
You must log in or register to reply here.
Back
Top