Avast WEBforum
Other => General Topics => Topic started by: MFB on April 13, 2005, 04:54:55 AM
-
Which Firewall is best suitable with Avast? I am currently using Window XP Firewall and just remove Zone Alarm cause it was causing problems with the internet.
-
Which Firewall is best suitable with Avast? I am currently using Window XP Firewall and just remove Zone Alarm cause it was causing problems with the internet.
This was discussed a lot of time.
Better will be the secure one that works in your system 8)
I suggest ZoneAlarm, or Outpost, or Sygate, or Kerio.
All of it have advantages and disavantages. All works with avast.
I just do not recomment you stay without one (using only the internal XP firewall...) :P
-
just remove Zone Alarm cause it was causing problems with the internet.
The only time ZA causes problems with the internet is if you don't permit access to a program or
a service.
-
just remove Zone Alarm cause it was causing problems with the internet.
The only time ZA causes problems with the internet is if you don't permit access to a program or
a service.
I am sorry to say that - but ZA may cause problems with the internet (with webshield more frequently that without it) when Privacy features are enables - especially Cookie blocking.
-
Cookie Blocking ? I don't even have that featue in my ZA Free... it really works flawless... I had some of those mentioned problems with Outpost though, but it was few months ago... I don't know how everything works with latest avast! releases. When I loose connection, nothing, absolutely nothing, would help, except turning Outpost OFF, and then ON back again...
ZA works fine here... maybe just because I use Freeware edition, I don't know...
Cheers !
-
Lukas, ZA (free) + my local proxy + avast is not a stable system.
I'm sure it's ZA, not avast. But, is there anything that could help you?
Does ZA have minidumps?
If I send you a minidump from my local proxy, can you read it?
Thanks.
-
If you're a home user, there's really no point in paying $40 for a firewall, as there are good free ones available.
I've tried ZA and Kerio.
ZA was the most user friendly but as well as the problem mentioned above, it also tends to corrupt it's own database or something and forget the rules you make as to which programs you want to be able to access the internet, which is annoying.
Kerio is a little more tricky to set up, but works smoothly, at least with XP. (I think the new version might have a few problems with 98, from what I've read on this forum.) Kerio does have a 'simple' mode, which is extremely easy to set up, but, like the XP firewall, doesn't control outgoing traffic. But then, all of the free firewalls can be a bit 'leaky', according to leak tests done by PC Flank for example. Kerio 2 has a lot of fans, but is more hands on.
(If you want the ultimate in outbound traffic control, Outpost is the one to beat at the moment, but does cost $40.)
Sygate also has a free firewall, very popular with many here, but often described as very user UNfriendly. It does apparently have a lot of advanced features (for advanced users?) but if you want an install it and forget it firewall, this might not be the one. It also doesn't have the intrusion detection feature of the pay version.
Outpost has a free firewall, but it is a very old version of their firewall and only recommended if you have need a firewall which takes up the minimum of resources.
My recommendation for the best free firewall at the moment is...
drumrole..
Well, I suppose I have to agree, whatever works for you.
But if you want a user friendly, set it and forget it firewall, ZA (if it works for you) or Kerio, if are prepared to use simple mode, or to have to think a bit more carefully about setting it up.
For more hands on users, Kerio 2 or Sygate.
I have a page on my site about free firewall, with my experiences of using ZA and Kerio, if anybody is interested. (Geocities + IE = crazy rendering, but Firefox is fine.) http://www.geocities.com/dontsurfinthenude/rec_firewalls.htm
-
As people have already said its comes down to personal appearance, me personally, i find Sygate is the best (its just ZA with extra ability), and very user friendly, closely followed by Outpost Pro then Zonealarm. (not tried Kerio)
But if you want a user friendly, set it and forget it firewall, ZA
How you can say 'corrupt it's own database or something and forget the rules you make as to which programs you want to be able to access the internet, which is annoying.' is user friendly is beyond me, but hey, we all have our own opinions.
So anyway, try them, see which one you like, the use it :)
--lee
-
I think the Pro version of Outpost offers the best ease of use, features and protection.
I use Sygate because it is easy to allow local area network connections and that allows me to share my internet connection. I found ZoneAlarm arduous in this respect.
-
I use McAfee Personal Firewall Plus 6. I'm really happy of it. There's only one problem and is not the firewall but the Security Center: this panel is studied to allow integrated access to the bundle (Virus Scan, Privacy Protector, ecc) but if you try to uninstall it, then in a few time you find problems with graphics, not about the efficiency. Now I have uninstalled it to try the new release of Outpost. I think it is not for lazy users. The automatic configuration for non experienced users - in my opinion - take the program out of control: pray and surf!!! The normal configuration is really complicated and is not certainly easy to learn. It seems the most professional firewall for home users but is also more expensive then McAfee... Outpost 2.6 don't support many languages, don't have the online support (chat, telefone), etc. Honestly, it seems built for IE, not surely for Firefox or Opera, in fact a lot of options are dedicated to AD blocking, Image blocking and other functions already supported by alternative browsers. In conclusion: thumbs up, about the power. thums down for the support.
-
We've been thru all of this before. ;D
http://forum.avast.com/index.php?topic=10539.0
The end result still comes down to personal choice as long as the firewall your using passes all the tests.
-
I think you probably mean Outpost Pro 2.6, which has just been released 2 days ago. I was very happy with the free version of Outpost 1.0 but there has been no further development on it for some considerable time.
So when a great deal to upgrade to the Pro version (lifetime updates) for a one off payment it took it. Would I have upgraded if I had to pay an annual fee, or for each further upgrade, probably not.
With the exception of one occasion when web shield first appeared on the scene and Outpost didn't ask permission and blocked it. That situation has been resolved and further updates have been recognised and requests for access were initiated as they should.
-
Lukas, ZA (free) + my local proxy + avast is not a stable system.
I'm sure it's ZA, not avast. But, is there anything that could help you?
Does ZA have minidumps?
If I send you a minidump from my local proxy, can you read it?
Thanks.
Technical, unfortunately such dumps are not very useful (at least for me). On our own software we can mentally trace how the program must have behaved so it came just to this point snapshotted in the memory dump, but for foreign products it's usually very hard to guess what they were trying to do. Of course, sometimes you may search for a specific situation but generally speaking it would not help much. :-\
-
Hi, Bob & David! How are you?
Well, just this morning I was thinking about the hrdware firewalls. The magazines says this is the best solution but I see ALL the PCs in my workplace (more than 4500!!!) are infected
day by day. My Hospital use hardware firewall + Sophos Antivirus: bad marriage! ;D. I think "If my firewall costs 39.00 € year... maybe the best solution is a HW firewall: 110-150 €... for life. Or not? What's your opinion, my wise evangelists? ;D ;D ;D
-
Thanks for sharing Lukas...
As I can see by other threads (http://forum.avast.com/index.php?topic=12320.msg107678#msg107678) that ZA is working bad with avast.
Worst: ZA support is useless... :P
-
The magazines says this is the best solution but I see ALL the PCs in my workplace (more than 4500!!!) are infected
Unfortunately they don't tell you the full story.
A hardware firewall provides great inbound protection but most provide zero outbound protection, for that you still need something to plug that gap and for most that means running a software firewall.
Many can't use a hardware firewall, such as myself as I'm on a dial-up connection. As far as I'm aware there is no router, come firewall, come dial-up modem to act as a hardware firewall.
-
that ZA is working bad with avast.
Worst: ZA support is useless...
Not in my opinion and I use it. ;D
[quotemaybe the best solution is a HW firewall: 110-150 €... for life. Or not?]The best solution is one of each. IMHO :)
-
Fair comment, Lee. (Re. Zone Alarm userfriendlyness.)
That's why I switched to Kerio, 'tis true.
I've never tried Sygate, but the reviews I've seen don't describe it as user friendly: in fact they say 'suitable for anyone who knows their way round an advanced firewall...too complicated for anyone who just wants to protect their computer and get on with their lives...competent software for experts on a budget.' Computer Shopper. And 'Our only concern is the interface, which won't suit novices.' Personal Computer World.
With reviews like that, I recommend ZA with its faults before Sygate, but recommend Sygate to experts like yourself. ;)
-
Despite the lack of support, I still find ZA to be a very effective and easy to use Firewall. :)
-
I have recently switched from ZA to Kerio pf and am happy with its performance and ease of setup.
Having read this and numerous other threads on the subject I decided to have a closer look a KPF and how it works. Can any other KPF users interpret this log report and confirm what i suspect in that there are 2 instances of active trojans sailing right by my hardware firewall as if it wasnt there and although caught by KPF ,how many other unidentified new ones are out there sailing by as well?
-
The two attacks may well have been blocked by Kerio's intrusion detection feature. Have you clicked the 'Find out more' link? What did it say?
Edit: You haven't included the bottom of your screen, but you appear to be looking at the intrusions log.
(http://donaldbroatch.users.btopenworld.com/kerio_intrusions.jpg)
From the Kerio website:
Intrusion detection
Potential intruders use various techniques to find out whether a targeted computer is vulnerable to attack. These techniques vary from simple port scanning to more elaborate exploits. Kerio Personal Firewall has a built-in intrusion detection system that identifies and blocks most known attacks.
The intrusion detection feature seems to be above and beyond the firewall feature, so a firewall will not block these probing techniques.
-
I've never tried Sygate, but the reviews I've seen don't describe it as user friendly: in fact they say 'suitable for anyone who knows their way round an advanced firewall...too complicated for anyone who just wants to protect their computer and get on with their lives...competent software for experts on a budget.' Computer Shopper. And 'Our only concern is the interface, which won't suit novices.' Personal Computer World.
With reviews like that, I recommend ZA with its faults before Sygate, but recommend Sygate to experts like yourself. ;)
FreewheelinFrank,
Sygate was the first firewall I ever used. I even installed it to other "newbies". None of them told me they found it difficult to use. Sygate has only one screen, while ZA has four (if I remember correctly). I switched to ZA when Sygate had some problems with avast's webshield (before making a short stop to use McAfee Firewall).
Bottom line: if anybody bothers to read the Help File (like I did), Sygate is very easy. It could become more difficult if you want to "tweak" it more - then you have to be an expert.
-
Spyros,
I'm only reporting the reviews I read of Sygate while looking for a free firewall: they certainly put me off trying it!
I certainly bow to your opinion if you have actually tried it, because I haven't!
The only thing that worries me about the free version of Sygate is that it doesn't have the intrusion detection feature of the pay version: the free version of Kerio does, and it seems to block a lot of bad stuff (see Cloussou's posting previously.)
respect. :)
-
The only thing that worries me about the free version of Sygate is that it doesn't have the intrusion detection feature of the pay version:
Yes, I agree with you...
But still, Kerio seems difficult for me at least, because of the rules. Rule-based firewalls seem more difficult to new users who just want it to work "right out of the box". And if they are not configured right, they might cause more trouble than good...
Anyway, I don't know much about firewalls, I believe Arup is the expert in this forum ::)
-
These are my Kerio rules:
(http://donaldbroatch.users.btopenworld.com/kerio_rules.jpg)
!
You can create advanced rules in Kerio 4, but it doesn't require you to.
I believe Kerio 2 might have been different, but Kerio 4 doesn't require you to create any rules (appart from which applications you want to allow to use the internet, if you choose to control outbound traffic) so you don't need a degree in network computing to use it!
-
I believe Kerio 2 might have been different, but Kerio 4 doesn't require you to create any rules
Hmm, interesting... I have only used the 2.15 version, which was rule-based. I will keep my eye on the new version then and try it out. Thanks FreewheelinFrank.
-
Thanks for the feedback Frank and yes it was the intrusions log I was referring to and BTW the find out more link was a dead end link . Be aware im not complaining as these attacks would be happening irrespective of what brand of firewall I run and its nice to know the IDS serves a purpose.
To shed a little more light on the difficulty / complexity of creating rules with Kpf i can advise that until i set Generic Host process and any other process toASK then i didnt need to create any rules.(see pic) With this setting in place a program would bring an alert and request to allow once or set a rule for a program requiring access. This made it really simple. :)
-
Setting up internet access rules is a bit more tricky than ZA.
When I tried ZA it asked me which applications I wanted to allow to access the internet, and the information the pop-ups gave made it easy to understand whether to do so or not.
I took ZA to Shield Up! after installation and it passed first time.
When I tried Kerio, it started asking me whether I wanted to allow connections from the internet to certain applications. The applications looked legit so I clicked yes. When it took Kerio to Shield Up!, it failed. I had to go back and change all the internet in rules to ask. I tried Shield Up again and denied any request to connect from the internet. This time Kerio passed.
After that I had one request to allow a connection to MSN when downloading a file, which I allowed, plus some mysterious requests for connection which I denied. Like yourself, I now have internet in set to deny for everything that has no need to accept connections, and I've had no more mysterious connection requests.
For a complete computer novice, I think Kerio would be the wrong choice, except in simple mode (which has no connection pop-ups,) because it's too easy to make mistakes like this.
Of course these internet application rules are really simple compared to advanced packet filter rules. My posting of the empty rule box shows you don't need to create any firewall rules, as opposed to connection rules.