Testing firewalls

[Tarun]

I've going to be testing out a bundle of firewalls, and I have a nice list already together. If you can think of any additions, please let me know and provide a download link and I will test it. Trial versions are fine.

• Agnitum Outpost Free - Download
  
• Agnitum Outpost Pro - Download
  
• Comodo Firewall Pro - Download
  
• ZoneAlarm Free - Download
  
• ZoneAlarm Pro - Download
  
• eTrust Firewall - Have on CD, free from Microsoft
  
• Look 'n' Stop - Download
  
• PCTools Firewall Plus - Download
  
• Winpooch - Download
  
• McAfee Firewall Trial - Download*
  
• Norton Firewall Trial - Download*
  
• pktfilter - Download**
  
• Ashampoo Free - Download*
  
• Ashampoo Pro Trial - Download*
  
• Jetico Freeware Firewall - Download*
  
• Kerio Firewall - Download*
  
• Lavasoft Personal Firewall - Download*
  
• Sygate Firewall - Download*
  

* - Thanks to Ultimate Predator for the links.

** - Thanks to Eldmannen for the links.

After the firewall test, I will more than likely get more malware to infect my virtual system and test a bunch of anti-malware tools.

[Eldmannen]

Ashampoo Firewall

pktfilter

Kerio Firewall

Jetico Firewall

Lavasoft Personal Firewall

On download.com there are hundreds of firewall, I never even heard of them.

I don't think Winpooch is a firewall, I think its anti-spyware.

I think thin, slim, light-weight firewalls with extensive possibilities of hardcore in-depth configuration.

The best firewall, I've ever came across is iptables, but its for Linux only though.

[Ultimate Predator]

Nice list, look forward to the results.

McAfee Firewall Trial - http://download.mcafee.com/eval/evaluate2.asp

Norton Firewall Trial - http://shop.symantecstore.com/servlet/Cont...ductID=59770400

Ashampoo Free - http://www.ashampoo.com/frontend/products/...p;idstring=0050

Ashampoo Pro Trial - http://www.download.com/Ashampoo-FireWall-...&tag=button

Jetico Freeware Firewall - http://www.jetico.com/download.htm

Kiero Firewall - http://www.kerio.com/

Lavasoft Personal Firewall - http://www.download.com/3405-8022-5153545....dl&tag=top5

Sygate Firewall - http://www.download.com/3000-2092-10049526.html

[Tarun]

List complete. I believe we'll be covering a very wide spectrum of firewalls. Updated first post. Thanks everyone.

[Minu]

Winpooch is more classified as a 'H.I.P.S.' and should not be included here.

Here is another for your test - Privatefirewall - http://www.privacyware.com/personal_firewall_2.html

[Eldmannen]

Are you just going todo a personal test or a comparison that you will publish?

If you going todo a comparison, don't forget the built-in Windows Firewall.

[Tarun]

For the time being I'm going to document the basics on each firewall I test. The good sides and the bad sides as well.

The next series of test I'll run will be on free anti-malware tools. I may do a few that are pay; but the primary goal will be ones that are free for end users to use. I will have to gather a good deal of malware, though. :happybday:

[Synapse]

I will have to gather a good deal of malware, though.

shouldn't be hard.. just run IE and surf the net for like 10 minutes. =P

[Eldmannen]

For the time being I'm going to document the basics on each firewall I test. The good sides and the bad sides as well.

The next series of test I'll run will be on free anti-malware tools. I may do a few that are pay; but the primary goal will be ones that are free for end users to use. I will have to gather a good deal of malware, though.

How do you do the test?

Will you use virtualization todo the test?

Installing 20 different software just for a test doesn't sound like something I would do on my everyday-use machine.

I will have to gather a good deal of malware, though.

shouldn't be hard.. just run IE and surf the net for like 10 minutes. =P

LOL! Word. :)

[Tarun]

Yeah, I'm going to use a Virtual PC.

[Eldmannen]

You can run leaktest to test them.

You can also use nmap which is the best portscanner that exists. It is widely used in the security industry. Normally I don't think you can scan localhost, but maybe with a virtual PC, I don't know how they work, else you can use it from another PC.

Else you have to settle with something like GRC ShieldsUp!

[Tarun]

I'm going to go for the basics, as the best will be recommended to end users. I'll cover things like rules, alerts, things like that.

[Eldmannen]

Memory usage, stability, user interface, alerts, security, configuration, etc.

[Ultimate Predator]

Glad I could be of service.

[Eldmannen]

Some day, you have to try out iptables (Linux only).

Most firewalls or personal firewalls for Windows are actually some sort of packet filter/firewall + and IDS (Intrusion-detection system).

iptables is a small little command-line based stateful firewall application. No IDS. If you want an IDS, you can get one separate, such as Snort, etc or whatever IDS you prefer.

It runs, calls the netfilter API in the kernel about the rules you defined, then closes and does not run in the background.

In iptables, you write the rules (or get an application or script to generate them for you), and those rules you can define detailedly such as source port, destination port, source address, destination address, protocol, network interface and even TCP flags, ICMP codes, etc.

There are three tables, but you can add more tables with modules.

• The filter table for packet filtering which is good for firewalling.
  
• The NAT table which is good for routing.
  
• The mangle table which is good for QoS (Quality of Service) which allows you to put rate limiters, put priorities, do traffic shaping, etc. Example, you can do so that your VoIP or online game don't lag while you download stuff.
  

The tables have chains like input/output/forward and prerouting/postrouting. You can put the rules in the chains. And define a target for the chain, so if no packet doesn't match any rule in the chain, it goes to the target which can be like ACCEPT the packet, DROP (stealthily) the packet, or REJECT (gracefully) the packet, LOG the packet, or forward the packet to a third-party application like a logger, alerter or IDS. It supports both IPv4 and IPv6.

You can load modules which extend the functionality with extra tables, chains, targets, and features such as maximum concurrent connections, packets per second, bandwidth quota, packet length, random matches, string matching, time-ranged rules, TTL value match, etc.

With the "ipset" tool, you can load whole lists of IP addresses (blocklists) just as in PeerGuardian, and you can put them in one or more chains. If you put it in the INPUT chain, then none of those IP addresses can connect to you (good if you don't want them to be able to download files from you), and if you put them in the OUTPUT chain, then you cant connect to those IP addresses (good, if you want to unknowingly connect to baits).

iptables is no cute little skinned toy with an ON and OFF button. It is a real security tool.

[Tarun]

Here's the list so far:

• Agnitum Outpost Free - Downloaded
  
• Agnitum Outpost Pro - Downloaded
  
• Comodo Firewall Pro - Downloaded
  
• ZoneAlarm Free - Downloaded
  
• ZoneAlarm Pro - Downloaded
  
• eTrust Firewall - Have on CD, free from Microsoft
  
• Look 'n' Stop - Downloaded
  
• PCTools Firewall Plus - Downloaded
  
• Winpooch - Downloaded
  
• McAfee Firewall Trial - Unable to download, not found
  
• Norton Firewall Trial - Downloaded
  
• pktfilter - Beta only - skipped
  
• Ashampoo Free - Downloaded
  
• Ashampoo Pro Trial - Downloaded
  
• Jetico Freeware Firewall - Downloaded
  
• Kerio Firewall - Downloaded
  
• Lavasoft Personal Firewall - Downloaded
  
• Sygate Firewall - Unable to download, not found
  

[Ultimate Predator]

McAfee Firewall Trial - http://www.softpedia.com/get/Security/Fire...-Firewall.shtml

Sygate Personal Firewall Free - http://www.softpedia.com/get/Security/Fire...wall-Free.shtml

Sygate Personal Firewall Pro Trial - http://www.softpedia.com/get/Security/Fire...ewall-PRO.shtml

[Tarun]

Got them, thanks Ultimate Predator. :happybday:

[Ultimate Predator]

No problemo.

[Ultimate Predator]

# ZoneAlarm Free - Download

# ZoneAlarm Pro - Download

I was just wondering whether its worth downloading the ZoneAlarm Internet Security Suite and just disabling the AV, as it has so much more, including basic stuff that a firewall should have like SmartDefense™ Advisor (it looks really good): http://www.zonelabs.com/store/content/comp.../comparison.jsp

[RTZ]

Hey did anyone ever bother to test Online Armor Free? http://www.tallemu.com/free-firewall-prote...n-software.html

[Eldmannen]

Nope.

Nice, that it have keylogger detection though.

[RTZ]

I hope the announced testing includes this program. I never saw any follow up on any results. did I overlook any comparison results on the testing of all those firewalls.

[Tarun]

You can pretty much refer to Matousec, he dedicates research into the best firewall.

At the time of this research, Comodo was one of the very best, Outpost faired quite well too.

[Ultimate Predator]

Why does it say N/A for recommendation next to Comodo?