Good Free Firewall for Windows XP?

[starwars7]

I tried to do a search for this, but didn't come up with anything.

Does anyone know of a good Firewall for Windows XP?

Thanks!

 

[Sid59]

http://www.personalfirewall.comodo.com/

 

[elcamino74ss]

what's features does the built in firewall not have that you want?

 

[lusher]

Probably bi-directional filtering.

 

[corkyg]

I bought Comodo - but uninstalled it because it had no activity icon in the tray. I then tried Sunbelt Kerio Personal Firewall, and it has been great. I got rid of ZA Pro (bought) after 2 years - just too bloated - slowed the system down too much and delayed Windows loading.

 

[Ultralight]

Originally posted by: corkyg
I bought Comodo - but uninstalled it because it had no activity icon in the tray. I then tried Sunbelt Kerio Personal Firewall, and it has been great. I got rid of ZA Pro (bought) after 2 years - just too bloated - slowed the system down too much and delayed Windows loading.

corkyg, if you don't mind me asking, what version of Kerio are you running and is it the full paid version? The reason I asked is beacuse version 7.14 and earlier were a BSOD nightmare for me and countless thousands. My minidumps confirmed it was their kfys.sys driver time and again causing system crashes.

Now that my license has run out I am running a free version of the firewall minus HIPS and other abilities. Here is the thing: Once HIPS went so did my BSODs. I am not sure if it liked my other security software: NOD32 and Webroot Spysweeper (which the latter is another issue altogether).

Thanks and sorry for the thread highjack.

 

[irishScott]

Originally posted by: corkyg
I bought Comodo - but uninstalled it because it had no activity icon in the tray. I then tried Sunbelt Kerio Personal Firewall, and it has been great. I got rid of ZA Pro (bought) after 2 years - just too bloated - slowed the system down too much and delayed Windows loading.

Ummm... yes it does...
*Looks at activity icon*

 

[Lemon law]

Originally posted by: corkyg
I bought Comodo - but uninstalled it because it had no activity icon in the tray. I then tried Sunbelt Kerio Personal Firewall, and it has been great. I got rid of ZA Pro (bought) after 2 years - just too bloated - slowed the system down too much and delayed Windows loading.

I get a wee mite puzzled here. Somehow its implied that watching some activity icon in the firewall makes you secure? And where did the bought come from because most versions of comodo are free. And as irish Scott points out comodo does have an activity icon you can put on the task bar. And within the comodo program itself are other activity monitors.

But at least where I come from, firewalls are evaluated by raw performance, versatility, footprint size, by leak tests, ease of set up and use, and quite a few other criteria. Quite a few security web sites objectively rate firewalls. And something like Gibson Research's Shield up will test your firewall on line. And it takes some user input to help the firewall distinguish between solicited and unsolicited files. One often has to write special rules and exceptions for things like networks or special surfing habits. And modern firewalls can often distinguish what set of applications are safe. Making something like Kerio, while small footprint, somewhat hopelessly outdated.

And some firewalls work with some OS's and not others. And as has been pointed out, some of the ZA firewalls tend to be over bloated and can bring anything but a fast modern computer to its knees. In short, software firewalls are not a super simple subject and some user research is recommended. Fortunately there is quite a bit of information on firewalls
in the security section of anand tech. Or find John's Malware guide.

 

[stash]

Somehow its implied that watching some activity icon in the firewall makes you secure?

Most of the software firewall market depends on people buying into this "security". This is why we have gotten to the point where people derive security value in a software firewall that filters outbound traffic.

Quite a few security web sites objectively rate firewalls.

Care to list some? I haven't seen many. Most sites dismiss firewalls as crap if they don't have outbound filtering, which is hardly objective.

 

[buzz12]

i used kaspersky internet security and just recently added sygate personal firewall.
sygate is something amazing.. give it a try!

 

[Lemon law]

Originally posted by: buzz12
i used kaspersky internet security and just recently added sygate personal firewall.
sygate is something amazing.. give it a try!

Got some questions here especially since I used to use Sygate 5.5 as a firewall. Sygate is somewhat like the various Kerio firewalls with a selling point virtue of a small footprint. And like Kerio, Sygate was bought up by other security vendors to basically eliminate the competition. Making the older versions now somewhat antiquated and not revised to meet
modern conditions.

But now you are using BOTH Kaspersky internet security which I assume includes Kaspersky's very good paid software firewall in addition to using some version of the Sygate software firewall??

Are you aware that one is basically restricted to USING ONE AND ONLY ONE SOFTWARE FIREWALL at a time!!!!!!! And if you use two or more software firewalls at a time, the conventional wisdom is that they will conflict with each other and can really screw you up.

For that matter, anyone using WIN XP with SP2, gets you the Win XP SP2 firewall by default. And anyone desiring to run some other software firewall with SP2 installed, requires disabling the SP2 firewall. Which can be somewhat automatic with some modern software firewalls or can require some extra manual steps with others. Being a past user of Sygate 5.5, it took those extra steps, but I think the 5.6 version of Sygate does not. But any interested in the sygate firewalls can still find sygate forums dedicated to answering those questions. Just google "sygate forums".

 

[Lemon law]

Originally posted by: stash

Somehow its implied that watching some activity icon in the firewall makes you secure?

Most of the software firewall market depends on people buying into this "security". This is why we have gotten to the point where people derive security value in a software firewall that filters outbound traffic.

Quite a few security web sites objectively rate firewalls.

Care to list some? I haven't seen many. Most sites dismiss firewalls as crap if they don't have outbound filtering, which is hardly objective.

In terms of listing some sites that rate firewalls.
Try---------http://www.spywarewarrior.com/index.php
or--------www.castlecops.com/
And there are quite a few others but those will do for a start.

But the philosophy behind having a two way firewall is basically in prevention. If you have a computer that has become infected with some sort of malware, a firewall that filters outgoing traffic may prevent said malware from opening ports to send your sensitive data
back out to some rascal who can and will use it to damage you. And because the SP2 firewall lacks that outbound filtering, its just one of many strikes against using the SP2 firewall.

The one two virtues of the microsoft SP2 firewall in win XP are. (1) Its free. (2) Its better than nothing. And for perhaps 2/3 of computer users, better than nothing in an ignorance is bliss world is huge.

But in Vista, microsoft does provide a free 2 way firewall.

 

[Lemon law]

Originally posted by: Lemon law

Originally posted by: stash

Somehow its implied that watching some activity icon in the firewall makes you secure?

Most of the software firewall market depends on people buying into this "security". This is why we have gotten to the point where people derive security value in a software firewall that filters outbound traffic.

Quite a few security web sites objectively rate firewalls.

Care to list some? I haven't seen many. Most sites dismiss firewalls as crap if they don't have outbound filtering, which is hardly objective.

In terms of listing some sites that rate firewalls.
Try---------http://www.spywarewarrior.com/index.php
or--------www.castlecops.com/
And there are quite a few others but those will do for a start.

But the philosophy behind having a two way firewall is basically in prevention. If you have a computer that has become infected with some sort of malware, a firewall that filters outgoing traffic may prevent said malware from opening ports to send your sensitive data
back out to some rascal who can and will use it to damage you. Basically, breaking into Ft. Knox is only half the job, breaking in does no good if you can't get the gold out. And because the SP2 firewall lacks that outbound filtering, its just one of many strikes against using the SP2 firewall. Basically microsoft sending less than a boy to do a man's job.

The one two virtues of the microsoft SP2 firewall in win XP are. (1) Its free. (2) Its better than nothing. And for perhaps 2/3 of computer users, better than nothing in an ignorance is bliss world is huge.

But in Vista, microsoft does provide a free 2 way firewall.

 

[Lemon law]

Originally posted by: Lemon law

Originally posted by: Lemon law

Originally posted by: stash

Somehow its implied that watching some activity icon in the firewall makes you secure?

Most of the software firewall market depends on people buying into this "security". This is why we have gotten to the point where people derive security value in a software firewall that filters outbound traffic.

Quite a few security web sites objectively rate firewalls.

Care to list some? I haven't seen many. Most sites dismiss firewalls as crap if they don't have outbound filtering, which is hardly objective.

In terms of listing some sites that rate firewalls.
Try---------http://www.spywarewarrior.com/index.php
or--------www.castlecops.com/
And there are quite a few others but those will do for a start. But no one should ignore the real gem on the security forum of Anand tech which is the security resource thread at top by Schadenfroh. An EXCELLENT overview of all aspects of computer security.

But the philosophy behind having a two way firewall is basically in prevention. If you have a computer that has become infected with some sort of malware, a firewall that filters outgoing traffic may prevent said malware from opening ports to send your sensitive data
back out to some rascal who can and will use it to damage you. Basically, breaking into Ft. Knox is only half the job, breaking in does no good if you can't get the gold out. And because the SP2 firewall lacks that outbound filtering, its just one of many strikes against using the SP2 firewall. Basically microsoft sending less than a boy to do a man's job.

The one two virtues of the microsoft SP2 firewall in win XP are. (1) Its free. (2) Its better than nothing. And for perhaps 2/3 of computer users, better than nothing in an ignorance is bliss world is huge.

But in Vista, microsoft does provide a free 2 way firewall.

 

[jzodda]

I still love Kerio 2.1.5

Its free, low resource, never caused me any problems with XP SP2 and works great even after all this time. I am sure you can find places to download and try it out.

 

[BW86]

Kerio 215

 

[madh83]

I reinstalled my OS and used to use the older kerio too. It was a great firewall, but now I can't find the older one, the link above doesnot seem to work for me= (

I tried comodo, which seems to do a good job, but it takes up considerable cpu cycles on my p43.0ghz. It averages only around 3-4% but at some points it jumps to 20%! This causes some skipping when I'm watching movies which is a huge detraction.

 

[Lemon law]

Originally posted by: madh83
I reinstalled my OS and used to use the older kerio too. It was a great firewall, but now I can't find the older one, the link above doesnot seem to work for me= (

I tried comodo, which seems to do a good job, but it takes up considerable cpu cycles on my p43.0ghz. It averages only around 3-4% but at some points it jumps to 20%! This causes some skipping when I'm watching movies which is a huge detraction.

Try the following link I can't vouch for--------www.321download.com/LastFreeware/page7.html
I just googled Kerio 2.15 downloads and that was the first hit of many.

And don't give up on comodo yet, its still likely in learning mode and should use less resources
when its learned your internet sites. Which is common to any newly installed firewall.

 

[stash]

But the philosophy behind having a two way firewall is basically in prevention. If you have a computer that has become infected with some sort of malware, a firewall that filters outgoing traffic may prevent said malware from opening ports to send your sensitive data back out to some rascal who can and will use it to damage you

That great, but the philosophy is fundementally flawed. The most obvious flaw is that all the malware needs to do is use your browser to send the data. What box doesn't allow port 80 outbound?

But the real flaw is expecting code running in the context of a user to be able to stop other code--running in the same context--from doing anything. Think about it. On XP, you have the ability to open ports outbound on the firewall software of your choice. How are you going to stop any malicious code (which is running in your user context) from doing the same exact thing? (You can't).

Even if you require administrator rights to open a port, you're still stuck with ports that are already open. It's ridiculously easy for malware (running as you) to lauch a browser and send its payload. The main point is this: there is no isolation between applications running the same user context. As long as that remains true (and it will unless Windows is fundementally redesigned), outbound firewalls are worthless for preventing anything.

And because the SP2 firewall lacks that outbound filtering, its just one of many strikes against using the SP2 firewall.

This is not a strike (see above). What are some of the other many strikes?

But in Vista, microsoft does provide a free 2 way firewall.

Yes, and it is not billed as preventing malware from doing shit you don't want. Well it might be by some of the marketing droids, but you'll never hear anyone technical at MS say that.

 

[lxskllr]

Kerio4.1.2

Sygate, I don't remember version

ZoneAlarm This one's very old, but I think it's the good one before it got buggy

 

[lxskllr]

Originally posted by: stash

But the philosophy behind having a two way firewall is basically in prevention. If you have a computer that has become infected with some sort of malware, a firewall that filters outgoing traffic may prevent said malware from opening ports to send your sensitive data back out to some rascal who can and will use it to damage you

That great, but the philosophy is fundementally flawed. The most obvious flaw is that all the malware needs to do is use your browser to send the data. What box doesn't allow port 80 outbound?

But the real flaw is expecting code running in the context of a user to be able to stop other code--running in the same context--from doing anything. Think about it. On XP, you have the ability to open ports outbound on the firewall software of your choice. How are you going to stop any malicious code (which is running in your user context) from doing the same exact thing? (You can't).

Even if you require administrator rights to open a port, you're still stuck with ports that are already open. It's ridiculously easy for malware (running as you) to lauch a browser and send its payload. The main point is this: there is no isolation between applications running the same user context. As long as that remains true (and it will unless Windows is fundementally redesigned), outbound firewalls are worthless for preventing anything.

And because the SP2 firewall lacks that outbound filtering, its just one of many strikes against using the SP2 firewall.

This is not a strike (see above). What are some of the other many strikes?

But in Vista, microsoft does provide a free 2 way firewall.

Yes, and it is not billed as preventing malware from doing shit you don't want. Well it might be by some of the marketing droids, but you'll never hear anyone technical at MS say that.

:thumbsup:

 

[fredk]

Getting off topic but...

But the real flaw is expecting code running in the context of a user to be able to stop other code--running in the same context--from doing anything.

Unless you use a firewall on a dedicated machine running a different OS???

Fred

 

[stash]

Unless you use a firewall on a dedicated machine running a different OS???

Sure, a dedicated machine helps separate user contexts. The OS that you use is irrelevant. But a dedicated firewall still won't stop malware from sending payloads over port 80 or any other open port. Unless you block port 80, which not many networks do.

Outbound filtering, whether with a host-based firewall or a dedicated device is more about management than security. If you don't want users on your computer or network running instant messaging, you block it with a firewall. But if you're trying to use it to stop the spread of a malware outbreak on a computer or your network, you are wasting resources fighting a battle you've already lost.

 

[gsellis]

Originally posted by: stash

Unless you use a firewall on a dedicated machine running a different OS???

Sure, a dedicated machine helps separate user contexts. The OS that you use is irrelevant. But a dedicated firewall still won't stop malware from sending payloads over port 80 or any other open port. Unless you block port 80, which not many networks do.

Outbound filtering, whether with a host-based firewall or a dedicated device is more about management than security. If you don't want users on your computer or network running instant messaging, you block it with a firewall. But if you're trying to use it to stop the spread of a malware outbreak on a computer or your network, you are wasting resources fighting a battle you've already lost.

:thumbsup::thumbsup::thumbsup:

Expecting an outbound to be much better than just an inbound is a false hope. When XP SP2 came out, that was a little more true. Malware now expects that and can either exploit the firewall or just wrap it in 80 or 443.

/use a hardware firewall in my router and XP SP2 firewall. Still malware free.

 

[Lemon law]

Maybe I am somewhat wrong here but I would argue that a modern firewall like comodo will help some in both inbound and out bound filtering. Even when we are talking about an open port that must be left open, and a web browser that has permission to use open ports.

I certainly notice that my comodo firewall monitors not just the generic gross items like ports and programs, but also sub parts of a program like a browser and the ways it interacts with other programs. Issuing permission requests with ways to find out exactly what other programs are attempting to use the browser to send packets in or out.
Granted a user can defeat these protections by issuing a blanket yes to all firewall queries , but a modern firewall often has many tools some one even semi security educated can use to track legitimate and illegitimate use.