(If too lazy to read the following couple paragraphs, begin reading after them)
I am currently looking for a firewall software that can achieve what i want it to achieve. I basically look for something able to manage rules depending on process name (if possible, with safeguards against malware, like file size/checksum checks), and with something i missed in some firewalls i have checked lately: A real comprehensive user-defined rules system. I tend to be very picky with things. I am of that kind of people whose first configured rule in any firewall was "block all incoming/outgoing to ports 1-65535 TCP/UDP from/to 0.0.0.0-255.255.255.255", with single exceptions added per port and program. I tried outpost firewall, but it lacked that level of detail when arranging rules.
What I would like from you, guys, is a somewhat descriptive opinion on what firewall softwares have you used, and how did they perform (performance-wise, intrusive, log management, rules management, auto-configuration, reliability...). I don't want "OMG THIS SOFTWARE IS THE BEST!" because as we all know, that is very subjective, and won't inform me about what i want to know. And yes, i know i could search the web, and i have many times, but i have been away from the network security world for almost three years, and many softwares i used are not around, and new ones arose; and now i don't have many old friends around to talk about these things with.
Of course, thanks!
EDIT: summarizing, what i would like explained at least is, by order of importance:
- Reliability: Taken as software without bugs which could affect security or system stability, or cause problems reading/managing logs.
- User-defined rules: The user can define personal rules non-dependant on software using them. As in, i wan't port 4080 open, even when no application is actively requesting access to it. For whatever reason.
- Performance: If a firewall is going to eat half my system resources because of it's fancy UI, even when it's hidden in system tray, i don't want it.
- *Optional: Applications with rules assigned are checked once a while (system start-up, system shutdown, and/or on network access request) for changes. I would accept size changes, but i'd prefer MD5 checks.
- *Optional: possibility to be externally configured in case windows decides to die on me. This could mean something as basic as -full- configuration export to *.ini/.cfg/.whatever, or something more complex as a full command line configuration system.
# This is not limited to free firewall softwares. Both, paid, free, and open source firewalls will be considered.
When it comes to firewalls, the standard Windows XP and 7 ones have never let me down. Just don't download dodgy stuff or go to dodgy sites and you'll be fine. Unless someone specifically targets you.
Given what I knew about windows firewall from past experiences, I'd rather stay away from it. I want a third party software that won't mysteriously grant access to certain system components to external servers even when told to not to do so, unless you tweaked half your system to avoid it.
@ PCTools: I use WindowsXP 64b, which apparently is not supported. After Comodo i will try to install it in my system and see if it works.
@Comodo firewall: I will try this one out, as it seems to fulfil the points 1, 2, and 3 i described. Still, i will accept more opinions.
Almost ALL the firewalls I have tried have gone weird with other components / software being changed like the modem or ISP or some other hardware/software combination
This includes Comodo, Sygate, Nod etc. They always cause problems especially with form interfaces or chat kinda programs and FLV using interfaces (like Youtube etc)
I decided not to use any and using threat sense kinda leak inspecting programs.
Its not the safest thing, sure, but I am also not very keen about firewalls' behaviours.
@SmoothWall: I lack access to an old PC to be used as a MITM or server.
@Comodo Firewall: Didn't work. At all.
First installation: "maximum security" installation. It installed, I rebooted, I managed the pop-ups about various software with auto-run on start-up, i open the main window, i open the logs... program freezes. I can't end the process as it's protected. I reboot. On start-up, the firewall calls for an error, apologizes... and closes. No firewall online. *great*
(an uninstall, two registry cleans, and a disk temp files clean later...)
Second installation: "middle option" in the installation menu. It installed successfully. I configured internet based services, LAN restrictions, local programs. I get disconnected from my wireless network. When the Wireless card tries to reconnect, it auto-disconnects again and system freezes. Completely. No mouse input, nothing. *stares at firewall icon*. Reboot. Firewall process uses 100% processor resources (both cores @100%). Process is protected, so I can not change core affinity to be able to do something more than... uninstall it, again. Both installations were firewall-only, no antivirus or other software. Both tries were done installing only the firewall software, without the antivirus.
It's a pity, considering it could export the whole set-up too, and load it again, which was one of the optional features I wanted.
Next option?
EDIT: blame my current lag, double post in the same post... strange.
Useful post is useful. & if you use wireless, you're open to attack from anyone then, even if you have your network/AP passworded.
Now, only serious things here please, this is a serious topic for those of us who use online banking and certain other things!
And, that thing about SmoothWall was a copy/paste from other forum where it was recommended. I copy/pasted it because some of you here might consider it interesting. It's a linux distribution designed to be installed in a low-end computer, working as a hardware firewall.