Firewall Leak Tested Comparison

link:
http://www.firewallleaktester.com/tests_overview.php

A friend just showed this to me. The results are some what wasn't what I expected. You guys think theres any credibility in their test results?

ps; they made a completely unknown free firewall 'better' than all paid well-known programs.

 

It's possible. However most of those firewalls have the potential to stop just about anything; it all depends on how they're configured.

Also, I've tried Jetico personal firewall, it wasn't a very good experience; Not user-friendly, very difficult to configure, and isn't good at remembering settings. (by default, it isnt even set to remember settings on exit, so after spending half an hour setting it up, i discover it was all lost.) It wasn't very stable either, caused alot of problems.

 

I dont really care about the test results, but i use sunbelt kerio firewall and it works great!

 

Actually they probably are accurate. The problem with a software firewall is that they are software. Most malware can easily circumvent a firewall's outbound checks. The scary part is that they are actually more optomistic numbers than what is reality due to firewall fatigue. People just start clicking "allow" after about three or four warnings, so even stuff that does not go around the firewall can get through because many people just don't pay attention. It goes to show that your habits are your first and best defense.

 

So it doesn't matter what firewall software we use, its more on the which programs we allow and disallow?

And based on experience, once I've totally limited the cookies I've been receiving when visiting sites I've been getting ZERO results from adaware and spybot. nice.

Well I'm about to reformat my PC so I tried ZAPro (I tried ZAP because of that test above). Uninstalled my trusty kerio PF and installed this one. From the moment I connected to the internet and started surfing ZA tells me that it "has blocked an attack from this site and that site" something that Kerio never warned me about even at default configuartions. Now I don't know if Kerio did block those kinds of attacks and just went silent about it or it didn't block them at all. Btw the site i just opened was just mere my.yahoo.com

ps; i've only been connected for like 10 min and the ZA counter already rose to 70+ intrusions blocked. ZA sure loves to brag.

 

I got kinda bad news for you. First the reason Spybot and Adaware report zero intrusions after you turned off cookies is because they consider cookies an intrusion and they really aren't. Also, ZA says it has blocked 70+ things but it really hasn't

You see these software need to convince you that you made the right decision by going with them. And they want to push you to upgrade to the pay versions.

 

I see.... well since I don't install random softwares on my pc or allow website scripts to run without my approval using noscript; I'm 99% safe from spywares?

So both ZA and Kerio are pretty much the same? ZA just full of hot gas

 

I would say they offer very similar protection. Really, IMO good behavior is the first line of defense. AV, firewalls, anti-syware, etc are there for when good behavior fails. Scripting being disabled is a very good idea and will help alot.

 

My firewall isn't even listed. And I know it works great, 1.5 years no virus, no spyware.

 

Hmm....the test looks credible. Even download.com editors comment on Zonealarm working great on this tests. So exhibit A here ,been using Zonealarm for like 5 yrs. Works like a charm cos there wasnt any glitches, problems, viruses, spyware for that period!!!

Although im quite concern bout the numbers of block attempts which is like ten's of thousands!!

 

The intrusion alarms that ZA is telling you are not "hot air". However, they aren't anything you really need to know. Kerio is doing the same thing, just not telling you about it. There is an option in ZA to turn off these notices.
If you put a computer directly on the internet, it will be CONSTANTLY scanned by hundreds if not thousands of people/machines. Portscans, ping tests, port probing, etc. These are constants.
ZA is tellng you that it blocked this scans/probes, because it has. It's not lying to you. It (like every other firewall, software or hardware) "blocks" the scan by dropping the request instead of responding to it. Thus, the scanner has no idea your computer even exists. If the bad guys don't know you're there, they can't attack you.
I used ZA when it first came out. Before the "big guys" even thought about blocking outbound requests (the main problem with spyware). It has always performed admirably, and I have no qualms about recommending it to anyone.

 

Ohhhhkay... I went back to kerio. One major factor why I came back was the absence of Advertisement Blockers by ZAPro. I knew something was really wrong when I was surfing and good gracious i kept on seeing a LOT of advertisements. Now I'm back with Kerio and have 90% of the ads blocked now. Not that I'm biased; I really wanted to move to ZA since its a more updated software than my dec xx 2005 verion of kerio, I tried but those extra ads was just too much for my eyes

 

Yeah I thought I had heard the Kerio is no longer going to be supported.

Also has anyone heard of Outpost? It ranked higher on these tests and a lot of sources I've been reading say it is incredibly good.

 

I've been using Outpost on my prehistoric Pentium 233MMX machine (version 2.1) and it also has adblock (for those who don't use firefox) and a really reliable engine + interface.

The new 3.51 version is also reported to be very good. I am using Jetico on my notebook (suspected lower resource usage - but not proven against Outpost), but I have recently bought a license for Outpost. Jetico does not seem to be developed, Outpost, on the other hand, is developed actively.

 

Jetico is developed, but not sure if version 2.0 will be freeware (beta can be tried but it has expiry date...). And firewall is not antivirus it does not need updates (excluding bugs repairs) especially if it's doing great in leaktests.

 

so there is already a version 2 beta? Good to know. Thanks. Are there somewhere some preliminary tests/screenshots? I'd love to see the new interface, butreluctant to install it on my computer since 1.0.61 is running fine (with small bugs/annoyances)

 

Not sure, tried instaling it, but saw expiration date...
I wonder if 2.0 will be freeware.

 

Tried? So you did not install it at the end? But if yes, could you please post some screenshots? (maybe in an other tread, + some info about subjective speed/performance and memory utilization).
Thanks you.

 

I am using Norton Internet Security 2006 because it came with my laptop and expires in 60 days. According to my research, Outpost will be on the top of my list because according to this review it does not reveal browser info unlike Norton and Zone Alarm. My next choice would be Comodo as its free and more capable than the free version of Zone Alarm.

 

Unfortunatelly no, because it's not clear (at least for me) whether it will be free, and running it with expiration date.... I won't try it now (maybe after I get my laptop but it will be at least 1 month from now).

Here http://www.jetico.com/index.htm#/jpfirewall.htm is more info about it and download link.

Most important IMO:
Jetico Personal Firewall v2 runs as privileged Windows service. It can protect computer before user logon.

And if someone tries it please write about it.

 

Jetico was not rated highly in several European magazines particularly the latest issue of PC Utilities.

 

And why did it get low scores? In leak test on internet it was the best....

I found link for beta version forum http://wilderssecurity.com/showthread.php?t=141626

 

PC Utiltities, which is a British magazine, reviewed 8 firewalls with their awards going to Comodo, Norton , Netveda and McAfee. Jetico was at the bottom. I do not not know what version this is but I bought this magazine a few weeks ago. Their issues were that there was too many pop-up alerts and convoluted rule creation. Compare to the others, they did not find it straight forward and found that the interface overcomplicated manners. The article ends like this: "With plenty if other freeware options, you'd be well advised to look elsewhere for protection."

The entire article leaves me with the impression that they value more ease of use and lack of mainteneance rather than effectiveness. The realtiy is that the vast majority of people are not interested in being network administrators. They just want a solution that comes out of the box and works.

At the same time, a Leak Test is test is for one type of possible scenario. I would prefer reading a test that encompasses other kinds of scenarios adn then choose best of breed. This is why I am leaning towards Outpost Pro 3.51 and Comodo.

 

Hmm tried Comodo didn't like it, liked kerio 2.15 though but after strange bug I started using Jetico 1.x and for now I'm sticking with it.

Generally speaking the basic role of firewall is to not allow leaks, nothing more, being easy to control is a bonus.

Thus if you know what you are doing Jetico is a very good choice, and if you use it well in most cases it will be super performer (altough sometimes strange bugs can be seen).
Not recomended for beginers.

But could someone write what firewall is good for "computer disabled" people?

 

A router. I know it is not a fancy program with all these bells and whistles, but if you put a software firewall on a novice's computer, they will quickly minimize it's value by clicking allow on just about every pop-up they have. They will have zero idea what they are allowing. You are better of installing Firefox and a router and then a good AV and Anit-spyware, then tell them what good internet habits are and that those are the most important security feature they could have.

 

Bingo!
I haven't had a software firewall on my desktop in over 4 years. (My lappy runs one when i'm not at home. Never trust someone else's network unless you built it.)

You could even lock down the router config to only allow www, email and ports for IM programs (ICQ, AIM, MSN, etc). They probably wouldn't even notice. A halfway decent home router is the same price as most software firewalls and will last years. no $$ subscription updates, licensing, etc.

 

But this test only did outbound leaks, not inbound, so why does this test even matter?

 

Inbound IMO are easier to repel (and router can greatly help in those situasions). But outbound are the real problem, eg. trojans sending spam with infected system through IE etc. And in this case router won't usually help

 

My words! A router is a good 1st step defense. But definitely not enough.
Thing is, I have never used an Anti-spyware. And I have never needed it. Proactive security & behaviour is the efficient solution.

With a properly set-up powerful firewall (Jetico/Outpost), great Antivirus (Nod32), a good browser (anything but IE) AND EXEC DISABLE BIT enabled in Windows XP SP 2 for evey single application, I can safely browse even the most dangerous websites. During the 10+ years I've been working on a PC, no virus/trojan could infect my PC (and I've seen a virus warning only a couple of times, like 5-8 on my OS).

Jetico is a very powerful firewall, but definitely not for the beginners. I consider myself advanced in firewalls, but it took me 3 days until I fully understood the logic behind. However, with that knowledge, I was able to set up Jetico in a way, that now it is really easy to maintain it, and I don't get unsolicited popups.