Is outpost firewall the best firewall? Rarely do most people have it. From polls, Kerio, Norton, and Zonealarm where some of the popular ones. I do like the plug-ins and alert features, but is it the best protection for a personal firewall?

If you tell me which is the best automobile, I'll tell you what's the best firewall.

'Popular' does not necessarily mean 'best' -for a small company swimming with much larger sharks, agnitum manages to stay up there near the top of the ratings in the independant tests.

Zonealarm is the best.:p

For official ZA users:

http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html

Proposed commercial moto for ZA:

"ZA the first firewall that should block itself..."

There is no best firewall but Outpost is up there with the others. I currently use Outpost and am pleased with it :)

I'd say... iptables :cool: Regards, MZ.

Outpost is the best for me.. :D

That's it exactly. The best firewall is the one you understand the best. It's the configuration you perform that often provides the most secure machine. If you know how to do it then that's the best for you. Since this is the OP forum, vsix comment's aside, you'll most likely get that OP is the best.

I wonder what vsix is doing around here since he likes ZA so much? A possible ZA spy :eek: :eek:

Outpost Firewall 3.5 hands down!!

The best TRUE firewall, is a hardware router, since that embodies tha actual concept of a firewall far better than anything running on the machine it is supposed to protect.

If I had to buy one right now, I'm sorry but it wouldn't be Outpost ... it would be the Sunbelt/Kerio special offer. Can Agnitum answer this $14.95 deal ?

If I had to buy one right now, I'm sorry but it wouldn't be Outpost ... it would be the Sunbelt/Kerio special offer. Can Agnitum answer this $14.95 deal ?

I would look VERY CLOSELY at the 11th March 2006 results from http://www.firewallleaktester.com/tests.php and see how Sunbelt/Kerio and Zone Alarm Pro performs against the likes of Outpost 3.5!!!!! :D

Richie

The other one I like the look of (not tested there), is:
Core Force (http://force.coresecurity.com/)

Seems to be unique, innovative, highly configurable. Quite unusual is the ability to adminster controls on file and registry access on a per-application basis, so that (for instance), confirmation could be required for access to any reg keys or file areas associated with startup. The main drawback I can see is that the advanced capabilities allow a lot of room for mistakes, but it looks worth investigating if the "newbifying" of Outpost 3.5 turns you off of it.

Rickster100, Outpost did do much better
than Kerio, thats good news

Rickster100, Outpost did do much better
than Kerio, thats good news

Hello,

Yes very much so, I was surprised to see how poor Kerio performed in the tests, thats not good news for Kerio users. It would be interesting to see what Sunbelt do with the product. They have done a good job with CounterSpy I think, its one of the best Antispyware progs out there, so Kerio could be one to look out for in the future.

I am glad outpost did do well, they kind of confirm my leaktesting posts a couple of weeks back. But Outpost needs to be at the top of the list for next year. A FREEWARE firewall came out at the top, so thats not good for any of the other "licensed" firewalls. It just shows how much more work needs to be done in terms of leaktest security for the vast majority of software firewalls available. I agree with Manny and MTDAY on their comments on this topic!

By the way, I think your daily postings of new updates of the various security softwares is very useful, for people like me who prefer to update manually whenever possible, it reminds me to check for updates on all my various softwares.

Lets hope Agnitum make a real effort over the next few months to get these Leaktest failures resolved. I am very satisfied with Outpost 3.5 but want it to be better.

Richie

A FREEWARE firewall came out at the top, so thats not good for any of the other "licensed" firewalls. It just shows how much more work needs to be done in terms of leaktest security for the vast majority of software firewalls available.Perhaps Outpost Free should have been included in the tests also - the results might then shame Agnitum into updating (or withdrawing) it.

Perhaps Outpost Free should have been included in the tests also - the results might then shame Agnitum into updating (or withdrawing) it.
Good OLE days are gone, eh P2K?

It is a shame:(

'Popular' does not necessarily mean 'best' -for a small company swimming with much larger sharks, agnitum manages to stay up there near the top of the ratings in the independant tests.

concordant with you.
e.g in Russia, popular firewall is Kaspersky Labs.

Perhaps Outpost Free should have been included in the tests also - the results might then shame Agnitum into updating (or withdrawing) it.

I agree. Its a poor firewall which doesnt stop OUTBOUND requests at all! They should at least modify it to do this or withdraw it completely.

Richie

It seems that people have forgotten the true purpose of a firewall.

A firewall is a device or application that stealths and blocks unsolicited incoming connections. NOTHING MORE!

Component control, outbound control, cookie and active content control, private data blocking, spyware scanning, antivirus etc etc etc ARE NOT FIREWALL APPLICATIONS.

An excellent firewall is simply a router, or even Windows XP firewall. Anything beyond this goes into the realms of clever marketing, convincing users that the "extras" are indeed component parts of a firewall, and if a "firewall" doesn't have them, then it is not a good firewall.

Stop a moment, and consider the facts above. Firewall comparison tests should really ONLY consider the effectiveness of the actual "firewall", all other add-ins are technically stand-alone applications that do a completely different job, but which have been incorporated into a "package" that has caused users to come to believe that these components are actually an intrinsic part of a "firewall". They are not.

Just my thoughts.... but if you start thinking along these lines you might be enlightened :D

nippauls

A firewall controls data flow in both directions. This is just as its namesake firewall prevents the spread of fire from one side to the other regardless of which side is burning.
A firewall is a device or application that stealths and blocks unsolicited incoming connections. NOTHING MORE!
This describes a router.

Hi Firepost,
Even you have been taken in by all the marketing :D
The original and correct definition of a computer firewall is a device or application that "stealths" the computer(s) behind it, and that prevents ingress of unsolicited traffic.
Outbound control came later as one of the marketing strategies to make a product "better" than its competitors.
Outbound "control" is a misnomer, because you may create the most fantastic rules, but in the end if you don't give an application EXACTLY what it demands, it simply won't work.
If you have a "firewall", a good AV and anti spyware application on your pc, and your browser and email client settings are correct, and you use common sense, then there will be nothing in your PC that you need to "control" with regard to its outbound activities.
It has been a long time since I used a software firewall (apart from a bit of beta testing) and I have still had no viruses etc.
And if you think I am incorrect, ask Steve Gibson for whose knowledge I have great respect :D
Windows XP firewall is an EXCELLENT firewall, in that it provides stealth and blocks unsolicited inbound traffic.
Outpost is excellent but people must be aware that 80% of Outpost is now made up of applications that do not come under the definition of "firewall".
All I want to do is try to point out that the actual "firewall" part of modern security suites is minimal and that the term "firewall" has become misunderstood as a result of some very clever and agressive marketing.
There is also one other point. In all forums, including this one, the advice is always given to never use two firewalls at the same time. Using a router and a software firewall goes against that advice. In this situation you can see the conflicts it causes fairly easily. If you have OP attack detection activated and you are behind a router you will frequently get OP reporting rst attacks and others. This is simply impossible. Investigation will show that it is caused by a conflict between the two firewalls. Try it... I have :D but that is a conflict you can actually see.... what about conflicts you can't see that might be compromising your safety. It is interesting to note, browsing the internet, that it is only the people with loads of security applications that get viruses and trojans... whereas those with the absolute minimum have no such problems :D
OP is excellent in conjunction with an AV program, and absolutely nothing more.... even a router or extra spyware application can cause conflicts. Layering doesn't mean repetition of applications, and a router is a repetition of the principal function of OP.
nippauls

It seems that people have forgotten the true purpose of a firewall.

Component control, outbound control, cookie and active content control, private data blocking, spyware scanning, antivirus etc etc etc ARE NOT FIREWALL APPLICATIONS.

Just my thoughts.... but if you start thinking along these lines you might be enlightened :D

nippauls
Sobering thought :)


A firewall is a device or application that stealths and blocks unsolicited incoming connections. NOTHING MORE!

But not only incoming and outcoming connections too ;)

Who cares what the original intent of a firewall was. The telephone was meant for people to talk with each other but now it takes pictures. It's called evolution and it happens to everything. It's a law of nature.

Even you have been taken in by all the marketing. The original and correct definition of a computer firewall is a device or application that "stealths" the computer(s) behind it, and that prevents ingress of unsolicited traffic.No. I have not been taken in by marketing. And I did not rely on my own interpretation. :D
Here were a few of the sources I looked at (webopedia,wikipedia,answers.com,realnetworks,faq. org, thefreedicitonary.com). (and another to be named later) :eek:
Please provide your source for the "original" and "correct" definition.

If you have OP attack detection activated and you are behind a router you will frequently get OP reporting rst attacks and others. This is simply impossible. Investigation will show that it is caused by a conflict between the two firewalls. Try it... I have :D but that is a conflict you can actually see....I got an RST attack from the webopedia site without a router. No conflict between firewalls here.
Outbound "control" is a misnomer, because you may create the most fantastic rules, but in the end if you don't give an application EXACTLY what it demands, it simply won't work.If a program will not allow one to turn off auto updates then one CAN block them and maintain a stable configuration. The program will work fine.
Further, might I remind you that one CAN block types of traffic such as http and have the software work fine. One can block server and chat functions in games with no loss in the ability to play.
If one's email does not have text only mode one can block http and prevent html adds or tracking. That client did not support the feature but one can emulate it. The email will work fine.
The search function in Windows XP works fine without the access explorer demands to sa.windows.com.
That certainly appears to be outbound control.
If you have a "firewall", a good AV and anti spyware application on your pc, and your browser and email client settings are correct, and you use common sense, then there will be nothing in your PC that you need to "control" with regard to its outbound activities.As noted above there are many things that occur behind the scenes that one may or may not care about. If one does not care about those types of things then a router is fine.

It has been a long time since I used a software firewall (apart from a bit of beta testing) and I have still had no viruses etc.
And if you think I am incorrect, ask Steve Gibson for whose knowledge I have great respectI can easily believe you have not been infected by a worm with inbound filtering. That is hardly relevant to the definition of a firewall. And I frankly very much doubt Steve Gibson is keeping track of whether you get infected or not. But, when I asked...
A firewall ABSOLUTELY ISOLATES your computer from the Internet using a "wall of code" that inspects each individual "packet" of data as it arrives at either side of the firewall — inbound to or outbound from your computer — to determine whether it should be allowed to pass or be blocked. (http://www.grc.com/su-firewalls.htm)

All I want to do is try to point out that the actual "firewall" part of modern security suites is minimal and that the term "firewall" has become misunderstood as a result of some very clever and agressive marketing.I agree the firewall term is getting broadened by market forces to mean more such as the hidden process controls and application controls. Confusing application control with outbound data control is a common mistake aptly demonstrated.

In all forums, including this one, the advice is always given to never use two firewalls at the same time. Using a router and a software firewall goes against that advice.TAKEN IN CONTEXT this is clearly about two software firewalls. One finds myriad posts suggesting the use of a router to ease network setup and reduce the load on software firewalls.

Back to our topic: The best firewall is the policy/method/device or combination thereof that works for the user.

Great discussion :D

FirePost, you said "I got an RST attack from the webopedia site without a router. No conflict between firewalls here." great, but this should not be possible with a router in place, and yet the software firewall reports it... conflict.

Apart from that, hopefully this has a few folks thinking...
But, as in my final comment of my last post, the idea is to get folks to simplify their "layered" protection. Outpost provides everything needed these days except AV. Outpost, nicely set up, with just an AV program provides, as I said, very good protection.... loading it with lots of extra "layers" is counter-productive, slows the system down, and takes the fun out of computing... you can end up spending more time administering your protection than actually enjoying surfing, gaming or whatever you actually use your pc for.
A
router is a "firewall". That is universally accepted. It is a firewall according to the original idea... so is XP firewall. Nobody doubts these are firewalls even though they have no outbound control.

Manny, you are right, telephones have progressed, but in the end their original function is still the one that really counts... although they have wonderful new features, their most important and most used function is still, after over 100 years, that for which they were originally invented :D.
If I know what is in my PC and only allow programs I trust, (which is basic common sense) then I generally want those programs with all their features.

My desire for protection is from what is outside my computer. For me, the original concept of a firewall, and the generally accepted interpretation of firewall as little as 2 or 3 years ago, of something that will stealth and prevent unsolicited inbound traffic is perfect :D.

Simplicity and common sense are the greatest protection.
Outpost with an AV application is perfect..... lots of extras are counter-productive.

It is still worth considering my point of view, as well as that of FirePost, Manny etc. That way some folks with 20 security applications might get a more balanced view and faster and more enjoyable computing :D

nippauls

We probably all agree on this. You need just the right amount of protection to keep you safe. However, just as people disagree on how much insurance to carry is acceptable so will they here. It all deals with your perception of safety and control. The cellular phones, for example, wouldn't have all the features they have today if people didn't want them. Same with firewalls. I bet Bell never envisioned storing and listening to music on your phone but there it is. Since a PC os personal it's up to you to decide what's best.

..the idea is to get folks to simplify their "layered" protection. loading it with lots of extra "layers" is counter-productive, slows the system down, and takes the fun out of computing... you can end up spending more time administering your protection than actually enjoying surfing, gaming or whatever you actually use your pc for.So very true.
A router is a "firewall". That is universally accepted. It is a firewall according to the original idea... so is XP firewall. Nobody doubts these are firewalls even though they have no outbound control.Since the Windows XP firewall contains an API that allows applications to temporarily modify the rule set so the user does not have to worry about those little details like what is going on, I very much do not agree Xp firewall is a firewall in anything but name ;)

For me, the original concept of a firewall, and the generally accepted interpretation of firewall as little as 2 or 3 years ago, of something that will stealth and prevent unsolicited inbound traffic is perfect :D.The quote I gave you from Mr. Gibson's website is well over two years old at the minimum(last page change).
If you want to say "my original concept" of a firewall I will not argue that point. Generally accepted perfect definition is too ridiculous to be serious statement.It is still worth considering my point of view... True. You make many valid points. Some people DO go overboard in protection schemes and there is market hype. As long as it is clear it is a point of view and not presented as fact.