Hello Group,

I'm looking at Firewalls for a new PC.

I have read a lot of the messages on the forum.
I've look at the comparison chart on the main product website.

I would like to hear from actual users?
I'm looking at:

Outpost
Kerio(paid for version)
Norton PFW( I have NAV and could get an upgrade which inc PFW)

I would like to hear on your experiences of Kerio & NPFW
vs Outpost. I'm really leaning towards Outpost anyway..
But would just like to hear some real-world comparisons.

Many Thanks - David - U.K

Outpost:
Current Version -> Full of bugs
Current Beta -> Very good, the upcoming version will be a keeper.

Kerio:
2.15 -> slick, little overhead, really good
3.x / 4.x -> Overloaded, Resource-Hog, unstable

Norton:
All version -> BSOD-o-Rama under heavy network load

Originally posted by FAKEFACTORY
Outpost:
Current Version -> Full of bugs
Wiresfree,

This statement is true for some setups, but not all.

If you will provide us with your PC specs we may be able to give you some general guidance as to what you might expect from the current public release. Here are a few things that have been primarily responsible for the majority of users problems.

P2P Applications
PC's with Pentium 4 HT processors.
Creative SB Audigy cards with a firewire connection.
Outdated MDAC drivers.

This is not meant to be an all inclusive list, but a general guidline since every PC is unique.

Hello David, welcome to the forum.

Asking what is the best of, whatever - car, food, firewall - is terribly difficult to answer. Largely it's personal opinion. Most firewalls do their job. Even the one built in to XP works very well to effectively block your ports from the outside world. Most of us here like OP or else we wouldn't be hanging around. I think that it has many features that others don't. It has the potential to be the best firewall in the world one day.

But what's best for you is what you personally like best. All cars will take you to your job. Yet, the parking lot has a great variety of cars. So my advice for you is, test drive each firewall for a while and then make a decision. Making sure that you totally delete each firewall in between your tests - see FAQ for procedure.

Best of luck in your search.

Hello Everybody,

Thanks for the comments..
I will be using it on 3 PC's a PII (Win98SE) and 2 * AMD 2.2 (XP+SP1).

Mainly email & web browsing, although my daughter indicated MS Messenger, and SKYPE.

Yes, asking opinions is sometimes difficult.. But..
we take those comments balance them against what we see and read
and then try to make a judgement based on all theses things.
ex:
I have noticed people comment on OP issues with Win ME,
I don't have Win ME, so this is not an issue for me.

Like buying a car.. Normally read, look and ask opinions
Then decide ::):

Many Thanks - David

Kerio v2.14: Out of date with little features. No longer updated so any security issues found will not be fixed.

Kerio v4.XX: This is what I used before Outpost. Earlier version werent stable, however since v4.0.10, it has become a very good choice. I recomend this one.

NIS: Despite Symantec buying and butchering AtGuard, this firewall is actually very good at doing its job. Lacks in feaures.

Tiny v5: Born a small streamline firewall, this has become one huge bloated sack of tools from program protection, registry protection and their firewall. Quite hard if you are new to setup which might comprimise your security as a firewall is only as good as its settings. I tried it, but thought it was very buggy and unstable...things might have changed.

McAfee: Really it isnt much different then NIS. Same type of huge corporate made firewall.

VISnetic/8Signs: Ugly and non rule based. This firewall failed all the leak tests and does not work on rules. It uses stateful inspection and monitors traffic. In theory its suppose to let in good packets and refuse bad ones. I dumped it as its not rule based...I just never felt safe. Passed all tests from PCflank though.

Zone Alarm: I hate this one. I used it just to see what it was all about and it was uninstalled in an hour or so. I dont care if who or how many recommend this one, I see nothing special about it save that its the one everyone flocked to when everyone simply had to have a firewall installed...wether it was configured properly or not. This one should have been put down a long time ago.

BlackICE: This is NOT a firewall...I'm sorry. BlackICE is garbage. Always was and always will be. I could go on and on, but rest assured...this thing is junk.

There are a few more I have tried, but those are the most commonly used.

Out of all of them I recommend Kerio v4 or Outpost.

Hello Hybrid,

Many Thanks for your comments and inputs..
There are some I was not aware of.

I have seen some +VE comments on Kerio V4.
Which ever I choose I will take the paid for version.

It was not 100% clear on Kerio how/what features
you loose once out of the 30 day trial period.

I may just wait now for Outpost V 2.1(end February?) before
I make a decsion and handover my hard earned cash :)

Many Thanks.. David

Outpost V1.0 was too unstable for my liking (i'm curious why Agnitum leave it as the freeware version as I consider it a bad and thus unrepresentative of Outpost Pro v2.0).

In the end, whatever the flashing lights and gimmicks (ad-blocking etc.) come with a firewall, there are really only two things to consider.

1. Ease of configuration. A badly configured firewall (or one that is difficult to figure out how to set up properly) is a useless firewall. According to my personal opinion - Outpost V2.0 is wayyyyy ahead of the competition in this aspect.

2. Blocking attacks. The 'real' business end of a firewall. This is afterall the reason why you are buying it. Again, according to my opinion it there are a couple of equals in this respect - but no firewall is better at the job in hand than Outpost Pro v2.0.

Just a (qualified) personal opinion.

For what it's worth, in another light, I won't use an AV or firewall program createdby a U.S. company.
I am just paranoid enough to not trust them.
I love Outpost, and AVG.
Regards.
Chris

But you trust MS enough to use their OS ? :) j/k ofcourse :P

Joking aside, I currently use both firewalls that the original poster inquired about .. KPF 4.x and Outpost Pro 2.x. Each has pros and cons , but ultimately as far as the core functionality is concerned (i.e. being a solid firewall) I believe both products do an excellent job. KPF has gotten progressively more stable (though not bug free) starting with their 4.0.8 release. The current version seems fairly stable (atleast on my current setup).

The UI for Outpost is definitely much more intuitive. I also find the plugins very handy! - I use httpLog and BlockPost and love 'em both. The improved active content plugin in Outpost Pro (latest beta) is also very slick, and works quite well. I had several problems with KPF's web-filtering (and continue to have those problems) particularly with it blocking my MSN Messenger connection among others.

It may be worth your while installing and playing with both firewall's to see which one works best for you (particularly with your system configuration) and THEN decide who you want to give your hard earned money to. While OP or KPF may work wonderfully with my hardware/software configuration on my PC's, it does not guarantee that your experience will be the same (as is evidenced by the various posts on this and the Kerio support forums). So try first :) and THEN buy...

You had asked what was different between the paid and free version of KPF.. here's a short list (cut/paste from BlitzenZeus's post on BBR (http://www.dslreports.com/forum/remark,7819904~mode=flat?hilite=4.0)


Freeware versions are limited by the following restrictions:

It is available for personal and/or noncommercial use only.

Web content filtering, including its logs and statistics, is not available (see chapter Chapter ).

It cannot be used at Internet Gateways (refer to chapter Preferences

Logs cannot be sent to Syslog server (details in chapter Log Options

It cannot be used on server type operating systems, such as Windows NT Server, Windows 2000 Server and Windows Server 2003. If the trial version was installed on any of these systems, the Personal Firewall Engine service will be disabled by the expiration date and it will not be able to restore it.


Hope this helps.

Vip.

[edit :] Thought I'd add, that I also did try ZA 4.0.x and NPF. NPF worked well, but I had a few glitches and lockups with ZA. Outpost's interface won out over NPF - at least for me.

Hi Folks,

Many thanks for all the usefull information/inputs and observations.

I may try KPF on 1 PC and Outpost on another.

Is Outpost V2.1 still on track for the end of this month?

Many Thanks again.

David :)

Hello David Welcome to the Forum.

Here is a Link that may help you with OutPost. This was written for OPV1 but alot still applies to V2.

Web Hikers Guide to OutPost FireWall (http://www.outpostfirewall.com/guide/guide_map.htm)

Regards

Randy



Most FireWalls have a 30 day trial period so you can use each one and see how they work with your set up before you buy.

I'm no expert when it comes to firewalls, so if I can get Outpost Pro protecting my PC, anybody can. :D

I went from ZA to Outpost, back to ZA, , brain freeze I guess, and now back to Outpost for good. It's a great firewall and the people here at the forum are very helpful.

Many Thanks again to you all.

One final question..
I'm currently on a dial-up connection and running ICS.
I share the connection with 2 other PC's, all runs very well.

Broadband DSL will be available in a few months.
I plan to move over to that, I will be using a Wireless Router/Access Point.

Is there anything I should be aware of, when I make these changes.?

David - U.K

PS.. Apologies.. O.T
ChrisClu & HobNob, I lived in California, Foresthill, East of Sacramento.
I was there 1998 to 2001. Great Time, many memories :) :)

Well that access point should support NAT (Network Address Translation) allowing you to share your connection without having to rely on ICS (a real plus). Try to get a router with a firewall - this will filter out the "background noise" leaving less work for Outpost and will provide some protection should Outpost be disabled for any reason.

The key point to DSL (and broadband generally) is to keep PCs protected at all times while the connection is active. Aside from that, it can (and probably will) totally change the way you use the Internet - without the hassles and cost of dialup you can use the Internet for even trivial things, checking TV program guides, best prices, etc and spend more time on special interest forums. Don't know where I'd be without it. :)

Oh, do take the time to choose a reliable ISP (i.e. not BT OpenWound or whatever they call themselves nowadays). Check ISPReview (www.ispreview.co.uk) for details on UK ISP service quality.

Hello Paranoid2000,

O.K on the the router, Looking at the ZyXEL 650HW
NAT & SPI Firewall in the lastest version.
But I want a good S/W Firewall on each PC.

I'm in Shropshire, Baschurch - RFS Date 21/04/04
Still comparing ISP's PlusNet, Hi-Velocity & VISPA.

Hi-Velocity have an offer for ADSLGuide Users.

Thanks Again - David

Originally posted by WiresFree

It was not 100% clear on Kerio how/what features
you loose once out of the 30 day trial period.


The only feature that gets locked out is are the web services. Blocking cookies, referers, ads and banners. You can get a million and one free programs that do jus the same and more...

I found it wasnt enough to make me want to spend the money on just that one feature...but thats just me.

I guess the one other thing I'd mention since you're outfitting 3 PC's is "family license pack" - $76 for up to 5 PC's. I have 4 PC's at home, had ZA Pro on mine only, decided to outfit the others, liked OPP very much in testing, decided to convert all of them, and haven't looked back. Personally, I prefer OPP to ZA Pro - both work fine, OPP is a little lighter on resources and I vastly prefer the user interface and design implementation.

Blue

Originally posted by chrisclu
For what it's worth, in another light, I won't use an AV or firewall program createdby a U.S. company.

Although not by design, I've ended up in the same place for my security related apps - KAV, OPP, TDS3, and Process Guard - not a US based application in the bunch and all best-in-class in my book. It seems that many US software efforts mimic our automotive design choices - oversized, resource hungry, lethargic, and prone to breakdown. It's sad when you get down to it.

Blue

Could it be the US educational system in regards to programming is lacking?

North America was never number one in schooling.

It has nothing to do with education or ability. It has more to do with distrust of gov't.
A foreign company is less likely to be pressured to add trojans or backdoors for gov't agencies. ;)

Originally posted by chrisclu
A foreign company is less likely to be pressured to add trojans or backdoors for gov't agencies. ;) Hmmm...for American agencies this is undoubtedly true - but agencies in the country of origin could apply such pressure. Still, mixing products from different nationalities (e.g. Russian firewall, Czech antivirus software, German spyware scanner and an Ozzie process monitor) should counter this.

Hi All,

Many thanks for all the info and comments on OP.
All some of the other comments also interesting ;)

Thanks again.
Hope to join you shortly as a OP user.

David
:) :)