Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Why is EVERY SINGLE software firewall a load of crap?


Recommended Posts

Hi,

As the topic says, why is it every single software firewall out there is complete crap?? I have been testing almost EVERY firewall I can find on the internet today for the past few months and ALL of them are crap.

Each one of them has a few nice features, but most of them are unusable on a daily basis. Yes they all block leak tests and stealth my ports, big deal is that the only thing firewall makers are interested in? How about the UI??

99% of all firewalls out there dont even use a trusted zone on layer 3, what good is it when you have a router to the internet in selecting your network card as either trusted or untrusted? Completely pointless, cos all LAN and Internet traffic goes out and in via the same interface. Why arent they doing it via the subnet? About the only firewall that does that is ZA.

What about Norton?? Well the UI for that is all over the place, it wasn't intuitive at all plus it's just bloatware.

Tiny, and Outpost are just too complex for a home system, yes i could spend all day configuring all the options and expert rules, but why?? These along with 90% of all other firewalls either have a "create a custom rule option" OR, "allow full access". What about denying all outbound access and allowing inbound or vice versa??

Kerio was ok, but suffered from the interface problem described above.

The only firewall really although it suffers from being a bit bloaty, that does everything i've described is ZA. But ZA is FULL of bugs, it cant get anything right, the installer hangs for 10 minutes trying to install it, most of the system tray icons disappear with it running, u cant use ebay properly cos it blocks something ebay uses. And what about trying to give svchost.exe internet server rights (perhaps for allowing remote desktop to any user) well that doesnt do anything, ZA just ignores the option you set. How about allowing port 3389 through the internet zone options? Well that works for an hour or so, before again ZA seems to get stuck in a memory leak, and freezes when RDP'ing in after only a few seconds.

And what about all the magazines that rate norton and ZA so highly as well???? Have they not even used the buggy and bloaty software? All they seem to do is ask "does the interface look pretty?" and "does it block steve gibsons leak test?" well they both do so they must be our editors pick.

Why cant software companies just develop a good firewall??

Anyways, rant over, just getting fed up with the firewall arena, and wanted a place to let off some steam ;)

Link to post
Share on other sites

Checkpoint is the company that owns ZA is it not? Not sure if i'd trust another firewall by the same company if they cant even get the "simpler" desktop version to work correctly.

I know what you mean though, i administer cisco pix's and routers at work, if that's the kind of thing u were on about, and no I dont think I need a firewall like that for home use, for home use I want simplicity. ;)

Link to post
Share on other sites

I tottaly understand you. Most of the software today sucks. PERIOD. If we want to install a single drivers for a printer, that piece of **** will download hotfixes, add shortcuts, create registry entries on the run folders, etc, etc.

For a couple of months I have been choosing "alternative" software for my task, thats the best way to keep things smooth and running.

As for firewall, I DONT CARE WHAT ANYONE SAYS, it depends if you need it or not.

I dont use Anti-Virus, I dont use Firewall, Intrusion Detection Systems nor all of that stuff that was made to keep our PCs safe.

As long as the users knows what he/she is doing, there is no need for that stuff.

If you want to go extreme with just Windows default (built-in) stuff, go to TCP/IP Properties and start filtering ports.

(I am currently making a list of ports used by the application installed on my computer, so I can then allow only them)

Link to post
Share on other sites

I will agree with you that most "end-user" firewalls are utter s***e. Personally i ***HATE*** Zone Alarm.

But "firewall" and "simplicity" are hard to combine in my opinion. I find ZA already WAY to complex for the average end user.

I've also heard of a firewall called "Gauntlet". Supposed to be pretty professional stuff.

Also, try this link:

http://www.security-online.com/info/firewall.html

Cheers,

'nuff

Link to post
Share on other sites

I use ZA Pro, and not encountered your issues, of freezing or 10mins to install or losing systay icons - i would say that something else is possibly assisting in these issues, and i'll admit i'm no firewall expert, but ZA does seem easy enough to configure how you would like.

Link to post
Share on other sites

sygate personal firewall is the firewall i use when i use one.. just thought i would put in my 2 cents

Most of what you are specifying are desktop firewalls meant to protect the desktop yet you want filesharing. I do agree that this would be a simple thing to add as a trusted zone.. however.. what happens when you get to public internet access somewhere.. that means that you would then not be protected..

if your gonna have a desktop firewall system it is meant to protect your desktop from the network surrounding it. The checkpoints and PIX of the world are what you are looking for. If you want something that is going to be lan friendly, but dont want pix or checkpoint, ISA or whatever then get a linux box and put that infront of your network so your lan communicates.. then enable your desktop firewall when you access public internet hotspots. This is really the only way around it.

Edited by chilifrei64
Link to post
Share on other sites

the answer is simple: don't use a firewall or use the one integrated in windows (with it you avoid worms connecting to your port (don't worry with an updated windows they can just connect and nothing more but that's still useless traffic)): if you bind the correct protocols to the connections then you won't have problems.

Knowing which programs try to connect to internet is most of the time nosense since if you are scared of trojans or worms then if you get a decent antivirus like kaspersky you won't probably ever encounter one of them. Also blocking incoming connections unless there will be a new windows remote exploit out would be senseless since you probably would patch your windows first (and also you can set up automatic updates).

Just dump all that firewall stuff, setting it up for an home enviroment is just wasted time and also most worms now turn off firewalls directly so you won't even find out that you're unprotected.

Link to post
Share on other sites
I tottaly understand you. Most of the software today sucks. PERIOD. If we want to install a single drivers for a printer, that piece of **** will download hotfixes, add shortcuts, create registry entries on the run folders, etc, etc.

For a couple of months I have been choosing "alternative" software for my task, thats the best way to keep things smooth and running.

As for firewall, I DONT CARE WHAT ANYONE SAYS, it depends if you need it or not.

I dont use Anti-Virus, I dont use Firewall, Intrusion Detection Systems nor all of that stuff that was made to keep our PCs safe.

As long as the users knows what he/she is doing, there is no need for that stuff.

If you want to go extreme with just Windows default (built-in) stuff, go to TCP/IP Properties and start filtering ports.

(I am currently making a list of ports used by the application installed on my computer, so I can then allow only them)

Very well said @Gouki

I do the same plus I use a Firefox to browse internet.

Link to post
Share on other sites

Man the titile of this thread says it all. I went on a very similar rant here not long ago. IMHO software based firewalls for both corporate and home environments suck. I've actually just given up and resorted to using Windows XP's built in firewall for both smaller clients and home users I support. It's a sad sad state of affairs. I recently tried Outpost Pro for a while to see if this was something that would be configurable in such a way that it would protect the neophyte without confusing them. No way. For years I struggled with Symantec Client Security at my main job. This year I dumped it, after spending the last four trying get it properly configured. It's just a defective product plain and simple. And so are all the others out there.

Link to post
Share on other sites
i administer cisco pix's and routers at work, if that's the kind of thing u were on about, and no I dont think I need a firewall like that for home use, for home use I want simplicity. ;)

grab a 501 with the 3des pack then for home use :D

at home, i agree with gouki. as i am the only one that uses my home pc and seeing as that i reformat ~4 times a month, i run no av or firewall.. fire wall duties are left up to a befsx-41. as for zone alarm, i have ran into SOOOO many tcp/ip stack corruptions that anytime i find a user that was running ZA that is having issues, i just re-image the machine.

Link to post
Share on other sites
I tottaly understand you. Most of the software today sucks. PERIOD. If we want to install a single drivers for a printer, that piece of **** will download hotfixes, add shortcuts, create registry entries on the run folders, etc, etc.

For a couple of months I have been choosing "alternative" software for my task, thats the best way to keep things smooth and running.

As for firewall, I DONT CARE WHAT ANYONE SAYS, it depends if you need it or not.

I dont use Anti-Virus, I dont use Firewall, Intrusion Detection Systems nor all of that stuff that was made to keep our PCs safe.

As long as the users knows what he/she is doing, there is no need for that stuff.

If you want to go extreme with just Windows default (built-in) stuff, go to TCP/IP Properties and start filtering ports.

(I am currently making a list of ports used by the application installed on my computer, so I can then allow only them)

I don't use firewall nor AV nor antispyware either, and I've had no problems for more than 5 years. I use IE 6.0, but I know how to configure its secure sites zone and internet zone to disable all the features that can be exploited. I'm just careful with what I download and run.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...