firewalls

Which is the best firewall depends on who you talk to.

ZoneAlarm, highly recommended by Steve Gibson, is an application based firewall.

Others are ruleset applications and are for those who prefer an hands-on approach, and have more control.

STEVE GIBSON has tested Firewalls, for their reliability or "leaks" , with his LEAKTEST

Tiny Personal Firewall

Connect to the Internet if you can't see this image.

Zone Alarm

ANOTHER GOOD SITE ON SYGATE by KING

All about SFP 5x. A real good follow up to previous site for this firewall.

ONE OF THE BEST FIREWALL ON THE MARKET

Comes in 2 versions:

1.04 LooknStop Lite. Without application filtering. - FREEWARE

2.03 LooknStop With application filtering.

For Download: here

The official 2.04 is out.

Version 2.04p2 02-10-2003

Added:

new criteria "Equal Or" and "Different And" for the address IP selection in the internet filtering rule edition.
new attribute for the row (Internet Filtering) in order to select on a rule basis if a sound is played or not
it is now possible to sort the log items by clicking the column headers

Changes:

Modification in the way Look 'n' Stop handles the "Windows Ending Session" event (in order to improve/fix the slowness issue when Windows is being closed).

Fixes:

under Windows 2000/XP, with some Ethernet cards the Internet filtering was not working for the downlink.
when the maximum number of application is reached, the alert dialog box is now correctly displayed.
crash in the lnsfw1 driver if the PC contains a lot of logical drives (>16)
GDI (Graphic Display Interface) memory leak when displaying the application icons in the Application Filtering page
in very rare circumstances, application could crash when resolving an IP name
correct display of the attribute icons in Internet and Application filtering page when the password is enabled or when the Windows system colors are changed

Version 2.04 11-24-2002

Added:

TCP Stateful Packet inspection and dialog box with the TCP connection states.
Internet Filtering rules enabled with application detected through the Application Filtering.
Application Filtering: addition of a new attribute to allow or not applications that start another one which connects to Internet.
Automatic Selection of the network adapter in the options
Option to confirm when clicking the "Exit" button
Option to lock all the buttons in the Log page when the password mode is enabled
Win2000/XP, Application Filtering: "Raw Socket" connection supported.

Changes:

In raw logs, application name and application path have been added.
In logs (application and files) a new type has been added to differentiate application connecting from application starting another one
Win2000/XP: during the driver installation the command dialog box (DOS Like) no longer appears and an error dialog box is displayed in case of problem.

Fixes:

Under Windows XP, Fast User Switching handling to prevent some problems.
The "Create Rule" in the Log page was not disabled when the password mode was enabled
the operation to save the ruleset no longer takes a long time under Windows 2000 and XP.
Ruleset files can now be larger than 64 KB.
Sometimes the Apply button in the Options page was not greyed just after Look 'n' Stop is started.

The Web site has been updated. Here are the direct link for downloading:

English: http://www.looknstop.com/En/LooknStop_Setup_204.exe
French: http://www.looknstop.com/Fr/Installation_LooknStop_204.exe

the new version 2.05 beta 01 is out.

Here are the links for download:
- English release: http://looknstop.soft4ever.com/Beta/En/2.05b1/LooknStop_Setup_205b1.exe
- French release: http://looknstop.soft4ever.com/Beta/Fr/2.05b1/Installation_LooknStop_205b1.exe

To install this new version over an existing one, no need to uninstall first the current one, just run the setup and anwser Yes to the question.

Here the content of this version (quite the same as the preview):

Features Added:

DLL Filtering (Windows 2000-XP only)
Port & IP selection for the Application Filtering
Plug-in interface for localization, rule creation and log analysis by third party applications.
Detection of troyans that are using DLL injection or DNS request through svchost/services.
Detection of non-standard protocols and drivers under Win2000/XP.

Changes:

Signature verification improvements (Windows 2000-XP only).
New attribute in Application Filtering to have only blocking access in the log or all access.
Addition of GB unit for statistic display in the Welcome page (however there is still the 4 GB limitation)
All miscellaneous options in one list in the Advanced Options dialog box.
In the "U/D #" column addition of a '-' or '+' information to know if the packet has been blocked or allowed.
In the Application Filtering, it is now possible to sort the lines by clicking on the column headers.
Addition of the 'TCP or UDP' selection to the list of protocols in the rule edition dialog box
Automatic log entries removal when reaching a limit (configurable by the user).
Application filtering: automatic removal of applications which no longer exist

Fixes:

Under some 2003 Server configuration, the network interface wasn't correctly detected.
The field "IP to exclude for auto-detection" was sometimes badly interpreted.
The rule names in the log are now correct even if some rule have been added without applied yet.
Crash when the maximum number of Internet Filtering rules was reached.

About plugins, you will find more information here:
http://www.looknstop.com/En/Plugins/plugin.htm

In case of problem, please use the following Web form to report the problem to us:
http://www.looknstop.com/En/support_2.05beta.htm

This version will expire by March, 2003, the official 2.05 or a new beta will be available before.

To re-install the 2.04 over the 2.05b1, two solutions:

1- uninstall the 2.05b1, reboot, reinstall 2.04, reboot
2- remove lnsfw.vxd/lnsfw1.vxd (Windows 9x/Me) or lnsfw.sys/lnsfw1.sys (2000/XP) and remove fwapi.dll, then execute the 2.04 setup and reboot

Look and Stop Questions and answers PAGES

Look and Stop Screenshots PAGES

One of LNS's great fan ( besides me ) is known as Phantom

It is worth to take a look at at what is now know as Phantom's ruleset and why he likes this firewall

For linux users

Astaro Security Linux is:

All-in-One Firewall + VPN + Anti Virus + more

http://astaro.com

This product is an all-in-one software solution, providing firewall,
virus protection, intrusion protection, content filtering and spam
protection. Astaro, offers a free version for home users

For a review of firewalls:

FIREWALL.NET has installation screenshots for all major firewalls. Must site to visit.

How well did you configure your firewall ? Any Ports open ?

Have it checked at :

Blackcode [EXCELLENT]: http://www.blackcode.com/scan/index.php

HackerWhacker: http://hackerwhacker.com/newindex.dyn

AuditMyPC.com: http://www.auditmypc.com/freescan/prefcan.asp

Broadband Reports.com [EXCELLENT, DO THE SLOW SCAN]: http://www.dslreports.com/scan/

Computer Cops Security Professionals: http://www.computercops.biz/index.php

HackerWatch.org: http://www.hackerwatch.org/probe/

Security Space.com: http://www.securityspace.com/sspace/index.html

PC Flank Complete Check [EXCELLENT]: http://www.pcflank.com/

PCPitStop Checks/TuneUp: http://pcpitstop.com/

Qualys' Free Browser Checkup: http://browsercheck.qualys.com/

Sygate Online Services [EXCELLENT]: http://scan.sygate.com/

Steve Gibons's ShieldsUP [GRC-Gibson Research Centre]: http://grc.com/x/ne.dll?rh1bi2l2=wzngrojn

TEST YOUR FIREWALL SECURITY WITH THE FOLLOWING LEAK TESTS:

http://www.soft4ever.com/security_test/En/index.htm

http://grc.com/lt/leaktest.htm

http://tooleaky.zensoft.com/

http://keir.net/firehole.html