snork.ca: Welcome to the brown age of computing! Partly Cloudy, 6.3°C - No precip

Looking For A Real Firewall 2013-07-07


I have a laptop running Windows XP/SP2 - which by most people's standards is old. I do not run Windows 7 or Windows 8 because they are irritating as hell, they are more bloated than they need to be, they have too many automated unconfigurable pieces, and generally they are all flash. I do not run Linux as a desktop because it is suffering from the same boating issues that Windows has (even though Linux users love to brag about how it isn't). Linux also has a tendency to require interpreters, libraries and support dependencies such as Perl, Java, and numerous libraries, but at least some distributions have cleaned up the dependency hell they once had.

Recently my XP laptop started popping up a little bubble to tell me that my (built-in) firewall is disabled. The bubble pops up and disappears so quickly that I had to install some recording software so I could catch it by advancing frame by frame. I checked for viruses and I uninstalled any of the shit I didn't need any more but the problem is still here. I was thinking of doing some more screwing around and then I figured I should just get a more advanced firewall and disable the Windows firewall. I went surfing around to see what I could find:

Comodo Firewall

Most of the links I found to this thing were redirections to cnet.com which is a fucking crock of crap. In case anyone didn't know, CNet packages all of their downloads as a downloader. What? Yeah, that's right... you download a downloader from CNet. You run it and then it downloads the REAL application installer. This is so that they can package advertising and other miscellaneous crapware with every application they make available. When I finally found a link that was not via CNet, it turned out that Comodo Shitty Firewall is 142M in size - which is at least fourteen times as big as it needs to be. I can't possibly imagine how anyone could develop a firewall that is that big.

Tinywall

Next up was TinyWall, it doesn't run on XP and requires Microsoft .NET v4.5 - total fail.

AVS Firewall

I saw this one reviewed at Gizmodo and when I followed the link to the AVS site all I saw was DVD ripper software and audio ripper software - no reference to firewall software to be found - FAIL.

AVG Firewall

This site had a list of "free firewalls" that were suggested but that they had not had time to check out yet. AVG was on the list but it turns out the application is called AVG Internet Security 2013, and it is not free.

Securepoint

They must have made it rich because their web site looks very professional and they have no free software at all (nor do they have a paid version firewall anyways).

R-Firewall

Their web site is a fake story about a lottery.

Jetico Personal Firewall

Not free any more.

Primedius

Web site abandoned

Vipre

Not free anymore, lite version not offered anymore, whatever.

Outpost

This product does claim to be a "security suite" but is of little value to an advanced user who just wants to create firewall rules to control network traffic. Additionally, it is also pretty useless to a novice user since they would have no idea what 99% of the terminology means and could never make an informed decision about how to set any of the configuration options (many of which are irrelevant, not applicable, or lame).

outpost Outpost Firewall.

Ashampoo

There is a cute typo in their installer... it says to click "Install" but there is no install button. I guess this was a last minute thing they shoved in to stuff a link to their web site under your nose.

ashampoo Ashampoo Firewall.

It has a ten day trial which is better than Outpost's three day joke, but still too short to make an informed decision about using it. The software allows you to register for free, sends you an email right away, but still tries to fool you in to thinking that the "I don't wanna pay" button is greyed out. Once I finally got it up and running I was able to see that it is strictly an application firewall and is unable to make rules based on network traffic (only based on individual local executable files). While I am at it, I thought it might be cute to post a screenshot of the fact that the Ashampoo Firewall downloader (the crap from CNet) wanted me to install ZoneAlarm Firewall before I downloaded it. In case you didn't catch the irony of that, it would be like being asked if you want to download OpenOffice just as you are trying to download StarOffice... get it?

ashampoo Ashampoo + ZA: Click for full size.

Online Armor

Even though the installer is a mere 30M (I am being sarcastic, that is too much for a firewall), it ends up extracting and downloading more shit until it winds up being over 70M... and who knows how much shit it puts in the Windows directory tree. During the install it also made very obvious choices of trial edition or pro edition but really down played the option for the free edition

onlinearmor Online Armor: Click for full size.

After the post-install reboot, it gave me an alert telling me that it is in "learning mode" which would take about two minutes and that I should wait for it to finish before proceeding. After the prescribed two minutes I found that it popped up a bubble to tell me each time an application tried to resolve a name (like snork.ca) into an IP address... this could be extremely annoying unless you plan to remember millions of IP addresses. It also decided to pop up a little bubble to tell me about the great new shit they have for sale.

I then tried to use its "domain" feature to block snork.ca... but it didn't work at all. I noticed in the options that by default it assumes that you wish to join the "Anti-Malware Network" whatever that is. If you really wanted to you could make rudimentary individual firewall rules with this but it would be a slow and painful process, hindered by a load of additional shit you don't need.

ZoneAlarm

Lots of people like this one... perhaps it is the catchy name. I think it sucks. To begin with, it is frequently advertised with other products, this is not so much a complaint about the firewall application itself but rather the marketing behind it (which is the reason for its popularity). ZoneAlarm has obviously been bought by CheckPoint, you can tell by the array of annoying ads with the CheckPoint brand on them.

It tries to install additional shit during the install (you can deselect most of it). It also installs Visual C++ runtime files without warning of any kind. It wants you to register your email address so they can pound you with more ads. It has cute Facebook and Twitter and "Upgrade Now!" buttons to encourage you to get your friends to look at their ads as well. Considering that this application has one of the best reputations as a firewall, it is one of the largest and least configurable applications I tried. I would not recommend this to anyone, novice or advanced user... for any reason.

Private Firewall

The install for this is much smaller than any of the previously named firewalls that I was actually able to download and try (about 3M), but I did notice as it installed that it mentioned ODBC components. Now I don't know what components were installed but I'm not even going to check, because when I rebooted I was presented with the most fucked up window I could imagine.

privatefirewall Private Firewall: Click for full size.

Sygate

Sygate wanted me to download via TuCows, a site that has been a favourite download site for a very long time (in digital years), which I thought was okay. I was wrong. The Tucows installer immediately told me that it had to download the real installer (meaning that the install really was NOT a little over a Meg as they would have me believe).

sygate-tucows Sygate: Click for full size.

Then it wanted to install a pile of shitware, spyware, crapware, malware, or whatever you want to call this junk. Following in CNet's footsteps is a very sad move for Tucows, they have lost all street cred with me.

sygate-tucows Sygate: Click for full size.

Once the real installer was downloaded the first thing it did was open my default browser to stick another ad under my nose... what a fucking failure. After the reboot the first thing I was presented with? That's right, a screen for registration and the option to upgrade to a paid version. Fuckin' scum. Oh it gets better... I open it up and see that it is just another application firewall and to top it all off the window you use to manage your application list is not resizable so you can't properly read the names of the applications you are configuring. This one was a far bigger failure than I had expected.

Softperfect

This one weighed in at 880k in size which is the first sub-floppy application on the list here. It installed quick, didn't have any ads, no browser bombs, and looked like a simple interface that had a default block rule, and allowed for creation of rules to allow traffic. There was an application firewall "learning mode" if a user was so inclined, but after such an appropriately designed app I can hardly fault them for it. This one might be a keeper, I just need to test to see how much or little it affects network speed. I am positive that I have tried this one before and am a little worried that I previously stopped using it because it screwed something up... but I totally don't remember.

softperfect SoftPerfect: Click for full size.

Openfirewall

This one didn't take long.

openfirewall Openfirewall.

Firewall PAPI

This one was a little weird, it looked like it could be good but the rules didn't seem to make sense... and they didn't seem to work. I think this is a broken application as near as I can tell.

tdifw

Strange, a firewall specifically for NT (thought it might work for XP as well) that installs itself as a service using a batch file and has a flat text file for configuration. I guess it could work in a "quick and dirty" situation but why would you do that with a firewall?

QaasWall

Not actually a complete firewall, the intent is to use this to block certain IP addresses based on how many simultaneous connections it has. This would be good for a web server for example that might be DoS attacked. Of course if the attack was distributed (DDoS) then it probably wouldn't help much.

wipfw

Another incomplete product (I guess) that is installed via Control Panel/Networking and is configured by flat text file. A possible advantage of the flat text file thing is that you could potentially create rulesets to block specific things and then distribute the text-based rules to other machines... though it would be much easier if the software supported inclusion of other text files as config files (that way you wouldn't have to paste new sections in to your existing config).

Looks like Softperfect is going to be the king on this list... I think I'll install it on my laptop and see if it has any adverse effects on speed or on the OS in general. Sorry about all the screenshots by the way, if anyone (like me) has a shitty Internet connection this article might be a little slow to load.

Made with Notepad++ & FastStone, without javascript, cookies, or the help of Clippy or ai. Hosted on Devuan with nginx & powered by NK shrooms.