Looking For A Real Firewall 2013-07-07
I have a laptop running Windows XP/SP2 - which by most people's standards is old. I do not run Windows 7 or Windows 8 because they are irritating as hell, they are more bloated than they need to be, they have too many automated unconfigurable pieces, and generally they are all flash. I do not run Linux as a desktop because it is suffering from the same boating issues that Windows has (even though Linux users love to brag about how it isn't). Linux also has a tendency to require interpreters, libraries and support dependencies such as Perl, Java, and numerous libraries, but at least some distributions have cleaned up the dependency hell they once had.
Recently my XP laptop started popping up a little bubble to tell me that my (built-in) firewall is disabled. The bubble pops up and disappears so quickly that I had to install some recording software so I could catch it by advancing frame by frame. I checked for viruses and I uninstalled any of the shit I didn't need any more but the problem is still here. I was thinking of doing some more screwing around and then I figured I should just get a more advanced firewall and disable the Windows firewall. I went surfing around to see what I could find:
Most of the links I found to this thing were redirections to cnet.com which is a fucking crock of crap. In case anyone didn't know, CNet packages all of their downloads as a downloader. What? Yeah, that's right... you download a downloader from CNet. You run it and then it downloads the REAL application installer. This is so that they can package advertising and other miscellaneous crapware with every application they make available. When I finally found a link that was not via CNet, it turned out that Comodo Shitty Firewall is 142M in size - which is at least fourteen times as big as it needs to be. I can't possibly imagine how anyone could develop a firewall that is that big.
Next up was TinyWall, it doesn't run on XP and requires Microsoft .NET v4.5 - total fail.
I saw this one reviewed at Gizmodo and when I followed the link to the AVS site all I saw was DVD ripper software and audio ripper software - no reference to firewall software to be found - FAIL.
This site had a list of "free firewalls" that were suggested but that they had not had time to check out yet. AVG was on the list but it turns out the application is called AVG Internet Security 2013, and it is not free.
They must have made it rich because their web site looks very professional and they have no free software at all (nor do they have a paid version firewall anyways).
Their web site is a fake story about a lottery.
Jetico Personal Firewall
Not free any more.
Web site abandoned
Not free anymore, lite version not offered anymore, whatever.
- more than 100M
- its official download is from CNet (this is bad)
- installs Microsoft Visual C++ Visual Runtime Libraries (this is bad)
- it installs those libraries without asking and without telling you that it will do so (very bad)
- the installer spends over two minutes collecting SmartScan Data (whatever the hell that is)
- the "trial" is only three days, hardly enough to make an educated decision about paying for it
- it begs you to install the pro version, when you click on "Register" to get the free version it presents you with a web page that offers both the pro and free versions but the free version button is intentionally made to appear greyed out (misleading)
- when you give them your email address to register the free version you are told that you have been sent an email but the email does not arrive quickly (perhaps at all) - it is probably delayed in order to get people to try paying to shut it up
- it opens your browser unannounced to show you ads for the pro version
- it allows you to enable/disable SmartScan without actually saying what SmartScan is
- by default it assumes you want to participate in their "improvement program" by sending information about your PC to them
- by default installs anti spam software for Outlook (bloated) and TheBat! (known spammer email client)
This product does claim to be a "security suite" but is of little value to an advanced user who just wants to create firewall rules to control network traffic. Additionally, it is also pretty useless to a novice user since they would have no idea what 99% of the terminology means and could never make an informed decision about how to set any of the configuration options (many of which are irrelevant, not applicable, or lame).
There is a cute typo in their installer... it says to click "Install" but there is no install button. I guess this was a last minute thing they shoved in to stuff a link to their web site under your nose.
It has a ten day trial which is better than Outpost's three day joke, but still too short to make an informed decision about using it. The software allows you to register for free, sends you an email right away, but still tries to fool you in to thinking that the "I don't wanna pay" button is greyed out. Once I finally got it up and running I was able to see that it is strictly an application firewall and is unable to make rules based on network traffic (only based on individual local executable files). While I am at it, I thought it might be cute to post a screenshot of the fact that the Ashampoo Firewall downloader (the crap from CNet) wanted me to install ZoneAlarm Firewall before I downloaded it. In case you didn't catch the irony of that, it would be like being asked if you want to download OpenOffice just as you are trying to download StarOffice... get it?
Even though the installer is a mere 30M (I am being sarcastic, that is too much for a firewall), it ends up extracting and downloading more shit until it winds up being over 70M... and who knows how much shit it puts in the Windows directory tree. During the install it also made very obvious choices of trial edition or pro edition but really down played the option for the free edition
After the post-install reboot, it gave me an alert telling me that it is in "learning mode" which would take about two minutes and that I should wait for it to finish before proceeding. After the prescribed two minutes I found that it popped up a bubble to tell me each time an application tried to resolve a name (like snork.ca) into an IP address... this could be extremely annoying unless you plan to remember millions of IP addresses. It also decided to pop up a little bubble to tell me about the great new shit they have for sale.
I then tried to use its "domain" feature to block snork.ca... but it didn't work at all. I noticed in the options that by default it assumes that you wish to join the "Anti-Malware Network" whatever that is. If you really wanted to you could make rudimentary individual firewall rules with this but it would be a slow and painful process, hindered by a load of additional shit you don't need.
Lots of people like this one... perhaps it is the catchy name. I think it sucks. To begin with, it is frequently advertised with other products, this is not so much a complaint about the firewall application itself but rather the marketing behind it (which is the reason for its popularity). ZoneAlarm has obviously been bought by CheckPoint, you can tell by the array of annoying ads with the CheckPoint brand on them.
It tries to install additional shit during the install (you can deselect most of it). It also installs Visual C++ runtime files without warning of any kind. It wants you to register your email address so they can pound you with more ads. It has cute Facebook and Twitter and "Upgrade Now!" buttons to encourage you to get your friends to look at their ads as well. Considering that this application has one of the best reputations as a firewall, it is one of the largest and least configurable applications I tried. I would not recommend this to anyone, novice or advanced user... for any reason.
The install for this is much smaller than any of the previously named firewalls that I was actually able to download and try (about 3M), but I did notice as it installed that it mentioned ODBC components. Now I don't know what components were installed but I'm not even going to check, because when I rebooted I was presented with the most fucked up window I could imagine.
Sygate wanted me to download via TuCows, a site that has been a favourite download site for a very long time (in digital years), which I thought was okay. I was wrong. The Tucows installer immediately told me that it had to download the real installer (meaning that the install really was NOT a little over a Meg as they would have me believe).
Then it wanted to install a pile of shitware, spyware, crapware, malware, or whatever you want to call this junk. Following in CNet's footsteps is a very sad move for Tucows, they have lost all street cred with me.
Once the real installer was downloaded the first thing it did was open my default browser to stick another ad under my nose... what a fucking failure. After the reboot the first thing I was presented with? That's right, a screen for registration and the option to upgrade to a paid version. Fuckin' scum. Oh it gets better... I open it up and see that it is just another application firewall and to top it all off the window you use to manage your application list is not resizable so you can't properly read the names of the applications you are configuring. This one was a far bigger failure than I had expected.
This one weighed in at 880k in size which is the first sub-floppy application on the list here. It installed quick, didn't have any ads, no browser bombs, and looked like a simple interface that had a default block rule, and allowed for creation of rules to allow traffic. There was an application firewall "learning mode" if a user was so inclined, but after such an appropriately designed app I can hardly fault them for it. This one might be a keeper, I just need to test to see how much or little it affects network speed. I am positive that I have tried this one before and am a little worried that I previously stopped using it because it screwed something up... but I totally don't remember.
This one didn't take long.
This one was a little weird, it looked like it could be good but the rules didn't seem to make sense... and they didn't seem to work. I think this is a broken application as near as I can tell.
Strange, a firewall specifically for NT (thought it might work for XP as well) that installs itself as a service using a batch file and has a flat text file for configuration. I guess it could work in a "quick and dirty" situation but why would you do that with a firewall?
Not actually a complete firewall, the intent is to use this to block certain IP addresses based on how many simultaneous connections it has. This would be good for a web server for example that might be DoS attacked. Of course if the attack was distributed (DDoS) then it probably wouldn't help much.
Another incomplete product (I guess) that is installed via Control Panel/Networking and is configured by flat text file. A possible advantage of the flat text file thing is that you could potentially create rulesets to block specific things and then distribute the text-based rules to other machines... though it would be much easier if the software supported inclusion of other text files as config files (that way you wouldn't have to paste new sections in to your existing config).
Looks like Softperfect is going to be the king on this list... I think I'll install it on my laptop and see if it has any adverse effects on speed or on the OS in general. Sorry about all the screenshots by the way, if anyone (like me) has a shitty Internet connection this article might be a little slow to load.