Great Firewall for Windows

If you are using Windows then you have a lot of choices for firewalls. The bad choices is the built in windows xp sp2 firewall, there are others as well some good and some not so good (Nothing I tried is worse then Microsoft’s Firewall). But the best firewall in my opinion is Agnitum Outpost Firewall Pro:

Agnitum: Outpost Firewall Pro

This is a windows firewall that really is amazing for all skill level, it provides the basic functionality that my wife and kids can use, without asking many questions. But for a seasoned security professional such as myself it gives control options not found in any other firewall.

Lets first start with some of the plug-in applications that are provided by default with the firewall.

  • Active Content Plug-in – Provides the ability to block, allow or prompt for various things. All of these things can be selected at a granular level with explanation available on each of the items Plus provide control that is different for Mail and Web.  There is also an ability to add total exclusions to the whole list for sites that are totally trusted. But even those sites that are trusted can still be controlled on a per item basis which is totally unheard off.  So for example your work E-Mail system has a virus that opens up  ActiveX or VBScript, but you being a savvy security person decide that you only want Java Applets or Java Script. No problem you can set-up exactly that on a per site basis. Here is a list of all the things that can be controlled:

  • Privacy – Cookies, ActiveX, Java Applets, Referrers can all be controlled
  • Page Optimization – Flash, Hidden Frames, Animated GIF, External Active Content
  • Scripting – Java Script, VB Script, ActiveX, Pop-Up Windows
  • Sick of those Adds? No problem, the firewall has AntiAdd feature that allows you to block adds either by content (keywords) or from particular sites. Well this firewall does the Add Blocking for you. If you use the Firefox browser you can probably do something pretty similar by utilizing a plug-in. But you can not do it uniformly across all browsers, and programs that use the web as the content delivery mechanism.  A list of sites automatically is provided for you and can be expended by using different lists from the forums, but I personally like to delete all of them and only block the adds I do not want to see.  For example I do want to see adds from google because I find them unobtrusive and not taking up lots of space and bandwidth.   There is also the ability to block by size of the image, which Agnitum provided the most common add format when you do.  I find this feature actually a bit annoying, because it sometimes blocks images on shopping sites, but it can easily be disabled at a simple click or can be overwritten by using exclusion sites.  The adds list can be exported, and imported at will as well.
  • Anti Spyware – Yes I know you have a spyware program to do just that, but since it is a plug-in does not take up lots of memory and is updated frequently there is no reason not to add another layer of protection.
  • Attack Detection – I am not going to speak much on this as it is a simple attack detection theme. Perhaps this is where the firewall lacks a bit of the IDS functionality against other firewalls. It does not mean that it does not identify the problems, or let something through. It just does not provide the rich explanation of exactly what particular attack is being run against your computer.
  • DNS Cache – is simple DNS caching program which allows you to have totall exclusion for sites that have numerous rotating servers, such as a banking site.

    • Now lets get to the meat of the program, the program is one of the most flexible rule base firewalls ever. It does have a mode that advises what to do in each lf the categories.  The program gives advise to the beginner and opens up ports if OK is clicked, but for advanced users it gives tremendous options. The options below can be used in any combination that you want to provide very granular rules on a per application basis in any combination that you might want.

    • Protocol  – TCP, UDP
    • Direction of the connection – Inbound, Outbound, Transient
    • Remote Host – Can be Domain Name, Ip Address, IP Subnet, Address Macros (which can be expended)
    • Remote Port (Initiating port)
    • Local Host
    • Local Port (Destination Port)
    • Time Interval
    • Local Port – Allows connection on local port for remote port.
    • Local Port is equal to remote port (automatically set -up)

    For each of the actions the following methods are allowed:

    • Allow Connection
    • Block Connection
    • Report it
    • Run Application – Can be selected locally
    • Do not log activity
    • Stateful Inspection
    • Ignore Component Control.

    With such granularity on a per application, but we are not finished yet. There is also Anti-Leak protection and Component Control.   You can control a number of areas that I will not describe here, but basically this firewall can do everything you want.

    I have been using it now for a few years, and every time I re-evaluate the firewalls I always come back to this one.

    Take a look for yourself.

    Technorati Tags: , , , , ,
    WordPress Tags: , , , , ,

    Site Search Tags: , , , , ,

    This entry was posted on Wednesday, May 9th, 2007 at 1:07 am and is filed under Windows Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply