Author Topic: Best Firewall / Anti-Virus ( Hardware or software types )  (Read 1128 times)

Offline 2bighorn

  • Gold Member
  • *****
  • Posts: 2829
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #15 on: July 29, 2008, 05:36:38 PM »
Llama, I know what you're trying to say, but no matter what they have sent to you, those aren't consumer grade products (with exception of D-link).

Consumer grade are TZ150 or Zywall 2+.

Nobody is going to buy $600 device + $170 (per year) for AV+IDP card just to filter some web content.
AV software + decent personal firewall are way cheaper (per year) and more effective for the typical consumer.

Those are SOHO products with emphasis on NAT, VPN (for 10 or more clients), QoS, DMZ, Failover WAN or dialup, loadbalancing and decent stateful (and/or DP inspection) firewall, with enough memory and CPU power for few thousands concurrent sessions.
For that reason you can't get most out of them over web GUI, they provide console port with powerful CLI.
Avg consumer can't even properly configure those.


AV and content filtering are just an extra candy (and extra $$).


If you want to test econobox car and manufacturer is sending you a pickup instead, you're not going to evaluate it as such.

Offline 2bighorn

  • Gold Member
  • *****
  • Posts: 2829
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #16 on: July 29, 2008, 07:04:30 PM »
I mean when you do a portscan of an IP address where the Sonicwall is connected, all the inactive ports are reported as "they exist and are closed" rather than "these ports don't exist, so there's no point in looking for a response."

Just the matter of configuration, usually under firewall/security, called anti-probing or similar with option not to respond to requests for unauthorized services. If you have some servers on your network, you want to respond to service requests at least during testing.

Yes, it is supposed to, but even variants of the Storm worm were allowed through. I had a mix of both old and very VERY new viruses, and I can't say that any of the units did very well. Bottom line: 8000 signatures just isn't enough, even when focusing on new threats. Oddly, the SonicWall blocked a virus when it was zipped up, but let it through when it was a straight uncompressed EXE.

How new the virus is doesn't matter. What matters is if it is in the wild (circulating). Most of the times you have 100 to 200 variants of 3-4 viruses. That's it. If you don't test with samples matching those in the wild, then your test is flawed.

I got these lines from the vendors after sharing my results with them. When I was acquiring them, they really were being sold as a primary line of defense. That's disingenuous. More on this later.

Disingenuous only to those who don't understand the primary function of UTM devices and requirements of small businesses. Firewall filtering, securing LAN, VPN and wireless are primary concerns.

True. Sonicwalls' homepage says "SonicWALL's family of network security appliances combines robust UTM security services with high-speed deep packet inspection to provide small, mid-size and enterprise-class organizations the best protection possible." CheckPoint says "Safe@Office keeps your network safe with proven technology. " Stonger statements are made deeper in their websites.  That's the standard I held these devices to.


Apart from some buzz words, they are secure if properly configured. Keep on mind UTM appliance are just first line of defense, but not the last.

"CPUS" refers to the CPU Magazine scoring system, where 1 star is terrible, 5 stars are perfect, and 2.5 stars average. The magazine refers to the scoring in language like "This product earns 3.5 CPUs." Not my system, BTW, but its is required in all reviews.

Very misleading for the first time readers when thrown in the specs table.

The categorized content filter/monitor was not included in the unit I received from SonicWall, where I understand it to be an extra-cost option and subscription at this price point.

Just another proof it is not 'consumer' grade product.


Apart from all this, nice article...

Offline llama

  • Silver Member
  • ****
  • Posts: 819
      • http://www.warrenernst.com/
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #17 on: July 29, 2008, 11:10:37 PM »
Let's be clear about the context of this discussion.

The subject is "Best Firewall/Antivirus."

I warn that UTM devices that a home user is likely to consider are terribly ineffective at antivirus duties, but as firewalls they are a networking nerd's dream come true. And I base this on actually using the UTMs and subjecting them to real-world tests.

If the argument is that the UTMs I tested were too "high end," then I think we can all assume that lesser UTMs would do even worse against viruses. And about the "high end." This issue, we're reviewing high-end PCs, some of which are more than $15,000, for example. That's not a typo. Some of our readers have no problem spending big bucks on the best, or what they perceive as being the best, so $600 for a UTM or router is not a huge expense for some of them if they think it's doing for them what is advertised. In this case, i think I revealed these UTMs aren't doing it enough to justify the price.

If you're looking for "average computer user" stuff, there are a lot of other magazines out there that may interest you instead.

One final word about viruses. I've been reviewing AV software since 1996 for various magazines. I have a virus zoo that's now over 120,000 files, with more than 60,000 unique variants (counts vary, depending on the scanner). I've been collecting since the mid 90's, and I have several honeypot servers that keep adding to my collection while I sleep. I never reveal to anyone but my editor what the virus samples are, because I don't need vendors of anything cherry-picking their definitions for my reviews. For example, I won't ever say "I tested with Trojan.Brisv.A, Downloader.Zlob!gen.3, VBS.Repulik.A, Backdoor.Lusillon, and W32.Xpiro viruses to see what was caught" because next time I'm gonna get a product that catches all of these because someone packed in a custom definition file. This has happened to me before. At any rate, all I can tell you is that a wide variety of threats, both old and recent, were thrown at these devices. You can see from the list of what was caught that in many cases it wasn't even the newest stuff.

Critiques make the next reviews better, so by all means, keep 'em coming.

-Llama



Interesting server at 69.12.181.171

Offline 715

  • Silver Member
  • ****
  • Posts: 1835
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #18 on: July 29, 2008, 11:59:01 PM »
TC, FWIW, I use NOD32 and Comodo (but i turn the annoying 'safe search' and defence+ off). From what i have read Comodo scores pretty high in leak tests and is consistently one of the best. But it has started to become more 'bloaty' recently with 'value-added' 'features' etc etc which are a bit annoying - to me anyway.

I believe this blog, that reviews software firewalls, mentioned that the 3.0 version of Comodo does not have any leak protection if you turn off Defense+.  Comments from Comodo seemed to sort of imply this as well.  The blogger said this isn't true for prior versions of Comodo.

http://blog.scotsnewsletter.com/2008/01/20/do-not-rely-on-comodo-3s-basic-firewall/

On another note: does anyone besides me feel a bit queasy using "free" software?  I can't shake my suspicions that "free" software is hiding something not nice.  :noid  I can't see why they give it away.   I gravitate towards paid software- but then maybe I'm naive as it could also contain bad stuff.

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #19 on: July 30, 2008, 12:36:31 AM »
Lots of questions from lots of folks: I'll answer what I can.

1 - Maybe with more advanced SonicWall gear, but not with this one. I was really looking forward to this level of blocking, but Norton blocked the exact same number of drive-bys when the test PC was hooked up behind the sonicwall and when it wasn't. To be fair, no home-level UTM did very well.

2 - I mean when you do a portscan of an IP address where the Sonicwall is connected, all the inactive ports are reported as "they exist and are closed" rather than "these ports don't exist, so there's no point in looking for a response."

3 - Yes, it is supposed to, but even variants of the Storm worm were allowed through. I had a mix of both old and very VERY new viruses, and I can't say that any of the units did very well. Bottom line: 8000 signatures just isn't enough, even when focusing on new threats. Oddly, the SonicWall blocked a virus when it was zipped up, but let it through when it was a straight uncompressed EXE.

4 - I got these lines from the vendors after sharing my results with them. When I was acquiring them, they really were being sold as a primary line of defense. That's disingenuous. More on this later.

5 -The categorized content filter/monitor was not included in the unit I received from SonicWall, where I understand it to be an extra-cost option and subscription at this price point. The lack of its presence was noted, but it didn't affect scoring. Our initial request for units did not specify the need for this feature, but when it was present in all the other models, is absence was merely noted, as the initial paragraphs stated it would.

1 - nah I've seen good pickups on the entry level stuff. IIRC my TZ190 at home collected some spyware from advertising on a certain magazine site I visited once.

2 - not a biggie imho. IPS can deal to portscans anyway

3 - odd once again. As part of training we download a variety of worms/virus's, in zipped, exe, etc format. This is done behind tz190s.

4 - dunno bout the USA. But in NZ and Australia it's made very clear what the limitations of the AV/AS sig set are.

5 - in the smaller units the pricing is negligible to get Content Filtering. Lets look at the pricing based on the RRP US List I have from the July pricelist:

TZ180 Wireless/10 $654
IPS/GAV/GAS Renewal $174
Support Renewal $138

OR TZ180 Wireless/10 Totalsecure $840
(this includes 1 Year of IPS/GAV/GAS, 1 Year of Content Filtering, 1 Year of 8x5 Support, and a ViewPoint license)

CGSS 2nd year $252
(this includes 1 Year of IPS/GAV/GAS, 1 Year of Content Filtering, 1 Year of 8x5 Support, and a ViewPoint license)

I notice no mention was made of reporting functionality such as ViewPoint either. TBH the person at sonicwall who supplied the unit needs a kick in the backside for not including CFS - but I still think the article is misleading. And am disappointed the reporting functionality was not covered as this is a big feature for me (esp in the SOHO market).

Also not mentioned was any of the IPS/application management?

Offline llama

  • Silver Member
  • ****
  • Posts: 819
      • http://www.warrenernst.com/
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #20 on: July 30, 2008, 12:50:38 AM »
Quote
3 - odd once again. As part of training we download a variety of worms/virus's, in zipped, exe, etc format. This is done behind tz190s.

I have a theory about this, which you can correct me on. You said it happened during training. Did YOU supply the viruses, or did the trainer from SonicWall supply viruses? If the latter, it is a good example of the cherry picking of viruses I mentioned earlier.

Intrusion prevention wasn't covered mainly due to a lack of space, and given space constraints, my editor wanted focus on classic AV/AS.

If it were *my* magazine, things would be different. ;-)

-Llama

Interesting server at 69.12.181.171

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #21 on: July 30, 2008, 01:05:20 AM »
I have a theory about this, which you can correct me on. You said it happened during training. Did YOU supply the viruses, or did the trainer from SonicWall supply viruses? If the latter, it is a good example of the cherry picking of viruses I mentioned earlier.

Intrusion prevention wasn't covered mainly due to a lack of space, and given space constraints, my editor wanted focus on classic AV/AS.

If it were *my* magazine, things would be different. ;-)

-Llama

Random virus'y/spyware infested webpages. In fact theres usually at least one bit of malware that gets through too.

TBH the main driver for purchase for the sonicwall is not the AV/AS capabilities. It's the IPS application management, content filtering. in NZ these are driven by:
 - Data caps/high int'l bandwidth costs. SOHO/SMB users here have experienced what we call billshock, where they get a multi-thousand dollar bill for traffic overuse - quite often due to a P2P app. The most recent case I've dealt with was in Jan for $25000 bill. With SOHO/residential caps they usually get slowed to dial up speeds until the cap rollover date.
 - P2P. NZ Copyright law has been amended to enforce ISPs to act against repeat copyright infringement users (ie 3 strikes and you're out).  Many people are now wanting to block P2P use within their networks. We also point out that if we can see P2P so can the ISPs, and how does it look for their business (big or small) look to be associated with traffic primarily used for illegal downloads
 - CFS. Safe workplace laws, some companies have been sued. Also seeing parents wanting to pick up on this as well.
 - Reporting, people want the mystery taken out of their internet use (be it home or business).

In fact my 'sales slides' only mention AV/AS very lightly, I'll dig up your email and flick you a copy. Just so you can see how we position them.




Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #22 on: July 30, 2008, 01:06:38 AM »
LOL, I doubt we'll hear more than sales pitch for Sonicwall.

Hey I love the product because I'm a geek and because it's good :)  . I won't pimp stuff if I have no faith in it.

Offline 2bighorn

  • Gold Member
  • *****
  • Posts: 2829
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #23 on: July 30, 2008, 11:25:43 AM »
On another note: does anyone besides me feel a bit queasy using "free" software?  I can't shake my suspicions that "free" software is hiding something not nice.  :noid  I can't see why they give it away.   I gravitate towards paid software- but then maybe I'm naive as it could also contain bad stuff.

Not every free software is bad. Just think about open source. Then, not everything you pay for is good either. Think of Norton, McAfee, etc.
Anyways, even though Comodo is free, I'd still rate it among top five personal firewalls. Top two are still ZA pro and Outpost pro. With Outpost being slightly better in terms of resources, security and stability. Outpost's GUI is not as friendly as ZA pro, but that's not major minus. It is cheaper as well (license good for 3 PCs).

Offline 2bighorn

  • Gold Member
  • *****
  • Posts: 2829
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #24 on: July 30, 2008, 11:37:43 AM »
and because it's good :)  .

I'm not saying it isn't good. It's just that if you want to make good use of it, you need enhanced OS and for the TZ series, that doubles the price. If you want support and upgrades, you need support subscription.
TZ series is also a tad aged in comparison with some competitors. Hardware is not sized properly to accommodate OS capabilities (needs faster CPU and more memory). CLI is kinda lacking too.

If we stick to products from llama's article, and if I'd have to chose, I'd pick zywall USG100 over TZ180 anytime.

Offline a1945

  • Zinc Member
  • *
  • Posts: 61
      • YouTube
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #25 on: July 30, 2008, 12:13:29 PM »
so what antivirus/antiadware is free? i use avast antivirus home version its free and probably the best available, and for spyware i have PC Tools Spyware Doctor. Can anyone tell me of anymore free antivirus/adware software? legit please :P oh and what can a firewall do to protect me?

Offline 2bighorn

  • Gold Member
  • *****
  • Posts: 2829
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #26 on: July 30, 2008, 12:36:36 PM »
so what antivirus/antiadware is free? i use avast antivirus home version its free and probably the best available, and for spyware i have PC Tools Spyware Doctor. Can anyone tell me of anymore free antivirus/adware software? legit please :P

Unfortunately, there isn't free AV software which could match paid versions. Avast is decent, so are Avira and AVG.
Spyware Doctor is not bad, but Spybot Search&Destroy is better.

oh and what can a firewall do to protect me?
If you're NATed and if you secure your system in Skuzzy's fashion (using Lynx and surfing Gopher instead of WWW  ;) ) you probably won't need it.

Offline a1945

  • Zinc Member
  • *
  • Posts: 61
      • YouTube
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #27 on: July 30, 2008, 01:19:00 PM »
Unfortunately, there isn't free AV software which could match paid versions. Avast is decent, so are Avira and AVG.
Spyware Doctor is not bad, but Spybot Search&Destroy is better.
If you're NATed and if you secure your system in Skuzzy's fashion (using Lynx and surfing Gopher instead of WWW  ;) ) you probably won't need it.
1 i run xp and the comp is basically used to surf the web and game. 2 is spybot free?

Offline 2bighorn

  • Gold Member
  • *****
  • Posts: 2829
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #28 on: July 30, 2008, 02:03:24 PM »
1 i run xp and the comp is basically used to surf the web and game. 2 is spybot free?

For the vast majority of the users, I say you need firewall anytime you're on the internet. If you need firewall and you don't want to pay, get Comodo. It's the best free firewall http://www.personalfirewall.comodo.com/download_firewall.html

Yes spybot is free http://www.safer-networking.org/en/home/index.html

Offline a1945

  • Zinc Member
  • *
  • Posts: 61
      • YouTube
Re: Best Firewall / Anti-Virus ( Hardware or software types )
« Reply #29 on: July 30, 2008, 02:13:50 PM »
thanks