May 5, 2006

Free Windows Firewalls

It seems like every year I need to go through this exersize over and over again.
The Firewall landscape seems to be like a formicating pool changing goalposts and lanscape as you watch.

What was good is now deprecated and vice-versa.

I used to prefer AtGuard, but then new exploits came on the scene which it did not catch (Due to some Windows low-level flaws) and the product was discontinued (and later bought by another company and defiled)

Then I swote by Tiny Personal Firewall (version 2015a), and that also went the way of the dodo.

Then it was Zone Alarm 5 (version 55940).

Then it was Kerio Personal Firewall 4.2.3.912.

And for the past year I was using Sygate Personal Firewall (which I bought)


To my great dismay I have now discovered that Symantec has bought Sygate and basically deprecated the product, and having no great love for Norton/Symantec or MacAfee I started to look for alternative.


These are my options now. (in order of preference)
  1. Core Force
  2. ZoneAlarm 55940
  3. Sygate 5.6
  4. Tiny Personal Firewall 2015a
  5. Kerio 4.2.3.912
  6. AtGuard 322u


For most people I would suggest ZoneAlarm 5 which can be found at OldVersion, but if you have a bit of time (at least initially) but want FULL and I mean *FULL!* control over all programs and access on your machine, look no further than Core Force. It may not be as polished as the rest, but it is totally free and massivle configureable.

Most of these firewalls and versions can be found using google or on the OldVersions site.

My criteria have been:
  • Machine Performance Degredation/Footprint (Sygate was the best here)
  • Ease of Use (ZoneAlarm)
  • Configureability (Core Force, Sygate, Kerio, Tiny)
  • Cost (Can't argue with Free)
Any comments welcome.

Creating a SSH tunnel to the internet.

Ever been at a client with Orwellian access restrictions on the internet?

Why not use what they provide you to the max without cracking their security.

What you will need:

1. Access/login to a linux machine with ssh running on port 80 (or 443)

(See UnixShell - They're grrreat!)

2. The proxytunnel client program.


Creating the tunnel:

Firstly you will need to create a TCPIP tunnel through your proxy server. For my example I'm running OS X (on my shiny MacBook Pro).

To do this, add the following (2 lines) to your ~/.ssh/config file:


Host shell.my-host.com
ProxyCommand /Users/teuton/bin/proxytunnel -N -p "local-proxy:8080" -u "proxy-user" -s "proxy-pass" -d "shell.my-host.com:443"


Great! We are all set! You may need to tweak these settings depending on your local proxy server type and configuration (NTML auth etc)

Now the easy part.

Creating the proxy:

To ssh into your machine simply type:

> ssh teuton@shell.my-host.com

To make things easier it is advised that you create ssh public and private key pairs and set these up... (see ssh-keygen command, and always check access rights are correct!)

Now create a proxy to services you require.

The following will create a SOCKS5 proxy for you:

> ssh -N -D 8080 teuton@shell.my-host.com

This will create a tunnel to your remote POP port: (local port 2110)

> ssh -N -L 2110:127.0.0.1:110 teuton@shell.my-host.com

This will create a tunnel to a jabber port at a 3rd party host

> ssh -N -L 6222:jabber.third-party.com:5222 teuton@shell.my-host.com


How all you need to do is create a script file:


~/bin$ cat t
#!/bin/sh
while true
do
ssh -N -L 2143:127.0.0.1:143 -D 8080 teuton@shell.my-host.com
sleep 1
done


And you are set:

Lastly to configure your applications, just add a SOCKS server entry (no other HTTP/S entries should be added). Some applications may still not work. For these you may need to create custom direct proxies to specified ports.