What firewall do you use and why?

As the subject says, I am seeking a replacement to my current firewall. I am sick of trials and nonfunctional firewalls. I need the following:
1. Application specific rules. Meaning I need to know I can block a program before it is ever ran and rely on it never gaining access to the Internet. Firewalls that are only blocking certain ports are useless. They are easily bypassed by even a simple program.
2. IPv4/IPv6 support. My Internet provider does not provide IPv6 yet, but that means nothing since IPv6 can easily be converted to IPv4 by the program or even by Windows itself. So any firewall that does not work with both protocalls is vulnerable to this.
3. Freeware. It must not cost anything. I will not spend money on a firewall I cannot rely on, and I will not even try trailware, so Freeware is the only option.
4. ZERO spyware/adware/intrusive crap. I run a blocklist alongside my current firewall to block things that manage to slip by for one reason or another. If I see things like this I get pissed. (I have been using Comodo for years. They are free, but they are trying to get out every few minutes. What they are attempting to communicate is not known to me, but I will never let it out. And yes, I have all the little "Check for updates" and such things disabled. It *STILL* tries to call home.

The reason you only see two entries is that I clear it regularly during the day. That is a practice I would love to put behind me.

 

I just use the firewall built into windows. It's free, it has per program rules, I'm pretty sure it supports IPV6 and nothing needs to be installed. The only major issue is that it does not block outgoing traffic by default and blocking outgoing traffic is done on a per program basis.

 

Sorry, but what Microsoft calls a firewall barely qualifies. It cannot and will not block many things. It is unable to be easily changed like real firewalls, and it is not free in that you bought it with Windows. But I thank you for the information. I need something much more rugged and reliable though.

Even though Comodo firewall tries to call home, it can and is easily blocked from doing this. And Comodo can be set to block all Internet access entirely whenever I want to without having to change anything at all in a persistent way. (Right click the tray icon and set it to "Block All Mode", or back from that to "Custom Mode".)

You cannot do that or most of what you will see in this next image in the Windows Firewall.

 

Comodo is the one I have been using for years too. It is good, but seeing it try to break out over and over on Peerblock is disappointing. I cannot explain why they would care to try to call home every few minutes all day long while I continue to block it and have not permitted it to check for updates.

Oh well. If I am using the best one there is then I cannot complain too much. It works with few exceptions and Peerblock remedies the few exceptions that slip by.

 

I agree with deek on this one. It's much easier to get a firewall that is independent from the system, because that way whatever hiccups the system has won't affect you. And if you know what you are doing, it's rather difficult to get a virus or malware even if you aren't using a firewall.

 

While that is certainly interesting, that is also nearly $500 USD. 285 + 40 + 75 + shipping. And I would still need a firewall on my system to block applications individually. (If I had a spare system I would already have a firewall/router box. though. That is just a nicer solution.)

In my several decades of computing I think I had a virus once or twice in the early years. Since then no chance. They are easy to spot and avoid unless you do things in a risky way.

 

Yep. Most malware is self-inflicted, despite a career of customers and co-workers saying otherwise. When I tell one of my associates the reason they can barely do anything on IE7 is because they decided to install a number of custom tool bars, "free anti virus," and any one of the numerous knock-off P2P clients, they blame expert hax0rs.

This is actually the setup I use at home. It's not hard to pick up some really decent custom firmware for a lot of the routers on the market. It's not "Free", but routers are often a required expense anyway.

Though, I put Tea Timer(Not a firewall) on my wife's computer, though I still wind up reformatting it once every year.

 

For the unaware, Tea Timer is bundled with Spybot S&D now days. And Yes, both are entirely freeware and painless.

The only thing keeping me from flashing the firmware of my router to use dd-wrt and using that to do half of what we are discussing is the fact that I cannot replace it if anything goes wrong. I have a nice WRT-54GL router and have not had to change a setting in five or more years. But I still cannot afford to replace it if the firmware flash went badly or something. (It would be a three part flash to get wrt or Tomato or one of the other good firmwares on it, since it uses a pathetic 4MB RAM/ROM size. Thus I have to start with Micro and move up in stages to get it working.)

 

This is just a bump post to see if any of the new members have any other ideas. I am still using Comodo Firewall. It is still the only option I can see for a free to use firewall that actually seems to work. Anyone have any other suggestions? I am all ears.

 

I've been using Privatefirewall for months now. I've noticed no problems with it, and it's a hell of a lot easier to use than Comodo and its "A program wants to access the hard drive? SHUT. DOWN. EVERYTHING." tendencies. The only downside is that it tends to require an uninstall for most of its patches, which means you get to export your settings to an .xml file, reinstall, then hope the importing process actually works (which can be a bit sketchy).

 

Thanks. I will unplug my ethernet and uninstall Comodo next time I reboot. Then I will install that firewall. It looks very good.

 

Lol. Every five minutes Comodo tries to call home. Total and complete spyware. I could do screenshots of my settings to demonstrate that I have forbidden it from checking for updates and any other contact stuff. But there is no point.

 

I have tried using their installer that downloads half the program automagically for the install. So it was unblocked during that time. And I do not use the "Defense +" part at all, nor the antiviral, nor the sandbox part. They are all disabled. I have no idea why it keps checking. But it does. If you examine that list you will see that it is literally doing a port scan. It started doing this in the 20ks or perhaps it was the 30ks. But it is currently in the middle 50ks. It does not relent ever, and the few times I have let it out, it did nothing more than "SEND" data. It received no replies.

It is pretty clearly doing something more akin to keylogging or somesuch. Otherwise, it would actually download something when I let it out.

*Edit* Sadly I will not be reading the link you sent. I would have to unblock Comodo to do that. Thank you nonetheless.

 

Good points.

I am using an older version. I see no need to update often. (If it is not broken, why fix it?)

I just got back from a reboot to Ubuntu where I did check the link you posted. But thank you for the hand-holding. I do appreciate the extra help.

 

I think I will give Privatefirewall a try. If it works out, I may never return to Comodo. If not then I guess it is time for me to update to the latest version.

Privatefirewall is a tiny program. The installer is 3.56 MB. I have no idea yet if it is going to download more when I install or not. Comodo is closer to 60MB before it downloads more stuff.