Network News

X My Profile
View More Activity

Symantec to Ditch Sygate Firewall

Another free Windows firewall bites the dust. Symantec Corp. has announced rather abruptly that as of next week it will no longer support or offer its Sygate line of firewall products.

The move comes little more than three months after Symantec bought Sygate Technologies along with its Sygate Pro and Sygate Free personal firewall products. I use the free version of Sygate on two of my machines at home and will be sorry to see this excellent and highly configurable offering discontinued. No word yet on whether folks who recently purchased Sygate Pro will be eligible for a refund.

Symantec's purchase of Sygate was widely viewed as a bid to solidify and consolidate its market position in the enterprise security space, as Sygate's business-oriented network access and security compliance products were its bread and butter. I just wish it didn't have to come at the expense of what I consider the best free firewall for Windows home users out there today.

With the announcement earlier this month that Kerio Technologies would discontinue its free personal firewall software, the field is narrowing. Still, there are several trusty options. To name just a few (and I'd welcome any other suggestions via the comment section below):

  • Zone Alarm free
  • 8Signs
  • Tiny Personal Firewall
  • Jetico
  • By Brian Krebs  |  November 25, 2005; 10:15 PM ET
    Categories:  From the Bunker  
    Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Fake CIA, FBI E-Mails Power Sober Worm
    Next: Brokerage Hack Endangers Investors

    Comments

    Avast makes firewalls?

    Posted by: shanmuga | November 26, 2005 1:29 AM | Report abuse

    It's not good news. But I think a NAT router is a better line of defence than a software firewall. Dialup users will, of course, still want one. For XP users there is always the built-in firewall to use in lieu of (or as well as) a router. Windows 98 users are a bit stuck, of course, if the free firewalls start vanishing.

    People often say that a software firewall is a must because many can check outgoing traffic; so, if malware gets on the system, one will be alerted. But it seems that may be a false comfort, because these days malware will look for and turn off well-known firewalls like ZoneAlarm. Apparently, it is not hard to do.

    It seems to be Steve Gibson of GRC who popularized the idea of "outbound checking", and yet Gibson himself says he uses the built-in Windows firewall, which doesn't. He doesn't use ZoneAlarm, which does - which is the very product he did so much to popularize.

    The best defence against malware is not to get it in the first place, which means above all practising "safe hex", because once it gets on there it's going to turn of your ZoneAlarm firewall anyway.

    Bearing in mind that firewall software can cause its own problems with system reliability, I think I too would be most reluctant to add it to a new XP install these days. I used to like Sygate. But if Symantec's theory is that Sygate's vanishing means I'd eagerly rush out and buy a Symantec firewall, they're sadly mistaken. I'd use the Windows firewall.

    Posted by: Stefano | November 26, 2005 4:36 AM | Report abuse

    Shanmuga -- Thanks for that. Doh! I don't know how that AV prodcut made it onto the list. I've removed it. Wow that's a short list!

    Posted by: Bk | November 26, 2005 10:15 AM | Report abuse


    You forgot Kerio 2.1.5, a very popular but older firewall preferred by many. Zone Alarm Free is still one of the best out there and my preference. Easier to configure than Sygate.

    Posted by: Harry | November 26, 2005 11:00 AM | Report abuse

    Harry -- Thanks for commenting, but did you read the entry? Kerio will be phased out at the end of this year.

    Posted by: Bk | November 26, 2005 11:19 AM | Report abuse


    Right BK. Kerio may be phasing out but its version 2.1.5 will still be available for download at various download sites. It's just too popular. If ZAF goes paid I may use Kerio 2.1.5 myself.

    Posted by: Harry | November 26, 2005 12:48 PM | Report abuse

    In response to Stefano's comment, when Steve Gibson explained not using a software firewall on his Security Now podcast, he made it clear that he is very paranoid about security. He understands these things better than almost anyone. I think it would be sensible to leave outbound checking switched on for less sophisticated users.

    Posted by: Iain Cheyne | November 26, 2005 4:24 PM | Report abuse

    Fileseclab is a promising firewall
    http://www.filseclab.com/eng/products/firewall.htm

    Posted by: urbiz | November 26, 2005 5:00 PM | Report abuse

    Fileseclab is a promising firewall
    http://www.filseclab.com/eng/products/firewall.htm

    Posted by: urbiz | November 26, 2005 5:03 PM | Report abuse

    What's the big deal?

    Why stop using this just cause the sleaseballs symantec stop supporting it...it's still the best firewall out there!

    Posted by: Rick | November 26, 2005 5:17 PM | Report abuse

    If you were to pick a second firewall to use what would it be? Or what is the best firewall anti virus combination?

    Posted by: avsqjr | November 26, 2005 5:38 PM | Report abuse

    last time i checked, the excellent 8signs (which i use) isn't a freebie, and jetico is likey to only remain free whilst it undergoes beta testing.

    Posted by: psych | November 26, 2005 9:07 PM | Report abuse

    I agree with the other point that someone made re Nat routers. I have one on my broadband link, and think that it is great. I think that it is a mutch better idea to go that way than go down the software path. In the time that i've been using the Nat router with on board firewall, I haven't had any problems with my Windows xp machine.

    Posted by: Christopher Sims | November 27, 2005 12:43 AM | Report abuse

    Outpost Firewall Free


    By Agnitum

    Posted by: Roger | November 27, 2005 1:22 AM | Report abuse

    If you're really that concerned with outbound checking, get you a copy of ethereal going.

    In this day and age, it isn't that difficult to prevent 99.99% of malware from getting on your computer - Sony DRM issues notwithstanding (because you should have autoplay disabled anyway).

    Posted by: Derrill | November 27, 2005 1:45 AM | Report abuse

    Iain Cheyne:

    "... when Steve Gibson explained not using a software firewall on his Security Now podcast, he made it clear that he is very paranoid about security."

    That is quite untrue, and I can prove it by quoting what he did say.

    He did NOT say that he does not use the Windows firewall. He said that he did not use AV or anti-spyware software:


    Steve: But, see, I also don't have antivirus or anti-spyware of any kind.

    Leo: But you're very careful about what you do.

    Steve: I'm, yeah, the term would be "anal." I mean, I am so careful. Nothing could make me open a file attachment in email. I mean, just nothing.

    Leo: No.

    Steve: I also do something which is uncommon, which is to surf with IE. I still use Internet Explorer, but it's locked down so that it won't run any scripting or do anything unless I explicitly permit it on a per-site basis.


    http://www.grc.com/sn/SN-003.htm

    Frankly, Steve Gibson has security interests but is hardly a security expert anyway, even if he bills himself as one. As someone who is in the business pointed out he's never posted at Bugtraq or attended defcon.

    The uncharitable used to say he had - shall we say? - particular motives for pushing ZoneAlarm. I don't know. Let's not go down that road. But it is a really amusing that having done so much to sell it he reveals he doesn't use it.

    "I think it would be sensible to leave outbound checking switched on for less sophisticated users."

    "Think" would seem to be an odd term for you to use. The point I made was that if ZA (or whatever) is going to be switched off by malware if you get malware how is its "outbound checking" a weapon against malware?

    That is a general point related to what software can or cannot do and is COMPLETELY INDEPENDENT of whether a user is "less sophisticated" or not. You may extremely "unsophisticated": that won't stop a Trojan horse turning off ZoneAlarm, if you get one.

    Posted by: Anonymous | November 27, 2005 4:50 AM | Report abuse

    No Avast only makes Anti-virus programs


    http://www.hdtvtechno.com

    Posted by: noname | November 27, 2005 5:25 PM | Report abuse

    Use a hardware FW like IPCop or SmoothWall. IPCop can support multiple NICs. One to the Internet, one for your private LAN, one for your DMZ and even one for your wireless private LAN.

    AVG now has a firewall.

    Posted by: hyperspace | November 27, 2005 5:33 PM | Report abuse

    Another one bites the dust. Symantec continues to buy up the competition so they don't have anyone to screw their ****-uped programmers ****-uped programming efforts. Symantec knows what's best for the world including you.

    Posted by: Mark | November 27, 2005 8:57 PM | Report abuse

    I went to Sygate's (Symantec) site to grab a copy of the last build of SPF 5.6 (which is build 2808), so I'll have it in case I ever need to reinstall, and the download link didn't work. Fortunately they have it mirrored on Simtel at http://www.simtel.net/product.download.mirrors.php?id=53687

    There's no build # listed for it at Simtel but I installed it and it is indeed version 2808, the last version we'll ever see. Be warned that if you install it over your existing installation, it will delete all your config settings without asking, then reboot and force you to reinstall, so have those backed up.

    Symantec, you suck.

    Posted by: ch | November 27, 2005 10:01 PM | Report abuse

    Netveda Safetynet http://www.netveda.com/

    Posted by: Richrf | November 28, 2005 1:27 AM | Report abuse

    Posted by: lonto | November 28, 2005 2:01 AM | Report abuse

    The Sygate firewall is great but not perfect. If you use the "switch users" feature and have multiple concurrent users logged on, a user can be prohibited from accessing the internet without any indication of why. The explanatory dialog (with option to change setting) might appear on a different user's desktop.

    Posted by: Alan | November 28, 2005 9:45 AM | Report abuse

    "Frankly, Steve Gibson has security interests but is hardly a security expert anyway, even if he bills himself as one. As someone who is in the business pointed out he's never posted at Bugtraq or attended defcon."

    He _is_ an expert. Why do you say he's not? Who cares if he "never posted at Bugtraq or attended defcon" if that's even true? Are you saying you cannot be an expert if you don't do that? That's not right. Sounds like envy.


    "The uncharitable used to say he had - shall we say? - particular motives for pushing ZoneAlarm. I don't know. Let's not go down that road."

    What possible profit can he get promoting a free product?

    Posted by: Anonymous | November 28, 2005 10:50 AM | Report abuse

    Stepping slightly off-topic (away from a Windows-based firewall to a stand-alone firewall), if you have a "spare box" to use, the German company Astaro makes a superb stand-alone firewall, which they will grant you a free license to use for home use only (10 connected internal IP addresses, I believe). They also sell AntiVirus subscriptions for the firewall used in this way, for roughly $100/yr. Not bad at all for a small home network.

    http://www.astaro.com/firewall_network_security/buy

    Posted by: Neil Ryan | November 29, 2005 10:27 AM | Report abuse

    Hyperspace: "Use a hardware FW like IPCop or SmoothWall. IPCop can support multiple NICs. "

    I use Smoothwall (a wonderful hardware-based firewall) but it does NOT eliminate the need for a software-based firewall that will alert/block outgoing packets from applications.

    Posted by: jdub | November 29, 2005 6:51 PM | Report abuse

    Hyperspace: "Use a hardware FW like IPCop or SmoothWall. IPCop can support multiple NICs. "

    I use Smoothwall (a wonderful hardware-based firewall) but it does NOT eliminate the need for a software-based firewall that will alert/block outgoing packets from applications.

    Posted by: jdub | November 29, 2005 6:52 PM | Report abuse

    Another free firewall for windows is WIPFW

    http://wipfw.sourceforge.net/

    It's based on IPFW1 for FreeBSD. This one probably isn't for everybody, but if you understand packet filtering, it is a very flexible and robust choice.

    Posted by: Doug | November 30, 2005 12:50 PM | Report abuse

    Symantec has been notorious in buying out smaller companies only to discontinue their products in the end. Anyone remember Central Point Software back in the early to mid 90s. Great software back in the day of Windows 3.1. Symantec bought them out in 1995 and their applications were never heard from again. Boycott Symantec I say

    Posted by: Rick | December 6, 2005 8:26 PM | Report abuse

    Kerio Firewall will still exist, Sun Software out of Florida is in agreements with Kerio to take over the Firewall product.

    they will have both the free and pro editions.

    Also I noticed someone said that AVG has a firewall now, they do it Kerio adn you can only get it in a bundle pack with the AVG Secruity Center/Antivirus

    Posted by: Efwis | December 7, 2005 3:40 PM | Report abuse

    Sygate is the best Windows firewall around, Thanks alot Symantec for screwing all of the users that rely on this program.
    However the same can be done to Symantec, by not using Symantec's Norton (bloatware) Anti-virus and buy and use NOD Anti-virus by Eset.
    http://www.eset.com/home/home.htm
    Happy Holidays everyone.
    Shinobi ghostrelay@yahoo.com

    Posted by: Shinobi | December 11, 2005 9:16 PM | Report abuse

    Customers, please stop buying Symantec products. This company really seems to earn a lot of money by selling every-year-new versions of their undeveloped crippleware, where the only change is really the 200x.

    Symantec plays this acquisition game for long. The Norton's name fall more than 10 Years ago. Recently Powerquest, now Sygate.

    It's known that Symantec AV is slow, regarding both program performace as well as supply with new virus signatures. Why do people buy this? There exist free solutions that perform better (AVG, Bitdefender).
    Powerquest's DriveImage was the best program at time of acquisition. Now its sold as Ghost with nearly no changes since then. Products by other companies perform better now i.e. Acronis, supporting on-the-fly and differential image creation.

    It will be the same with Sygate personal firewall. We will never see its elaborated features it included in any Symantec "Norton" firewall.

    Symantec is no software developer! They simply use their financial strengh to free the way for their yellow boxes in the stores and tell the mainstream customer in stupid yellow advertisements its more secure to buy them.

    Gdata advertised:
    No more Icterus, against yellowing...stopped by yellow lawers...

    Support alternatives!

    Posted by: steppa | December 14, 2005 12:04 PM | Report abuse

    Symantec really screws up the whole thing by pulling the plug on the free-for-personal-use Sygate Personal Firewall. People, please stop buying Symantec products. There are lots of excellent free alternatives to what Symantec has to offer.

    Posted by: Eugene | December 20, 2005 6:52 AM | Report abuse

    I personally hate Symantec. Their products, their non-existent support. I'm trashing my IS2004 and going with The Shield. Cheap, easy, effective.

    Posted by: bishman | February 6, 2006 1:55 PM | Report abuse

    Fileseclab is a promising firewall
    http://www.filseclab.com/eng/products/firewall.htm

    ............
    I tried the latest one and it reboot my computer, and so forth, Once when it started up, when trying to stop it via icon it rebooted my computer..:( I am afraid to try it...again...

    Posted by: na | February 9, 2006 6:17 AM | Report abuse

    I RUN THREE COMPUTERS, I DO NOT USE A FIREWALL OF ANY KIND, I NEVER HAVE ANY PROBLEMS, PEOPLE THAT USE FIREWALLS ARE JUST PARANOID, THERE IS NOTHING ON MY COMPUTERS THAT ANY ONE WOULD WANT..
    JC

    Posted by: JOHN CHAMBLESS | September 5, 2006 8:58 PM | Report abuse

    Welcome to the 'new world', "no you don't have the right to be secure mr/mrs consumer",, meh... Symantec - their only good products are their very, very old corporate versions.

    Sygate firewall was bought, because it was too good :( Geez it will even block itself and ask you for permission! Blocked/notified of DLL/app changes before it was 'hip', frankly it has the most comprehensive blocking/notification system of ANY Windows firewall TO DATE: past the app barrier, beyond the drivers, down the the kernel level and so forth - it even offered such things never seen in such product before (end-user "personal") randomized TCP (better than ilnux actually), anti-spoof that actually worked, DOS and portscan detection/prevention that oh, wait .. actually freakin worked! So many things to be positive about... such sad sorry loss :(

    Corp cult must die bleh

    Posted by: Anonymous | September 24, 2006 5:40 AM | Report abuse

    The comments to this entry are closed.

     
     
    RSS Feed
    Subscribe to The Post

    © 2010 The Washington Post Company