I am unable to use ZoneAlarm Personal Firewall as it proved我无法使用ZoneAlarm个人防火墙,因为它证明 incompatible with Asrock Motherboard不符合华擎主板 . So I switched to Agnitum Personal Firewall.所以我切换到agnitum个人防火墙。 This review is the result of one month of experience with using Agnitum Outpost Firewall and several years of experience using ZoneAlarm Personal Firewall.这项检讨的结果,一个月的经验,与使用Agnitum Outpost防火墙和几个多年的经验,使用ZoneAlarm个人防火墙。

Agnitum Outpost Firewall is a strange beast. Agnitum Outpost防火墙是一种奇怪的野兽。 It shines on several fronts like allowing fine-grained rules for each application.它的光芒在几条战线一样,让细粒规则为每个申请。 You can block inbound / outbound connection, block ip addresses or host, block by protocol etc. ZoneAlarm in contrast only allows you to configure whether you trust the application to act as client or server on local network and / or internet.您可以阻止入站/输出连线,座的IP地址或主机,座议定书等的ZoneAlarm相反,只有让您可以设定您是否信任的应用作为客户端或服务器端对本地网络和/或互联网。 However the increased control of Agnitum is packaged with some serious usability issues and bugs.不过,增加的控制agnitum的包装与一些严重的可用性问题和错误。

The key value of ZoneAlarm is that it allows you to identify local network from internet and allows separate policies for each.关键的价值ZoneAlarm的是,它可让您识别本地网络从互联网,并允许单独的政策,为每个。 Agnitum Outpost Firewall simply lacks the concept which makes it very clumsy to use. Agnitum Outpost防火墙根本缺乏的概念,这使得它非常拙劣使用。

Configuring ZoneAlarm Personal Firewall 配置的ZoneAlarm个人防火墙
In ZoneAlarm I can specify strict firewall policies and stealth mode for internet.在ZoneAlarm我可以指定严格的防火墙的政策和隐形模式,为互联网。 On the other hand I make my machine visible to other machines on the network without any issues.在另一方面使我的机器向其他机器在网络上不出现任何问题。 Zone Alarm automatically identifies my external interface and configures it accordingly. Zone Alarm中自动识别我的外部接口和配置它。

Configuring Agnitum Outpost Firewall 配置Agnitum Outpost防火墙
In Agnitum Outpost it is much harder to achive the same goal.在agnitum的前哨,这是更难达到同样的目标。 Agnitum allows you to trust an application. agnitum让您信任的应用。 By trust it means that it can act as a client as well as a server and can freely receive connections from external as well as internal network.由信任它意味着它可以作为客户端以及作为服务器和可以自由地接受连接从外部和内部网络。 This is pretty useless unless you want your application to act as server on the internet.这是相当无用的,除非您想让您的应用程序作为服务器在互联网上。 So you have to configure policies for each application individually.所以你必须配置的政策,每宗申请的个别。 I tried to configure each application (which is a royal pain you know where) to be able to connect to internal network by specifying IP mask and specifically allowing inbound and outbound connections.我试图设定每个应用(这是皇家的痛苦你知道哪里) ,以便能够连接到内部网络通过指定的IP的面具,特别是允许入站和出站连接。 So far so good.到目前为止,那么好。 Now I need to specify no inbound connections from other IP addresses or elsewhere.我现在需要指定的入站连接没有来自其他IP地址或其他地方。 A general policy to block all incoming requests cannot be achieved as such a rule strangely blocks incoming requests from permissible network too.一般政策,以阻止所有传入的请求无法实现,因为这样的规则很奇怪块传入请求允许从网络太。

Agnitum misses few simple yet essential rules for creating a rule based Firewall: agnitum错过了几个简单的,但基本规则,为创造一个基于规则的防火墙:

  • Firewall rules should have a fixed order of execution.防火墙规则应该有一个固定的顺序执行。 Apparently it is random based on my experiments.显然,这是随机的基础上,我的实验。
  • Otherwise they should have a specifiable order of priority.否则,他们应该有一个specifiable的优先顺序。 For example we should be able to run access rules before deny rules.举例来说,我们应该能够运行访问规则之前否认规则。 Check Apache httpd for an excellent implementation of this idea in a different domain.检查的Apache的httpd为一个很好的执行这个想法在不同的网域。
  • IP address mask should be specifiable to be inclusive as well as exclusive. IP地址的面具,应specifiable是包容性,以及排斥的。

This makes their excellent idea pretty unusable.这使得他们的优良的思想,漂亮的使用。 So if you are using only Agnitum you are forced to explicitly block requests whenever any external network tries to connect to your applications.因此,如果你只使用agnitum你是被迫的要求,明确座,每当任何外部网络尝试连接到您的应用程序。

Also it appears it forgets rules sometimes though I haven’t been able to pinpoint the exact condition to make it repeatable.也似乎忘记了它的规则,有时虽然我尚未能确定确切的条件,使重复性好。

On the positive side Agnitum features adaptive blocking.就积极的一面agnitum特点自适应的封锁。 It can apparently block Denial-of-Service attacks.它可以明显阻止拒绝服务攻击。
It can block ICMP pings but unlike ZoneAlarm it is a all-or-nothing proposal.它可阻碍的ICMP坪,但不同的ZoneAlarm这是一个全有或全无的建议。

Agnitum Outpost Firewall features keyword based (in url or content) web page blocking (ZoneAlarm Personal Firewall doesn’t). Agnitum Outpost防火墙功能的关键字为基础的(在网址或内容)进行网页阻止( ZoneAlarm的个人防火墙并不) 。 Unfortunately you cannot specify it to exclude certain IP addresses or block certain IP addresses only.可惜你不能指定它排除某些IP地址或阻止某些IP地址只。

It has a nifty DNS cache.它有一个漂亮的DNS缓存。

ZoneAlarm integrates with certain Virus scanners (not your free AVG or ClamWin). ZoneAlarm的整合与某些病毒扫描(不是您的免费平均或clamwin ) 。

Both provide slightly different but very basic email protection.既提供略有不同,但很基本的电子邮件保护。

In conclusion ZoneAlarm firewall is very well suited for normal computer users without security expertise. Agnitum firewall offers more for security experts but at times can be seriously frustrating.在结论的ZoneAlarm防火墙是非常适合正常的电脑用户,没有安全方面的专长。 agnitum防火墙提供更多的安全专家,但有时可以受到严重的令人沮丧。 Overall ZoneAlarm Personal Firewall wins as it provides a usable and easily configurable Firewall for all.整体的ZoneAlarm个人防火墙胜因为它提供了一个实用和轻松配置防火墙所有。 Agnitum Outpost Firewall has the potential to beat ZoneAlarm by leaps and bounds if only it can fix its awkward and unsable configuration option and allows policies per network interface. Agnitum Outpost防火墙有潜力击败ZoneAlarm的跨越式发展,只要它可以修正其尴尬和unsable配置选项和政策允许的百分之网络接口。