Check out your firewall - you may be shocked

[x88x]

@Crazy Buddhist: My point was just that all aspect of a product should not be judged based on the poor performance of one aspect. For example, both ESET and Avira are stellar AVs, but apparently pretty mediocre-to-bad firewalls; and both of these products have just recently been expanded to have security-center version.

Thanks for bringing up diy hardware firewalls, I forgot to mention those. I've never seen a straight comparison between them and appliance devices (ex, Juniper, Cisco, etc stuff), but in my experience the diy ones offer stellar performance and protection, and of course are WAY cheaper. A couple other ones to look at are pfSense and untangle. Or of course, you could go really down deep and roll your own with [insert *nix distro of choice here], IPTables (IPChains successor btw, IPChains has been deprecated for a few years), and Squid (if you want advanced proxying capabilities).

[Crazy Buddhist]

@Crazy Buddhist: My point was just that all aspect of a product should not be judged based on the poor performance of one aspect. For example, both ESET and Avira are stellar AVs, but apparently pretty mediocre-to-bad firewalls; and both of these products have just recently been expanded to have security-center version.

Thanks for bringing up diy hardware firewalls, I forgot to mention those. I've never seen a straight comparison between them and appliance devices (ex, Juniper, Cisco, etc stuff), but in my experience the diy ones offer stellar performance and protection, and of course are WAY cheaper. A couple other ones to look at are pfSense and untangle. Or of course, you could go really down deep and roll your own with [insert *nix distro of choice here], IPTables (IPChains successor btw, IPChains has been deprecated for a few years), and Squid (if you want advanced proxying capabilities).

Understood ... one should indeed look at all aspects of software performance. Hence my absolute shock at Norton and McAfee in those tests. Really not up to it for two of the industries "leaders" - and two companies with big market share ....

Re the diy hardware vs off the shelf comparisons ... I don't suppose people selling $3,000 boxes particularly want them put up against IPCOP or the like ... may have something to do with the lack of comparison but reading around the net I get the sense that the network guys who really know what they are doing see IPCOP as an equal in all but price or are likely to build their own FW using IPtables whilst the younger hot blooded types want to buy the $3,000 box and play with it ... even if it takes 8 times as long to set up to do the same job.

I'm not feeling geeky enough to get down and dirty with the OS and IPtables right now .. the main driver behind this is wanting to improve the performance of my router by not using it except as a modem. The stupid thing is badly designed with the cooling vents on the bottom of the box ... Thompson seem to have forgotten that heat rises. This way it will be doing a lot less work and stay cooler. (plus it will be upside down)

Going to go with IPCOP because of the out of the box functionality, add-ons, strong user base, community support etc. Will be using Squid, Clam AV and a few other things to get a very nice tight setup. The week after next all my machines roll over to Windows 7 with clean installs. Got enough copies of the full E version pre-ordered at £50 each for that.

So it's IPCOP being installed on a headless, fanless, PIII system with 512M ram and a 10g hard drive and a USRobotics Wireless Maxg access point for the wifi side of the network.

I share my wifi with my neighbour and I can't control what gets on his system but this way I can allow access to my internal ethernet only via a VPN tunnel through the blue(wifi) interface for my own wireless machines.

CB

[x88x]

I share my wifi with my neighbour and I can't control what gets on his system but this way I can allow access to my internal ethernet only via a VPN tunnel through the blue(wifi) interface for my own wireless machines.

Another thing you could do is grab another wireless access point, and have completely segregated open and secure wifi. That way you could just dump the open wifi into a DMZ and be done with it

[Crazy Buddhist]

Nice idea but .... no .. I share with one neighbour as a favour and live in an apartment block ... if I did that my entire B/width would be leeched.

I use WPA2/AES for security on the wifi ... and I don't want to buy and pay the electricity on another access point just for my neighbour so the VPN route with Blue/wifi being effectively a separate network will do just fine.