In search for a decent firewall - Part I

In the last few weeks I've spent a lot of hours in search for a good software-based firewall.
I didn't look for any super-sophisticated features. I just wanted to control my PC's incoming and outgoing connections, allow or deny programs from accessing specified ports, monitor which programs are running at the moment and prevent stuff like port-scanning.
unfortunately, I went through a large variety of firewalls and anti-virus software, each one had it's own problems. And the bottom line? Just read it, and see for yourself.

For a clean start, I have recently installed my legal (believe it or not) copy of windows XP SP2 over an all-new hard disk drive. The only anti-virus and firewall software I installed since then was Symantec's Norton Internet Security 2005.
Everything went fine and without any special problems, until last month. Every once in a while, the Norton stopped working and asked me to re-register itself on the internet. So after a few reoccurrences, I decided to try some alternative firewall and antivirus software.

After removing all of Symantec's products, the first programs to try were Kaspersky's AntiVirus 5 and AntiHacker 1.8 (which are actually the 2005 versions). Unlike Norton, both of Kaspersky's programs don't burden the operating system, and actually they're almost unnoticed!
The AntiVirus interface offers all of the basic features I looked for: Fast and easy scanning, with automatic daily updates from the internet. It also protects the PC from some of the common spyware and adware. Kaspersky has its own unique technology, adding some metadata to the NTFS tables, and therefore claims to scan files even faster than other AntiVirus programs.
The AntiHacker program is user friendly as well - It has all the features I was looking for, and it also loads up really fast at windows startup. The problem started every time I launched my eMule client: only a few minutes passed, before it decided to freeze all of my PC's internet activity, since it might be under a DDoS attack.
Now, How is it possible that every time I'm using eMule I'm having a DDoS attack? And why is this the only firewall that noticed that? And above all, why can't I control the firewall's response, once the attack is recognized?

As you can already guess, I got annoyed, removed KAH, and moved on to Sygate.
This one was no better. Although Sygate has many advanced features (well, at least more than KAH had), it just didn't let me connect the internet- Not even when I set it on "Permit all" mode, and not even when I shut down its process!
Just to clarify, I'm connecting to the Internet via Cables. This means that my modem has to identify itself in the Cables' internal LAN, and only then I can connect to the internet, using a VPN dialer to my ISP. The first part usually works fine, unless it is blocked by a firewall. And that's exactly what happened in my case with Sygate.
The same problem reoccurred when using Outpost firewall, so I won't write about it too.

The next one I tried was BlackIce, which didn't meet my expectations.
Although It gives alerts on every IP that tries to scan your PC, it doesn't do anything else. It doesn't control the programs internet access, not in the software level, nor in the port/protocol level. Actually, it doesn't do anything other than that, and it also doesn't integrate with SP2's Security Center (Although I don't really care about the last one).

Moving to the next firewall, Kerio.
This one had all the features I wanted, but also had one big problem - for an unknown reason, It generates a huge bandwidth overhead. I just couldn't use above half of my bandwidth capacity. This weird problem was specially noticed when using P2P networks, such as eMule or even Bittorrent. It also loaded the CPU usage up to 100% even when there were only a few dozens of opened connections (again, as a result of using P2P networks).
CA's tiny personal firewall 6.5 was about the same. Actually, it looked just like Kerio. It's major disadvantage was a very long loading time (about 10 seconds) when Windows starts.

To be continued..


Special thanks to AlleyCat and Yakov for helping me with this post