1
Living Room / Re: Aghh -- they've done it again ... avoid Agnitum Outpost 4 (at least for now)
« on: October 14, 2007, 09:55 AM »
I'm fully paid up with Outpost for the next 3 years, but again, don't use it any more... Which in itself should value what else I am about to say. ;)
It really is a great firewall, despite the annoying quirks and limitations, but it seems the world is heading more towards HIPS. After all, why have a firewall when you cannot trust what *you* are running? Sadly the world of computing threats has adapted and changed whilst often big business has not - Who can expect anything else?
A firewall's significant strength is protecting you from outsiders. As threats have changed, firewalls have changed from doing what they are meant to do well, to doing that, plus all other protectative measures as a bolt-on. From a firewall vendors viewpoint this makes sense, as they've already spent the time, effort and finance in ensuring their product does the job intended, then why not take that same core and add extra protection?
This in itself is no bad thing, but it is often out of the reach, application, remit and design methodology of the original firewall application. This often leads to a frankenstein software model (I won't list any current products as pretty much all software firewall vendors are guilty of this), due to the misplaced nature of the true threat to the end user.
The unfortunate outcome is over half a dozen drivers (in the case of Outpost at the very least), that you cannot guarantee protection from, except from what comes into and goes out of your network via common methods, and a feeling of general bloatedness and slothfulness in your system coupled with general confusion and distain with all. The sad thing is, if you haven't ever been compromised, but have seen the downside to apparent computer security then you may only a negative viewpoint to computer security as a whole from what you have experienced from your chosen firewall product.
Negative, yes? But that's my opinion at least. The modern firewall has a place and generally will protect you, but will you be happy with the price you have to pay in it doing so, considering it is far from a certainty?
Perhaps at this point I should recommend alternatives? Yes I should, but this in itself shows just how far we have to go between the current Firewall and HIPS currently available.
If you really are interested in investigating the current HIPS available at the moment, the general concensus is that the following are the strongest available:-
http://www.proactive-hips.com/
http://www.syssafety.com/
If you have a hardware firewall between you and the Internet at present you may find no better means of security. In the meantime it is sad to say that security if far from a certainty.
It really is a great firewall, despite the annoying quirks and limitations, but it seems the world is heading more towards HIPS. After all, why have a firewall when you cannot trust what *you* are running? Sadly the world of computing threats has adapted and changed whilst often big business has not - Who can expect anything else?
A firewall's significant strength is protecting you from outsiders. As threats have changed, firewalls have changed from doing what they are meant to do well, to doing that, plus all other protectative measures as a bolt-on. From a firewall vendors viewpoint this makes sense, as they've already spent the time, effort and finance in ensuring their product does the job intended, then why not take that same core and add extra protection?
This in itself is no bad thing, but it is often out of the reach, application, remit and design methodology of the original firewall application. This often leads to a frankenstein software model (I won't list any current products as pretty much all software firewall vendors are guilty of this), due to the misplaced nature of the true threat to the end user.
The unfortunate outcome is over half a dozen drivers (in the case of Outpost at the very least), that you cannot guarantee protection from, except from what comes into and goes out of your network via common methods, and a feeling of general bloatedness and slothfulness in your system coupled with general confusion and distain with all. The sad thing is, if you haven't ever been compromised, but have seen the downside to apparent computer security then you may only a negative viewpoint to computer security as a whole from what you have experienced from your chosen firewall product.
Negative, yes? But that's my opinion at least. The modern firewall has a place and generally will protect you, but will you be happy with the price you have to pay in it doing so, considering it is far from a certainty?
Perhaps at this point I should recommend alternatives? Yes I should, but this in itself shows just how far we have to go between the current Firewall and HIPS currently available.
If you really are interested in investigating the current HIPS available at the moment, the general concensus is that the following are the strongest available:-
http://www.proactive-hips.com/
http://www.syssafety.com/
If you have a hardware firewall between you and the Internet at present you may find no better means of security. In the meantime it is sad to say that security if far from a certainty.