Main Area and Open Discussion > General Software Discussion

Firewalls - please, i can't be bothered.

<< < (9/17) > >>

iphigenie:
The reason you can't find a "pure firewall" much anymore is simple. Reviewers.

To me, pure firewall means state aware packet filtering - purely about traffic - i.e. it will look at source and destination IPs, protocol and ports use that to make a decision whether to let the traffic go through or not, in a chain or rules (that's what ghostwall is. That's what the old kerio and tiny used to be). Using a "pure firewall" on very restrictive rules should mean that no surprise traffic can get in or out. Of course a clever virus, or spyware, or a trojan, if it gets itself installed on the machine, can still hijack another software which is known to be usually trusted to get out. And that's normal, the firewall still did its job, watch the integrity of the network, another tool or two should watch the integrity of the system.

But reviewers and "obsessive" security power users started saying a firewall had failed if it didn't catch a browser hijacker, or a trojan... And the list of breaches a firewall is expected to catch keeps growing, year after year. They're doing the same to spyware detectors and virus scanners, too.

Whereas earlier people would have had a "pure" firewall, a virus scanner, maybe a trojan protection or intrusion detection and a spyware tool, now people tend to have a firewall that also does trojan and malware, a virus scanner that also does trojans and malware and more and more some virtualisation, a registry protection tool which also does a bit of firewall... All overlapping in features more and more. No wonder they conflict.

In a way I want several small tools that do their distinct job very well. I don't want 4 tools that are fighting to steal each other's job.

Edit: i did a quick search and you will find out that any review of firewalls nowadays centers on non-firewall features such as leak tests. That's what most firewall makers center their efforts on nowadays, making sure their system detect the leak tests, sometimes by cheats, but mostly by watching, scanning and analysing everything that happens between executables on the PC. This is quite slowing on the PC, in the end. And in a "one in all" product you can't turn off the anti-hijack tools on their own when you want, for example, to play a game.

nudone:
i'm certainly going around in circles but so far the least amount of trouble has come from these:

zone alarm (free edition) - i'd still be using this if it didn't like crashing after about 24 hours use, that's probably something to do with my machine.

agnitum (free version 1) - can't remember why i stopped using this - i think i'll put it back on.

pc tool firewall plus - this seems the friendliest i've tried so far - just can't get shared files/folders to work.

edit:
i've been reminded why i can't use agnitum - it's because it now refuses to install again because it thinks it's already running. fantastic.

f0dder:
Malware detection is something antivirus products should detect, though, in my opinion. They're already inspecting executables and doing heuristics... and there aren't that many "viruses" around anymore, it's another kind of malware nowadays.

And most people will be wanting proactive defense (instead of scanning *after* the damage) is done, this requires some drivers and hooking to be efficient; might as well protect some registry keys and system services to make life harder for malware too.

That said, there is a tendency of too much functionality in each product. I don't think firewall capability belongs in an antivirus app, and full system sandboxing doesn't fit with either AV or FW software.

iphigenie:
Well there are a few more you can try

this recent thread in wilders covers the same ground, starting with "zone alarm isn't playing nice anymore" too! with an amusing diversion in the middle on how the color of your firewall matters ;)

http://www.wilderssecurity.com/showthread.php?t=159763

they mention jetico (http://www.jetico.com/) and looknstop light (http://www.snapfiles.com/reviews/Look_n_Stop_Lite/looknstop.html) which you haven't tried yet ;) which were mentioned but you haven't tried yet? I think they're both very similar to ghostwall, kerio 2 and other "pure" firewalls

But if windows file sharing is the only think not working, that's just a matter of opening a few inbound ports on your machine - i bet it can be done on the pc tools firewall! Windows file sharing is one of those protocols which needs inbound open as well as outbound - let me see if i can dig up the ports

iphigenie:
Wilders forum might have the answer: It seems pc tools default set up blocks netbios. You need to allow the following (blocked by default), if possible only for known IPs. Of course if your broadband and wireless gateway both keep your internal networked closed (i.e. proper wifi security and no ip forwarding from the net) then you don't have to worry.

Anyway the 2 default rules to release seem to be

1) Block winNuke (which blocks filesharing)
2) Stop netBIOS

see here http://www.wilderssecurity.com/showthread.php?t=160868&page=2

Navigation

[0] Message Index

[#] Next page

[*] Previous page