DonationCoder.com Forum
Main Area and Open Discussion => General Software Discussion => Topic started by: Rohit on December 07, 2006, 06:25 AM
-
I know many regulars here (including me) are looking for a good firewall solution, so this article might help :)
Firewall protection fantasy doused (http://www.techworld.com/news/index.cfm?NewsID=7506)
Free firewalls are better than their paid-for cousins. That is the surprising conclusion of a test of desktop firewalls by security researchers.
Researchers at David Matousec's matousec.com carried out tests on 21 leading products using 26 assessment programs known as "leak" testers. These simulated a total of 77 test attacks on firewalls, configured using both out-of-the-box and optimal security settings. Each firewall was then awarded points based on its ability to pass each leak test in both modes.
The only two products to achieve a rating of "excellent" turned out to be free-to-use software, the Comodo Personal Firewall v2.3, and the Jetico Personal Firewall v2.0 beta.
(snip) At the very bottom of the list in 21st place scoring a resounding zero, came Microsoft's own firewall ...
(snip) The researchers also hit the products with a "fake protection revealer" (FPR) designed to catch out software that had been optimised to pass some security tests without necessarily offering real-world protection. Only one product fell seriously foul of this test, Outpost Firewall Pro 4.0 ...
-
very interesting.
i was holding back about commenting futher on the comodo firewall (i'd recently installed it after reading a discussion elsewhere on this forum) but this appears to be good place to say my piece now.
after a few hours of my machine running, all of my programs that were connected to the net would crash. so that's AOL active virus shield, spyware terminator, comodo firewall, utorrent and emule. further, the fonts would vanish from windows/buttons and a very weird black shadow appears around the text of my desktop icons.
obviously, i thought my machine must be infected with something. all scans have so far not revealed anything to be worried about. the troubling thing is that this pattern of crashing behaviour is consistent when using the comodo firewall. since uninstalling it i've not had the problem return. i have been unable to reinstall zone alarm (which i was previously using) so i reverted back to using the windows inbuilt firewall - which i think i'll have to avoid after seeing Rohit's above post.
of course, maybe it's simply the combination of programs i have running that is causing the problem - what else can i assume. but for the moment, comodo firewall sounded so good to me but it simply became a disaster.
-
Seems a bit unfair to lump Windows Firewall in the list since it doesn't even pretend to block outgoing traffic !
-
... the troubling thing is that this pattern of crashing behaviour is consistent when using the comodo firewall. since uninstalling it i've not had the problem return. ...
-nudone
Thanks for this feedback, nudone.
After reading the above article I promptly uninstalled my old Sygate Personal Firewall and installed Comodo. If I start experiencing crashes, I would know what to blame them on.
Seems a bit unfair to lump Windows Firewall in the list since it doesn't even pretend to block outgoing traffic !-Carol Haynes
That's interesting, Carol. I never used the default Windows firewall, so I didn't know it blocked only incoming traffic. I guess Microsoft implemented this feature so as not to confuse casual (non computer-savvy) users.
-
Hmm, so what does that mean then..? Outpost is a lier?! I might go and take a look at Comodo.. :huh:
-
Seems a bit unfair to lump Windows Firewall in the list since it doesn't even pretend to block outgoing traffic !
-Carol Haynes
The new windows firewall in Vista does have the ability to block outgoing traffic.
-
Seems a bit unfair to lump Windows Firewall in the list since it doesn't even pretend to block outgoing traffic !
-Carol Haynes
The new windows firewall in Vista does have the ability to block outgoing traffic.
-hollowlife1987
Windows is getting ahead of every one! ;D
-
Hmm, so what does that mean then..? Outpost is a lier?!-mitzevo
It would seem so.
From the page about the leak test (http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php):
Another important result of our tests is firewall scoring against FPR. FPR stands for Fake Protection Revealer. This leak-test was implemented to reveal cheating on leak-tests. Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating. It passes all leak-tests except FPR because of the implementation of user mode hooks (ring3) for security purposes. Our article Design of ideal personal firewall (http://www.matousec.com/projects/windows-personal-firewall-analysis/design-ideal-personal-firewall.php) clearly says that ring3 hooks can not be used for security critical features. FPR does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware.
(The emphasised text is from the original article, not from me.)
-
Seems a bit unfair to lump Windows Firewall in the list since it doesn't even pretend to block outgoing traffic !
-Carol Haynes
The new windows firewall in Vista does have the ability to block outgoing traffic.
-hollowlife1987
True but I presume they were testing Windows XP firewall ;)
-
Hmm, so what does that mean then..? Outpost is a lier?!-mitzevo
It would seem so.
From the page about the leak test (http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php):
Another important result of our tests is firewall scoring against FPR. FPR stands for Fake Protection Revealer. This leak-test was implemented to reveal cheating on leak-tests. Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating. It passes all leak-tests except FPR because of the implementation of user mode hooks (ring3) for security purposes. Our article Design of ideal personal firewall (http://www.matousec.com/projects/windows-personal-firewall-analysis/design-ideal-personal-firewall.php) clearly says that ring3 hooks can not be used for security critical features. FPR does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware.
(The emphasised text is from the original article, not from me.)
-Rohit
Not the only article accusing Outpost of cheating.
-
Ive become tired of most freeware firewalls but did manage to install and set up Comodo Firewall. Was 100% happy but have no need for it. Im sure almost anyone can do it - with some interest for net setup of course. Take a look at their forum, tons of tips and tricks. Good documentation and the "right" attitude from developers is worth a lot since firewalls can be tricky to set up and made stable. Some fall in love, some get BSOD - typical for many freeware firewalls. Comodo so popular most incompatibilities should be mentioned somewhere.
-
Like nudone, I've been holding off commenting on Comodo. I uninstalled the ZA Pro trial from my "backup" notebook (older machine that I intend to use in the event of hardware failure on my main notebook) and installed Comodo on it, which has been brilliant. Case in point: connecting the backup machine to our home network (with my wife's XP Home box and my XP Pro main box) worked well with no s/w firewall installed on the Win2k machine but proved impossible with ZA Free installed - I could find not way to configure ZA Free to connect. I have ZA Pro on my XP Pro machine so enabled the trial of ZA Pro on the Win2k machine and it connected immediately. I was trying to decide if connecting the backup machine to the home network was critical enough to justify purchasing another license for ZA Pro but decided to look for alternatives, at which point I discovered Comodo. After uninstalling ZA, I loaded Comodo and rebooted. On startup, the notebook connected to the home network without difficulty (I had to configure Comodo to do it, but there was nothing strenous involved - no heavy lifting!). Anyway, I'm going to leave my backup notebook running and connected to the home network and see if I can replicate nudone's problems. If I can't, I'll be seriously considering switching to Comodo when my ZA Pro subscription runs out.
-
this is interesting.. i had just opted for Windows Firewall (https://www.donationcoder.com/forum/index.php?topic=5632.0) about 2 mths ago & here it is ranked rock-bottom..
i'm not keen on looking for another firewall but all these talks of Comodo has been tempting. i hope it's not a case of "new broom sweeps well"..
-
It's Free. Forever. No Catch. No Kidding
So, I wonder when they're removing the free version, or stuffing ads or spyware in it.
-
this is interesting.. i had just opted for Windows Firewall (https://www.donationcoder.com/forum/index.php?topic=5632.0) about 2 mths ago & here it is ranked rock-bottom..
-lanux128
Not surprising it is ranked bottom though because it specifically doesn't do what they were testing.
Actually I think this whole article is a bit misleading because it is only testing for effectiveness against leaktests. It is in no way assessing the applications as firewalls. All of them fail at leat one leaktest so if that bothers you the only effective solution is to pull the network or telephone cable.
If you honestly think failing a leaktest is so bad then you need a firewall that can not only block all the known threats but also any potential new threats and no such beast exists.
-
It's Free. Forever. No Catch. No Kidding
So, I wonder when they're removing the free version, or stuffing ads or spyware in it.
-f0dder
There are many conspiracy theories on comodo's products.. but just read around their forums.. pretty much boills down to letting every one know who they are, so people will accept them for the paying products.. or some thing like that.. branding an excellent free firewall with their name seems logical for a better future in business I would think.
-
If you honestly think failing a leaktest is so bad then you need a firewall that can not only block all the known threats but also any potential new threats and no such beast exists.
-Carol Haynes
Well, you can get 100% effective port-based filtering from hardware firewalls... but of course that doesn't detect "unauthorized applications" smuggling data on an allowed port. But then there's of course fancy-pants stateful packet inspection...
There are many conspiracy theories on comodo's products.. but just read around their forums.. pretty much boills down to letting every one know who they are, so people will accept them for the paying products.. or some thing like that.. branding an excellent free firewall with their name seems logical for a better future in business I would think.
-mitzevo
I've just seen too many free products that went shitware after they had a big enough user base :(
-
Or die out like Fliseclab which was Comodo of last year http://www.filseclab.com/eng/products/firewall.htm
-
Or get a HIPS(System Safety Monitor, etc) to go with Windows Firewall. There are free editions.
3rd party firewalls are better but not neccesary.
-
I have not come across "System Safety Monitor" - does anyone know of any comparisons of these types of tools - I have ProcessGuard, ApplicationGuard and RegDefend but I haven't used them in a while - maybe it is time to try them again but it would be good to know about useful alternatives too.
-
I have not come across "System Safety Monitor" - does anyone know of any comparisons of these types of tools - I have ProcessGuard, ApplicationGuard and RegDefend but I haven't used them in a while - maybe it is time to try them again but it would be good to know about useful alternatives too.
-Carol Haynes
There's a 50% competitive upgrade for System Safety Monitor. More info here: https://www.syssafety.com/default.html
Active development, etc.
It's like PG+RegDefend together.
-
Yes I spotted that - but before I spend more money that I can't afford it would be good to see comparisons of such utilities if there are any ?
-
Unfortunately, development (at least that reaches the public!) is moribund on both RegDefend and AppDefend (which comprise the GhostSecurity Suite). AppDefend has been in beta for over a year and is buggy. The developer appears to have dropped off the face of the earth; his complete absence from the forums associated with his applications is a frequent topic of discussion there, as is the lack of updates to GhostSecurity.
This is a pity because I really like both apps...
-
Yes I spotted that - but before I spend more money that I can't afford it would be good to see comparisons of such utilities if there are any ?
-Carol Haynes
PG vs SSM : http://www.wilderssecurity.com/showthread.php?t=156448&highlight=system+safety+monitor
See the post by Paranoid2000
SSM or other HIPS : http://www.wilderssecurity.com/showthread.php?t=151692&highlight=system+safety+monitor
Some useful links in the first page
The free version of SSM is actually an old version.
Hope this helps.
-
Hmm, so what does that mean then..? Outpost is a lier?!-mitzevo
It would seem so.
From the page about the leak test (http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php):
Another important result of our tests is firewall scoring against FPR. FPR stands for Fake Protection Revealer. This leak-test was implemented to reveal cheating on leak-tests. Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating. It passes all leak-tests except FPR because of the implementation of user mode hooks (ring3) for security purposes. Our article Design of ideal personal firewall (http://www.matousec.com/projects/windows-personal-firewall-analysis/design-ideal-personal-firewall.php) clearly says that ring3 hooks can not be used for security critical features. FPR does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware.
(The emphasised text is from the original article, not from me.)
-Rohit
As implied on others threads, I am an Outpost user and fan - so maybe I read this test with different eyes than you. Of course also Outpost should be made to stand real life attacks better, they all need that. But if you read all of the test, you will notice that ZoneAlarm and Outpost are both a lot better than the rest - and that these two are almost equal. The accuse on cheating is of course a problem, but do not forget that at least they are trying to stop leaking - many firewalls are not even trying! I am confident that the next major update from Agnitum will improve this even more.
One can quote: "Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware" - but can one quote anyone saying Matousec's methods are accepted by anyone other that himself? Are his methods a true picture of "real malware"? Guess what: Agnitum thinks not!
And if one thinks not, on this tese, then the conclusion must be that Outpost did very well in the test. In fact, it did fine!
http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php
(Smaller values of overall ratings mean better products.)
-
just thought i'd mention my futher adventures of my system being messed up by comodo.
i previously said that i couldn't reinstall zone alarm (free edition) after having comodo on my machine. this probably had nothing to do with comodo and was just because zone alarm didn't uninstall correctly.
i've now got zone alarm back on the machine and thought it worth mentioning the little util that let me do it.
Greenwood's Computer Corner http://www.greenwood.iwarp.com/sgcomputer.html has a download called zfix.zip that, when run, will remove all traces of zone alarm.
of course, you can do it manually and start messing around looking for files to delete and things to remove out of the registry - but 'zfix' does it all for you.
seems to be a common problem with zone alarm.
-
Have you tried removing ZoneAlarm properly and then installed Comodo? It could be that a bad uninstall caused the problems as Firewalls often don't play nicely together.
-
I have been using Comodo Firewall for about 5 days now and it hasn't given me any problems. I guess nudone that it's one of those problems that happen to people because of there setup - installed things, maybe hardware, previous installed things, etc.
It's quite annoying to be 'a (bad) statistic' when trying software/anything when you hear so much good stuff about it.
From what I can say of trying Comodo Firewall the last 5 days is that
it's very light on system resources - the interface/program it self is very fast (which doesn't look like it at all since it looks like it uses a heavy skin)
it's defiantly not for newbies - this is for sure.
it's really different from Outpost (which I like) - Comodo Firewall, is just a firewall - it does not have any plug-ins, so some one using Outpost may not like this if considering moving over to Comodo (or at least trying it), that is of course if you like the plug-ins at all and use them.
Any way I haven't really played with Comodo as much as I should before considering using it from now on. Guess I should do that very soon.
-
i admit that i only unistalled zone alarm in the usual manner before installing comodo. this clearly didn't remove all the files it should have done otherwise i wouldn't have had a problem when reinstalling zone alarm. so, i can accept this might be why the comodo firewall acted a bit odd with me.
i'd give comodo another try but i found the number of prompts it kept popping up was far too annoying - stupid things like maxthon is trying to connect to the internet using parent application gom player. almost anything that connected to the net would say it was using a different parent application to do so - i'm sure some things were correct but others were gibberish - and if they weren't gibberish then i really don't want to know. no doubt this is makes for a more secure system but i haven't the patience to click a prompt pretty much every time something connects - i'm more used to allowing a program through the firewall and then letting that be remembered for me.
okay, it would only ask once for each specific combination of app and parent app but the number of parent apps it 'thought' were being used just made it ridiculous. i shan't try to describe the situation further as i can well imagine i'm the only person that had this problem.
anyway, my main reason for using comodo was for assigning specific port numbers - which i quickly realised after installing it that i really don't need to use (port numbers were important to me about 3 years ago).
currently, zone alarm allows me to allow an app through the firewall - and then forget about it. i really don't care what 'parent' application is being used to trigger it.
is my system an less safe because of it? i'm not worried, i'm just glad not to have to keep clicking on extra dumb prompts.
this isn't to say that wouldn't try comodo again - i'll just wait until i have a good reason for it.
-
I have been running comando for abour 3 months now and really like it.
It does a good job Blocking attacks from outside. Controls which programs can access the Internet or network. Recognizes known safe programs. Blocks malware-style leak tests. Resists termination by malware-style techniques.
Initial bombardment of program-control confirmation pop-ups can be annoying—as with most firewalls. But that gets better as you use it.
-
I wish I could find a decent lightweight (read: non-system-or-network-affecting) firewall whose sole purpose was to block malicious outbound connections. I have no need for software filtering of in-bound data since my router does that without any overhead, but I wouldn't mind being able to enable outbound protection in a really lightweight client when working on my PC, as a safeguard against, for instance, making a bad software installation decision and having unauthorized sensitive data get sent out, which my router of course would care less about.
Has anyone heard of or used something like this? Maybe there's a really lightweight firewall that I can just disable inbound filtering on, but I've never used one that I've found to be suited for such a purpose.