DonationCoder.com Forum
Main Area and Open Discussion => General Software Discussion => Topic started by: nudone on February 25, 2007, 11:13 AM
-
zone alarm sometimes give up on me - usually only if the machine has been on for more than 24 hours. i can live with this but it's a little annoying.
that Comodo thing works even less on my machine.
so, i thought i'd have a go with Ashampoo's free firewall. looked okay at first but then i found that my non pop3 email accounts wouldn't connect when using MS Outlook.
funny how Ashampoo's rule is to allow full access for outlook in and out.
do i want to know the solution, can i really be bothered. absolutely not. i've just uninstalled it and Outlook is working fine again.
will i go back to Zone Alarm, will i go back to Outpost? nah, i think i'll just not bother with a firewall (again). f0dder, gave me good reason not to believe in them, yet i keep looking for one that might work.
is there nothing that will simply monitor outbound connections and let me block them if i want to - how big a task is that?
-
Appearantly a hard task to get right :]
-
i think i'll just not bother with a firewall
Why not just use the Windows firewall? No outbound blocking but surely better than nothing, no?
It's what I use. I will say that every now and then I see outbound activity that I'm not sure about, but the trouble I see people going thru dealing with the other firewalls is not attractive.
-
i think i'll just not bother with a firewall
Why not just use the Windows firewall? No outbound blocking but surely better than nothing, no?
-AndyM
But the OP specifically wants outbound connection blocking :)
Nudone: Long ago I started with Zone Alarm, which was great until they moved to a new major version and ZA became bloated, slow and hard to configure. Then I used the free version of Kerio until I needed connection sharing, which the free version didn't support. I bought the pro version, but didn't like it at all. It caused bluescreen "STOP" errors and missed some applications which clearly were establishing connections without Kerio noticing them. I switched to Sygate but that didn't last long, about half of the net-enabled apps I use were happily connecting without Sygate ever knowing about them, and the interface was so obscure I became borderline paranoid, because I could not see clearly what was allowed and what wasn't.
If I were to try another firewall today, I'd try F-Secure Internet Security, simply because the same company makes F-Prot, a very good antivirus product. But instead, I happened upon what's nearly a perfect firewall for my needs: Agnitum Outpost. I've used it since 2004, had very few problems, nothing major.
For one thing, it's very nicely designed - the UI is very clear and logically laid out, you can easily access the various groups of settings. Great logging feature with filters, so I can always see exactly what is being allowed or blocked and why, as well as check which processes are holding ports open at any given time. Another good idea in Outpost is the plug-in architecture: if you don't want active content filtering for example (flash, activex, etc) you simply disable the plugin. It autoconfigures for most popular software, and offers detailed custom rules. It doesn't win most leaktests, but does rate high, and certainly hasn't failed me in three years.
Now for some problems. Like I said, I haven't experienced any showstoppers with Outpost, onlya few minor annoyances. After I run it for a long time and the configuration becomes large, with many rules, on two occasions I was unable to add a new "allow" rule for a newly installed app. The rule creates OK and Outpost claims to be using it, but the app can't reach out for some reason. It's happened to me twice, and the way around it was to drop the existing configuration and have Outpost create a new one from scratch. This has a positive side-effect in cleaning up all the stale rules for apps I once installed and since removed, but well, it's a bit annoying. However, Outpost autodetection is so good that the last time I barely needed to modify it.
There is an attack detection feature which is a little too eager: in the default configuration it won't let me post on Slashdot, for instance (maybe it's a good thing :) You can disable it altogether or restrict the detection though.
Version 2.5 had some issues with internet connection sharing, which required manual tweaks in an ini file, but it seems to have been corrected since then.
One caveat: I'm using version 3.5. The latest is 4.0, and I've seen a few disappointing comments on the support forum, so I'm waiting it out till they fix what they may have broken in this release. I would still recommend that you try Outpost, and in case of any problems you can try their support forum, it's quite lively.
marek
-
will i go back to Zone Alarm, will i go back to Outpost?-nudone
Heh, I didn't notice you've already tried Outpost, so pls disregard the above. What was the reason you gave up on it?
One way of ridding oneself of a firewall completely would be to install a hardware router, but that's yet another device that consumes power and radiates heat and I already have anough of these at home...
-
i think i had outpost 3.5, it might have been a bit of an earlier version i can't remember now.
I can't really remember either if i stopped using it because my subscription ran out (does it run out, i can't remember) or there was something it did that didn't agree with my machine.
if it i stopped using it because of the cost then i must have just thought, hey, zone alarm is free i'll go back to using that. zone alarm is the one i've used over the years more than anything else - simply because i'll use freeware and then i know what i'm talking about when i recommend it to other people that i know aren't going to pay for a firewall (same applies with anti-virus).
so, i could dig out the version of outpost i have and see if it works - or doesn't do something weird with my machine.
i get the feeling there is something not quite right with my current system setup but after all the trouble i had recently trying to install a dual boot kind of machine i'm not in a hurry to wipe this present system and start again.
i'm now going to have a look for my outpost - maybe i'll just go and buy vista - i see it's got out bound firewall blocking (if you turn it on). yeah, right, like i'd waste my money on that turkey.
edit:
i shouldn't have said it was a turkey, i know i'll end up using it eventually. i should have said now i see why it is so much better than xp - out bound firewall blocking.
-
Certainly Outpost 4 was beyond the pale for me - I still have a current subscription but I am not installing it again. I tried reinstalling 3.5 but it keeps insisting I should upgrade to v. 4 and I am not sure it is updating any more.
Now I am just using Windows XP Firewall behind a hardware wireless firewall - no problems for me and my machine runs so much faster and better.
-
right, no outpost 3.5 for me then.
so, i'm back to the windows firewall and router too. i'd still like something that just gave me a little message to say such and such program is trying to access the net.
-
i think i had outpost 3.5, it might have been a bit of an earlier version i can't remember now.
I can't really remember either if i stopped using it because my subscription ran out (does it run out, i can't remember) or there was something it did that didn't agree with my machine.
-nudone
The subscription is only for upgrades - when it runs out after a year, you can't install newer versions published after that date. The program itsel'f doesn't expire. So instead of making you pay for each major version upgrade, they charge for upgrades once a year.
-
I tried reinstalling 3.5 but it keeps insisting I should upgrade to v. 4 and I am not sure it is updating any more.
-Carol Haynes
You can turn off the upgrade prompt, I think. It's not like an antivirus that needs to update itself every week or so. Outpost does download new spyware definitions, and I'm not sure if it keeps updating those when your subscription expires, but the spyware detection engine is only a sideshow.
-
The subscription is only for upgrades - when it runs out after a year, you can't install newer versions published after that date. The program itsel'f doesn't expire. So instead of making you pay for each major version upgrade, they charge for upgrades once a year.
right, i will have to look for it and install it then. thanks for that.
-
i'm now using the free version of agnitum outpost v1.
i think it does enough for what i wanted, i.e. do i want to let this program access the internet - yes/no, click.
-
i'm now using the free version of agnitum outpost v1.
i think it does enough for what i wanted, i.e. do i want to let this program access the internet - yes/no, click.
-nudone
Good deal! :) I'm sure it doesn't take nearly as much RAM as my 3.5, either...
-
You can try Blink neighbourhood watch. It's free and offers outbound protection.
http://www.eeye.com/html/products/blink/neighborhoodwatch/index.html
-
thanks, AdIyhc, i'll give Blink a try.
-
Hi nudone,
Found this that might suit you.
http://www.sunbelt-software.com/Kerio.cfm
Think it's very straightforward to use. The free version will suit you.
People who likes it.
http://www.wilderssecurity.com/showthread.php?p=952601#post952601
-
thanks, but i've tried Kerio before on a few machines and i just couldn't get along with it. it annoyed me as it just didn't seem to know what was going on regarding stuff connecting to the net - changing the options didn't really help either.
at the moment i've got Blink installed. i like it so far, plenty of options there if you want them, specific port access, etc, etc.
i really don't know much about the other stuff it does, intrusion prevention, etc.
the wizards might be handy?
you do have to submit quite a few details to obtain a free serial - is this a big deal. you can always make stuff up, the email address is the crucial bit of info they need.
anyway, it's only been on a few hours so it's too early to tell but so far :up:
-
for inbound i use windows firewall, its the only inbound firewall that capable of handling intensive 247 bt, for outbound i like looknstop, its very lite and simple and i can disable the inbound in LooknStop.
-
nudone,
The wizards is very straightforward for the application firewall. For the other wizards, you might need to get someone experienced to help you. :)
No big deal if they require details, just make stuff up.
Kimmchii,
Agreed, Lite and Simple. LnS is a very good investment. You can use it out of the box. It is the "No Nonsense" Firewall.
It's not free but you only need to pay once. :)
-
Just for the record, on my Linux box at home I use FireHOL which is not a firewall, but a language for setting up the iptables packet filtering ruleset (erm... firewall if you want to call it...). I went googling for "iptables for windows" and came up with this: http://force.coresecurity.com/
It looks to be very powerful, and rumors of Core Security being acquired by Symantec are false. Although I must say it is not for n00bs and I don't know how it works "out of the box", although further investigation may prove very fruitful...
CORE FORCE is the first community oriented security solution for personal computers. CORE FORCE is free and provides a comprehensive endpoint security solution for Windows 2000 and Windows XP systems.
The security framework provided by CORE FORCE is leveraged by a community of security experts that share their security configurations for a growing list of programs. These security profiles can be downloaded by any user of CORE FORCE from the community Web site and they're also completely open so that they can be peer-reviewed to minimize security hazards. The community approach to endpoint security also allows end-users who are not security experts to work in a secure environment.
CORE FORCE can be used to:
* Protect your computer from compromises by worms, virus and email-borne malware
* Prevent your computer from being used as a staging point to amplify attacks and compromise others
* Prevent exploitation of known bugs in the operating system and applications running on your computer
* Prevent exploitation of unknown bugs (0-day) in the operating system and applications running on your computer
* Detect and prevent execution of adware, spyware, trojan horses and other malware on you computer
CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation. These capabilities can be configured and enforced system-wide or on a per-application basis for specific programs such as email readers, Web browsers, media players, messaging software, etc.
Take a look at the screenshots: http://force.coresecurity.com/index.php?module=base&page=screenshots
and the comments to go with them.
Apparently, it is suitable for use as a personal firewall:
11.
How does the personal firewall work?
The firewall component of CORE FORCE is a Windows port of OpenBSD's PF, the open source, mature, server-level firewall (PF: The OpenBSD Packet Filter). PF's functionality has been trimmed and tailored to make it suitable for desktop systems and to minimize code complexity.
CORE FORCE support inbound and outbound stateful filtering with advanced settings such as TCP flags and ICMP type/code flags. It works on a per application basis, loading and unloading rules dynamically at application runtime and it can be configured to require runtime user confirmation on certain connections. It is implemented at kernel level as an intermediate driver that mediates communications between the network card drivers and the operating system's TCP/IP protocol stack, making it difficult to bypass.
and there's a ton of HowTo's and Documentation here: http://force.coresecurity.com/index.php?module=articles&func=view&catid=39
If I had W2K on this machine, I'd try it in a heartbeat.
-
I tried coreforce last summer (it refers to bsd, how could i not?) and had trouble with it. I was looking for a rule based firewall that would allow rules that were based on executable+protocol+port+state, like what you use on unix system and like the old kerio/tiny used to be in the old times. The first time it wouldn't run and I can't remember what i had the second time but it was conflicts with other programs (and no, i don't run 2 firewalls at once or anything) linked to that driver-level functionality.
I'm sure it has evolved a lot since though so probably it's a lot more stable. It'd be a very good technical firewall if that's the case, but it will expect you to understand the basics of tcpip and to make a lot of decisions yourself at first.
-
i've removed Blink as it came up with a couple of false positives that i really can't be bothered with (it didn't like me playing mov files with KMPlayer).
just tried coreforce and i've removed that also - whichever rule i set it just wouldn't stop asking me if Maxthon was okay to go online. Way too much trouble trying to figure out why it's doing this.
so, i'm about to put agnitum outpost v1 back on and i think i'll stick with that until it does something really bad.
edit:
haha, no i won't. it refuses to install now as it thinks it's already running - even after rebooting. so goodbye agnitum outpost too.
-
I'm quite happy with Kerio 2.1.5.
Over at wilderssecurity forums there's a couple of custom made rules, which serve as a good starting point.
I realize that you've had problems with Kerio, but I'll still recommend it. Very lightweight, and I'd even consider using it if I had a hardware firewall, just to be able to see what goes in and out.
I'm no techie, but this works for me :)
-
okay, i'm going to try Kerio again :huh:
-
I was looking for a rule based firewall that would allow rules that were based on executable+protocol+port+state, like what you use on unix system and like the old kerio/tiny used to be in the old times.
-iphigenie
Hmm, a *u*x firewall that takes application executable into account? I haven't seen that yet... only on windows (I used to use Tiny, then Kerio when Tiny went commercial, then gave up after both became bloated and I couldn't be bothered anymore.)
-
Kerio? computer says "No".
-
nvm, not freeware.
-
You're not having much luck with firewalls!
Let me have a look in my LWA what I have tried and liked...
ghostwall, (free) which someone has mentioned in another thread i think? http://www.ghostsecurity.com/ghostwall/ Their malware defense products have a very good reputation, so the firewall is worth a look.
All the others I have on my list were either already mentioned, turned out not to be very secure, or are not free.
-
nvm, not freeware.
-kimmchii
are you sure, on their page http://www.pctools.com/firewall/ it says "Best of all it’s FREE. No catches, limitations or time-limits."
i've not installed it yet - will try later.
thanks, iphigenie, ghostwall also looks like it might be enough for the job, but i'll have to try that later also.
-
i installed it yesterday, i saw somewhere " must register after 30 days" but cant seem to find it now.
-
perhaps it means to simply register, i.e. provide details of yourself but it doesn't require any other payment???
-
ahh yes you're right, registration is free:
http://www.pctools.com/firewall/register/
i saw this in the help file i thought i wasnt :-[: PC Tools Firewall Plus is available as a free and fully-functional 30-day trial. After this time, you are required to register the product to continue using it.
-
ghostwall was a little to minimal for my liking.
at the moment i've got 'PC Tools Firewall Plus' installed. so far, i like it.
it asks me if a program can connect, yes/no and remember. seems to work perfectly well.
you do have to register with a name and a genuine email so that you can receive the key that allows it to run after 30 days trial. other than that it's all free.
i've not tried doing anything advanced with it. well, when i say advanced i simply mean using shared folders on my computers - so i don't know if i'll have to manually change a few settings for that to work.
-
it was too good to be true. pc tools firewall plus is kind of getting in the way of me sharing files between machines - regardless of putting the same kind of rules in to it that worked fine with zone alarm.
this is madness.
-
Even if outdated, I still find the old Sygate Personal Firewall Ok for basic use.
goto http://www.tucows.com/preview/213160
Also, sharing files and printers works OK.
The upgraded version of this firewall exists as part of V-com SystemSuite. Unfortunately, this updated FW doesn't like at all the most recent version of CA Antivirus, so I had to find another solution. SPF was this solution.
-
that's sounds interesting. thanks, MerleOne, i'll try Sygate.
edit: computer says "no" to sygate also.
it seemed pretty sporadic how it would ask me whether something should connect to the net.
-
Maybe there really are people who can stay out of trouble for ever even though they are running a free firewall. Maybe. I know I would have had a hole lot more of troubles if I gone the free way. But I really think there is no such thing as a free meal. Somehow you are going to pay in the end. And I have never for a moment been sorry that I paid for Outpost PRO - it is THE firewall for a personel computer at home. I started with version 2.5 and is now using 4.0
Any problems with Outpost usually comes from the setup you have chosen. If you avoid the most strict settings, you will ALMOST never be troubled with this firewall. You will hardly know it is there, until you try to run some poison.
Outpost runs in perfect harmony with Eset NOD32 Antivirus.
Outpost PRO 4, and NOD32 2.7 : :-*
-
If you're not doing strict outbound filtering, there's not much point in running a personal firewall - a router with NAT translation is going to offer better protection for incoming traffic. The XP firewall then does the job of protecting you if a friend with an infected laptop visits you (and your LAN)...
-
If you're not doing strict outbound filtering, there's not much point in running a personal firewall ...-f0dder
Define "strict" 8)
I am running a strict setup, but the next guy doesn't have to, does he. But you are making an important point, a point that is to be taken seriously: There is no such thing as a free meal - and there is (for all I can see) no such thing as a free well protecting firewall that will never demand your attention and time.
Sorry if my first post gave any other impression
-
Maybe there really are people who can stay out of trouble for ever even though they are running a free firewall. Maybe. I know I would have had a hole lot more of troubles if I gone the free way. But I really think there is no such thing as a free meal. Somehow you are going to pay in the end. And I have never for a moment been sorry that I paid for Outpost PRO - it is THE firewall for a personel computer at home. I started with version 2.5 and is now using 4.0
Any problems with Outpost usually comes from the setup you have chosen. If you avoid the most strict settings, you will ALMOST never be troubled with this firewall. You will hardly know it is there, until you try to run some poison.
Outpost runs in perfect harmony with Eset NOD32 Antivirus.
Outpost PRO 4, and NOD32 2.7 : :-*
-Curt
Certainly not my experience with Outpost - I have had anything but a smooth ride with both versions 3 and 4 on 3 computers - to the point now where I have given up on a full 12 month subscription before it even started (they would not refund even though the subscription had not started).
I am not alone and lots of users refuse to use version 4 because of instability issues.
The biggest issue I had was system instability and BSODs - when it did work it was a real system hog (and that was with most of the optional plugins disabled).
Oh and by the way I was running it with NOD32 ...
Now I am running using WinXP firewall behind a router firewall and had no problems.
It really does beat me why no company can addess the issue that seems to be the golden grail:
... a low impact firewall that is a firewall and ONLY a firewall!
I would like to filter outgoing traffic but until someone suggests a suitable product I am not going to bother any more.
-
The reason you can't find a "pure firewall" much anymore is simple. Reviewers.
To me, pure firewall means state aware packet filtering - purely about traffic - i.e. it will look at source and destination IPs, protocol and ports use that to make a decision whether to let the traffic go through or not, in a chain or rules (that's what ghostwall is. That's what the old kerio and tiny used to be). Using a "pure firewall" on very restrictive rules should mean that no surprise traffic can get in or out. Of course a clever virus, or spyware, or a trojan, if it gets itself installed on the machine, can still hijack another software which is known to be usually trusted to get out. And that's normal, the firewall still did its job, watch the integrity of the network, another tool or two should watch the integrity of the system.
But reviewers and "obsessive" security power users started saying a firewall had failed if it didn't catch a browser hijacker, or a trojan... And the list of breaches a firewall is expected to catch keeps growing, year after year. They're doing the same to spyware detectors and virus scanners, too.
Whereas earlier people would have had a "pure" firewall, a virus scanner, maybe a trojan protection or intrusion detection and a spyware tool, now people tend to have a firewall that also does trojan and malware, a virus scanner that also does trojans and malware and more and more some virtualisation, a registry protection tool which also does a bit of firewall... All overlapping in features more and more. No wonder they conflict.
In a way I want several small tools that do their distinct job very well. I don't want 4 tools that are fighting to steal each other's job.
Edit: i did a quick search and you will find out that any review of firewalls nowadays centers on non-firewall features such as leak tests. That's what most firewall makers center their efforts on nowadays, making sure their system detect the leak tests, sometimes by cheats, but mostly by watching, scanning and analysing everything that happens between executables on the PC. This is quite slowing on the PC, in the end. And in a "one in all" product you can't turn off the anti-hijack tools on their own when you want, for example, to play a game.
-
i'm certainly going around in circles but so far the least amount of trouble has come from these:
zone alarm (free edition) - i'd still be using this if it didn't like crashing after about 24 hours use, that's probably something to do with my machine.
agnitum (free version 1) - can't remember why i stopped using this - i think i'll put it back on.
pc tool firewall plus - this seems the friendliest i've tried so far - just can't get shared files/folders to work.
edit:
i've been reminded why i can't use agnitum - it's because it now refuses to install again because it thinks it's already running. fantastic.
-
Malware detection is something antivirus products should detect, though, in my opinion. They're already inspecting executables and doing heuristics... and there aren't that many "viruses" around anymore, it's another kind of malware nowadays.
And most people will be wanting proactive defense (instead of scanning *after* the damage) is done, this requires some drivers and hooking to be efficient; might as well protect some registry keys and system services to make life harder for malware too.
That said, there is a tendency of too much functionality in each product. I don't think firewall capability belongs in an antivirus app, and full system sandboxing doesn't fit with either AV or FW software.
-
Well there are a few more you can try
this recent thread in wilders covers the same ground, starting with "zone alarm isn't playing nice anymore" too! with an amusing diversion in the middle on how the color of your firewall matters ;)
http://www.wilderssecurity.com/showthread.php?t=159763
they mention jetico (http://www.jetico.com/) and looknstop light (http://www.snapfiles.com/reviews/Look_n_Stop_Lite/looknstop.html) which you haven't tried yet ;) which were mentioned but you haven't tried yet? I think they're both very similar to ghostwall, kerio 2 and other "pure" firewalls
But if windows file sharing is the only think not working, that's just a matter of opening a few inbound ports on your machine - i bet it can be done on the pc tools firewall! Windows file sharing is one of those protocols which needs inbound open as well as outbound - let me see if i can dig up the ports
-
Wilders forum might have the answer: It seems pc tools default set up blocks netbios. You need to allow the following (blocked by default), if possible only for known IPs. Of course if your broadband and wireless gateway both keep your internal networked closed (i.e. proper wifi security and no ip forwarding from the net) then you don't have to worry.
Anyway the 2 default rules to release seem to be
1) Block winNuke (which blocks filesharing)
2) Stop netBIOS
see here http://www.wilderssecurity.com/showthread.php?t=160868&page=2
-
Success of a 3rd party firewall depends on how many people get annoyed by default rules/settings.
Some time ago there was a long debate (another) on Wilders about the need for such advanced firewalls. Of course most people there cant live without but there was one guy who seemed like Dr. Firewall who argued that he would recommend no Firewall at all if user is not absolutely on top of things, have read help file, have done personal setup etc. Made a lot of sense to me - about the time where I tried most of the free firewalls.
-
You need a firewall somewhere to protect your machines against the external network. It really doesn't need to be on the machine, but there needs to be a protection. Considering the amount of port and vulnerability scanning that goes on the net all the time, and the amount of open ports etc. by default on the average windows machine, i think having a firewall *somewhere* that prevents casual access to ports on the machines to be a basic need.
It can be at the entrance to the network, on a corporate firewall or a simple broadband router, but if the machine is connected via modem then it needs to be on the machine. As a matter of fact it's better at the network entrance, not on the machine itself, so the traffic never reaches the machine.
Once you have such protection in place, then you need the second level of protection, which is from threats that originate within the network. You don't need a "network" firewall on each machine but unless you have very very savvy users you do need a certain amount of trojan/malware protection, because alas there's nothing we can install in people's heads to make them stop opening an attachment that says "i have always secretly loved you" or "naked pics of the boss inside" or click on a banner that says "free animated smilies, click here" or "test your pc's security now". That protection is nowadays either added to virus scanners or to tools called "personal firewalls" or "internet security", when really it fits in none of those labels.
Even the tech savvy crowd can fall for it, obviously it would need to be something more clever like spoofing the tortoise svn page ;)
-
i've been reminded why i can't use agnitum - it's because it now refuses to install again because it thinks it's already running. fantastic.
-nudone
I tried that problem after a test of Doctor Spyware 5 BETA: everything went wrong on my PC, dozens of broken files, and Outpost not opening but yet running (did you check in task manager if outpost.exe was running?). And, as you imply, you cannot install on top of an exe that will not close. I take that was your problem: no outpost.exe to uninstall, but yet it claimed to be running?
I managed to ruin that PC - before finding out if the answer from Agnitum was usable or not - but the answer was: "Please download http://www.agnitum.com/download/support/OutpostProInstall_4.0_971.exe. Install it over your current version and try to uninstall again." Notice the word "support" in the link (I never used the link, but got myself a new PC instead); this may or may not be a standard installer - I don't know.
-
thanks for looking into the file sharing side of things, iphigenie.
i'd tried setting up a few rules inside 'pc tools firewall plus' using the tcp and udp ports specified by microsoft but it made not one jot of difference. i shall try your recommendations later what i get chance as they sound very likely to work.
i've tried jetico - no good. and i think i may have tried looknstop - can't really remember. we've covered a lot of this ground before elsewhere on the forum and i think i'm right in thinking that these two programs were tried back then.
at the moment zone alarm is back on - everything works and it's pretty simple to get working if only it wouldn't crash.
but i'm still going to give pc tools firewall plus another shot - just to see if the file sharing will work.
zone alarm for all it's faults still seems about the easiest to use - for what i need anyway - outbound blocking on stuff just so i have an idea of what's going on with my machine.
@Curt, i've tried a few things to try and find how outpost can still be there even though i successfully uninstalled it - outpost.exe isn't running so i assume the debris is elsewhere.
-
Certainly not my experience with Outpost - I have had anything but a smooth ride with both versions 3 and 4 on 3 computers - to the point now where I have given up on a full 12 month subscription before it even started (they would not refund even though the subscription had not started). I am not alone and lots of users refuse to use version 4 because of instability issues.
The biggest issue I had was system instability and BSODs - when it did work it was a real system hog (and that was with most of the optional plug-ins disabled).
Oh and by the way I was running it with NOD32 ...
-Carol Haynes
A sad story, Carol. :(
I think the answer is to be found in the settings.
One of the biggest advantages of Outpost is the "Agnitum ImproveNet"; Agnitum's and the Outpost user's common project: to make Outpost capable of setting rules by pre-sets: If all users of program A are adding A to Trusted, then this setting is probably O' Kay for your PC as well, but if they are not, then it is not safe for your PC either. You decide if you are willing to adopt this general setting, but you may, and if you do, your life with this firewall will be a lot easier.
But of course, if you have a lot of programs that no-one else on ImproveNet is using, or you don't trust their settings, then you may never gain from this feature.
-
iphigenie: you don't really need a perimeter firewall if you use NAT - of course you can think of NAT as a sort of firewall, but it isn't. Of course if you run some static mapped services or are corporate sized, a firewall and some intrusion detection is probably a good idea.
But you do make a good point (which I already mentioned :) ), even with a perimeter firewall (or NAT), you still need some per-host stuff... Windows Firewall from XP should handle the basics, and add antivirus ontop of that to protect less savvy users from themselves, and the rest of us from exploits :)
-
A sad story, Carol. :(
I think the answer is to be found in the settings.
-Curt
That is the sad thing - each time it was installed I accepted the default 'easy' setup and usually accepted the default suggestions for known applications when they popped up. For others I either accepted or denied access to inbound or outbound access depending on what I thought of the app making the request.
This seems to me about as basic as it gets for using Outpost and yet version 4 continually BSODed even on fresh winodws installations on more than one system. I spent a long time in the early days of version 3 with BSODs too but they eventually disappeared when Agnitum finally produced a stable version.
I am sure the ideas behind Outpost are really good - I just really wish that Agnitum actually tested their software before making it live - instead they appear to run a live Beta program without telling anyone that is what they are doing. Not only do they charge for buggy new versions but they seem to move on to the next buggy version as soon as they manage to get the thing running stable. OK I could go back to the last build in version 3 which did work but I really got sick of being told it was time to upgrade to version 4 (and I couldn't see any way to turn off program updates without disabling all updating).
-
True iphigenie, the guy I called Dr. Firewall certainly also promoted inbound firewall, router or Windows Firewall. He was defending the position of that being enough and for many people the better setup - as opposed to many security guides and well meaning forum posts claiming XP default is a risk to users, perhaps accompanied by link to a leak test as proof. Look around at a place like Wilders to get the idea but you see similar recommendations/warnings all over tech side of internet.
The layer thinking is nice, even MS says that is how you must look at security, but this advanced firewall demand should not be at top of list of things to do. Good practices and some awareness of being responsible for computers and own actions is way more important. Not like "attacks" come from out of the blue, sources/reasons are the same old. Many people still have not upgraded to SP2 and could not care less. Depends who you are. If every other layer including user behavior is in place I really dont see much of a need for outbound control. I see and recognize the need to tinker and feel in control etc. - why they temporarily have caught my interest.
Go crazy http://www.wilderssecurity.com/showthread.php?p=351107 ;)
Btw, Im not so sure those fat do-it-all packages is a bad thing. I wouldnt mind one if I had that desire. Must be flexible and modular build of course. You see all the known companies trying to justify their AV, their Anti-Spyware, their Firewall - all with more and more features and yet melting together. Bundle make sense to me, also thinking of subscription fee! If well done package should be easier to install and maintain for most people. No compatibility issues should be guranteed. I dont think majority is willing to have an arsenal of security programs. Geeks will always prefer special programs, the not so popular but much better product.
-
Many people still have not upgraded to SP2 and could not care less.
-dk70
And if those people aren't behind a NAT, it's their own fault when they get hit by the same-old worm, and they shouldn't whine and bitch about security.
-
That is the sad thing - each time it was installed I accepted the default 'easy' setup-Carol Haynes
Your struggles are a mystery to me. Yes, I too have had struggles with Outpost, but after visiting Wilders forum always found the error to be some 20 inches in front of the screen. But that was my fault; I know you are a lot smarter than me when it comes to IT, and therefor I am even more puzzled by your bad experiences with Outpost.
-
Many people still have not upgraded to SP2 and could not care less.
-dk70
And if those people aren't behind a NAT, it's their own fault when they get hit by the same-old worm, and they shouldn't whine and bitch about security.
-f0dder
Who cares, they just reformat :) Probably those aware of security who cry/shake head. The Myspace banner virus or what it was only affected people on unpatched XPs. Tons of people got caught, http://blog.washingtonpost.com/securityfix/2006/07/myspace_ad_served_adware_to_mo.html Sad but just the way it is. 3rd party firewalls is like ages beyond this problem and those related (with some imagination I think those users approach to cracks, warez, porn, p2p etc. is easy to guess). Those not in direct danger get scared by such stories and barricade them self even more, heh. Business play on this of course.
-
thanks for looking into the file sharing side of things, iphigenie.
i'd tried setting up a few rules inside 'pc tools firewall plus' using the tcp and udp ports specified by microsoft but it made not one jot of difference. i shall try your recommendations later what i get chance as they sound very likely to work.
-nudone
Have you had any luck after unblocking those two rules?
-
iphigenie, i'm sorry, but i haven't yet tried.
i was going to, but i sort of completely gave up altogether when i found that 'pc tools firewall plus' didn't like the rules i put in to allow utorrent through.
you'd think it obvious - state the port that utorrent uses and away you go. well, this particular firewall requires more - but what i have no idea. i don't mind trying to figure these things out but in the end i just have to think what's the point - zone alarm works so i'll just keep using it and recommending it to everyone else.
-
no need to be sorry :P, i was just curious whether you'd made it work or not
i haven't tried it but just from reading that thread it seems to me pc tools has some "cryptic" default rules which block a lot but don't necessarily make it obvious to you what they do without opening each rule to figure it out. I mean what would you guess hides behind a rule called "Block winNuke" - I sure wouldn't. Probably one of those rules is overriding your torrent rule...
In a way that's why i like the "simple" rules based firewalls - one rule per line... at least there i can figure out what happens.
Although at the moment i'm just using the fw that came with bitdefender, so I really can't brag much about my clever choice of firewall. It's not bad, app+protocol+direction+port+IP based filter, but without any sort of checksum on the executables, i think. My biggest gripe with it is the absence of log... totally stupid oversight in a firewall!
But I am too lazy to switch to a standalone product.
-
Here's someone's experience with Sygate:
The Little Firewall That Could | klaatu
http://klaatu.anastrophe.com/index.php/2007/02/17/the-little-firewall-that-could/
And someone on this board posted a positive review:
Sygate - Very Strong Firewall
https://www.donationcoder.com/forum/index.php?topic=605.0
I've not tried it yet myself as I'm still OK with Windows Firewall.
-
It really will depend on what you are trying to do on your machine but Sygate really didn't work well with what i was doing - and i wasn't doing anything particularly weird. similar problems were encountered on other peoples machines i know of.
but, i'm sure it's a very good firewall for a vast number of people.
-
Hi nudone, if all you want is a simple firewall, (or just a program), for outgoing program access control, see if you can find the latest version of Primedius Firewall Lite, 1.6 here: http://www.majorgeeks.com/Primedius_Firewall_Lite_d4146.html
It's small, you can start or stop it at any time, seems very low impact. The interface is a little outdated but it seems to work fine.
I used to use it with Ghostwall, (gave me more control over incoming connections). They had no problem co-existing together. However, it does basic inbound filtering so you don't need to install anything else, just use XP's or rely on your router's NAT/firewall.
The only thing that annoyed me about it was the fact that if you updated a program, after asking for access permission, it would add it to the program list leaving the old program version in the list - so every so often you'd need to go through the list and clean out the old entries.
Now-a-days, I use Comodo on my main machine and laptop, (gives more control), and nothing on a download-only machine, (it relies on NAT and the router's hardware firewall - it runs 2 programs and doesn't execute anything it's downloaded so it's fairly safe - runs AVG as a basic precaution).
-
thanks, 4wd, i'll try Primedius sometime this week, but it sounds like it might not exactly fit what i want to do - it sounds like it would be okay for my own personal use but not something i could recommend to 'firewall novices' (because of the cleaning the list out problem that you mentioned).
-
Under Win2K: Comodo Firewall Pro (with NOD32), clean, resource-light, all well.
-
Anyone else finding that the latest build of ZoneAlarm Pro takes about five minutes (or more) to start up? I keep getting popups stating that ZA is loading and that I can hit cancel to shut it down. It disappears only to pop up again after 30 seconds or so. Makes my notebook slow as molasses booting into Windows (I have WinPatrol setup to delay SnagIt 8.2 starting until 5 minutes after Windows starts - SnagIt loads at about the 15 minute mark). Anyway, just curious - I'm off to post in the ZA forums (been too lazy to do so of late)...
-
Hmmm... a search of ZA's forum finds at least one other person with the identical problem. The answer (it's not a solution as such) is that this is not normal but can occur if startup is taking a long time. So I guess this is a symptom, not the cause, of my slow boot times... Just FYI!
-
Safety.Net -
http://www.netveda.com/
I discovered it last year, have been using it ever since.
Speaking of multiple-function security tools, I am quite favorably impressed with Spyware Terminator -
http://www.spywareterminator.com/
It surprised me, I'm hard to impress. Would be a good compliment to XP's firewall, I think.
I used to use Outpost, but it was a headache sometimes. I think ZoneAlarm is a ho, I tried it a long while back and said never again. I can't respect proggies that tell me what a good job they are doing without my asking "howzit going?"
-
As I'm certainly the one who knows the least here please allow me an innocent question.
I've been using Blackice defender for quite a while but haven't seen any comments about it from others. So, what do you think?
-
I've been using Blackice defender -biox
Link to BlackIce (http://www.digitalriver.com/dr/sat5/ec_Main.Entry17C?SID=26412&SP=10023&CID=117016&PID=253470&PN=1&V1=253470&CUR=840&DSP=&PGRP=0&ABCODE=&CACHE_ID=117016) ;)
Welcome at DC, biox :up:
-
I tried out BlackIce briefly, but it bogged down my system and caused a couple of BSODs, so I removed it again. Dunno if it conflicted with NOD32 (or did I run Kaspersky at that time?), but I wasn't impressed :-\
-
I've been using Blackice defender -biox
Link to BlackIce (http://www.digitalriver.com/dr/sat5/ec_Main.Entry17C?SID=26412&SP=10023&CID=117016&PID=253470&PN=1&V1=253470&CUR=840&DSP=&PGRP=0&ABCODE=&CACHE_ID=117016) ;)
Welcome at DC, biox :up:-Curt
Thanks for both, the link and the welcome. I've been reading this board for centuries but never posted.
Anyone else finding that the latest build of ZoneAlarm Pro takes about five minutes (or more) to start up?-darwin
Yeah, I think it's a bit slower but 5 minutes??? :huh:
I work a lot at night (GMT+8) and get roughly every 4-5 sec a hacking attempt or at least a port scan, most of them can be back traced to my service provider. :D I was thinking about using Blackice on the other one too but then again I got the whole ZA security suite on that one. Would be quite a waste of money.
ZA's spy scan is pretty weak so I use AVG spy. ZA gave me an incompatibility warning when I upgraded. Had to un-install AVG, let ZA finish and re-install AVG. Seems to work now.
-
I tried out BlackIce briefly, but it bogged down my system and caused a couple of BSODs, so I removed it again. Dunno if it conflicted with NOD32 (or did I run Kaspersky at that time?), but I wasn't impressed :-\-f0dder
Didn't do this to me. I ran it together with McAfee and Ewido v.?old.
-
It really will depend on what you are trying to do on your machine but Sygate really didn't work well with what i was doing - and i wasn't doing anything particularly weird. similar problems were encountered on other peoples machines i know of.
but, i'm sure it's a very good firewall for a vast number of people.
-nudone
hi, i'm the author of that blog entry 'the little firewall that could'. i'm curious what problems you had with sygate. i regularly run uTorrent, have used the Tor/onion network, i ssh into my server all day/every day, and in general do everything one can do over an internet connection, and Sygate has never been a problem. when you first install it, you spend a fair amount of time 'approving' applications that are allowed to send TCP/IP packets, but once you've approved the app, it stays approved. I have a symmetric 2mbit connection, and can saturate the link easily. i've done speed tests with sygate installed and without, and there's no difference.
yeah, yeah, i'm shaking my pom-pons for sygate, just like in the blog entry. oh well. there's been software out there that's caused me problems yet others have reported none, so i guess it's 'just one of those things'...
-
anastrophe, i'll put sygate back on my machine later in the week and let you know how things go. if i get chance to do it sooner then i will try. the problem was always utorrent related - or maybe it was emule - one of those but it definitely had the same problem on other peoples machines.
EDIT:
BIG APPOLOGIES to everyone that mentioned sygate firewall - i've just realised it was the 'kerio' firewall that i'd tried and NOT sygate at all.
you can still get sygate firewall from http://www.oldversion.com/program.php?n=sygate it sounds like from what anastrophe has said that i shouldn't have any problem using it but i'll still not have chance to try until later in the week.
-
If you have no luck finding free software that does what you want, you could try Symantec Client Firewall which is what I use. It does quite a few things, but amongst them is the capability to monitor applications as they try and make contact with an external address and give you the opportunity to approve or deny access, permanently or temporarily, for each application. It's very easy to use - and I'm not an expert.
Good luck with your search!
Richard
-
well, i have obviously lost my mind. i stated above that i hadn't tried the sygate firewall so i'd give it a go when i had chance.
i've just installed and quickly uninstalled it. i had tried it before and commented that it doesn't appear to work on my system - it doesn't bother to inform me about applications trying to make a connection. instead it just blocks them. pretty useless - on my machine, at least.
so, i'm sticking with the devil i know, which is the free edition of zone alarm.
-
Apologies - didn't realise that Sygate was a synonym for Symantec.
-
I was about to give up on firewalls to, but in the end i went with Kaspersky internet suite which includes their antivirus. I got it mainly for the antivirus but it was an option, for a bit more money, of course, to get the whole thing so i did. Seems to work ok for me and i got so sick and tired of hunting for free stuff that didnt work the way i wanted, i want no interference mostly, but the options are there to do what you want. It has a 30 day free trial.
-
Hi all - I disabled ZoneAlarm Pro (latest build) a couple of days ago as I'm behind a hardware firewall and I *intend* to run ZA when I'm on other networks. I got sick and tired of weight of the thing... I have documented elsewhere the fact that I am experiencing 12 minute boots under XP Pro and general system slowdown. Disabling ZA and Winpatrol Plus (amongst others - RecentX, SnagIt, Mophy Accent) from running from the tray has liberated close to 200 MB of RAM and massively decreased the "hit" on my CPU. It's also cut startup times in half. They're still too long but a work in progress. As my harddrive is getting quite full, and I've already gotten rid of some big files, I've sprung for a larger 7200 rpm notebook drive. I'm curious to see if it will make much difference to the performance of my machine. Probably most noticeable difference will be reduced battery life and a dent in my bank account, but you know what they say about fools and money...
-
Apologies - didn't realise that Sygate was a synonym for Symantec.
-richiesan
dont believe it is - I think that post of nudones wasn't referring to yours
-
Apologies - didn't realise that Sygate was a synonym for Symantec.
-richiesan
dont believe it is - I think that post of nudones wasn't referring to yours
-tomos
tomos is correct. i had simply forgotten which firewalls were which and what i had already tried before.
perhaps something that no one has tried is this...
i'm now using the firewall that is built into NetLimiter 2 Pro http://www.netlimiter.com/
no complaints so far. it pretty much does what you'd expect, i.e. prompts you if something can access the net or not.
(i didn't put zone alarm back on because it wouldn't let me. i would have put the free version of outpost v1 on instead but that won't install either. until i completely reinstall everything on this machine i'm content with how things are.)
-
Kerio-now-Sunbelt is just $10 at the moment. I've been using it for a while (with my luck, pre-discount of course) and it seems to do a great job. Application control-yes but back tracing-no. Didn't even let me upload my avatar w/o being told to allow it.
http://www.sunbelt-software.com/