Author Topic: Firewalls - please, i can't be bothered. (Read 53187 times)

nudone · « **Reply #25 on:** February 28, 2007, 02:03 AM »

Kerio? computer says "No".

kimmchii · « **Reply #26 on:** February 28, 2007, 02:35 AM »

nvm, not freeware.

iphigenie · « **Reply #27 on:** February 28, 2007, 05:21 AM »

You're not having much luck with firewalls!

Let me have a look in my LWA what I have tried and liked...

ghostwall, (free) which someone has mentioned in another thread i think? http://www.ghostsecurity.com/ghostwall/ Their malware defense products have a very good reputation, so the firewall is worth a look.

All the others I have on my list were either already mentioned, turned out not to be very secure, or are not free.

nudone · « **Reply #28 on:** February 28, 2007, 05:39 AM »

nvm, not freeware.
-kimmchii (February 28, 2007, 02:35 AM)

are you sure, on their page http://www.pctools.com/firewall/ it says "Best of all it’s FREE. No catches, limitations or time-limits."

i've not installed it yet - will try later.

thanks, iphigenie, ghostwall also looks like it might be enough for the job, but i'll have to try that later also.

kimmchii · « **Reply #29 on:** February 28, 2007, 05:34 PM »

i installed it yesterday, i saw somewhere " must register after 30 days" but cant seem to find it now.

nudone · « **Reply #30 on:** March 01, 2007, 02:32 AM »

perhaps it means to simply register, i.e. provide details of yourself but it doesn't require any other payment???

kimmchii · « **Reply #31 on:** March 01, 2007, 02:47 AM »

ahh yes you're right, registration is free:

http://www.pctools.c...m/firewall/register/

i saw this in the help file i thought i wasnt

: PC Tools Firewall Plus is available as a free and fully-functional 30-day trial. After this time, you are required to register the product to continue using it.

nudone · « **Reply #32 on:** March 03, 2007, 02:41 AM »

ghostwall was a little to minimal for my liking.

at the moment i've got 'PC Tools Firewall Plus' installed. so far, i like it.

it asks me if a program can connect, yes/no and remember. seems to work perfectly well.

you do have to register with a name and a genuine email so that you can receive the key that allows it to run after 30 days trial. other than that it's all free.

i've not tried doing anything advanced with it. well, when i say advanced i simply mean using shared folders on my computers - so i don't know if i'll have to manually change a few settings for that to work.

nudone · « **Reply #33 on:** March 03, 2007, 11:59 AM »

it was too good to be true. pc tools firewall plus is kind of getting in the way of me sharing files between machines - regardless of putting the same kind of rules in to it that worked fine with zone alarm.

this is madness.

MerleOne · « **Reply #34 on:** March 03, 2007, 05:03 PM »

Even if outdated, I still find the old Sygate Personal Firewall Ok for basic use.
goto http://www.tucows.com/preview/213160

Also, sharing files and printers works OK.

The upgraded version of this firewall exists as part of V-com SystemSuite. Unfortunately, this updated FW doesn't like at all the most recent version of CA Antivirus, so I had to find another solution. SPF was this solution.

nudone · « **Reply #35 on:** March 04, 2007, 01:46 AM »

that's sounds interesting. thanks, MerleOne, i'll try Sygate.

edit: computer says "no" to sygate also.

it seemed pretty sporadic how it would ask me whether something should connect to the net.

Curt · « **Reply #36 on:** March 04, 2007, 04:16 AM »

Maybe there really are people who can stay out of trouble for ever even though they are running a free firewall. Maybe. I know I would have had a hole lot more of troubles if I gone the free way. But I really think there is no such thing as a free meal. Somehow you are going to pay in the end. And I have never for a moment been sorry that I paid for Outpost PRO - it is THE firewall for a personel computer at home. I started with version 2.5 and is now using 4.0

Any problems with Outpost usually comes from the setup you have chosen. If you avoid the most strict settings, you will ALMOST never be troubled with this firewall. You will hardly know it is there, until you try to run some poison.

Outpost runs in perfect harmony with Eset NOD32 Antivirus.

Outpost PRO 4, and NOD32 2.7 :

f0dder · « **Reply #37 on:** March 04, 2007, 04:24 AM »

If you're not doing strict outbound filtering, there's not much point in running a personal firewall - a router with NAT translation is going to offer better protection for incoming traffic. The XP firewall then does the job of protecting you if a friend with an infected laptop visits you (and your LAN)...

Curt · « **Reply #38 on:** March 04, 2007, 04:35 AM »

If you're not doing strict outbound filtering, there's not much point in running a personal firewall ...
-f0dder (March 04, 2007, 04:24 AM)

Define "strict"

I am running a strict setup, but the next guy doesn't have to, does he. But you are making an important point, a point that is to be taken seriously: There is no such thing as a free meal - and there is (for all I can see) no such thing as a free well protecting firewall that will never demand your attention and time.

Sorry if my first post gave any other impression

Carol Haynes · « **Reply #39 on:** March 04, 2007, 04:48 AM »

Maybe there really are people who can stay out of trouble for ever even though they are running a free firewall. Maybe. I know I would have had a hole lot more of troubles if I gone the free way. But I really think there is no such thing as a free meal. Somehow you are going to pay in the end. And I have never for a moment been sorry that I paid for Outpost PRO - it is THE firewall for a personel computer at home. I started with version 2.5 and is now using 4.0

Any problems with Outpost usually comes from the setup you have chosen. If you avoid the most strict settings, you will ALMOST never be troubled with this firewall. You will hardly know it is there, until you try to run some poison.

Outpost runs in perfect harmony with Eset NOD32 Antivirus.

Outpost PRO 4, and NOD32 2.7 :
-Curt (March 04, 2007, 04:16 AM)

Certainly not my experience with Outpost - I have had anything but a smooth ride with both versions 3 and 4 on 3 computers - to the point now where I have given up on a full 12 month subscription before it even started (they would not refund even though the subscription had not started).

I am not alone and lots of users refuse to use version 4 because of instability issues.

The biggest issue I had was system instability and BSODs - when it did work it was a real system hog (and that was with most of the optional plugins disabled).

Oh and by the way I was running it with NOD32 ...

Now I am running using WinXP firewall behind a router firewall and had no problems.

It really does beat me why no company can addess the issue that seems to be the golden grail:

... a low impact firewall that is a firewall and ONLY a firewall!

I would like to filter outgoing traffic but until someone suggests a suitable product I am not going to bother any more.

iphigenie · « **Reply #40 on:** March 04, 2007, 05:41 AM »

The reason you can't find a "pure firewall" much anymore is simple. Reviewers.

To me, pure firewall means state aware packet filtering - purely about traffic - i.e. it will look at source and destination IPs, protocol and ports use that to make a decision whether to let the traffic go through or not, in a chain or rules (that's what ghostwall is. That's what the old kerio and tiny used to be). Using a "pure firewall" on very restrictive rules should mean that no surprise traffic can get in or out. Of course a clever virus, or spyware, or a trojan, if it gets itself installed on the machine, can still hijack another software which is known to be usually trusted to get out. And that's normal, the firewall still did its job, watch the integrity of the network, another tool or two should watch the integrity of the system.

But reviewers and "obsessive" security power users started saying a firewall had failed if it didn't catch a browser hijacker, or a trojan... And the list of breaches a firewall is expected to catch keeps growing, year after year. They're doing the same to spyware detectors and virus scanners, too.

Whereas earlier people would have had a "pure" firewall, a virus scanner, maybe a trojan protection or intrusion detection and a spyware tool, now people tend to have a firewall that also does trojan and malware, a virus scanner that also does trojans and malware and more and more some virtualisation, a registry protection tool which also does a bit of firewall... All overlapping in features more and more. No wonder they conflict.

In a way I want several small tools that do their distinct job very well. I don't want 4 tools that are fighting to steal each other's job.

Edit: i did a quick search and you will find out that any review of firewalls nowadays centers on non-firewall features such as leak tests. That's what most firewall makers center their efforts on nowadays, making sure their system detect the leak tests, sometimes by cheats, but mostly by watching, scanning and analysing everything that happens between executables on the PC. This is quite slowing on the PC, in the end. And in a "one in all" product you can't turn off the anti-hijack tools on their own when you want, for example, to play a game.

nudone · « **Reply #41 on:** March 04, 2007, 05:47 AM »

i'm certainly going around in circles but so far the least amount of trouble has come from these:

zone alarm (free edition) - i'd still be using this if it didn't like crashing after about 24 hours use, that's probably something to do with my machine.

agnitum (free version 1) - can't remember why i stopped using this - i think i'll put it back on.

pc tool firewall plus - this seems the friendliest i've tried so far - just can't get shared files/folders to work.

edit:
i've been reminded why i can't use agnitum - it's because it now refuses to install again because it thinks it's already running. fantastic.

f0dder · « **Reply #42 on:** March 04, 2007, 06:04 AM »

Malware detection is something antivirus products should detect, though, in my opinion. They're already inspecting executables and doing heuristics... and there aren't that many "viruses" around anymore, it's another kind of malware nowadays.

And most people will be wanting proactive defense (instead of scanning *after* the damage) is done, this requires some drivers and hooking to be efficient; might as well protect some registry keys and system services to make life harder for malware too.

That said, there is a tendency of too much functionality in each product. I don't think firewall capability belongs in an antivirus app, and full system sandboxing doesn't fit with either AV or FW software.

iphigenie · « **Reply #43 on:** March 04, 2007, 06:30 AM »

Well there are a few more you can try

this recent thread in wilders covers the same ground, starting with "zone alarm isn't playing nice anymore" too! with an amusing diversion in the middle on how the color of your firewall matters

http://www.wildersse...wthread.php?t=159763

they mention jetico (http://www.jetico.com/) and looknstop light (http://www.snapfiles..._Lite/looknstop.html) which you haven't tried yet

which were mentioned but you haven't tried yet? I think they're both very similar to ghostwall, kerio 2 and other "pure" firewalls

But if windows file sharing is the only think not working, that's just a matter of opening a few inbound ports on your machine - i bet it can be done on the pc tools firewall! Windows file sharing is one of those protocols which needs inbound open as well as outbound - let me see if i can dig up the ports

iphigenie · « **Reply #44 on:** March 04, 2007, 06:57 AM »

Wilders forum might have the answer: It seems pc tools default set up blocks netbios. You need to allow the following (blocked by default), if possible only for known IPs. Of course if your broadband and wireless gateway both keep your internal networked closed (i.e. proper wifi security and no ip forwarding from the net) then you don't have to worry.

Anyway the 2 default rules to release seem to be

1) Block winNuke (which blocks filesharing)
2) Stop netBIOS

see here http://www.wildersse...?t=160868&page=2

dk70 · « **Reply #45 on:** March 04, 2007, 07:49 AM »

Success of a 3rd party firewall depends on how many people get annoyed by default rules/settings.

Some time ago there was a long debate (another) on Wilders about the need for such advanced firewalls. Of course most people there cant live without but there was one guy who seemed like Dr. Firewall who argued that he would recommend no Firewall at all if user is not absolutely on top of things, have read help file, have done personal setup etc. Made a lot of sense to me - about the time where I tried most of the free firewalls.

iphigenie · « **Reply #46 on:** March 04, 2007, 09:05 AM »

You need a firewall somewhere to protect your machines against the external network. It really doesn't need to be on the machine, but there needs to be a protection. Considering the amount of port and vulnerability scanning that goes on the net all the time, and the amount of open ports etc. by default on the average windows machine, i think having a firewall *somewhere* that prevents casual access to ports on the machines to be a basic need.

It can be at the entrance to the network, on a corporate firewall or a simple broadband router, but if the machine is connected via modem then it needs to be on the machine. As a matter of fact it's better at the network entrance, not on the machine itself, so the traffic never reaches the machine.

Once you have such protection in place, then you need the second level of protection, which is from threats that originate within the network. You don't need a "network" firewall on each machine but unless you have very very savvy users you do need a certain amount of trojan/malware protection, because alas there's nothing we can install in people's heads to make them stop opening an attachment that says "i have always secretly loved you" or "naked pics of the boss inside" or click on a banner that says "free animated smilies, click here" or "test your pc's security now". That protection is nowadays either added to virus scanners or to tools called "personal firewalls" or "internet security", when really it fits in none of those labels.

Even the tech savvy crowd can fall for it, obviously it would need to be something more clever like spoofing the tortoise svn page

Curt · « **Reply #47 on:** March 04, 2007, 09:17 AM »

i've been reminded why i can't use agnitum - it's because it now refuses to install again because it thinks it's already running. fantastic.
-nudone (March 04, 2007, 05:47 AM)

I tried that problem after a test of Doctor Spyware 5 BETA: everything went wrong on my PC, dozens of broken files, and Outpost not opening but yet running (did you check in task manager if outpost.exe was running?). And, as you imply, you cannot install on top of an exe that will not close. I take that was your problem: no outpost.exe to uninstall, but yet it claimed to be running?

I managed to ruin that PC - before finding out if the answer from Agnitum was usable or not - but the answer was: "Please download http://www.agnitum.c...oInstall_4.0_971.exe. Install it over your current version and try to uninstall again." Notice the word "support" in the link (I never used the link, but got myself a new PC instead); this may or may not be a standard installer - I don't know.

nudone · « **Reply #48 on:** March 04, 2007, 09:31 AM »

thanks for looking into the file sharing side of things, iphigenie.

i'd tried setting up a few rules inside 'pc tools firewall plus' using the tcp and udp ports specified by microsoft but it made not one jot of difference. i shall try your recommendations later what i get chance as they sound very likely to work.

i've tried jetico - no good. and i think i may have tried looknstop - can't really remember. we've covered a lot of this ground before elsewhere on the forum and i think i'm right in thinking that these two programs were tried back then.

at the moment zone alarm is back on - everything works and it's pretty simple to get working if only it wouldn't crash.

but i'm still going to give pc tools firewall plus another shot - just to see if the file sharing will work.

zone alarm for all it's faults still seems about the easiest to use - for what i need anyway - outbound blocking on stuff just so i have an idea of what's going on with my machine.

@Curt, i've tried a few things to try and find how outpost can still be there even though i successfully uninstalled it - outpost.exe isn't running so i assume the debris is elsewhere.

Curt · « **Reply #49 on:** March 04, 2007, 09:51 AM »

Certainly not my experience with Outpost - I have had anything but a smooth ride with both versions 3 and 4 on 3 computers - to the point now where I have given up on a full 12 month subscription before it even started (they would not refund even though the subscription had not started). I am not alone and lots of users refuse to use version 4 because of instability issues.

The biggest issue I had was system instability and BSODs - when it did work it was a real system hog (and that was with most of the optional plug-ins disabled).

Oh and by the way I was running it with NOD32 ...
-Carol Haynes (March 04, 2007, 04:48 AM)

A sad story, Carol.

I think the answer is to be found in the settings.

One of the biggest advantages of Outpost is the "Agnitum ImproveNet"; Agnitum's and the Outpost user's common project: to make Outpost capable of setting rules by pre-sets: If all users of program A are adding A to Trusted, then this setting is probably O' Kay for your PC as well, but if they are not, then it is not safe for your PC either. You decide if you are willing to adopt this general setting, but you may, and if you do, your life with this firewall will be a lot easier.

But of course, if you have a lot of programs that no-one else on ImproveNet is using, or you don't trust their settings, then you may never gain from this feature.