topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:11 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Firewalls - please, i can't be bothered.  (Read 49320 times)

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Firewalls - please, i can't be bothered.
« on: February 25, 2007, 11:13 AM »
zone alarm sometimes give up on me - usually only if the machine has been on for more than 24 hours. i can live with this but it's a little annoying.

that Comodo thing works even less on my machine.

so, i thought i'd have a go with Ashampoo's free firewall. looked okay at first but then i found that my non pop3 email accounts wouldn't connect when using MS Outlook.

funny how Ashampoo's rule is to allow full access for outlook in and out.

do i want to know the solution, can i really be bothered. absolutely not. i've just uninstalled it and Outlook is working fine again.

will i go back to Zone Alarm, will i go back to Outpost? nah, i think i'll just not bother with a firewall (again). f0dder, gave me good reason not to believe in them, yet i keep looking for one that might work.

is there nothing that will simply monitor outbound connections and let me block them if i want to - how big a task is that?

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #1 on: February 25, 2007, 12:03 PM »
Appearantly a hard task to get right :]
- carpe noctem

AndyM

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 616
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #2 on: February 25, 2007, 12:09 PM »
i think i'll just not bother with a firewall

Why not just use the Windows firewall?  No outbound blocking but surely better than nothing, no?

It's what I use.  I will say that every now and then I see outbound activity that I'm not sure about, but the trouble I see people going thru dealing with the other firewalls is not attractive.

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #3 on: February 25, 2007, 12:37 PM »
i think i'll just not bother with a firewall
Why not just use the Windows firewall?  No outbound blocking but surely better than nothing, no?

But the OP specifically wants outbound connection blocking :)

Nudone: Long ago I started with Zone Alarm, which was great until they moved to a new major version and ZA became bloated, slow and hard to configure. Then I used the free version of Kerio until I needed connection sharing, which the free version didn't support. I bought the pro version, but didn't like it at all. It caused bluescreen "STOP" errors and missed some applications which clearly were establishing connections without Kerio noticing them. I switched to Sygate but that didn't last long, about half of the net-enabled apps I use were happily connecting without Sygate ever knowing about them, and the interface was so obscure I became borderline paranoid, because I could not see clearly what was allowed and what wasn't.

If I were to try another firewall today, I'd try F-Secure Internet Security, simply because the same company makes F-Prot, a very good antivirus product. But instead, I happened upon what's nearly a perfect firewall for my needs: Agnitum Outpost. I've used it since 2004, had very few problems, nothing major.

For one thing, it's very nicely designed - the UI is very clear and logically laid out, you can easily access the various groups of settings. Great logging feature with filters, so I can always see exactly what is being allowed or blocked and why, as well as check which processes are holding ports open at any given time. Another good idea in Outpost is the plug-in architecture: if you don't want active content filtering for example (flash, activex, etc) you simply disable the plugin. It autoconfigures for most popular software, and offers detailed custom rules. It doesn't win most leaktests, but does rate high, and certainly hasn't failed me in three years.

Now for some problems. Like I said, I haven't experienced any showstoppers with Outpost, onlya few minor annoyances. After I run it for a long time and the configuration becomes large, with many rules, on two occasions I was unable to add a new "allow" rule for a newly installed app. The rule creates OK and Outpost claims to be using it, but the app can't reach out for some reason. It's happened to me twice, and the way around it was to drop the existing configuration and have Outpost create a new one from scratch. This has a positive side-effect in cleaning up all the stale rules for apps I once installed and since removed, but well, it's a bit annoying. However, Outpost autodetection is so good that the last time I barely needed to modify it.

There is an attack detection feature which is a little too eager: in the default configuration it won't let me post on Slashdot, for instance (maybe it's a good thing :) You can disable it altogether or restrict the detection though.

Version 2.5 had some issues with internet connection sharing, which required manual tweaks in an ini file, but it seems to have been corrected since then.

One caveat: I'm using version 3.5. The latest is 4.0, and I've seen a few disappointing comments on the support forum, so I'm waiting it out till they fix what they may have broken in this release. I would still recommend that you try Outpost, and in case of any problems you can try their support forum, it's quite lively.

marek

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #4 on: February 25, 2007, 12:40 PM »
will i go back to Zone Alarm, will i go back to Outpost?

Heh, I didn't notice you've already tried Outpost, so pls disregard the above. What was the reason you gave up on it?

One way of ridding oneself of a firewall completely would be to install a hardware router, but that's yet another device that consumes power and radiates heat and I already have anough of these at home...

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #5 on: February 25, 2007, 01:54 PM »
i think i had outpost 3.5, it might have been a bit of an earlier version i can't remember now.

I can't really remember either if i stopped using it because my subscription ran out (does it run out, i can't remember) or there was something it did that didn't agree with my machine.

if it i stopped using it because of the cost then i must have just thought, hey, zone alarm is free i'll go back to using that. zone alarm is the one i've used over the years more than anything else - simply because i'll use freeware and then i know what i'm talking about when i recommend it to other people that i know aren't going to pay for a firewall (same applies with anti-virus).

so, i could dig out the version of outpost i have and see if it works - or doesn't do something weird with my machine.

i get the feeling there is something not quite right with my current system setup but after all the trouble i had recently trying to install a dual boot kind of machine i'm not in a hurry to wipe this present system and start again.

i'm now going to have a look for my outpost - maybe i'll just go and buy vista - i see it's got out bound firewall blocking (if you turn it on). yeah, right, like i'd waste my money on that turkey.

edit:
i shouldn't have said it was a turkey, i know i'll end up using it eventually. i should have said now i see why it is so much better than xp - out bound firewall blocking.
« Last Edit: February 25, 2007, 03:22 PM by nudone »

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #6 on: February 25, 2007, 02:00 PM »
Certainly Outpost 4 was beyond the pale for me - I still have a current subscription but I am not installing it again. I tried reinstalling 3.5 but it keeps insisting I should upgrade to v. 4 and I am not sure it is updating any more.

Now I am just using Windows XP Firewall behind a hardware wireless firewall - no problems for me and my machine runs so much faster and better.

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #7 on: February 25, 2007, 02:05 PM »
right, no outpost 3.5 for me then.

so, i'm back to the windows firewall and router too. i'd still like something that just gave me a little message to say such and such program is trying to access the net.




tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #8 on: February 25, 2007, 02:28 PM »
i think i had outpost 3.5, it might have been a bit of an earlier version i can't remember now.

I can't really remember either if i stopped using it because my subscription ran out (does it run out, i can't remember) or there was something it did that didn't agree with my machine.

The subscription is only for upgrades - when it runs out after a year, you can't install newer versions published after that date. The program itsel'f doesn't expire. So instead of making you pay for each major version upgrade, they charge for upgrades once a year.

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #9 on: February 25, 2007, 02:31 PM »
I tried reinstalling 3.5 but it keeps insisting I should upgrade to v. 4 and I am not sure it is updating any more.

You can turn off the upgrade prompt, I think. It's not like an antivirus that needs to update itself every week or so. Outpost does download new spyware definitions, and I'm not sure if it keeps updating those when your subscription expires, but the spyware detection engine is only a sideshow.

« Last Edit: February 25, 2007, 02:38 PM by tranglos »

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #10 on: February 25, 2007, 02:45 PM »
The subscription is only for upgrades - when it runs out after a year, you can't install newer versions published after that date. The program itsel'f doesn't expire. So instead of making you pay for each major version upgrade, they charge for upgrades once a year.

right, i will have to look for it and install it then. thanks for that.

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #11 on: February 25, 2007, 06:19 PM »
i'm now using the free version of agnitum outpost v1.

i think it does enough for what i wanted, i.e. do i want to let this program access the internet - yes/no, click.

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #12 on: February 25, 2007, 06:50 PM »
i'm now using the free version of agnitum outpost v1.
i think it does enough for what i wanted, i.e. do i want to let this program access the internet - yes/no, click.

Good deal! :) I'm sure it doesn't take nearly as much RAM as my 3.5, either...


AdIyhc

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 97
  • aka KikiBibi
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #13 on: February 25, 2007, 07:17 PM »
You can try Blink neighbourhood watch. It's free and offers outbound protection.

http://www.eeye.com/...hoodwatch/index.html

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #14 on: February 26, 2007, 01:34 AM »
thanks, AdIyhc, i'll give Blink a try.

AdIyhc

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 97
  • aka KikiBibi
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #15 on: February 26, 2007, 06:36 AM »
Hi nudone,

Found this that might suit you.
http://www.sunbelt-s...ftware.com/Kerio.cfm

Think it's very straightforward to use. The free version will suit you.

People who likes it.
http://www.wildersse...?p=952601#post952601

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #16 on: February 26, 2007, 07:55 AM »
thanks, but i've tried Kerio before on a few machines and i just couldn't get along with it. it annoyed me as it just didn't seem to know what was going on regarding stuff connecting to the net - changing the options didn't really help either.

at the moment i've got Blink installed. i like it so far, plenty of options there if you want them, specific port access, etc, etc.

i really don't know much about the other stuff it does, intrusion prevention, etc.

the wizards might be handy?

you do have to submit quite a few details to obtain a free serial - is this a big deal. you can always make stuff up, the email address is the crucial bit of info they need.

anyway, it's only been on a few hours so it's too early to tell but so far  :up:

kimmchii

  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 360
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #17 on: February 26, 2007, 06:52 PM »
for inbound i use windows firewall, its the only inbound firewall that capable of handling intensive 247 bt, for outbound i like looknstop, its very lite and simple and i can disable the inbound in LooknStop.
If you find a good solution and become attached to it, the solution may become your next problem.
~Robert Anthony

AdIyhc

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 97
  • aka KikiBibi
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #18 on: February 26, 2007, 07:51 PM »
nudone,
The wizards is very straightforward for the application firewall. For the other wizards, you might need to get someone experienced to help you. :)

No big deal if they require details, just make stuff up.

Kimmchii,
Agreed, Lite and Simple. LnS is a very good investment. You can use it out of the box. It is the "No Nonsense" Firewall.
It's not free but you only need to pay once. :)

Edvard

  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 3,017
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #19 on: February 27, 2007, 11:35 AM »
Just for the record, on my Linux box at home I use FireHOL which is not a firewall, but a language for setting up the  iptables packet filtering ruleset (erm... firewall if you want to call it...). I went googling for "iptables for windows" and came up with this: http://force.coresecurity.com/
It looks to be very powerful, and rumors of Core Security being acquired by Symantec are false. Although I must say it is not for n00bs and I don't know how it works "out of the box", although further investigation may prove very fruitful...
CORE FORCE is the first community oriented security solution for personal computers. CORE FORCE is free and provides a comprehensive endpoint security solution for Windows 2000 and Windows XP systems.

The security framework provided by CORE FORCE is leveraged by a community of security experts that share their security configurations for a growing list of programs. These security profiles can be downloaded by any user of CORE FORCE from the community Web site and they're also completely open so that they can be peer-reviewed to minimize security hazards. The community approach to endpoint security also allows end-users who are not security experts to work in a secure environment.

CORE FORCE can be used to:

    * Protect your computer from compromises by worms, virus and email-borne malware
    * Prevent your computer from being used as a staging point to amplify attacks and compromise others
    * Prevent exploitation of known bugs in the operating system and applications running on your computer
    * Prevent exploitation of unknown bugs (0-day) in the operating system and applications running on your computer
    * Detect and prevent execution of adware, spyware, trojan horses and other malware on you computer

CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation. These capabilities can be configured and enforced system-wide or on a per-application basis for specific programs such as email readers, Web browsers, media players, messaging software, etc.

Take a look at the screenshots: http://force.coresec...amp;page=screenshots
and the comments to go with them.

Apparently, it is suitable for use as a personal firewall:
11.     

How does the personal firewall work?
   

The firewall component of CORE FORCE is a Windows port of OpenBSD's PF, the open source, mature, server-level firewall (PF: The OpenBSD Packet Filter). PF's functionality has been trimmed and tailored to make it suitable for desktop systems and to minimize code complexity.

CORE FORCE support inbound and outbound stateful filtering with advanced settings such as TCP flags and ICMP type/code flags. It works on a per application basis, loading and unloading rules dynamically at application runtime and it can be configured to require runtime user confirmation on certain connections. It is implemented at kernel level as an intermediate driver that mediates communications between the network card drivers and the operating system's TCP/IP protocol stack, making it difficult to bypass.
and there's a ton of HowTo's and Documentation here: http://force.coresec...nc=view&catid=39

If I had W2K on this machine, I'd try it in a heartbeat.

iphigenie

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,170
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #20 on: February 27, 2007, 02:34 PM »
I tried coreforce last summer (it refers to bsd, how could i not?) and had trouble with it. I was looking for a rule based firewall that would allow rules that were based on executable+protocol+port+state, like what you use on unix system and like the old kerio/tiny used to be in the old times. The first time it wouldn't run and I can't remember what i had the second time but it was conflicts with other programs (and no, i don't run 2 firewalls at once or anything) linked to that driver-level functionality.

I'm sure it has evolved a lot since though so probably it's a lot more stable. It'd be a very good technical firewall if that's the case, but it will expect you to understand the basics of tcpip and to make a lot of decisions yourself at first.
« Last Edit: February 27, 2007, 02:40 PM by iphigenie »

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #21 on: February 27, 2007, 02:40 PM »
i've removed Blink as it came up with a couple of false positives that i really can't be bothered with (it didn't like me playing mov files with KMPlayer).

just tried coreforce and i've removed that also - whichever rule i set it just wouldn't stop asking me if Maxthon was okay to go online. Way too much trouble trying to figure out why it's doing this.

so, i'm about to put agnitum outpost v1 back on and i think i'll stick with that until it does something really bad.

edit:
haha, no i won't. it refuses to install now as it thinks it's already running - even after rebooting. so goodbye agnitum outpost too.
« Last Edit: February 27, 2007, 02:45 PM by nudone »

TucknDar

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 1,133
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #22 on: February 27, 2007, 03:55 PM »
I'm quite happy with Kerio 2.1.5.

Over at wilderssecurity forums there's a couple of custom made rules, which serve as a good starting point.

I realize that you've had problems with Kerio, but I'll still recommend it. Very lightweight, and I'd even consider using it if I had a hardware firewall, just to be able to see what goes in and out.

I'm no techie, but this works for me :)

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #23 on: February 27, 2007, 04:19 PM »
okay, i'm going to try Kerio again  :huh:

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Firewalls - please, i can't be bothered.
« Reply #24 on: February 27, 2007, 07:48 PM »
I was looking for a rule based firewall that would allow rules that were based on executable+protocol+port+state, like what you use on unix system and like the old kerio/tiny used to be in the old times.

Hmm, a *u*x firewall that takes application executable into account? I haven't seen that yet... only on windows (I used to use Tiny, then Kerio when Tiny went commercial, then gave up after both became bloated and I couldn't be bothered anymore.)
- carpe noctem