Which firewall is the best at controlling outbound traffic as Sygate Personal Pro has failed GRC and leaktests. Should I run Sygate Personal Pro + ZA 3.XX?

IMHO: LooknStop - full version - at this very moment.

regards.

paul

You smokin' something? *SyGate does pass grc which is a really basic test, and leaktest when properly configured. *If your just installing them, and not even trying to check out all of its configuration options your the one who is missing out...

Even ZA passes these basic tests so you might want to try to configure them correctly before blaming them for your configuration errors.

Hey BZ,

{QUOTE-> You smokin' something? <-QUOTE}

I'm proud to state: 50+ cigarettes plus 10 cigars a day *;).

That said - and I'm not talking about "basic tests" of any kind - I'll stick to my previous post: LnS.

regards.

paul *

Have to admit - I've quit playing around with other firewalls to see what they have to offer.

Since LnS came out with 2.03 Beta 03 with the Advanced ruleset, I've been a proud owner. Pete

Yes, LnS is another good firewall, but requires the user to configure it correctly, and most people who depend on application based firewalls could not configure it correctly as with any rule-based firewall :)

* * * * fatpizzaman

* * * * I noticed you asked if you should run "both" firewalls.......running two firewalls at once imo is not a
good practice.....an may even cause a lost of security....I am not saying it can't be done....just that its not a good practice.

* * * *

* * * * * * * * * * * * *snowman

{QUOTE-> Yes, LnS is another good firewall, but requires the user to configure it correctly, and most people who depend on application based firewalls could not configure it correctly as with any rule-based firewall :) <-QUOTE}
LNS version 2.03 beta 3 can be run with the enhanced ruleset without any modifications, and will pass ANY tests you may want to throw at it !
This is the configuration i used to test them all !

You just sumbitted that your not using the real default ruleset, and a more restrictive/secure default ruleset. *You acutally had to import the enhanced ruleset, and this fact is this might be too restrictive for many people setting up their rules, which is why its an option.

This is a nice option, but the majority of users will run with the real default ruleset while just adding to it since they don't really understand where to tighten the default rules at first.

{QUOTE-> This is a nice option, but the majority of users will run with the real default ruleset while just adding to it since they don't really understand where to tighten the default rules at first. <-QUOTE}
The majority of users that would run the default ruleset would certainly not try to run tooleaky, Yalta and the other tests.
Again, the protection offered with the standard ruleset provided by LNS is at least equal to any of the other firewalls.

BlitzenZeus - "You acutally (sic) had to import the enhanced ruleset"...

I don't know if I'd actually state it that way. On the 'Internet Filtering' tab of LnS (in the version we're speaking of) , if you click the 'Load' button, you get a choice of which ruleset to use.

All you have to do is select that one (EnhancedRulesSet.rls). It's really not that hard or hidden in any way.

It seems to me that anyone trying out a new firewall, or any other piece of software with which they're unfamiliar, would at the very least read the FAQ's, the 'Help' and a lot of the stuff to be found on the manufacturers' website and/or forum to learn the basics of how to most effectively use the product (and to avoid any possible conflicts/problems with anything already on your computer).

Anyone not willing to make the effort and take the time to do those sorts of things isn't going to wind up with any kind of total, effective protection no matter what product they choose to use. Pete

{QUOTE-> I don't know if I'd actually state it that way. On the 'Internet Filtering' tab of LnS (in the version we're speaking of) , if you click the 'Load' button, you get a choice of which ruleset to use. <-QUOTE}

LOL... Load=import Save=Export, same thing :)

{QUOTE-> It seems to me that anyone trying out a new firewall, or any other piece of software with which they're unfamiliar, would at the very least read the FAQ's, the 'Help' and a lot of the stuff to be found on the manufacturers' website and/or forum to learn the basics of how to most effectively use the product (and to avoid any possible conflicts/problems with anything already on your computer).

Anyone not willing to make the effort and take the time to do those sorts of things isn't going to wind up with any kind of total, effective protection no matter what product they choose to use. Pete <-QUOTE}

Many people have this problem, and then blame it on the software. *They are not willing to spend the time looking through the program/information to make sure its configured correctly. *Even the simplest firewall program can be useless in the hands of a person who doesn't know what they are doing :)

I ran Firehole, LeakTest and TooLeaky on Sygate Pro 5.0 and the only one that failed was TooLeaky. *That said, one is one too many.

This is getting into configurability and etc...bottom line is Zone Alarm for a while there was the first and only one to pass GRC's leak test (among those tested - I add) and about all of them now incorporate the feature. *You could load up with spyware and remote access trojans till the cows come home - nothing gets out unless you permitted it - so you can spend your time relaxing and configuring your next cigar instead of your firewall. *I wouldn't give a nickle for ZA's support structure, but never needed it thank God - That's the basic version - not Pro3 which I have but won't load till the bugs have run their course. Later, Rickster

Call me old fashioned but since I graduated out of newbie-ville and left ZA behind, I *have been a TPF/KPF guy ever since. I tried sygate and LnS but they just didn't do what I wanted them to. If KPF isn't perfect well oh well, I have other security progs. Before a trojan can get through my Firewall, it has to infect me first.

{QUOTE-> Before a trojan can get through my Firewall, it has to infect me first. <-QUOTE}
Unicron, are you quietly slipping backwards through time? * ???

I am not concerned with inbound traffic, I have a hardware firewall for that.

Look n stop doesnt really stop tooleaky.. at least not the way I want it too.

* *Try this... drag a favorite to your quick launch bar.. run the favorite... aprove the connection through.. look and stop.. run tooleaky.. see goes right through.. thats because look n stop conciders "c:\program files\ internet explorer\ and c:\progra~1\intern~1\ to be two completely different directories.. with 2 different internet explorers in them.... just a simple modification to tooleaky and change the way it calls IE and bam goes straight through your firewall. without having to try the favorite trick... I'm not saying look n stop isnt a good firewall just dont give yourself a false sence of security.

{QUOTE-> just don't give yourself a false sense of security <-QUOTE}

This is true of any security measure. One that cannot be stressed enough. There is a reason why large companies spend thousands on security, not just pick the best free solution. LOL.

Until a computer security company GUARANTEES a BULLETPROOF solution, and will back that claim with lots of CASH, the above quote will apply. It may be a while till a company offers said services.

* *Some very good comments have been posted...... in the past I have used look-N-Stop...Tiny(when it was still Tiny) *and Zone Alarm..........LnS is an excellant firewall...an Tiny was also for the most part.....

* * that leaves a comment open for zone alarm.....an no it has never failed any test I have put it up against....what I do see is a user deliberately installing a known trojan....then saying "ok..I give you permission to access the internet" * *an then saying *" opps, zone alarm failed the test." * * *HUH?......ok, so is it the user that failed the test or the firewall failing the test?

* * regardless of which firewall...when a user gives permission for a "second" instance of an application to access the internet.......something is wrong!!! * If I allow internet explorer out once.....an I am not opening another Window...then why would it "ask" for permission to access the internet again....unless something stinks. * *Now doesn't the same apply to any firewall?

* * At the moment imo Look-N-Stop is about the best...with a few Betas of other firewalls slowly reaching the "very good" *point....an eventually will be firewalls to reckon with.........but I can't in all honesty say that zone alarm does not do what its ment to do.

* *people tend to either like or dislike a firewall.....there really isn't much middle ground.....the opinions are exceedingly strong in this area......if ever there is a next world war it may well be bacause two countries began fighting over which is the best firewall......LOL

* * *so no endorsement from me.....all I can suggest is please whatever firewall you like...just please use one.

* * * * * * * * * * * * * *snowman

Well-said, snowman!

Can I add: "And learn how to use it - *correctly!"

Pete

Um the point wasnt that there are two instances of *internet explorer. The point is that it would be easy to change tooleaky to go right through looknstop with out having to approve move than the usual internet explorer.

Ok then, Is there a problem with Nortons Firewall, other than it is not free? Weren't any of you @guard users?
I don't think Microsoft would have added cookie rejection to IE if it wasn't for @Guard.
I am still thinking though, Gates bought DOS from Norton, didn't he? Dang Norton is older tham me LOL
So you have the Two originals

Norton and Microsoft

oh oh

I was really disappointed with what norton did to @guard. @guard to me WAS the best personal firewall. I wounder where it would be had wrq not sold it out. *Add stealth and application protection and leak control and you have the best firewall today.

Outpost firewall is very @tguard like. When version 1.1 comes out it will pass all leak tests.
sygate and kerio will impress old @guard users as well.

*Lastly although I complain that looknstop doesnt pass tooleaky. neither does kerio, sygate or outpost.

"Add stealth and application protection and leak control and you have the best firewall today."

Geez, is that all it was missing?

That's like saying I wrote a nifty program, and if I added to it the ability to create, edit and print documents it would be a nice word processor.

If I added the abilty to stealth ports, provide application protection and leak control to wordpad it would be a pretty decent firewall, too.

{QUOTE-> If I added the abilty to stealth ports, provide application protection and leak control to wordpad it would be a pretty decent firewall, too. <-QUOTE}
ROFL! * ;D

Man this guy gets funnier and funnier every day! I spilled my d@mn beer on that one :) I was thinkin along the same lines, but could never have wrapped it up in such a concise manor.

wordpad he says...~shakes head~...wordpad...

{QUOTE-> ...
I am still thinking though, Gates bought DOS from Norton, didn't he? ... <-QUOTE}
No, DOS came from Seattle Computing, I believe.

Peter Norton (the person) may be older than you, but I can't offhand recall any commercial products from him prior to MS-DOS (i.e., CP/M, TRS-DOS days).

Rent "The Pirates of Silicon Valley"

great show about a young Billy Gates and Steve Jobs as they feud and get rich.

{QUOTE-> I was really disappointed with what norton did to @guard. @guard to me WAS the best personal firewall. I wounder where it would be had wrq not sold it out. *Add stealth and application protection and leak control and you have the best firewall today.

Outpost firewall is very @tguard like. When version 1.1 comes out it will pass all leak tests.
sygate and kerio will impress old @guard users as well.

*Lastly although I complain that looknstop doesnt pass tooleaky. neither does kerio, sygate or outpost. <-QUOTE}

Well (biased commentary follows *;D ), as a NIS/NPF user since NIS 1.0, I think we should realize that, to this day, the AtGuard firewall engine remains the basis of the NIS/NPF firewall. *Yes, they made a complete botch of the User Interface; they removed the Dashboard (which is far superior to the NIS Console -- and may reappear, with luck; indeed, it was still possible to activate the Dashboard up through NIS/NPF 2.5 -- pre-leaktest, at least). *NIS 3.0 and 4.0 further screwed things up with the 'improved' Rules Configuration and Editing interface. *(But, again, there's actually a registry hack to restore the old AtGuard Rules Editor -- until you get to NIS 4.5 where the registry has now been encrypted.) *

There's also a lot of talk about 'bloat', but most of the so-called bloat (as I documented on the old Unofficial AtGuard Users' Forum, regarding NIS 1.0) is actually the provision of functionality that was not in the original product. *There's something like 8 MB of the manual online as a PDF. *There's a set of templates for rules for common applications (which, for the uninitiated, are far better than having to start from scratch, and can still be further customized). *There are OS-customized versions of the firewall for various OSs (which weren't present in AtGuard). *And then, there's something like 10 MBs of Parental Control URLs (user-selectable) to keep your kids from going to where you don't want them to go. *(I don't recall how big the initial load with NIS 1.0 was, but I know that with NIS 3.0, the upgrades now come to something like 10 MB for this function alone!) I also don't remember any sort of update utility in AtGuard, for all of the above, which Symantec provides in LiveUpdate (a shared utility that also handles other Symantec applications that may be installed on the system). *You may not like User Accounts; I do -- and use them, because I now have several people using this box who are all too willing to simply turn off the firewall when it starts screwing with their short-term interests.

Symantec took the product and tried to make it into a firewall for the novice (which AtGuard never was). *I know that and Symantec will even acknowledge it as having been their marketing strategy. *What I specifically regret was the simultaneous decision to thereby make it a PITA for the advanced users to customize that had always been so loyal to AtGuard. *To my mind, this strategy was completely unnecessary and ultimately self-defeating. *Symantec completely alienated most of the people who would have otherwise traded up to it and effectively had to build a new market from scratch (at which, they apparently have now become quite successful).

As far as I can tell, there's only one part of AtGuard functionality missing from NIS/NPF -- that's the ability to set timelines on when the rules are active and when they aren't.

As for your other statements, to me, Stealth remains a solution to a non-existent problem and may well create problems as some cable users found during last year's Code Red and Nimda outbreaks. *I always found the degree of application control and protection available in AtGuard perfectly understandable; indeed, I could never understand how anyone could consider it as being anything other than it actually was -- certainly not an experienced AtGuard user. *If you wanted more, then you either used Albert's NISCRC or NIS File Check (both of which go far beyond the protection provided by any of the MD5 or SHA1-checking firewalls, even to this day. *Incidentally, where's the masquerading exploit that executable file authentication is supposed to be protecting against? *I've been asking for almost two years now, and it seems no one can identify a single exploit that's ever used this 'vulnerability'? *As for 'leak control', there isn't and ain't ever going to be any 'leak control' or protection against DLL insertion on the Win 98/ME operating systems; for the most part, the solution on Win NT/2K/XP systems has been known for years -- it's an operating system issue, not a firewall issue.

To me, Tiny/Kerio represent the most obvious AtGuard clone so far. *(And they lack some of its functionality also, but extend its coverage in other ways.) *I can't see many AtGuard users opting for Sygate -- to me that's currently more like a next-generation ZA/ZAP product. *I can't really speak to Outpost or Look and Stop and won't pretend that I can.

My bottom line? *If you've got an authenticated copy of AtGuard 3.22.xx that works on your operating system, well, hell, use it! *Unfortunately, it doesn't work well on Win ME and there's no logging on Win XP (though it appears that it does work); I myself could not use a firewall comfortably with no logging.

End of rant. *;) Peace.

Addendum #1 *I forgot to mention that NIS (as opposed to NPF) also included a full-fledged copy of Norton Anti-Virus (NAV). *That contributed significantly to the download, also. *I've made some clean-up in the preceding comments to correct stuff I was writing off the top of me head, also.

I have seen worse rants, Joseph! *;) IMHO you made some very valid points here.

regards.

paul

Paul,

Sorry for possibly getting a bit carried away there. *;) *I really wish that @guard would restore the initial archives of the various parts of the Unofficial AtGuard Users Forum as it migrated from one host to another. *If he'd do that, then I could simply reference my initial posting and let it go at that. *There seems to be a problem with the current host which I suspect is contributing to this problem, but I do really miss not being able to simply hyperlink to previous postings I've made on this subject.

Joseph, thanks very much for your comments !!!

I know that you know a lot about AtGuard/NIS/NPF.
And I appreciate it very much that you wrote about it.

Cheers, Jan (user of NIS1.0 Dutch and the old DashBoard).