Happened to see this at MajorGeeks. This is a very light firewall that did fairly well with leaktests while it was in beta. I'd try it, but I'm currently content with my setup. So...someone try it and post back! ;D

Hi QBgreen,
I did try this firewall sometime back (cant remember which version). Have installed to have a play.

It is running O.K., currently taking 20,500k, No slowdowns.
I would of liked to see the ability to place IP`s within rules (for such rules as connection to DNS servers etc)

Attached pic: Application rules,...

Process Monitor rules:....

Seems to have a real HIPS like function as well- looks nice.

And do we have the link to it ?

-{ Quote: "And do we have the link to it ?" }-http://www.privacyware.com/personal_firewall_2.html

-{ Quote: "Process Monitor rules:...." }-
how good is it?

-{ Quote: "how good is it?" }-I didn`t have time to check,... I will have a play later this afternoon.

-{ Quote: "Hi QBgreen,
I did try this firewall sometime back (cant remember which version). Have installed to have a play.

It is running O.K., currently taking 20,500k, No slowdowns.
I would of liked to see the ability to place IP`s within rules (for such rules as connection to DNS servers etc)" }-

Thanks for taking the plunge, Stem! Nice to have so many alternatives. Keeps folks on their toes.

PCflankleaktest (windows comms) http://www.pcflank.com/pcflankleaktest.htm

This firewall just passed this test:

Will play more later (have to go out now)

-{ Quote: "PCflankleaktest (windows comms) http://www.pcflank.com/pcflankleaktest.htm

This firewall just passed this test:

Will play more later (have to go out now)" }-
nice.

Watching with great interest. In the market for a new FW soon

-{ Quote: "Will play more later" }-Well,.. its holding up well to the "leaktests", I have run 10 (2 failed to execute?), actually only failed on one at this time, which was "yalta" with comms over localhost(127.0.0.1), there seems no way to block this (that I have found yet).

Will find more time later to finish the leaktests.

This firewall seems to have all the features I want, and it's running smoothly! Anyone know if you renew the license after a year or pay a one time fee?

After trying it for a while, I found the prompting process a bit awkward. And it didn't alert on anything with the Yalta leak test. I'll stay with Outpost for now.

-{ Quote: "After trying it for a while, I found the prompting process a bit awkward. And it didn't alert on anything with the Yalta leak test. I'll stay with Outpost for now." }-
well outpost asks too many questions since 3.5 and in my experience outpost 4 isn't relaxing either...
i would say comodo for now.

-{ Quote: "After trying it for a while, I found the prompting process a bit awkward." }-The prompts/warnings could be made better (and made more understandable for new users)
-{ Quote: "And it didn't alert on anything with the Yalta leak test." }-It would still alert on the execution of the program,... but,... you would of had to take the firewall out of training mode first (you would need to do this before running any leaktests), or all executions would be allowed.

See pic,.. you would need to "untick" training mode

Did it pass the leaktests without being tweaked or did it need some work to get it to pass ?

-{ Quote: "PCflankleaktest (windows comms) http://www.pcflank.com/pcflankleaktest.htm

This firewall just passed this test:

Will play more later (have to go out now)" }-

According pic, detection is signature based ( how to understand "Leaktest developed by PCFlank.com 1.0" )?

-{ Quote: "According pic, detection is signature based ( how to understand "Leaktest developed by PCFlank.com 1.0" )?" }-This was picked up by "process monitor->Send Windows messages" The name is taken from the "properties" of the file in question

-{ Quote: "Did it pass the leaktests without being tweaked or did it need some work to get it to pass ?" }-Just the need to disable "learning mode", after this all executions of files (create process etc) are intercepted and asked for. The "process monitor" for the executed application defaults to "ask".

I thought I would give Private Firewall a spin as it looked promising.

I was a bit dissapointed as it came up with a lot of pop ups which I answered but never noticed my email (Pocomail) nor did it list it in applications. Also when I set IE to be blocked in applications and monitor I could still browse with it with no prompts.

I tried the PC Flank test and DNS tester both of which it stopped, but I do wonder if these are hard wired into the system or they are legitimately blocking the exploit.

Anyone else experiencing this?

I am running Win 2k sp4 and had PG disabled.

Hi David,
-{ Quote: "I was a bit dissapointed as it came up with a lot of pop ups which I answered but never noticed my email (Pocomail) nor did it list it in applications. Also when I set IE to be blocked in applications and monitor I could still browse with it with no prompts." }-I did not see this,.. but from:-
-{ Quote: "I am running Win 2k sp4" }-I will setup to see.


-{ Quote: "............and had PG disabled." }-This may cause conflict,.. as did SSM (even when disabled), I had to uninstall SSM due to conflict with system hooks (and firewall monitor then worked well). Is this free/full PG?

-{ Quote: "Hi David,
I did not see this,.. but from:-
I will setup to see.


This may cause conflict,.. as did SSM (even when disabled), I had to uninstall SSM due to conflict with system hooks (and firewall monitor then worked well). Is this free/full PG?" }-


Full PG.

Even if PG is interfering I am not happy to run the system without it, so the comments remain unless it is specific to me or I am at fault

Hi David,
-{ Quote: "Full PG.

Even if PG is interfering I am not happy to run the system without it," }-I fully understand,.. I am in no way attempting to make you uninstall PG,.. I was just informing of the possible conflict.
-{ Quote: "so the comments remain unless it is specific to me or I am at fault" }-Your comments (as all others) are welcome and needed for a forum to find how a firewall is on systems , the wider the checks/tests/installations a firewall is made, then the better understanding of the firewall is made, and in the end,.. better for all.

I, myself, installed this firewall due to post made, so, from this, its a case of "lets check it out".

-{ Quote: "Hi David,
I fully understand,.. I am in no way attempting to make you uninstall PG,.. I was just informing of the possible conflict.
Your comments (as all others) are welcome and needed for a forum to find how a firewall is on systems , the wider the checks/tests/installations a firewall is made, then the better understanding of the firewall is made, and in the end,.. better for all.
" }-

Oops - I am putting across the wrong attitude - it was not meant that way. Agree with all your comments, and are any others finding problems with this f/w?

Outpost doesn't ask too many questions IMO, because the prompts are clearer than with Private Firewall.

-{ Quote: "Oops - I am putting across the wrong attitude - it was not meant that way. " }-I do not think anything wrong with your attitude,.. you have protection that you trust, so why a problem with stating that. I fully agree PG gives excellent protection.
-{ Quote: "Agree with all your comments," }-This for me is not compulsory, I am here to help where I can,.. I make mistakes as others.
-{ Quote: "and are any others finding problems with this f/w?" }-Well,.. time will tell,.. after installing on a system with other applications, I find some "problems",.. thats why its good to have feedback from many installations.

Regards,

Stem, thanks for clarification :-)

-{ Quote: "Stem, thanks for clarification :-)" }-No problem,.. (I did check at the time with a change of program "re-name",.... well just to make sure)

BTW, thanks for showing me how to get PrivateFirewall to pass Yalta. I'll remember that for if I install it again. I think I'll see how things progress before thinking about giving Privatefirewall another try, though.

-{ Quote: "BTW, thanks for showing me how to get PrivateFirewall to pass Yalta." }-Disabling the learning mode only shows you the execution of "Yalta", it does not stop the (default) leaktest, which is localhost comms (localhost(127.0.0.1)), I have yet to find a way to disable localhost comms,... even placing this in the blocked zone still allows these comms,... Local network within settings only show the 0.0.0.0. + Lan. This is a possible risk! (maybe localhost is hard-coded)

Hello all,

We appreciate the interest in Privatefirewall 5.0. I will try to address/answer some of the questions/comments posted in this thread:

1) We will review the option to place IP addresses within Application rules, thanks for the suggestion

2) We tested Privatefirewall 5.0 against all the leaktests from the FirewallLeaktester site and Privatefirewall 5.0 should pass all of them out of the box either via the Application Alerts or Process Monitor alerts. Regarding the Yalta test, an alert is generated when an actual Internet/Network IP was used for the test as opposed to a loopback IP of 127.0.0.1. According to the authors of Yalta, you should:

"...Enter the IP address of the computer to which the text shall be sent..."

Also, we were unable to run the 'MB Test' leaktest as it continually crashed.

3) Privatefirewall 5.0 costs $29.95 per license and it is a one time fee. There is no renewal necessary.

4) The 'prompting' process MVDU mentioned is most likely referring to our Tray Alerts, which appear in the bottom right portion of the desktop for a short period of time and then makes a decision to either allow or deny on its own if the user does not make a choice. All application/process related alerts default to 'Block' if no choice is made, and all behavioral alerts (System Anomaly and Email Anomaly) default to 'Allow' if no choice is made.

If you attempt to launch an application/process that was previously blocked, you will see another tray alert informing you that the application was previously blocked. You can either Allow or Deny access at that point.

Also, if you see a tray alert and would like additional information, you can select 'Details/Options' to see the 'Full' Alert, which are the larger alerts that we have traditionally used in previous versions of Privatefirewall.

One of the reasons we designed the tray alerts was to provide users with less information initially with the option to get more details. Compare this to our previous designs (and the design of most other desktop security products), which is to provide a large amount of information all at once in a large alert. We have found that most users are primarily interested in the executable name and type of activity, which is what we include in the tray alerts. Also, for those who prefer the previous design, Privatefirewall 5.0 does provide the option (for most sections) to not use the tray alerts and have only the large alerts appear. This can be enabled by selecting the "Require user approval for each alert" option in the desired section.

5) The Training mode that STEM refers to is for our Process Detection feature, which records all running processes during the training period and then prompts you if you attempt to run a new process after the training period is completed. This is not an 'Internet/Network' related feature and is separate from the Process Monitor feature in the Main Menu. Please note that during our testing, we did NOT have the feature enabled when passing the leaktests. We kept it in training mode and still passed Yalta (for Internet IPs) and the other tests. The leaktests were tested with Privatefirewall's default settings, so nothing needs to enabled or disabled.

6) As mentioned by VELNIAS, the process monitor is rules based, and it maintains a list of detected processes that are filtered for potentially malicious system API calls.

***

I see a couple of you find the new alert design/logistics a bit cumbersome. Can you give more detail as to what you would like to see to improve this aspect of Privatefirewall?


Thanks again. I look forward to the continued dialogue.

Chris Iannicello
Privacyware - Privatefirewall Product Manager

Hi ciannicello,
Thank you for your interaction, could you give a solution to block localhost(127.0.0.1/) comms, (trojan/malware comms on localhost, due to possible use of localhost proxy)

And could you confirm the interception of "windows comms", is this indeed "sig based?

Regards,
stem

Thought that I would take another look in case I had missed something.

I cannot find any way of saving settings, except I suppose copying the files across to another area.

Also I cannot get through to my other computer. Is is on a router and I am running Win 2k. I do use Netbios to communidate with it. Thought that I might have corrupted some settings so reset back to defaults.

Also could not get it to recognise Mozilla running through Proxo. Neither was flashed up. Had to manually insert both.

-{ Quote: "
Also I cannot get through to my other computer. Is is on a router and I am running Win 2k. I do use Netbios to communidate with it. Thought that I might have corrupted some settings so reset back to defaults.

" }-

My fault with local network - should have checked the other end first - sorry. The others bits, I think, still apply.

I don't really understand this f/w.

I have been playing around with the setting on Network Security. If you set it to high it says this blocks all shared drives/printers. Presumably this is inbound, but either way I can still connect from either computer to the other. If I put the traffic light to red it is stopped or enter the address in the blocked addresses. These settings were made the same on the home, office, remote profiles.

I would have expected that if it is on high then it would still allow any addresses you put in the allowed box.

-{ Quote: "Also could not get it to recognise Mozilla running through Proxo. Neither was flashed up. Had to manually insert both." }-I have now set up on W2K. From my earlier post, there is a problem due to what may be hard_coded rules to allow localhost comms,... the firewall did pick up (alert on) access by proxo for outbound connection, but no alert to firefox using this local proxy (I have removed all rules to allow firefox), which gives rise to the possiblity of malware gaining access to the internet through localhost. Even placing the localhost(127.0.0.1/255.255.255.0) in "blocked sites/IP addresses" does not block these localhost comms.

I would not advise anyone to use this firewall while running a localhost proxy (such as "proxo").

-{ Quote: "I have been playing around with the setting on Network Security. If you set it to high it says this blocks all shared drives/printers. Presumably this is inbound, but either way I can still connect from either computer to the other. If I put the traffic light to red it is stopped or enter the address in the blocked addresses. These settings were made the same on the home, office, remote profiles." }-I enabled netBIOS to check this out,.. the netBIOS was blocked, but then found internet connection where also blocked, and then problems/errors showed from winmgmt.exe. A re-boot and still problems with any out/in connections. I will need to re-install later (if time) to re-check.

-{ Quote: "I enabled netBIOS to check this out,.. the netBIOS was blocked, but then found internet connection where also blocked, and then problems/errors showed from winmgmt.exe. A re-boot and still problems with any out/in connections. I will need to re-install later (if time) to re-check." }-


Thanks Stem for all the work you are doing.

I had to get rid of it in the end. It does not seem to sit happily with PG. PG was producing all manner of alerts that I have not seen before. One was services.exe wanting to modify other files, and there were others. Simply do not know enough to say whether it should be allowed or denied. I did allow the f/w full permission in PG.

Also on shutting down or rebooting it was causing other programs to crash out rather than closing cleanly. Also when I uninstalled it, it caused a BSOD. A pity since I was getting to like it.

-{ Quote: "I had to get rid of it in the end. It does not seem to sit happily with PG." }-It does conflict with SSM,.. but even with a clean installation of W2K, there where some windows errors showing. (It doesn`t seem to like W2K,... I didn`t see the problems in XP as with W2K)

As you use "proxo" you are better to leave this firewall anyway.

-{ Quote: "It does conflict with SSM,.. but even with a clean installation of W2K, there where some windows errors showing. (It doesn`t seem to like W2K,... I didn`t see the problems in XP as with W2K)

As you use "proxo" you are better to leave this firewall anyway." }-

Thanks Stem

Thought it was me so good to have it confirmed by you as well.

@stem
Sorry to bother you I know you work your butt off for us:

I was wondering whether this is worth another look, particularly in view of the integration of Pfw and DSA ??

The Pfw has just rated well at Matousec (love em or hate em) but only average with gkweb in comparison (answered own question??)


Any comments if you have time.
Thankyou.

Hi Longboard,
I know "Leak test Prevention" does mean a lot to many user. I am a little sceptical as to the ability of this firewall being able to actually intercept the actual communications made by the leaktest. As mentioned by "ciannicello" -{ Quote: "the process monitor is rules based, and it maintains a list of detected processes that are filtered for potentially malicious system API calls" }- now this is from a member who claims to be the "Privatefirewall Product Manager", I did ask for confirmation of this -{ Quote: "could you confirm the interception of "windows comms", is this indeed "sig based" }- I asked, as if the leaktests are being intercepted due to that applications signature, then it is the application attempting the "Leak" that is being intercepted, and not the actual leak.

It is me or this FW is not blocking leaktest 1.2 !!!

Stem,

The Process Monitor is rules-based, not signature-based. I should have clarified that when I said that Privatefirewall "maintains a list of detected applications", that list is created when an alert related to that Process is generated and answered by the user. The list of applications is NOT part of the internal security design.

Process Monitor alerts are triggered by the **type of activity** not by any signature-based information specific to an application or process. So when you see an Process Monitor alert during a leaktest, that leaktest is trying to perform some function or exhibiting a behavior that Privatefirewall is coded to alert the user about.

As for Windows Comms, it depends on what type of activity is happening at that moment. I think it is possible for Windows Comms activity to trigger several different types of alerts (Application, Process Monitor, Process Detection, or even Behavior-Based System Anomaly Alert (based on CPU usage and/or thread count)).

Let me know if you have any more information or questions.

Sorry I did not get back to you guys sooner!

Chris Iannicello
Product Manager, Privacyware
www.privacyware.com

-{ Quote: "It is me or this FW is not blocking leaktest 1.2 !!!" }-

This one ?
http://www.grc.com/lt/leaktest.htm

It's only you, just take a look and judge for yourself:

http://img162.imageshack.us/img162/9459/sshot1gv0.png

If you really want to test it properly, do something like this (from my own experience with other firewalls)

First I gave Opera internet access, then...

Renamed the original Opera.exe file (/Program Files/Opera) to ORIG_Opera.exe
Placed the leaktest.exe in the Opera folder
Renamed leaktest to Opera
Double clicked on the "new" Opera icon and it was passed to the internet without question.

Like I said this was with another firewall, not Privatefirewall 5. I have not tested it.


edit> If you don't use Opera, just use a file that you have already given internet access to. Don't forget to get rid of the fake file and rename the real file when you finish your test.

-{ Quote: "This one ?
http://www.grc.com/lt/leaktest.htm

It's only you, just take a look and judge for yourself:" }-Oh!, yea just an issue I got.... anyway i will stay with KIS

Hi ciannicello,
-{ Quote: "I should have clarified that when I said that Privatefirewall "maintains a list of detected applications"," }-Thank you for clarification, better late than never.

Regards,
Stem

As for the Leaktest 1.2

As "Hipgnosis", stated, you must rename the leaktest to the name of a program already given internet access.
I have just tested Privatefirewall for this, and the firewall is intercepting the changed file (see attached pic).

If this test is failing on some setups, I would ask if they have any other security applications on their PC (such as PG, SSM etc)

-{ Quote: "Let me know if you have any more information or questions." }-Will you be adding the ability to control localhost comms. Currently, if such an application as "Proxo" is used, then your application internet access control is bypassed. (there are other concerns due to this possible bypass)

We are prepping for a vista-compliant update and will consider this during the process. We are targeting March for a release date.

Thanks,

Chris Iannicello
Product Manager, Privacyware
www.privacyware.com

Just been trying this firewall out and it seems as if it doesn't want to do what i set it to do. With default rules i tried to connect to the net with firefox and a few prompts come up to which i clicked 'allow', yet i see pfw blocking data and firefox cannot connect. The only way i have been able to connect is if i set firefox rules to allow all data.
I then selected 'enable training mode' from the settings menu yet i still get prompts about allowing apps to access the net.
I'm running pfw alongside nod32 on xp home with sp2 fully updates. Whats going on here?

Hi farmerlee,

I normally manually create all rules for my applications but:-

I have been taking a look at the rules creation, and it looks buggy.

Explanation:
The rules for HTTP connection require TCP to remote port 80 and need to be allowed (within this firewall) for both inbound and outbound. When you are first prompted for this, there is a direction within the rule, so on first popup and you allow(remember/create rule), a rule is created to allow the outbound, but then the returned packets are being blocked without prompt. So you need to manually edit the rules to allow both outbound and inbound for the connection to be allowed.

I find that if the network security is set to high it blocks all my apps even if i have training mode enabled. Only when i set netwok security to low does it allow me access.

I don't fancy having to go thru manually setting rules for all my apps as you've explained.

I guess i'll have to stick with dsa for now until pfw becomes better suited to my preferences.

Played around with pfw a bit more, i found that the windows dns client service needs to be running in order for pfw to work properly.
Normally i have it disabled and other firewalls have run just fine.

-{ Quote: "i found that the windows dns client service needs to be running in order for pfw to work properly." }-I do not (never) have the DNS client active. I see no problems related to this.

Also one thing I dont like about this fw , is that doesn't have termination protection...

Hi dah145,
Using APT, the 12 basic termination tests, of which 10 will run on my setup, the firewall will block all 10.

Edit:
It as also just blocked all 16 SPT kill attempts.

Reading between the lines here, it appears your becoming more impressed each day with this firewall Stem!.

Hi tobacco,
Yes,.. I was put off at one point due to a reply made (by "ciannicello") concerning the interception of windows comms. (but it appears he did not correctly read the post he was agreeing with)

After playing for a while, although it seems a bit buggy with firewall rules creation, I am starting to like the protection given.

-{ Quote: "I do not (never) have the DNS client active. I see no problems related to this." }-
Thats strange, as soon as i enabled this service pfw seemed to start to behave itself. If this is not the problem i guess i'll have to keep looking.

-{ Quote: "Hi dah145,
Using APT, the 12 basic termination tests, of which 10 will run on my setup, the firewall will block all 10.

Edit:
It as also just blocked all 16 SPT kill attempts." }-

mmm, maybe I did something wrong.... I am going to reinstall it and test it again... Because it looks good. :)

Hi dah145,
What you may of missed,.. Have a look at the "Process Monitor" settings.

For example, when I first ran "APT", it did manage to KILL on method 2, but I noticed that APT had not been added to the application list, so on the Process Monitor "Medium" setting(default), APT was not being intercepted. I changed the setting on this to "High", which then makes the "Monitor" check all applications within the system.

Are these tests done with the default settings?

-{ Quote: "Hi dah145,
What you may of missed,.. Have a look at the "Process Monitor" settings.

For example, when I first ran "APT", it did manage to KILL on method 2, but I noticed that APT had not been added to the application list, so on the Process Monitor "Medium" setting(default), APT was not being intercepted. I changed the setting on this to "High", which then makes the "Monitor" check all applications within the system." }-

Ok thanks for the suggestion. :)

Hi CJsDad,
I just changed the "Process Monitor" to "High", all other settings as default

Thanks Stem.

-{ Quote: "
I just changed the "Process Monitor" to "High", all other settings as default" }-

Hi Stem,

Thanks, I appreciate you testing this firewall out for everyone. It's nice to hear opinions and see some useful info concerning other various software firewall products (options) like this one available to users.

BTW, I haven't seen a dedicated "user forum" for privacyware products anywhere....are you aware of one?

And regarding the above.....are you suggesting that the "only" tweaking (at least CURRENTLY) really necessary for this firewall is to adjust the process monitor from medium to high?

Also, does PFW install as a "service", and how quickly does it "load" (including the sys tray icon, etc.)? How many "processes" do you see pertaining to Privatefirewall, and what's the memory and CPU associated with each?

Thanks

P.S. - is the sys tray icon the cop with the stop sign, or the two-color shield? :P

Hi farmerlee,
-{ Quote: "as soon as i enabled this service pfw seemed to start to behave itself." }-On re-checking, it does appear the rules creation problem is caused when the DNS client is diabled.

Hi JR,
-{ Quote: "I haven't seen a dedicated "user forum" for privacyware products anywhere....are you aware of one?" }-No, the question was asked (http://www.wilderssecurity.com/showthread.php?p=925941#post925941) on this forum, but no reply given (Maybe "ciannicello" will return to answer?)

-{ Quote: "And regarding the above.....are you suggesting that the "only" tweaking (at least CURRENTLY) really necessary for this firewall is to adjust the process monitor from medium to high?" }-For my testing, and for the correct interception of the "KILL" test I made, yes.
The rules for some windows applications are too open, As example: IE is allowed all activity (Terminate/ Manipulate services etc, etc), which I personally think is dangerous. So users of IE should look at these settings.

-{ Quote: "Also, does PFW install as a "service", and how quickly does it "load" (including the sys tray icon, etc.)?" }-There is a service installed, but this is currently Stopped, it is set to autostart, so not sure as of yet what is going on there.
-{ Quote: "How many "processes" do you see pertaining to Privatefirewall, and what's the memory and CPU associated with each?" }-With the service stopped, there is only one firewall app running "PF5.exe" current memory: 19816k (showing peak at 22052k). There is very little activity from the cpu due to this process.

-{ Quote: "P.S. - is the sys tray icon the cop with the stop sign, or the two-color shield? :P" }-The cop.

Hi Stem,

-{ Quote: "-{ Quote: "I haven't seen a dedicated "user forum" for privacyware products anywhere....are you aware of one?" }-
Hi JR,
No, the question was asked (http://www.wilderssecurity.com/showthread.php?p=925941#post925941) on this forum, but no reply given (Maybe "ciannicello" will return to answer?)" }-

Yeah, hopefully ciannicello will reply and provide some info. And if one doesn't currently exist, hopefully they are planning to implement one or will strongly and seriously consider it. It just seems that vendors with a forum presense support their customer base better, which in turn gains favorable reviews, compliments, and more recommendations, etc.

-{ Quote: "-{ Quote: "regarding the above.....are you suggesting that the "only" tweaking (at least CURRENTLY) really necessary for this firewall is to adjust the process monitor from medium to high?" }-
For my testing, and for the correct interception of the "KILL" test I made, yes. The rules for some windows applications are too open, As example: IE is allowed all activity (Terminate/ Manipulate services etc, etc), which I personally think is dangerous. So users of IE should look at these settings." }-

Thanks for that info. Perhaps maybe he can address the bold-faced text highlighted above and provide a little more info on this one as well.....

-{ Quote: "-{ Quote: "does PFW install as a "service", and how quickly does it "load" (including the sys tray icon, etc.)? How many "processes" do you see pertaining to Privatefirewall, and what's the memory and CPU associated with each?" }-
There is a service installed, but this is currently Stopped, it is set to autostart, so not sure as of yet what is going on there. With the service stopped, there is only one firewall app running "PF5.exe" current memory: 19816k (showing peak at 22052k). There is very little activity from the cpu due to this process." }-

Hmmm....that's interesting. I definitely would like to hear exactly why that is. I'm guessing that it loads fairly early, but it just seems I've heard that firewalls (i.e. - Look 'n' Stop, etc.) just seem to load a little earlier whenever there is a "service" associated with it. I guess I'm also just a little surprised that with the integration of the "Dynamic Security Agent" that there wouldn't be a second running process.....

-{ Quote: "-{ Quote: "P.S. - is the sys tray icon the cop with the stop sign, or the two-color shield? :P" }-
The cop." }-

:P ;D

Thanks. OK, now you've got me curious....

does it "monitor" traffic activity with a http://www.privacyware.com/img/PF_Icon_Small.gif whenever traffic is being allowed, and then with a http://www.firewallleaktester.com/images_site/pf.gif whenever something is being blocked? :o

That would be kinda cool...... 8)

-{ Quote: "Hi farmerlee,
On re-checking, it does appear the rules creation problem is caused when the DNS client is diabled." }-
Yeah i've noticed that some activities seemed to be allowed with dns client disabled and some activities seem to be blocked even if i allow them. With it enabled, all seems to be running smoothly at the moment.

Hi farmerlee,
With the DNS client disabled there is a problem with the creation of the DNS rules for applications, these are only created for one direction, but then blocked. If I manually create the DNS rules then all other rules are automatically created correctly on access. It must be a bug.

-{ Quote: "I'm guessing that it loads fairly early, but it just seems I've heard that firewalls (i.e. - Look 'n' Stop, etc.) just seem to load a little earlier whenever there is a "service" associated with it." }-I am really not sure at this point, but it looks like the service is just for protection on boot. I am going to check what protection is in place during boot/shutdown.
-{ Quote: "I guess I'm also just a little surprised that with the integration of the "Dynamic Security Agent" that there wouldn't be a second running process....." }-If DSA is fully integrated then a second process would not be needed.

-{ Quote: "does it "monitor" traffic activity with a......" }-Yes.

On my quick tests, there is no protection during boot, all comms are allowed, so I do not know what the "Privacyware network service"(PFNet (pfscv.exe)) is for.

The Privatefirewall Network Service (pfsvc.exe) is designed to protect the machine before user logion. One logged, the service becomes 'dormant' until the next boot, etc.

Hi ciannicello,
This is what I thought, but on checking this was not the case. All comms where allowed during boot. (A very simple check is to ping the PC during boot, the PC does reply with PFW installed. It also allows netbios etc.)

Stem,

By default, ping and netbios are allowed inside local network, but if you switch 'Network Security' to HIGH from the Main Menu, and reboot, the ping should no longer work.

We will try to articulate this distinction better in our next build.

Chris

ciannicello,
I had all settings to high, and local network was removed from the "sites" so no comms are allowed within the network while PFW is active, But as I reported, during boot there is no protection. See my previous posts.

-{ Quote: "We will try to articulate this distinction better in our next build." }-You should try to get the network protection during boot active in the next build.

Stem,

I have tested this before, but I will retest asap to see what my findings are...

Chris

ciannicello,
Yes, please do recheck this. I did setup again to recheck myself (before my last post on this thread).

ciannicello,
Could you please also look at:-
When the DNS client is disabled, all applications need to make DNS queries. The popup from PFW is continuois for the DNS requests, as only one direction is placed within the rule, but then DNS lookup is blocked, and a need to manually edit the DNS rule to allow IN/OUT is needed before this is allowed correctly.

Stem,

The developers are looking into the DNS issue. What version of PF5 are you using?

Chris,
5.0.8.11

Kill attempts:

I ran the "APT" and "SPT" kill methods.

PFW did very well with "APT", intercepting all, even the Kernel and Crash methods. (method 10 did not run on my setup, so un-tested)

With the "SPT", I see that normal kill 15 (simulation of normal process exit) did terminate. Also kill 16 ("bruteforce" message posting) caused PFW to terminate (although the test reported as failed)

Hey Stem, thanks for putting this firewall through the spectrum of tests and reporting your findings......much appreciated :thumb:

Yes, and that fact that this thread has continued on for so long, i've taken notice because i've seen Stem drop some firewalls pretty quick.

Hi tobacco,
I do find this firewall interesting, although a little buggy in places. Example is the DNS per app, and with kill methods. In XP this firewall will pass all 16 SPT kill methods, but in W2K it failed 15/16. I am also concerned with the fact that this firewall allows all localhost comms with hard_coded rules. I keep bugging to try and get some improvement, but will only do this for so long.

Stem, we are working on a new build that addresses some issues, and the developers are going to try and address the DNS issue you mentioned.

Chris

Chris,
Yes, many thanks. This/your firewall is, at the least really quite good. A few little anomaly, and some minor concerns.

Have you any info on the ability of this firewall to intercept localhost? I do not (personally) like this abilty to be hard_coded. Locahost comms should be intercepted IMHO

-{ Quote: "I do find this firewall interesting, although a little buggy in places. " }-

agreed. this is an excellent firewall product for its size and performance.

Out of purely speculation does Privatefirewall work as well as Kerio 2.15 ?

-{ Quote: "Out of purely speculation does Privatefirewall work as well as Kerio 2.15 ?" }-
I'd say once the bugs are ironed out it will be a great firewall. Not as light as kerio but a lot more secure in regards to leaktests.

If I may make a request here, it has been a long time. How is the work going with this PFW v5 or newer? I still have Kerio 2.1.5 on my system and would like a better one. Kerio has served me well just need a little more secure feeling.

-{ Quote: "If I may make a request here, it has been a long time. How is the work going with this PFW v5 or newer? I still have Kerio 2.1.5 on my system and would like a better one. Kerio has served me well just need a little more secure feeling." }-
Have you tried dynamic security agent? Its the free version of private firewall and pretty much the same except for a few advanced features.

-{ Quote: "Have you tried dynamic security agent? Its the free version of private firewall and pretty much the same except for a few advanced features." }-

"FarmerLee,"

Thank you, NO I have not even heard that one. I will do a search to see where it is and all about it. Did do some looking at the FireWall testing sites and see that CFP has a very Hi score. Downloaded it and now it will not install, it seems there is a "Runtime Error! This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information." Looks as though it is for XP and above ONLY.

Back to the 'drawing-board', er, search engines and start over.

Thank for the rapid reply, my apologies for the slow reply, we had some rainie (wet type) weather come through,
P.S. Edited by d > As a matter of FACT, I have downloaded that file and had not installed it yet, just noticed when attempting to download that DSA.Exe file. Thank you so very much that will be installed NOW!

P.S. Edited by 'd' > Maybe I was not clear in my request for a FW recommendation, I am in limbo on Win98SE on a fixed income, retired, over 65. DSA is XP and over only. Comodo is like-wise. Any other?

Great firewall.
Works flawlessly, and passed all the tests I took on it.

To all,

The discussion that branched out into SSM v2.0.0.583 and v2.0.0.584 has been split off to SSM Free v2.0.0.583 and v2.0.0.584 (was Privatefirewall 5 released....) (http://www.wilderssecurity.com/showthread.php?t=175952). Feel free to continue the discussion unabated there.

Cheers,

Blue

-{ Quote: "To all,

The discussion that branched out into SSM v2.0.0.583 and v2.0.0.584 has been split off to SSM Free v2.0.0.583 and v2.0.0.584 (was Privatefirewall 5 released....) (http://www.wilderssecurity.com/showthread.php?t=175952). Feel free to continue the discussion unabated there.

Cheers,

Blue" }-

Thank you Mr. BlueZannetti for doing this. I had suggested this may needed to be done in an earlier post. I apologize for the necessity of making the move, should have done that in the begining. Maybe some day I will learn how better to manage my own posts. Until then it will necessitate job security for you and those that are Admins there.

Thank you for reading and monitoring these topics so well plus reading even my posts,

-{ Quote: "
P.S. Edited by 'd' > Maybe I was not clear in my request for a FW recommendation, I am in limbo on Win98SE on a fixed income, retired, over 65. DSA is XP and over only. Comodo is like-wise. Any other?" }-
The number of Windows 98 compatible firewall programs will decrease over time since Microsoft stopped supporting the Operating System last year.

Private Firewall lists Windows XP or above in its requirements. The few still supported Windows 98 firewalls that I know of are Fileseclab, LookNStop, Webroot, Jetico 1.0, Lavasoft, and BlackIce.