Hi.

Is LnS still being developed??
Is there any plans for a new version ??

Thanks.

I would like to know that too ! ???
Frederic ?????

Same here.

Yes, me too.

I'd be glad to see the current version come out of Beta...::) :o :)

Hi jodu and all,

Yes, there will be a new version.

Supporting Vista (and possibly IPV6) will be the main features for this new version.

Unfortunately, experimental features of the 2.05p3 (+ potentially "Watch Thread injection" and "Watch DNS call") won't be kept, since they are not compatible with DEP and Vista.

Regards,

Frederic

thats good news Frederic. any rough ETA?

So the only feature of a new version would be that LNS would support vista? Would any of the current features,settings,etc be updated somehow?

Nevermind.Made the change to Comodo.Not bad at all.

I stick to Look 'n' Stop since I uninstalled Jetico/Comodo.

Look 'n' Stop should remain a pure firewall other than a complicated HIPS. Running light is its incomparable advantage.

I agree its lightness is one of the reasons i use it. I hope it remains a pure firewall thats light and stable.

I installed LnS probably 4 years ago. It has been an install and forget program, using the enhanced rule set.

I hope there are no major changes.

Best,
Jerry

I hope for the following changes:

1) Higher number of app and internet filtering rules (128 doesn't cut it anymore)
2) More user friendly activation system, which enables those of us who re-install often, to use LnS without having to always ask for a new
3) Solving issue: DEP + Thread Injection = BSOD issue
4) UI fixes: use radio buttons with XOR selections, not check boxes (check boxes are for AND or basic OR selections, not XOR)

-{ Quote: "4) UI fixes: use radio buttons with XOR selections, not check boxes (check boxes are for AND or basic OR selections, not XOR)" }-Which one's in particular ?

lns should definitely improve its SPI feature, as now the SPI quite trouble for p2p applications, while use the free WIPFW packet filter cause no trouble to system & it can change spi slot number, dynamic rule time, maybe lns future ver should have these too.

- Yea different limits will be increased, the key question is, when and which one to be first? ;)

- The use of checkboxes in Look ‘n’ Stop is all appropriate from what I see, correct me if I’m wrong but I just see stand-alone checkboxes which is to activate or deactivate a single features

Momentarily I do believe the Look ‘n’ Stop SPI + p2p problems are direct end result of the LooknStop TCP SPI simultaneous connections limit (max-allowed, 256). And this is supposed to be fixed with v2.06 release … and sadly to say, it is unknown to date when a release date will be for that…

I do wish though, that the Look ‘n’ Stop SPI implementation will begin taking form of shared SPI characteristics, LooknStop SPI should really be informational when logging. … "Out of connection", "Invalid Flags", "Invalid Acknowledge Number", "Invalid Sequence Number", "Incoming connection limit reached", "Outgoing connection limit reached", "Half-open connection limit reached"

So far, all we know when we all ever see the Look ‘n’ Stop SPI loggings; this could be only just direct result of "Half-open connection limit reached", and can we actually be sure the lns SPI implementation is even proper (No offence to Fred :P )….

-{ Quote: "Which one's in particular ?" }-

Network interfaces selection screen.

At least on my system, I have two options and if I click one, the other one is automatically deselected.

So, it functions like a radio button (XOR), so it should look like a radio button, not a checkbox.

This is actually a listview control with the LVS_EX_CHECKBOXES attribute.
There is no LVS_EX_RADIOBUTTON attribute...

Frederic

Hi Frederic

When activating or deactivating the logging flag for a rule that is set for application, the rule becomes active (though still shown with deactivated attribute) even though there no application even launched…

Hi Phant0m,

I was not able to reproduce that.
Are you really talking about the Application filtering page ?
If I understand well, if an application doesn't have the green checkbox on the left side, and you press the ! attribute, then, when you start the application there is no alert ? the application is allowed or blocked (and logged) ?

Thanks,

Frederic

Hi Fred

Thanks for responding.

No, I’m talking about Applications being set on a rules on 'Internet Filtering' screen

On the Internet filtering screen, the application feature available through the ‘Rule Editing’ dialog, to associates an application or applications with rule…


When activating or de-activating the logging flag on a rule that is set with application or applications, the rule becomes activate (even though the rule still shown with a deactivated attribute), and the associated application or applications NOT even running.

Also, when rule that’s associated with an application, and becomes active by the execution / connecting of that associated application, making changes to just the logging state causes the rule to stay activated after the application disconnects and even closes out…


Here is a couple anyways….

-{ Quote: "Yes, there will be a new version.

Supporting Vista (and possibly IPV6) will be the main features for this new version.
" }-
Hi, will this include Vista64 ?

Hope the new version will really come out.

-{ Quote: "On the Internet filtering screen, the application feature available through the ‘Rule Editing’ dialog, to associates an application or applications with rule…


When activating or de-activating the logging flag on a rule that is set with application or applications, the rule becomes activate (even though the rule still shown with a deactivated attribute), and the associated application or applications NOT even running.

Also, when rule that’s associated with an application, and becomes active by the execution / connecting of that associated application, making changes to just the logging state causes the rule to stay activated after the application disconnects and even closes out…


Here is a couple anyways…." }-
Ok, thanks for the clarification.
I reproduced this problem. Will be fixed in the 2.06.

Frederic

-{ Quote: "Hi, will this include Vista64 ?" }-
No, supporting Windows x64 bits plateform will be another story.

Frederic

I know that v2.06 is expected to be released in a “few weeks”, sometime in 2007.
Current customers of Look ‘n’ Stop will be happy to know that they won’t be charged to upgrade, upgrade to what would normally be considered ‘major update’…

Anyways, you might want to consider implementing list boxes to allow multiple entries for Protocols, MACs, IPs and Ports with the same rule...

P.S: Raw Rule Plug-in doesn’t work with multiple maskings…

There is hype with the release to soon be, v2.06, now you can correct me if I’m wrong, normally isn’t such a version fall under the class ‘MAJOR’ release? Normally a ‘MAJOR’ release was known as a repurchasing of the product, however for this version it’ll be available free to registered users of previous versions.

That is all good but the thing is, basically what will be introduced with this version 2.06 are tested stable beta features, some more bug/issues fixes along with some enhancements, and not to fancy but some minor additional features.

Anything good and fuzzy is likely not to be seen until a beta which is likely not near the corner. :(

What would make this here v2.06 interesting is the quick TCP SPI enhancement, as mentioned on post #17 http://www.wilderssecurity.com/showpost.php?p=906777&postcount=17, just a thought… ;)

One of the MSN Messenger Live versions I run encounters a crash and closes, like my previous reports, it has to-do with ‘Watch Thread injection’, any fixes available?

-{ Quote: "One of the MSN Messenger Live versions I run encounters a crash and closes, like my previous reports, it has to-do with ‘Watch Thread injection’, any fixes available?" }-
No unfortunately, this feature is no longer supported so far. Need to find a better implementation, so it will be also compatible with DEP.

Is Thermite properly detected with no Crash ? It is strange the problem would be specific to MSN Msg.

Frederic

Isn’t compatible with DEP on XP 32-bit systems?

Yes Thermite is properly detected and no crashing as a result of it…

This is like my previous reports, ‘Watch Thread injection’ and normally with updater software…

The description for Event ID ( 1000 ) in Source ( Windows Live Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 8.0.812.0, 44cc1896, wininet.dll, 7.0.5730.11, 45353e23, 0, 000ce000.

My system doesn’t have hardware-based DEP, and as I have previously said I’m running Windows XP 32-Bit.

I’m finding more and more often client applications (and not specific anymore to just updaters) that crashes, normally linked to wininet.dll being at fault, and re-launching as many times wanting wont help unless I deactivate the feature ‘Watch Thread injection’.

In that case probably the problem is more with the CheckHSRE flag in the registry (this one was for PCAudit2 detection which uses some Wininet API).
If "Watch Thread Injection" is disabled, then it disables also this detection (because PCAudit2 detection requires both activations: "Watch Thread Injection"+CheckHSRE). This would explain why Thermite is detected without a crash, and why you have a crash when some other application use the Wininet API.

Frederic

You are absolutely right! I should have known this!!!

Just last week or the week before I was testing PCAudit2 v6.3 (which was recent to-date) and Look ‘n’ Stop passing, and passing several times always with repeated re-tests, and no problems come from that… Now disabling CheckHSRE flag required which makes Look ‘n’ Stop not detect & block applications from this sort of used method. :(