Hi

I am behind a wireless router with a hardware firewall. I am also using the Commodo firewall for added security, but mainly for controlling programme access to the internet.

Basically I want to know if I can use DSA and do away with the Commodo firewall?

Will I be adequately protected, and does DSA allow me to control programmes access to the internet?

Thanks

I use it with a router and it works great. Foils every leaktest I have on hand. :thumb:

Greets PhoenixWeb

On the contrary on my end i combine Dynamic Security Agent in combo with KERIO which for me could change to Comodo if it pans out enough for my own satisfaction, because Kerio is been a SOLID performer and long keeper of all my apps.

I'm still fairly early with DSA but i am impressed with it so far and find it just might have to rival CyberHawk for me because as much as i favored CH at the early betas, it's created slowdown issues that i absolutely will not tolerate on my machines. Slow or delayed to me equals FALSE SECURITY/LULL/DANGER.

I think its the most effective and necessary tool to come out for hardware router users, was looking for something like this for a long time, Outpost had a similar tool like this but long discontinued.

-{ Quote: "Hi

I am behind a wireless router with a hardware firewall. I am also using the Commodo firewall for added security, but mainly for controlling programme access to the internet.

Basically I want to know if I can use DSA and do away with the Commodo firewall?

Will I be adequately protected, and does DSA allow me to control programmes access to the internet?

Thanks" }-

Wouldn't recommend it. The DSA website is specific in stating that while DSA works WITH your firewall, is not a replacement for your firewall. Also, DSA documentation says it monitors only TCP connections by various applications. My experience is that DSA did not give me alerts on every application accessing the Internet, while my my firewall did. Also, there are other protocols (UDP, ICMP, etc) that DSA does not monitor that your firewall DOES monitor. Another important aspect is the ability to create adequate firewall rules, which DSA does not allow. I would recommend using DSA as your HIPS and let Comodo take care of the firewall stuff.

According to DSA tech Chris, DSA monitors UDP as well.

-{ Quote: "According to DSA tech Chris, DSA monitors UDP as well." }-

I was going by what I read at the DSA website:

-{ Quote: "DSA also detects malware and intrusions based on behaviors characteristic of unauthorized system use. Some of these include:
· Attempts to access a protected registry area
· Attempts to access a protected object
· Attempts to Initiate a foreign process
· Attempts to control Windows service
· Attempts to create a DNS request
· Attempts to initiate outgoing TCP traffic" }-

Technically the DNS request can be TCP or UDP, so DSA probably does catch outgoing UDP. A DNS request would be at the local machine level (local host cache), and DSA would catch it there. However, I don't think DSA monitors incoming traffic - could be wrong on this. At any rate, I would still want a firewall that is able to do some kind of packet inspection and verification, which I don't think DSA does. The fact that the DSA website states DSA is not a firewall replacement tells me right there it doesn't do everything a firewall does. At the same time, I think there are some firewalls out there that don't do the job, so having DSA there to catch stuff that gets through is probably a good idea. I've tested a lot of the firewalls talked about in the forums and there are very few I felt I could trust. Some of the firewalls are just plain garbage, IMHO. Or, there are people who are using rules-based firewalls who really don't understand how to create rules. In either case, DSA is a good app to have as an added layer of protection as a result of using borderline firewalls or having poorly written firewall rules.

Yeah i've found DSA has intercepted every leaktest i've thrown at it. That combined with your hardware firewalll should work well imo.

Point is with a router, inbound SPI is already there, why slow down the connection with a dual layer of software based SPI, the redudancy would do nothing good, only if you need outbound SPI, I see the need for a software firewall behind a router, otherwise all other outbound connections are intercepted by DSA.

Hello all,

My name is Chris Iannicello, Product Manager for Dynamic Security Agent. I wanted comment that DSA does also provide protection for TCP, UDP, ICMP and and UDP Protocols, just like our personal firewall, Privatefirewall. We do have some copy on our website that mentions only TCP, but the other are protected as well.

However, you are correct in that DSA does not provide any functionality to set specific rules per application like Privatefirewall.

Thanks,

Chris

I agree with Arup, Farmerlee and Expresso.

I had DSA combined with a FW-router. It chew every leaktest I threw at it. Because some FW-experts kept on claiming that TCP/UDP traffic control was key, I installed GhostWall (fast, simple, nice reporting) to see what uncontrolled UDP/TCP traffic rumbled my PC.

After running GhostWall some time, I concluded that the lack of UDP/TCP control was not a serious treath. So I de-installed GhostWall to save CPU power.

Although Comodo is pretty fast itself and security I think it is just a matter of taste.

I replaced DSA by SSM free (together with SensiveGuard), because you can make them silent (no pop-ups). The weakest link on our home PC was my wife (chosing always allow when DSA popped-up).

Overall I was pretty content (system anomaly monitor set off) with DSA, you should only be able to secure setup changes/stopping pop-ups after the learning mode period.

-{ Quote: "I was going by what I read at the DSA website:

However, I don't think DSA monitors incoming traffic - could be wrong on this. " }-

DSA does monitor inbound also...(from their website)

...DSA provides Application Security by providing detailed alerts for incoming and outgoing application-specific Internet traffic.

DSA is ok to "compliment" but NOT replace your firewall IMHO.

DSA is still being examined on this end and so far is doing fairly well but takes some time and loading it down with some heavy duty "Germs" :o to see how organized it really is. But as-is, i wouldn't replace your current firewall for it.

-{ Quote: "DSA does monitor inbound also...(from their website)

...DSA provides Application Security by providing detailed alerts for incoming and outgoing application-specific Internet traffic." }-

Notice it says "application specific," traffic. In other words, if I understand this correctly, it will monitor traffic from and to an application on your computer. In other words, if you are updating Application X online, DSA will monitor traffic to and from that application to make sure the packets it receives in return are valid. However, what about the incoming traffic that is not necessarily application-specific? For example, port scans and the other like threats have nothing to do with an application you are running. Does DSA monitor traffic coming to services-related ports and protect the system from unauthorized entry the same as a dedicated firewall would (am talking about software firewall only - no router)?

Good point about the "application specific" traffic. In regards to the rest of your post/question, I can't answer.

....For example, port scans and the other like threats have nothing to do with an application you are running. Does DSA monitor traffic coming to services-related ports and protect the system from unauthorized entry the same as a dedicated firewall would (am talking about software firewall only - no router)?....

***

The answer is yes, DSA does make ports invisible to port scans and does protect unauthorized entry the same as a dedicated firewall. When referring to 'Application Security', that is only one module within DSA.

Basically, DSA is the same as Privatefirewall and provides a comparable amount of protection except you cannot create custom rules for Applications, have no access to a firewall log, and does not display port tracking details (which ports are being used by your system at that moment, etc.). With DSA, you can control which applications access the Internet, but cannot specify ports or specific TCP or UDP rules per application like you can in Privatefirewall.

If you install DSA and then run a port scan (www.grc.com), etc., all the ports should be 'stealth', unless you have an app like Skype that keep certain ports open etc.)

While DSA has 4 visible modules in its interface (System Anomaly, Email Anomaly, Process Detection, and Application Security), it also contains Privatefirewall's proprietary layer-3 firewall using stateful packet inspection technology running in the background.

Hope this helps and thanks for all the input and feedback.

Chris Iannicello
Product Manager, Privacyware
www.privacyware.com

to ciannicello,

Is there any way to "undo" a choice in DSA?

For instance, let's say I select "Deny" for something to access the internet and make that a permanent rule but later decide I shouldn't have done that. Is there any way to modify my choice....short of uninstalling the program, then reinstalling and starting over?

Hipgnosis,

If you block any program within the Application Security or Process Detection modules, they get sent to the Quarantine tab within that section.

So in order to 'undo' a choice, select the 'View/Edit Process list' or 'View/Edit Application list' button from the Main Menu and go to the Quaratine Tab. If there is any program being blocked, it will be listed in this section.

From there, all you have to do is check the box next to the Process/Application in question and click on the 'Add as Trusted' button.

Let me know if you have any other questions.

Thanks,

Chris Iannicello
Product Manager, Privacyware
www.privacyware.com

Thanks, I'll check that out as soon as I can.

-{ Quote: "While DSA has 4 visible modules in its interface (System Anomaly, Email Anomaly, Process Detection, and Application Security), it also contains Privatefirewall's proprietary layer-3 firewall using stateful packet inspection technology running in the background." }-

Considering that many PAID firewalls don't have SPI capability, that is very good news. I'm not even sure if Comodo has SPI. I know there was some discussion between the Comodo people and Stem concerning this issue, and I'm not sure if a verdict was ever reached. If DSA performs this duty, then it would defininitely be something you would want alongside your firewall. The one question I would have is whether there would be any conflict using DSA alongside an additional firewall that also used stateful packet inspection?

To ciannicello,

I have reinstalled DSA on a test box and am giving it another look.

I do have one question/suggestion; could you enable the ability to resize the "View/edit process list" and "View/edit application list" windows? I find it very annoying to have to scroll back and forth when it would be preferable to resize the window and be able to see the entire path information at once.

The interfaces of DSA AND PrivateFirewall need a major overhaul.

You have any specifics? What constitutes a "Major Overhaul?

I don't have either installed now, but the main window of Private Firewall looks like it was written by AA Fussy (http://en.wikipedia.org/wiki/Babya_Logic). ;D

Any specific GUI suggestions would be appreciated! I will say that our philosophy regarding GUI has always been to keep it simple and a 'less is more' approach =). DSA, for example, is a pretty basic window with as little clutter as possible, etc.

Chris Iannicello
iannicello@privacyware.com

Any specific GUI suggestions would be appreciated! I will say that our philosophy regarding GUI has always been to keep it simple and a 'less is more' approach =). DSA, for example, is a pretty basic window with as little clutter as possible, etc.

Chris Iannicello
iannicello@privacyware.com

The ability to resize the window would be a good start.

We will try to add that enhancement into our Vista build.

Thanks,

Chris

-{ Quote: "We will try to add that enhancement into our Vista build.

Thanks,

Chris" }-

try? i am not a software developer, and could be mispeaking. but windows resizing seems to be a fairly rudimentary functionality.

on another note, i am currently running DSA with OA + FW and only using the firewall capability, and DSA is simply great. it's lightweight, fast, and indominatible. and that's in training mode. cannot wait to see what other enhancements you have in store. care to provide a timeframe?


Mike

Yes, it is any easy fix, but I don't want to make any guarantees until I know its going to happen. I would say 1-2 months is a good timeframe for the Vista builds of DSA and Privatefirewall.

Are we to understand that the free DSA in it's current version will not be updated untill Vista support is finally included?

And since the public release of PrivateFireWall, will the free DSA be receiving attention with improvements also or not.

Thanks

We reserve to right to update any of these products at any time, so if some urgent issue comes up, we may update any product before the Vista update. However, barring any major issue, we are going to try and put improvements together for both Privatefirewall and DSA for the Vista update.

Also, any changes we make to the 'firewall' portion of either Privatefirewall or DSA will require a change in both products, as they share the same core firewall technology. We're hoping the Vista updates will not take that long.

So would it be redundant to have DSA running with windows firewall turned on? DSA does exactly what windows firewall does in terms of stopping inbound threats (in addition to outbound protection)?

Also, for those using DSA: I opened Limewire and got a swarm of pop-ups for internet access. Just messing around, I blocked them all (without clicking always block). Now, when I open limewire, I get no pop-ups about it wanting inbound and outbound access. What's the deal? It's not in the list of trusted processes or in the application security list of trusted items.

Sorry, I can't help you. I used to use this program, but am not fond of being spied on.
http://www.wilderssecurity.com/showthread.php?t=177571

-{ Quote: "Sorry, I can't help you. I used to use this program, but am not fond of being spied on.
http://www.wilderssecurity.com/showthread.php?t=177571" }-

Thanks for the heads up. Has anyone who has run DSA with a full software firewall seen it actually try and phone home or anything phishy?

-{ Quote: "Sorry, I can't help you. I used to use this program, but am not fond of being spied on.
http://www.wilderssecurity.com/showthread.php?t=177571" }-

Private Firewall uses a licensing system, which DSA doesn't use.

Yes, Windows firewall would be redundant to use with DSA.

-{ Quote: "Sorry, I can't help you. I used to use this program, but am not fond of being spied on.
http://www.wilderssecurity.com/showthread.php?t=177571" }-
DSA does not contain any so-called "spying" provision in its Eula.

I use DSA in conjunction with System Safety Monitor (SSM). SSM has network control. In SSM, I have set rules whereby DSA's processes are configured as "Ask" -- for trusted as well as untrusted addresses. In other words, DSA cannot call home with asking my permission to do so. It has never asked in the several months I have been using it.

DSA is a useful app & should not readily be surrendered to F.U.D.

-{ Quote: "Sorry, I can't help you. I used to use this program, but am not fond of being spied on.
http://www.wilderssecurity.com/showthread.php?t=177571" }-


ciannicello- would you post a comment on the above referenced concerns? What, if anything, is collected and why? DSA looks like it could be just what I am looking for since I have a Netopia NAT router. I am also using Cyberhawk Pro and Nod32.

I reinstalled DSA and there is a EULA. When the EULA refers to 'Software Product', it refers to DSA , PrivateFirewall, and other security software developed by PWI. The compliance mechanism and interaction with PWI servers refers to the 'Software Product' and does not exclude DSA.

-{ Quote: "ciannicello- would you post a comment on the above referenced concerns? What, if anything, is collected and why? DSA looks like it could be just what I am looking for since I have a Netopia NAT router. I am also using Cyberhawk Pro and Nod32." }-ciannicello drops by on very rare occasions. Maybe send him a message at...

http://www.privacyware.com/support_ticket.html

What happens after the training period is over? Does something change in the main menu or something that says training is over? In the email anomoly detection, I have training enabled, but it says 0 training days have been completed in the statistics. Maybe that's because I use web based email???

I just received an email from Privacyware support. Without giving the specifics of the email, there is no communication between their servers and DSA. The EULA for many of their products will be changed as their products are updated.

I received a follow-up email from Privacyware. In the case of DSA, there IS indeed communication between the application and their servers.

-{ Quote: "I received a follow-up email from Privacyware. In the case of DSA, there IS indeed communication between the application and their servers." }-
I have used DSA for a long while. It has NEVER connected out, or ever tried to do so. I'm not saying it won't ever try. I AM saying that it has never done so on my box. (Moreover -- it couldn't do it, even if it tried!)

Nothing (but NOTHING) calls out from my computer unless (1) I am first notified that they are trying to connect out, AND (2) I then permit them to call out & (3) I then enable the requested port for them to do so. And, yes, I DO have watchbirds watching my watchbirds.

Perhaps DSA is triggered to *call home* by such things as attempts at backward-engineering, cracks, etc. Since I have never tried to do any such illegal acts (nor shall I do so) maybe that is the reason why DSA has never EVER tried to call home from my box.

I suppose this situation could be an issue for: (1) someone attempting a crack, OR (2) a bad guy who is looking for a way around DSA's protection of my computer, OR (3) someone who is blissfully unaware of apps that call home from his or her computer.

It isn't an issue for me. Why fret over an impossible possibility?;)

I received the email from Privacyware today so I wanted to correct an earlier posting I made that was in error. Experience teaches that things that are deemed to be 'impossible' are often very possible.

just a reminder that DSA when installed will not install conflicting drivers if you have a firewall installed. So if you uninstall the firewall you need to reinstall DSA to insure all drivers are installed. Not sure if this is a big risk but it does happen.

DSA shares the same driver with PrivateFirewall, but none other AFAIK. No other firewall should affect the driver installation/removal of the DSA driver (pwipf2.sys). The DSA installer will ask you to remove PrivateFirewall if you attempt to install on top of it (and vice versa).

http://www.wilderssecurity.com/showthread.php?p=777141#post777141 ( see post 30)

ciannicello
Infrequent Poster
(quote)
If during installation, DSA detects a firewall application for which it conflicts, DSA will install all components except the conflicting driver. Therefore, whatever personal firewall you had installed originally (and presumably prefer), will provide such capabilities. DSA will enhance that firewall with the anomaly detection and process monitoring layers. If you are not married to any particular personal firewall, we suggest Privacyware Privatefirewall 5.0 in which DSA will be fully integrated

I emailed ciannicello last year regarding this and his response was to reinstall DSA. Perhaps they have now changed this in the latest builds , however i doubt it.

Good to know, SPC. Thanks.

Interesting. By "Process monitoring" do they mean the "process execution" feature or the "Application security" features (thread injection, system file tampering detection, etc). For the latter, the most useful feature IMO, I would expect it requires the driver to be loaded. Maybe they just turn off the firewall features of the driver.

I just tried running this with the driver unloaded and it does mostly work. It will still prevent network access by a program if it tries to contact the dns server first. If it opens an IP directly, DSA won't interfere.

I hope they release an upgraded version soon.

Anyone knows when Vista builds will be available for DSA and Privatefirewall?