i am looking for a firewall,something like the one in eset smart security - by default,the firewall in eset smart security does not need any user intervention whatsoever.
not going for eset smart security because i already have an antivirus
i need a firewall which does it's business without bothering me at all
thank you
looking forward to your suggestions

The inbuilt Windows XP/Vista firewall.

You likely already have a hardware router, and it likely already doing the job for you. If you just have a modem, and a computer a basic software firewall like the windows firewall will do for very basic inbound protection.

You can't ask for something to be top of the line security, but not require your input at times as you have to configure it how it needs to run with your applications.

what a ridiculous situation
i shouldn't even be here asking for assistance.i just want to do my work on the internet safely,i don't want to fiddle with security applications.i buy the software and it does it's business,the end.if i go to buy a tv i don't expect the shopkeeper to sell me a box of tv parts to take home and assemble.
why isn't there a firewall which provides adequate security,and something which does the job.an eight year old or an eighty year old person deserves to be protected online,not everyone can be expected to know which applications require internet access.i pay money for security software,my part ends there,the software takes over.
forget application filtering,those of us who want a trouble free internet experience without being bothered by security software,will just assume that there are no rogue apllications sending out personal data from our computers.
the other function of a firewall,the network filtering or whatever it's called - which firewall does this part the best
is the xp firewall really safe enough? are there any alternatives? anything like the xp firewall
thank you

You're right that this is a ridiculous situation. No firewall on the planet will provide absolute security with zero knowledge on the user's part. You can whine and complain about it all you want, but no amount of petulance will change the facts.

The XP firewall will provide good, inobtrusive protection - again, assuming you know what you're doing.

-{ Quote: "what a ridiculous situation
i shouldn't even be here asking for assistance.i just want to do my work on the internet safely,i don't want to fiddle with security applications.i buy the software and it does it's business,the end.if i go to buy a tv i don't expect the shopkeeper to sell me a box of tv parts to take home and assemble.
why isn't there a firewall which provides adequate security,and something which does the job.an eight year old or an eighty year old person deserves to be protected online,not everyone can be expected to know which applications require internet access.i pay money for security software,my part ends there,the software takes over.
forget application filtering,those of us who want a trouble free internet experience without being bothered by security software,will just assume that there are no rogue apllications sending out personal data from our computers.
the other function of a firewall,the network filtering or whatever it's called - which firewall does this part the best
is the xp firewall really safe enough? are there any alternatives? anything like the xp firewall
thank you" }-
If you only want an inbound firewall you can try cFosSpeed (http://www.cfos.de/speed/cfosspeed_e.htm).

Its firewall protects against network intrusions by means of filtering dangerous packets, state inspection and stealth mode.

Panagiotis

There is no magic wand, your computer is not a toaster, its a complex machine capable of running complex software. Sometimes that software is malicious in nature if its allowed to run on your computer.

You obviously don't understand the situation, the amount of security you want depends on your knowledge, and willing to learn. For most computer illiterate people the windows firewall is fine for inbound as long as any software doesn't edit the windows firewalls rules automatically, and you might get an rare prompt even with that, otherwise a hardware firewall which most people already have will do the inbound job too, however if you need to make any changes it must be in the routers http interface.

Now only administrators are allowed to make changes to the windows firewall rules, but most users run as an administrator all the time as they don't know any better, this mean any software running has full access, even malicious software. Vista by default runs even administrators in a faux-user mode, and your given prompts for many things, it is there for the users benefit, however many people might disable removing a layer of protection. User accounts do help in maintaining security, and only add a little bit of hassle. Being pro-active about security is much easier than cleaning up after malicious software.

People need to realize their computer is not a toaster, it is something very dynamic, and you can run a variety of operating systems and software on the same hardware. It is simply being knowledgeable enough, if not willing to learn, or basically annoying your friends/family members to do it for you.....

-{ Quote: "If you only want an inbound firewall you can try cFosSpeed (http://www.cfos.de/speed/cfosspeed_e.htm).

Its firewall protects against network intrusions by means of filtering dangerous packets, state inspection and stealth mode.

Panagiotis" }-
Never heard of it. Gave it a quick look (website), the commands seem like iptables commands.

-{ Quote: "Never heard of it. Gave it a quick look (website), the commands seem like iptables commands." }-
Its main feature is the traffing shaping. (probably the best traffic shaper; at least for me)

From the version 3.xx they added the firewall functionality. And yes it's advanced rule editing is pretty similar with iptables. (and it is done from a cmd interface).

But a normal user do not have to adjust anything (except from enabling the firewall) unless he wants to protect his pc from lan attacks.

Here are some captures of its main interface.

While I can understand (to a point) the original posters frustration over having to configure and respond to firewall queries, I do understand that firewalls do not know about every application or request that is made of it. It's not possible as there are just too many configurations to deal with.

If you do find a firewall that never asks.......let me know please..:)

-{ Quote: "While I can understand (to a point) the original posters frustration over having to configure and respond to firewall queries, I do understand that firewalls do not know about every application or request that is made of it. It's not possible as there are just too many configurations to deal with.

If you do find a firewall that never asks.......let me know please..:)" }-
Windows XP firewall and cFosSpeed never ask. (since they do not offer outbound protection).

And because of this they do not conflict with any other firewall. ;D

-{ Quote: "Windows XP firewall and cFosSpeed never ask. (since they do not offer outbound protection).

And because of this they do not conflict with any other firewall. ;D" }-


I already use CFosSpeed as it happens, but because of the reason you mentioned, have to run an outbound firewall protection as well. (Not XP built in one though :) )

Several of the rule based firewalls may be set up so that they never ask for anything, but out of the box they do not work that way. Basically all that is needed is to turn of any HIPS features and have a rule (or rules) that allow outbound communication of TCP and UDP on all ports that is not limited to a single application. The stateful inspection (and pseudo stateful in the case of UDP) takes care of the rest. Jetico I (free) can do this with one more rule to allow network access that is not limited to a sintle application.

The Sygate based firewall in Symantec Endpoint Protection 11 works without intervention, but this is a business product with a 5 unit minimum purchase at around $55 each.

Injoy is similar to CfosSpeed in concept, but more expensive.

Ghostwall is inbound filtering only, and can be set up quickly.

The wan ruleset for CHX-I free result in a "no ask" firewall. Its no longer supported, but there are links around on this board from which it could be downloaded.

Any of theses will work for an 8 year old or 80 year old, provided someone with a bit of computer skills sets them up first.

Addendum:

What the OP is asking for is not so unreasonable, it just seems unreasonable to many that hang out around here in the quest for the ultimate leak proof firewall. I have posted many times that attempting to control outbound traffic has the lowest return on investment of any security measure, in terms of user effort and machine resources, of any security measure. After all, the original leak concept is detection after the fact of infection.

A better way to do things is needed and I think the Sygate based firewall in SEP 11 is it. Rather than relying on overly broad behavior characteristics like "application A starts application B", it looks for communications patterns that are common to malware, along with behavioral analysis in a separate module. IMO, its the most forward looking product out there. It does need some work. The initial release was buggy. An improved MP1 is out, but its not perfect, and CPU usage is a pig if you are on batteries. Its likely Norton Internet Security 2009 will look like this.

The best way to goof proof a computer is to set it up LUA/SRP with the administrator password not known to the user. This prevents the user from screwing it up accidentally or on purpose since they can't install anything new. It works for millions of enterprise workstations.

Diver, indeed, but even that needs something to be set up.
One can even picture a firewall that just blocks unsolicited. Then, to use P2P or whatever that needs unsolicited, how does the fw do that automagically?
Of course, the built in fw does something like that, but that's just about the only answer, Windows firewall.
You cannot ask for a better one, and demand AI. Wait for Skynet.

-{ Quote: "If you do find a firewall that never asks.......let me know please..:)" }-
Install NIS.

-{ Quote: "
are there any alternatives? anything like the xp firewall" }-
Yes, for example you can set the KIS firewall to Low Security mode.
http://img165.imageshack.us/img165/192/kisfwlszb7.png

There will be no popups, all your programs will have unlimited internet access and you will be protected from network attacks.

Cheers

-{ Quote: "Diver, indeed, but even that needs something to be set up.
One can even picture a firewall that just blocks unsolicited. Then, to use P2P or whatever that needs unsolicited, how does the fw do that automagically?
Of course, the built in fw does something like that, but that's just about the only answer, Windows firewall.
You cannot ask for a better one, and demand AI. Wait for Skynet." }-

Windows firewall is as dummy-proof as a firewall could be. It only lacks good facilities for a notebook computer user to choose between trusted and untrusted networks easily. I am not sure if network discovery is turned off when file & printer sharing is unchecked, you must remember to do that when you leave home. The Vista firewall is better in that regard and it allows for some granular control in the rules.

Is what I am asking for AI? Well it needs to be better than firewalls and HIPS that can't differentiate malware from harmless software. If the user sees to many pop ups there is really no protection, unless the user is an expert (who should be smart enough to protect himself other ways) and not distracted by trying to do some work at the time. In that sense a lot of security programs are worthless.

When i say "You cannot ask for a better one, and demand AI." i mean "One cannot .."
About HIPS: it depends on the users you're trying to appeal.
Even if one such developer intends the larger audience, building a "classical HIPS" doesn't mean he failed. It could just mean that he built the framework to build on (OS mechanisms etc). Anyway, its down to the user.

-{ Quote: "i am looking for a firewall,something like the one in eset smart security - by default,the firewall in eset smart security does not need any user intervention whatsoever.
not going for eset smart security because i already have an antivirus
i need a firewall which does it's business without bothering me at all
thank you
looking forward to your suggestions" }-


look n stop, one time rule setup & it doesn't nag, good outbound detection...

-{ Quote: "look n stop, one time rule setup & it doesn't nag, good outbound detection..." }-

As well as excellent inbound protection. :thumb:

Lucas,

Unless better security comes to those with few computer skills, things are not going to get any better for anyone. The malware for profit thing has gotten so strong because it works. If there were a lot fewer successful attacks there would be less reason to try and things would get better.

There just has to be a better approach than the present technology of training a two way fierwall with HIPS, and then accepting that it is quiet enough because there is only one pop up every other day for all eternity. That's like having an AV giving a false alarm every other day. Such performance would stop an office dead. As far as I am concerned, pop up fatigue makes leak proof firewalls useless, and classical hips even more useless.

That system is as dumb as it can get as every thing these programs check for is done by harmless software as well. Without some intelligence these programs are a big waste of time. Effort is better spent on things like LUA/SRP and DEP which are free, much closer to foolproof, and use very few resources. Sure, it does not prevent infection when intentionally escalating privileges to install something, but that is when the user has to have a brain and think about where that program came from, and what it is supposed to do.

I bet that for every banking password stolen by a keylogger which phoned home, a hundred were lost to social engineering in phishing attacks. It is likely that the firewall circumvention techniques that leak tests POC are in reality only used by a small number of viruses because every time the question comes up the same 6 examples on Matusec's page or Comodo's web site are mentioned. Just 6 out of over a million possible items of malware. Furthermore, there is almost a total lack of anecdotal evidence of folks being saved by their leak proof fiewall warning them. Yet, so much effort goes into chasing this ghost.

It really ticks me off when a firewall gives a warning for no apparent reason. What do you do? Approve and go on, or conduct an investigation, which wastes two hours and leads to no conclusion anyway.

-{ Quote: "Install NIS." }-


Not unless Norton/Symantec have drastically reduced the bloat.

-{ Quote: "look n stop, one time rule setup & it doesn't nag, good outbound detection..." }-


Not so fast. This one has to be trained like all the others, unless application control is turned off, and then you can forget about outbound. No pseudo statefull UDP either. Skype will run, but it will work better on Skype to Skype calls with a firewall that has pseudo statefull UDP. $29 and a serial # system that only allows a single install, when there are free ones that will do the job.

Outbond control=nags, unless using some kind of protocol/port signatures like Sygate/SEP 11, or an extensive white list and you don't use anything unusual.

-{ Quote: "
The best way to goof proof a computer is to set it up LUA/SRP with the administrator password not known to the user. This prevents the user from screwing it up accidentally or on purpose since they can't install anything new. It works for millions of enterprise workstations." }-

Sorry, not quite true. Viruses can and will infest these type machines. I've seen it.

-{ Quote: " As far as I am concerned, pop up fatigue makes leak proof firewalls useless, and classical hips even more useless." }-

If the alerts are answered incorrectly or inefficiantly then yes, they are useless, otherwise they make useful security utilities in the right hands.

-{ Quote: "Effort is better spent on things like LUA/SRP and DEP which are free, much closer to foolproof, and use very few resources. Sure, it does not prevent infection when intentionally escalating privileges to install something, but that is when the user has to have a brain and think about where that program came from, and what it is supposed to do." }-

Not all users have a brain (or use it correctly), even in an enterprise environment.

-{ Quote: "It really ticks me off when a firewall gives a warning for no apparent reason. What do you do? Approve and go on, or conduct an investigation, which wastes two hours and leads to no conclusion anyway." }-

I've never seen alerts given for "no apparent reason", and there is no need to spend two hours investigating the alert...not even close. And to say it leads to "no conclusion"...could be the case in the wrong hands, but then the wrong hands should not be using these products.

Watt, it seems that you can't seem to write an entire paragraph, so you take issue line by line. I hope you enjoy editing my post.

LUA/SRP is very effective. To infect the machine the user must elevate to administrative to either run a program or more it to an area where it may be run with limited user privileges. Without elevating to administrator it simply can't be done. If you find otherwise, prove it.

You are inconsistent in your analysis. To some points you attribute to the user a complete lack of sense, on others the user is a security expert able to deal with the most arcane of prompts. So, that makes it possible disagree with everything. OK, I don't have time for that.

Are you upset because I have not agreed with all your statements? You have stated with an almost authoritative tone your dim view on the subject matter. I happen to disagree, at least in part. So what? Sorry, but I have seen real evidence that limited privileges do not outright stop all malware, though the damage can be, admittedly, minimized. No arguments there. As for providing evidence, short of delivering to you via courier the infected machines, it is pretty labor-intensive and impractacle to do so. I'm not making up some story. It happened.

My apologies for not quoting you in this post, but I saw no need.

Watt you could send me all the machines you want, so I can clean them up for a fee.

By the way. don't confuse limited privileges with LUA/SRP. The later is much stronger.

That's okay, they were cleaned professionally. You can send me one of those LUA/SRP machines and I'll find someone who can break it with malware ;D

Well Comodo sure doesn't fall into this category. It definitely bugs you. I wentback to ZAAS which actually is very quiet. I was think of putting Threatfire along side it.

-{ Quote: "That's okay, they were cleaned professionally. You can send me one of those LUA/SRP machines and I'll find someone who can break it with malware ;D" }-


I can understand that a LUA/SRP machine can be infected if you willingly install something with admin rights.
That can happen in even in Linux and MAC.

You say you have seen it happen. Can you explain a bit more?

If unnamed doesnt want outbound protection I would say that any firewall (or router) with app control disabled will do. There will be no nagging from the firewall. I personally use XP firewall only in my gaming snapshot. No nag, no problem.
And If I was afraid that the hackers out there would target me, then I wouldnt use windows at all, I´d go for Linux.
No nags from the firewall there :) but until I get seriously paranoid, LUA/SRP and a basic firewall will do fine.

-{ Quote: "You say you have seen it happen. Can you explain a bit more?
" }-

Hi sukarof,

sorry, I can't go into detail and divulge information. The only info I can give - and it's really no help - is that social engineering was involved. Basically, a lack of judgement was involved. I would pm you with the details but I can't take any chances.

Ok thanks wat0114. No need to go any deeper.
With enough skilled social engineering - no security software, configuration or OS will save you.
Maybe I am walking out on the limb here, but I feel pretty safe against that :P
The important thing for me to know is that windows with LUA/SRP doesn't do anything unless I say so be it legit software or malware. Meaning nothing will sneak in behind my back.

-{ Quote: "Install NIS." }-The trial version of this on my new PC 3 sure has not asked me anything a single time. I nosed around until I found the log and sure enough it is at least watching out for things. You are correct.

-{ Quote: "Not unless Norton/Symantec have drastically reduced the bloat." }-No where near as bad as they use to be.

This is getting to sound like George Clooney in Michael Clayton. I'm just the janitor. Its easier to clean up the mess if it is small. Then his Mercedes blows up. I feel like that all the time. All these secrets. I have this malware that can do anything. Just send US $5000 to secret bank account #4589745 in the Cayman Islands, and don't expect to hear from me again in this forum:)

Anyone know what this is: \|/ ?

To the OP, the advice given in posts 2 & 3 is probably the best for you, unless you can find a firewall that will scan your programs, set pre-defined rules for them and hopefully never bug you even once, thereafter.

Diver, restricted client pcs using lua/srp or limited accounts via power user accounts work for the most part. However, if you consider a large, corporate environment consisting of ~ 2000 pcs, for example, spread across several departments ranging from clerical staff, to human resources, to desktop support, IT support, system technical support, then managers ranging from entry-level to upper tier, it becomes next to impossible to impose full restrictions on all pcs concerned. Even those who have their machines bound in a "nanny state" can often request - and obtain - temporary administrative access to install software required to do their job such as, for example, eprom burning software or a protocol analyer utility. The access is intended to be only for the purpose of installing the software in question for use related to the individual's job, and nothing else. Of course this is where the problems can start. If someone forgets to remove this access from the wrong hands...well, I'm sure you get the picture. It happens because everyone is busy with other things to do and lots on their minds. Even the corporate-level, resident av scanner can miss the malware.

That is all I will say - and should need to say - on the matter.

I will expose my personal posture regarding firewalls.
First, we need to know that firewalls filter network packets first and foremost. Filtering implies applying a criteria/rule. Example, if you have a box of candy and want to filter them, you must establish a criteria (sweet, big, small, w/chocolate, w/fruit, etc). The same occurs with firewalls replacing the candy box with your network environment.
This means that to successfully operate a firewall and obtain the highest benefits, you must create a precise ruleset according to the network traffic you expect/want. But, to achieve this, you must have a basic background in networking and most people don't have this knowledge. Even worse, nowadays some users expect that their firewall fix the architectural flaws of Windows (where execution rights are a given and code injection is commonplace) and stop a malicious process (which is already in memory) from phoning home/delivering its payload. Want more? The same users who request protection against leaktests request some form of AI (artifitial intelligence) because they become tired of answering pop-ups and/or don't know how to respond.
Seriously, if you don't know/want (there's nothing wrong with this) to build a strict ruleset matching your network/Internet usage, forget about the leaktest nonsense and choose an option suitable to your needs:
- An inbound-only firewall: NAT/NAT+SPI modem/router, XP/Vista firewall, Ghostwall/CHX-I/Injoy, etc.
- Simple allow/deny firewalls: ZA free, OA in standard mode (IIRC), most suites.
- A firewall with big whitelists (list of known, safe applications with pre-made rules) and IDS/exploit signatures. The best example is NIS.