Hi: I was surprised to discover there are still Sygate users so decided to stay with SPF
used v 2808, was able to find both v 5.6.3408 and 5.5 Pro and installed Pro

using: W2K Sp4 . IE 6 . MailWasher v 2 - free . (FreeRam: http://www.yourwaresolutions.com/)

more than any other software, the firewall reveals how little I understand about the workings of
the computer, firewall sw kind of demands one learns what's what or one just has to allow the
sw to 'do its own thing'. I don't trust fw sw will do things correctly and something Sygate tells
me other fw sw doesn't is 'do you want to allow . . . to access . . .' or 'xxx is trying to broadcast
or communicate with . . . ' (can't remember the exact examples); using Sygate, first of all I get a
notification and second, I can easily block what's being attempted

found this SPF guide: http://www.kotiposti.net/string/SPF_eng/SPFGuide.html
I setup Pro according to the guide and since doing it last night haven't had the 'such and such'
attempts that usually happen immediately after a re-install or hd format — amazing
(don't understand enough yet to try the 'More about rulemaking' )

Q: what is the 'Sygate Proxy Server Defect' ?

now I want to know what to do next

I've got the free Avira av installed, at present unloaded, but I don't believe it to be 100% reliable,
same for AVG, they're easily disabled and bypassed, especially by 'exe' type virus/trojans
(PCTools sw is crap, some cause internet disconnections, bugs in Threatfire etc, etc)

from other threads I've discovered 'HIPS'; some people are using standalone H programs and
some are using for eg: Online Armor - HIPS only ??? but the free version of OA doesn't support
anti-keylogging etc, so is of no use - -
via tallemu.com: "Q. How strong is OA free's HIPS function? Do I need a second HIPS?
A. The pure HIPS in OA Free is the same as in OA Full. There is no need for a second HIPS at
all, and installing one could cause system instability."
but: http://www.tallemu.com/comparisons.html - - if the Xs are not part of the OA HIPS - -
Q: doesn't that mean extra protection is required ?

there's obviously no definitive security solution and everyone makes different choices, but - -
Q: are Sygate and a HIPS program sufficient protection, or is an antivirus program also needed,
and which Free-if-possible HIPS program ?


124 page SPF Pro user guide: http://desktop-sicherheit.de/pspf55_userguide.pdf

-{ Quote: "the free version of OA doesn't support
anti-keylogging" }-
Thats not completely true; OA free can block keyloggers that use hooks.
-{ Quote: "...but: http://www.tallemu.com/comparisons.html - - if the Xs are not part of the OA HIPS - -
Q: doesn't that mean extra protection is required ?" }-
Online Armor (paid) has the Mail and Web Shields. Whether you want/need those features is a personal preference.
-{ Quote: "Q: are Sygate and a HIPS program sufficient protection, or is an antivirus program also needed" }-
You can go without an antivirus but its not for everybody.

AV or no AV (http://www.wilderssecurity.com/showthread.php?t=199494)
Is antivirus really necessary? (http://www.wilderssecurity.com/showthread.php?t=194481)
Do you use real-time AV? (http://www.wilderssecurity.com/showthread.php?t=189453)
-{ Quote: "and which Free-if-possible HIPS program ?" }-
What kind of HIPS do you want? And why do you want HIPS?

which version is newest and most strong firewall, sygate 5.6 or sygate PRO 5.5 ?
thanks.

-{ Quote: "which version is newest and most strong firewall, sygate 5.6 or sygate PRO 5.5 ?
thanks." }-
Sygate Pro.

Ok Sygate Pro seem to be the best, then which is the latest version of Sygate Pro? and i mean the latest version ok?
thnx.

5.6.3408 was probably the last available version. This was a Beta but I believe it might have been about to be released when Sygate sold out to Norton. The Sygate log file was probably its best point. It allowed you to see with great effectiveness who & what were connecting out & in for that matter. I always has the feeling that this firewall was more of a commercial version for small offices than a firewall for individuals. There was great latitude in setting up rules for an application. This was relatively easy to do & users frequently did this. It became greatly popular among peer to peer users since block lists were relatively easy to import . The proxy defect was probably not a defect at all at the time Sygate was in development . But with modern P2P Proxy servers & Antiviruses that use local proxys it became a deal breaker for me. There are ways to control this with rules but it quickly could become a nightmare to do since you had to make sure that any app that ran a server was set to ASK & not Allow. If you did not do this any application that used a local proxy was effectively beyond the control of Sygate since it did not recognize Loopback connections 127.0.0.1 or Local Host. The result was if you gave an application permission to receive & send connections there was always the possib ly that some one would connect in for their own purposes. At the time of development Sygate did not have HIPS not many firewalls did but Sygate had a setting to enable DLL authentication if an application loaded a new dll it would advise you. I suspect that the very last version 5.6.3408 might have been a little better than the previous ones with the local host problem. A free HIPS like online armor might help with Sygate for leak protection but the local host problem is still there. That does not mean you should not use Sygate you decide.. I used Sygate for years & it was there for me many more times than it wasen't. Why not try PC Tools firewall plus & threatfire. I think that would allow great protection. I still think that everyone should have a good AntiVirus. If you don't want to buy one use AVAST.

WSFuser: "What kind of HIPS do you want? And why do you want HIPS?" - - only because of
what I've read so far on the site and elsewhere, HIPS appears to be a more effective method of
stopping virus/trojan/etc from getting on the computer; which HIPS I don't know, then there's
Sandboxie which other people use . . .

Woody777, thanks for explaining about the Proxy Server
the exe virus: after a hd format the problem was still there, I found and installed PCTools av
and it identified the virus; what I'd done was copied infected files to the new install; format and
clean install, I tried Spyware Doctor which caused internet disconnections; while the PCT av
did identify and remove the exe virus - 50 popups if I remember correctly, on the PCT forums
there's so many problems with all PCT products that while Threatfire appears to be a good
solution, it also has and creates problems
I don't believe AVAST would be any better than AVG or AVIRA in that it/they don't stop exe
and other viruses/trojans from getting on the computer, are disabled by them, hence the idea
that HIPS is the better methodology to be using - in theory 'it' can't happen

ohh i feel so bad about sygate, why did they sol out to Norton, it was a bad idéa..
I hope someone will come out with an idéa to make an excellent firewall as sygate, with almost exactly protection and almost same GUI and everything.

I FULLY agree.;D

I'm sticking to Sygate, because it has the least problems (with no problems at all with utorrent) and a very understandable logfile. Especially when you use the SPF Log Viewer by SalB. :isay:

I have been looking for a replacement for Sygate for years. So far nothing I can find exactly replaces it. Online Armor Pay might but it costs 39 dollars US.. Online Armor free might also but has limited port programibility. Comodo is complex in its present form. The last version before the 3.00 releases might actually work pretty well. But, it interferes with my FDISR program ( my own problem) One or the other had to go. LookNStop has no HIPS but otherwise is a great firewall. PCT Firewall worked ok for me but I did not like having to pair with Threatfire which everyone except me likes. ES secure might work for you but there is little support as its Chinese & I had problems uninstalling it (a potential for disaster). Webroot makes a branch of Private firewall available for free but it also has Dynamic security Agent which seemed to be confusing to me . At the present time I finally gave up & decided to put up with ZoneAlarm Pro it works better than any other for me. A lot of people just don't like it however for whatever reasons. Actually AVG free might be OK for Sygate since I don't think it uses a local proxy. The HIPS in online Armor might help a lot also if you uninstall the firewall portion before you install Sygate. Just make sure all P2P applications are always marked ASK. I would then disable with the advanced rules UDP ports 135-139. I would also disable ICMP or part of them with appropriate rules. I think ICMP 8 & 3 for sure. If you have a router that would help tremendously also. I am unsure if Avira free uses a local proxy . I should try Sygate OAL & Avira in a Virtual Machine & find out. I think I will now I have a project to fool around with today. I have found using the free Virtual Box Virtual System isolates your system from many problems but you do need an install disc for XP. Returnil free also would help as you can reboot & all traces of any malware you encountered will disappear. You do need a USB key or another partition to store data on if you want to keep applications. I would not install the virtual partition returnil offers to create as it doesn't always uninstall at least it did not for me.

Good grief you know how to write ;)

Yep, got some advanced rules with the one you mentioned. And some advices from Secunia are also in the advanced rules.

Plus I block all incoming ICMP (advanced rules) tip http://www.optimizingpc.com/howtouse/firewallsygate.html
and do not let any application use ICMP or act as a server in the application rules. y Except for utorrent.

Some other advanced rules I make after looking at the traffic and see what is blocked and what should be allowed.

Do you know if there is a special order in the advanced rules, like, from bottom to top
or something?

By the way... I'm trying ProSecurity free as backup.

No there should be no priority in the order of the rules. I think they were all equally effective. I think I will make a new Snapshot in FDISR & uninstall ZA Pro & then I will try Sygate & Prosecurity free. I will use my NOD32 AV though which does use a a local proxy just to see if it works well. I absolutely have really missed Sygate lets see if we can cobble somthing together a new solution?

Ok we''ll see and thanks.

I have the AVAST 4.8 beta at the moment running nicely, with Webshield, Network Shield, P2P shield, Internet Mail and Standard Shield.

Not using proxy in Firefox. Gives problems when I have to log in. I've just set ask for webscanner and FF in sygate. And not act as a server.

Which version of sygate you got? I've the 5.6.3408 pro and working well.

Edit:
Avast beta caused a BSOD, dumped it. Now Avira free with write only all

I use 5.6.3408. Version. Works well with anything so far. Pro Security does add a lot of security to Sygate. You should know whats going on thats for sure. I use this with NOD32. Sygate has to be just as good as their ESS firewall solution. No spam filter though so I use Thunderbird.

Woody777:
what's the difference between 5.6.3408 and the Pro version ?
what OS are you using ?

I had a look at the ProSecurity screenshots and feel I need a doctorate in computer science
in order to understand and use the software
is there an 'easy' way to setup this sort of sw ? are OA hips and/or Threatfire any easier ?

The 5.6.3408 that I use is a Beta of Soon to be released new Pro Version. Unfortunately , Sygate effectively went under & sold out to Norton before it ever was released. The free version effectively blocks out a few of the features but I really don't think that in effectiveness there was a great deal of difference. There are a few places you can still get this version but if you don't have Key for the ProVersion you might have some problems. If ProSecurity is a little baffling just start off with WinPatrol that might actually be enough HIPS for most people (I know its more a system monitor than HIPS). I just might get rid of ProSecurity myself if it annoys me too much.

OK I got ProSecurity Free installed let it scan my entire Program partitiion left it in learning mode rebooted & took it out of learning mode it seems to be a very decent & competant application. I combined it with WinPatrol (supposed to now detect Keyloggers now) Now I feel This old Sygate firewall might have new life. By the way I use Windows XP Home & I love Threatfire but it interfered with my FDISR so it had to go.

well I'm using EQsecure now.

Very light. Good developements, like Alcyon's rules.

Now I only have Sygate Pro 5.6 3408, Avira free (with some suggestions from Kees19580, Sandboxie and Eqsecure.

And above all I LUA with SuRun.

Hello,
I don't think you need any HIPS with the firewall...
But that's just me...
Mrk

my mistake, I thought it was SPF 5.5 Pro and just SPF 5.6 3408, but there
doesn't appear to be any features differences between versions

Woody777, my at-rest FreeRam amount is usually 272 of 392MB Ram available
and after installing Threatfire it rose to 300 to 294, any ideas why the mem
would increase ?

Now I run the new 21112 OA hips only, instead of EQsecure, makes everything quite leakproof!! :thumb:

EQsecure was a little too much for my taste.

-{ Quote: "my mistake, I thought it was SPF 5.5 Pro and just SPF 5.6 3408, but there
doesn't appear to be any features differences between versions

Woody777, my at-rest FreeRam amount is usually 272 of 392MB Ram available
and after installing Threatfire it rose to 300 to 294, any ideas why the mem
would increase ?" }-

Hey i think you have a clone of my computer.I too use w2000 sp4 with 392ram :P .Im also currently using sygate pro 5.6 .3408.Red jack has an archive site for all versions both free and pro of sygate .
http://www.savefile.com/projects/1045215
Personally i just use sygate with avast,and dont bother with hips.Im not sure whether freeramxp is actually of much benefit to you either on a w2k machine or newer machine....great for 98/se but just added baggage on a w2k system imo.
ellison

I am presently using Pro Security Free, Reg Mon, WinPatrol, & NOD32 latest release. The above uses about 235 mb ram. When I added SuperAntispyware it rose to 295 MB. I am guessing that whatever Spyware utility someone adds that the Spyware module interacts with the Antivirus & the ram rises upward. I am still not sure that I need SuperAntispyware I suppose I could add BOC & remove the SuperAntispyware.

hey ellison, don't know if Freeram is baggage but it allows me to see the load
being drawn using various programs

I wonder what and where people are surfing to need all the security they're
using, I'm at the point where I've done so many formats it doesn't really phase
me if I have to do another, were I to mirror this drive on an external it would
only take minutes to re-install everything

the virus I was hit with mentioned in #1 is Win32.Virut.Gen.4 - PCTools or
W32/Virut.AT - - many variations; as said it blew thru Avira so uninstalled it
and using PCTools av which coped with it. PCT av seems to use a bit more
ram but based on its handling of Virut I've more confidence in it than Avira or
Avast or AVG --- funny how they all begin with A eh ?

I'm not going to install a hipps, based on what I've experienced security wise
I don't think it adds any benefit

-{ Quote: "hey ellison, don't know if Freeram is baggage but it allows me to see the load
being drawn using various programs

I wonder what and where people are surfing to need all the security they're
using, I'm at the point where I've done so many formats it doesn't really phase
me if I have to do another, were I to mirror this drive on an external it would
only take minutes to re-install everything

the virus I was hit with mentioned in #1 is Win32.Virut.Gen.4 - PCTools or
W32/Virut.AT - - many variations; as said it blew thru Avira so uninstalled it
and using PCTools av which coped with it. PCT av seems to use a bit more
ram but based on its handling of Virut I've more confidence in it than Avira or
Avast or AVG --- funny how they all begin with A eh ?

I'm not going to install a hipps, based on what I've experienced security wise
I don't think it adds any benefit" }-

Well taskmanager does that though i guess its not as convienent as looking at the sys tray icon.When i said baggage i meant if you are actually using it to free up ram.W2000 handles memory much better than pre OS ,and i guess your physical ram would rarely go lower than 150 megs even with quite a few things open.I think im of the same opinion as yourself about hips.Im a safe surfer and think it can cause more problems than the worth of it ,in setting it up to work correctly,actually understanding what your doing with it ,and conflicts with other apps.Just my opinion of course .
ellison

I am about to dump the ProSecurity Hips. It is plainly driveing me nuts with all the pop ups to do anything at all. I suspect that the combination of SuperAntiSpyware & NOD 32 should handle any malware any way. You might consider using Winpatorl at least its a great system monitor & now says it has keylogger protection. It will also wipe out cookies as a well as show you all tyopes of info about your system. Reg mon is very light & almost enough HIPs by itself.

than gawd for Safe Mode
spent an hour last night trying to get past a fooked install, went to bed
after another 1/2hr this morning finally remembered Safe Mode and was able
to uninstall the program
I rebooted and for some reason FreeRam came up at 280+, hit AutoFreeNow
and it topped 300, settled just below. online typing this it's stable at 290 and
using about 50mbs less than it did prior to the above uninstall; can't figure
that but will do a hd format this weekend. I'm glad things happened as they
did as I thought it was the PCTools av that was responsible for the extra ram
being used

ok: I use a killdisk floppy in order to format the hd, I only run it a few mins to
mess the files, then do the 4 floppy BootDisk install, then W2K install - -
http://www.killdisk.com/
elsewhere someone recommended using ' HDD Low Level Format Tool ' - -
http://hddguru.com/content/en/software/2006.04.12-HDD-Low-Level-Format-Tool/

ellison, Woody, anyone else have opinions about either of the above programs
or other sw recommendation or other format methods ?

-{ Quote: "than gawd for Safe Mode
spent an hour last night trying to get past a fooked install, went to bed
after another 1/2hr this morning finally remembered Safe Mode and was able
to uninstall the program
I rebooted and for some reason FreeRam came up at 280+, hit AutoFreeNow
and it topped 300, settled just below. online typing this it's stable at 290 and
using about 50mbs less than it did prior to the above uninstall; can't figure
that but will do a hd format this weekend. I'm glad things happened as they
did as I thought it was the PCTools av that was responsible for the extra ram
being used

ok: I use a killdisk floppy in order to format the hd, I only run it a few mins to
mess the files, then do the 4 floppy BootDisk install, then W2K install - -
http://www.killdisk.com/
elsewhere someone recommended using ' HDD Low Level Format Tool ' - -
http://hddguru.com/content/en/software/2006.04.12-HDD-Low-Level-Format-Tool/

ellison, Woody, anyone else have opinions about either of the above programs
or other sw recommendation or other format methods ?" }-
Whenever ive reinstalled w2000 ive used dbans autonuke
http://dban.sourceforge.net/
Its always worked fine for me.I haven't tried the progs you mention so cant comment on them.I really wouldn't mess with freeing up ram in w2000.It just isn't necessary.If you want just a visual ram aid tray icon then try rampage
http://www.jfitz.com/software/RAMpage/
And leave the default to auto free when it reaches 4 meg 9which i doubt will happen unless you have a badly coded programe).Ram is meant to be used ,and freeing up ram for the sake of it is counter productive
ellison

ellison: used the dban and thought it the same as killdisk, again only ran it a
few minutes to mess the files and left it to the W2K installation to format the
drive I have the idea tho when I was using W98 I could do a hd format and it only took, seconds ?

is there a faster method to format the W2K hd than using dban or killdisk ?

installed Rampage which I think's the same as Freeram and now understand
the difference between ram and resource, I've stopped 'freeing'
one thing was having to change the ISP's modem, this one doesn't indicate
when data is transferring so I keep an eye on the Sygate icon. the ram is
staying up as high as 300 and comes back up as soon as I'm offline

OK, my "backup" for Sygate at the moment is:
advanced rules, dll authentication

Sandboxie (with restricted rules)
Threatfire 3.5 free
Avast 4.8 free
Peerguardian
Winpatrol 2008
Processguard free

I don't LUA anymore, got too much trouble running things with Surun.