This new firewall doesn't sound bad ... especially the free part.
I haven't tried it yet myself. So if it sucks don't come crying to me. ;D

NETVEDA
http://www.netveda.com/consumer/safetynet.html

I use it. Its very configureable and takes up a small amount of RAM/CPU. The UI could use some work though.

BTW, check out the forum for it at http://forums.netveda.com/index.php.

I tried NetVeda SafetyNet but it didn't stay on my system but a very short time. My first impression of it was one of "this looks very promising" but disappointment soon sat in.

I set it up in learning mode and asked for verification for everything starting up and accessing the internet. The first sign that things weren't going to be as secure as I liked was when I started up some programs and I asked them to check for program updates on the web. (SpyBot S&D, SpywareBlaster, Ad-Aware). All of these programs started and checked for their respective updates without every asking me for confirmation to proceed. STRIKE 1

Next I ran LeakTest from Gibson Research and specifically configured the permissions to deny this app to run or access the net. It did anyway. STRIKE 2

Finally I decided to access my company's network with verification required and it zoomed straight in, started accepting full traffic and at no time did it check to see if this was a trusted network, if I wanted access to be permitted or denied, etc. STRIKE 3

Memory utilization was two processes running at 8MB each and when you opened up the configuration window it started another process that was 6MB. Not the worst I have seen but certainly not a lightweight either.

To be honest I really wanted this to be a great firewall and it does have the foundation to build a good product on with proper development. I was very surprised by how it didn't require what I consider basic system security for any firewall. On one hand it offers a number of features that would be very appealing to a lot of people, such as private information blocking, content blocking, several parenting controls, ad blocking and much more. However, I question how effective these features are when it wouldn't even stop apps from accessing the internet that I specifically told it to deny.

With all that said, this is still a firewall I intend to keep an eye on for future development. It could be a strong contender with the right development, IMHO

I am on a LAN and a NAT router

No problem. I was just posting my experiences with this particular firewall. Others may get different results. 8)

I tried it out recently and noticed that it doesn't seem to log ICMP traffic. Also, I had trouble getting proxy software working with it. Couldn't figure out how to make it work with Safety.Net. But it's otherwise not too bad I guess... I didn't notice any problems with it asking for app permissions or anything...

I'm testing NetVeda on my system, and I must say im very impressed, the more I poke around with it...I get even more so. Out of the box it passes most of the
leak tests, about 16 of them in all.....some of the tests don't work on my PC.
On my machine all security apps. and so far most of the unknowns, I've tossed
at it seeking net access ask for permission..... you can even block DLLs.
For anyone with small children and/or teenagers accessing the internet the filters are great, from blocking chat rooms totally, or limiting their access to
certain ones....PICS rating....times allowed on internet....an "Eraser" feature
so kids can't give out data....like their address or phone number.
I admit I'm an FW tyro and get lost in the sea of accronyms, and it takes me
a lot of trial and error to learn something....but I believe this firewall is worth
a try, to learn it's quirks, and explore the many features it has.
If one of the many FW gurus give it a test..I'd shure appreciate some pointers
on how to make it more secure.
P.S. Best of all it's free
P.S.S. Heres the requisite screen shot for P2K
http://www.snapfilespro.com/gnomescreen.php?id=108782

Assuming that it's doing it's job, it seems fairly interesting. It bothers me a little that it doesn't log ICMP traffic and makes me wonder if it doesn't block it either. Don't know.. Otherwise, it seems ok... Lots of features as you say for limiting access to things and so on.

Any idea if ICS is supported?

No idea Arup.. sorry...

It supports NAT and is proving to be a very good app once you have the advanced rule making set on patter on BZ rules. So far has passed all the tests.

Thanks to S!X, we are on the way to finding out a very good and free low resource firewall.

For proxy configuration, try setting it up in configuration>system configuration.

Yes, I did see the proxy settings menu/window, but just couldn't get it to work right with Avast 4.6. No matter how I set things up, it would allow IE and others to access the internet without asking me. Don't know if it was just user error or the program. Maybe a little of both... ;D

In my case, I had to grant permisson to all my installed browsers as well as all Avast services. Really good program, only consuming 8mb in my sytem and has passed the Leak Test, Toolleaky as well as PC Flank and Vulchek along with GRC, Sygate and others.

I may have to give it another try sometime. I still have it here.. Meanwhile, I'm sticking with Kerio 2 for a while I think..

K,

When you do, please test it for the fragmented packet vulnerability if you can.

I don't think that I can with Netveda. It doesn't seem to log ICMP at all. And the only way I could tell frag'd packets were getting thru was from the resulting outbound ICMP type 3 to random addresses.. that's what I see here anyway.

You can supposedly do a ping <address> -l 5000, set a rule to block inbound icmp replies, and then see if the incoming fragmented reply goes thru the firewall, but again, I don't think you can do that with Netveda due to it's lack of ICMP logging.

I doubt it's a problem though. Kerio is the only firewall I know of that has that trouble... and I refuse to worry about it anymore... :)

True but it did pass all the ICMP ping tests at PC Flank and other sites.

for anyone confused with NetVada terminology about LAN....
here's a pic from the info page itself...
http://www.netveda.com/images/home_user_deploy.gif

I've used it briefly, and found that it requires a little too much time and energy from me.

-{ Quote: "True but it did pass all the ICMP ping tests at PC Flank and other sites." }-

Then perhaps it would be wisest for you to believe that there IS no problem. ;D

Well in the end, it is a good promising firewall with low resorce need and good interface, the app control is a plus and it is free when more is being charged by others for something far lesser than this. Think I am going to keep it for a while. Does everything that Zone Alarm Pro does but at no cost.

-{ Quote: "Well in the end, it is a good promising firewall with low resorce need and good interface, the app control is a plus and it is free when more is being charged by others for something far lesser than this. Think I am going to keep it for a while. Does everything that Zone Alarm Pro does but at no cost." }-
DLL monitoring as well?

Yes, it does DLL monitoring like in Kerio, Tiny etc.

Kerodo It does monitor ICMP traffic....Under default user....application control
no access...check ICMP...then under netactivity reports it will show ICMP
Under app trust you will notice it trusts windows explorer.
What I did ...was go to groups....hit the drop down...select applications
click new....make an explorer group....then go to default user....and put a
block on explorer in the application contol no access area.
Sorry I can't explain things better....but like I mentioned above...I have
a heck of a time understanding all the internet terms.

Just Wondering,

You can also deny access to Windows Explorer in the trust settings as well. Really easy to use firewall and features excellent control for LAN as well including access control as well as content filtering. Also among the rare ones to support full ICS in free version with stealth makes it an incredible value hard to ignore.

Hi arup.....I found out if I block explorer in trusted apps...I can't access the
internet....I did what someone suggested in the Netveda forum.
I also found out....you can do the same thing many different ways.
If you can show me a screen shot how you translated BZ's ruleset to Netveda
it would sure help me a lot....like I mentioned before..I dont have a clue
what most of these terms mean....mostly trial and error...mostly error.

Thanks

Just create BZ rules in the advanced firewall column but the default ruleset is pretty tight and keeps the system stealthed real good. I have my explorer blocked and so far can still access my explorer. I just added the Verisign and DNS rules from BZ, rest is all there, will post a screen shot for you tomorrow.

Thanks Arup

I'm on a stand alone PC, DSL and my ISP has a FW so I'm always stealthe.

What I've added to advanced ruleset so far.

exporer... outbound... deny all
boottpc.. both...........deny all
boottps.. both...........deny all
icmp...... both...........deny all

This is all guess work on my part...so your screen shot/translation will help
me immensely to understand and use a FW...kinda like "show and tell"

-{ Quote: "Kerodo It does monitor ICMP traffic....Under default user....application control
no access...check ICMP...then under netactivity reports it will show ICMP
Under app trust you will notice it trusts windows explorer.
What I did ...was go to groups....hit the drop down...select applications
click new....make an explorer group....then go to default user....and put a
block on explorer in the application contol no access area.
Sorry I can't explain things better....but like I mentioned above...I have
a heck of a time understanding all the internet terms." }-
Ok, thanks, I will have to take another look at it then. I missed that one. I admit I didn't spend too long on it, maybe a half hour at most. I'll try again soon.

Afraid my romance with NetVeda has to end temporarily, I had to system reboots especially when opening up multiple browsers, after second reboot, my FTP stopped working, Thunderbird SSL GMAIL POP stopped working too, I set up rules for them but still no go, after the third reboot, I decided it was time to take it off although with great reluctance, this product has maximum promise but it still needs honing.

I will give the new Jetico a try but eventually would go back to tried and trusted Kerio+BZ+Winsonar.

I wasn't aware that we had a romance... ;D

LOL! severely apologize for the typo, didnt have my coffee yet, it would be Netveda and not Kerodo.

umm..
I need to ask something. The app control feature is destroyed, I don't know why.
It's on automatic ALLOW. Don't know how.

I was playing around in the settings. No option like this.

so... what's the verdict.

PS: I'd be happy if someone has the default config backed up.

Same thing happened to me, system rebooted all of a sudden and many of my programs lost access to the net including FTP and Thunderbird Gmail POP which uses SSL with 995 and 443.

It's inverted for me.
not same...
ALL progs have allowed access... HOW?

Hey Arup dont give up on Netveda just yet...I think alot of your problems
are from having explorer in trusted apps blocked..
1. Make it trusted
2. Uner group management...make explorer an application
3. Under Security...advanced firewall...deny explorer both ways with everything
I found out by doing just that I can pass 21 of the tool leak tests
the other 3 don't work on my machine.

I meant to add try a uninstall ....install
and try what i said first.....then work from there.
Also if you have activate component learning checked...the rules won't
take permanent effect, and also make sure you click apply in app trust section

I too solved my problem after unistall/reinstall, only to have it come back. Could it be a problem in the firewall itself?

I just did the install uninstall to start with a fresh page....I havent realy had
any probs with the program....just a matter of learning purpose for me.
Not bad for a free firewall ...almost out of the box..to stop all those leak tests.
Especially with a FireWall klutz like me configuring it.

I decided to give NetVeda SafetyNet another try and got better results with this install. The problems I encountered the first time I tried it were not there this time. :) ...ah, the mysteries and joys of uninstall/reinstall

The only issue I currently have with it is that I cannot see the other computer on my LAN, and this is an absolute must.

My connection is:

Internet > DSL Modem > Router > [Port 1: PC #1] [Port 2: PC #2]

I cannot get PC1 to see shares on PC2 (or vice-versa)

Here's a handy little tool for all you FW experimenters.
http://www.larshederer.homepage.t-online.de/erunt/
When you have everything running great, do a back-up of your registry before
going on further. It just takes a second.
I'm on a stand-alone PC, Dsl, with XP home SP2, and all un-needed ports and
services closed. Here are the basics, of how I set up my machine to beat the
leak tests.
Groups.......group type drop down....application...new....group name...type in
Exporer......find windows explorer...click blue down arrow...save.
Security.....Advanced Internet Firewall..Direction..Both.....Rule...Deny
Service..All....Application...Explorer....local and remote network ..
All...Click Add button...and Save.
App Trust...iexplorer ...ask
Spooler Subsystem app..............................NO
General host process for Win32 Services........NO
Firefox....................................................YES
Windows explorer......................................YES
Security apps...........................................YES or ASK
Upper left corner....Check Show components
Microsoft C++ Runtime library.......................YES....click Save
The save and apply buttons are very important and easy to miss buttons.

OOOOPS ....forgot to add, under trusted apps

Services and Controller app.........YES

Leaktests et al

I wonder if anyone has done a serious study of the cost to benefit ratio of going from the XP firewall, to a traditional firewall that is not application aware, to a personal firewall with simple application control such as Kerio 2.15, and from there to firewalls with advanced program control such as Tiny 6.5.

Is anyone really better off if they can pass all the leakests? My understanding is that even the ones that have shown up in actual trojans were attacks aimed at a specific person or network. Yet, the amount of work reqquired to get these firewalls goes up with each level of desired protection.

After all, something llike Kerio 2.15 or ZA free will tell you when a new applicationis trying to call out. Is the possibility that a trojan enabled to communicate via a trusted application, that is also zero hour so that it is not detected by an AV, and will not be noticed in any other way (and believe me there a lot of ways to notice something) that great that it is worth putting up with days of responding to alerts that never seem to end.

From my point of view, many of these alerts are no different than AV false alarms. It may be the firewall or something like process guard doing its job, but the effect is the same. Stop everything and decide what to do with the alert.

Have we simply become obsessed with leak testing to the point that the effort required is way beyond the possible threat? And I mean that in an objective way, not just I am afraid of...x.

Oh I can't say I'm obsessed with leak tests.....Mainly it just bothers me that
so many get thru so easy....So I like to counter to my best ability to stop them.
I run PG full along with regprot. but when it's slow here at work I like to putz
with different security apps and experiment. Mainly it was the challenge to beat
the leak tests....maybe I do alot of things arse backwards...but that's my way
of learning things... trial and error....trial and error.
I've tried a lot of different FWs and get lost in the zillion trillion terms,
and no matter how closely I try to follow someones rules sets...MY O MY..
how hopelessly I mess up.
Netveda is the first FW I've used that I can translate to my way of thinking,
Believe me when I say I'm very FW challenged, so yes I'm darn proud to be
able in a couple of hours to master the leak tests.
The only time when I get alarms.....is when I test or try something.

-{ Quote: "

Have we simply become obsessed with leak testing... " }-

Obviously some have...

-{ Quote: "Hey Arup dont give up on Netveda just yet...I think alot of your problems
are from having explorer in trusted apps blocked..
1. Make it trusted
2. Uner group management...make explorer an application
3. Under Security...advanced firewall...deny explorer both ways with everything
I found out by doing just that I can pass 21 of the tool leak tests
the other 3 don't work on my machine." }-


Thanks for the advice, I already tried this out but the problem remained, also the fact that the system would reboot frequently added to my woes, never happens with ZA, Kerio, Jetico so I guess their packet driver needs some work.

Maybe thats the only way I can learn things
I went thru the same thing when I taught myself DOS
Making my first computor a 386 couple of months after buying an old 286.
Adding more memory as I got the money.....whoo whoo all the way up to 4k Wow then adding a 2X cd rom player, win3.1 and whoa Win95 with 8k
Taught myself microsoft access...Now thats really hard. Sold a few databases
How do to photo restoration....have a couple dozen happy customers..
Also have taught myself other sundry and eclectic things.
I'm 62 years old....and I love to have a challenge and to learn new things
Otherwise one.. mize as well shrivel up and atrophy.
Everyone here talks about layered security.....So what is wrong with having
a leak proof firewall and PG....Seems like a "comfort blankie" to me.

Let me make it clear. My comments about leak testing were not directed at any single person, not a personal attack or making fun of anyone. It is just a call for thought.

This evening I saw something on The Register about how many computers have been compromised. It is really chilling.

The real question is: how many things have to go wrong (including incorrect user action) before you machine gets hosed, and a firewall alert tells you what has happened. Then add on to that, what is the possibility that some kind of spphisticated firewall application bypass technique is in use, when there is so much low hanging fruit around, so to speak.

Obviously, any worm that gets in because the infected system had no firewall does not have to be able to get around an application aware firewall. If it does not get in as a worm, then you had to click on something... and so it goes. Dont let me disturb you, just wondering, let me make you think.

I'm not upset with you....Just that unneeded "shot" from out of the blue
got me kinda hot.
The reason we all come here is to learn and share experiences.
I was trying to make a guide for ppl new to Netveda to be able to set it up
to be leak proof....Once you are familiar with layout...should only take a
couple minutes. Thats not much time to spend to have a leak proof FW.
It is a free firewall and so is Process Guard demo. thats very important to ppl
on a limited budget. Also a great double layer.
I know if someone wanted in my PC they're in.
Same as with my store....I can put all the locks and bars on the windows
if someone wanted in...THEY WILL GET IN.
All I can do ...is make it a big a pain in the arse as possible.

Just Wondering,

Why not use Kerio 2.15 with BZ rules and PG free or Winsonar, this way, you have yourself a good defence system in place, add Avast and two on demand free scanners like BitDefender and Clam AV, do regular scans with them and offline scan with Avast and your way to a relatively safe PC.

If my sassy comment bothered anyone then I apologize. It wasn't directed at anyone in particular. Just a general comment regarding the preoccupation some have with leak testing. But I suppose it's a valid concern for some...

Now let me start out with this "DISS"-claimer.
This is just a general comment...aimed at no one...and fer shure not to start a
food fight.
But I find it highly ironic, that "someone" could state that someone else is
preoccupied and/or obsessed, when I notice "some" people spend months
Waxing poetic over the esoteric values of some exotic firewalls.
Installing, uninstalling several firewalls a day...formating quite often..but yet
have nothing of value on the PC...or use on-line banking.
So I'm Just Wondering
Isn't that being a wee bit preoccupied, obsessed, addicted or compulsed?
I do wish to do online banking...bookkeeping...and an occassional foray on Ebay.
I do wish to make my PC as secure as I can with my limited knowledge.
I do wish to have the double comfort of a leak proof FW, and Process Guard.
I do wish to make this PC more than a TOY or HOBBY.
If I can have Netveda do what I want, and have all my "do wishes"...then Yes
I certainly am obsessed, and pixilated (eccentric, daft)

P.S. I surely do hate being patronized

Thanks Arup....I still am happy with Netveda, and I already have PG full.
I've got winsonar on my machine....I like it....but it acts flaky.
I have all sorts of trials and freebies...using different combos...Hoping to pare
down..and run lite and trim.
In case you've missed this link.....all sorts of great freebies
http://www.techsupportalert.com/best_46_free_utilities.htm
You should really lke d3tr.de
It still amazes me...all the great free programs out there....and the time
and the effort a lot of people put in them...Many are better than the
paid versions.

Enjoy

P.S. BZ's rules are still "geek" to me.....ar ar

Just Wondering,

I too am quite interested to see NetVeda grow to be a good app, Kerio is old now and even though it is good, have to keep an eye open for newer apps. I am giving NetVeda another try but this time with Winsonar and all other intrusion apps disabled to see if there is any type of conflict, will keep you updated. Would be happy to find the freeware firewall that works as good as Kerio with even more features.

Hey Nod13...saw your question over at netveda forum.
If I understand this correctly....the rules won't take permanent effect
if in the Security section....the... Activate component learning ... is checked
also make sure the apply button is pushed. I have everything else checked
in that section....I hope this helps.

Just Wondering-

We all have our obsessions. Mine are usually brunettes:) It is just that a few of us think the whole thing with leak testing is getting more press than it deserves. From my point of view it is a cutting edge concept designed to protect against some extremely rare types of attacks that comes with major usability problems.

If you do this as a hobby, you can spend a year playing with with something like Tiny 6.5, and that is fine. So go ahead and test to your hearts content. I am not a mod, but do not forget this is a public forum and some folks will have different ideas from yours. Sometimes with spicy ways of expressing them.

Thanks for the good link, by the way.

Diver....I dont recall in any of my posts...trying to foist my opinions on anyone
else.....but I felt I was being attacked for having them.

You say Tomato...I say Tomatoe....still the same thing....just a different way
of looking at things...What may be very important to one person...the next guy
could care less. Anyway...I've vented now...

Glad you liked the addy.....did you try erunt...very handy for our
...........................MAD EXPERIMENTING...................
http://www.larshederer.homepage.t-online.de/erunt/

@ Just Wondering...
Hia.
my nick's... no13 and not NOD. LOL.
Thanks for the advice.
my problem: It seems that rules are ineffective. I have to pause and restart the service [from its console or right click] whenever this happens.
your freeware link was absolutely smashing.
And BZ's rules are just apply and forget.
here's an alternate kerio setup : www.geocities.com/yosponge : mainly for blocking of adserver ips... has preconfigured many apps for default ports [so that no app uses a non standard port]. BUT the rules-table is full for Kerio v2. It needs kerio4 if you want to add more rules.

-{ Quote: "Diver....I dont recall in any of my posts...trying to foist my opinions on anyone
else.....but I felt I was being attacked for having them.
" }-

Just Wondering....

Nobody was attacking you.. if you thought so then you need a thicker skin.

And I'm *sure* you're not talking about me... ;)

So far NetVeda is running fine, I have still left it on learning mode, no surprising reboot, as a matter of fact, after I posted the reboot issue on the NetVeda forum, I ws surprised to see a mail from their tech support asking me more details on the reboot issue including minidump, they are on the verge of releasing version 3.7 so they want to be totally sure of all the issues.

As I have said before, NetVeda has very good sandboxing feature on its own, add some better rulesets and you have a fantastic free ICS ready firewall which can go with the best out there.

Arup, can you explain how you got Netveda to log ICMP? I tried running it again, and even tried those settings under default user, but couldn't get it to log ICMP. I went to grc.com and did a specific port scan which usually causes grc to do a few pings to my system in the process, but I saw no ICMP in the logs. Just curious. Did I miss something simple again? It doesn't seem to log it here.. (I think it was you who told me how to do it before?)

Kerodo,

Since your inputs are truly relevant, why not send out a mail to support@netveda.com and ask them about this issue, inputs like this would make this product truly good and free alternative to Kerio and Tiny.

They are prompt in their respose and since they are on the verge of launching version 3.7, they would truly appreciate any feedbacks you can give.

Good idea Arup, I'll send them an email tonight and ask about it. It seems to be worth looking at so far... I kinda like the program.

PS - Just sent them an email. We'll see what they have to say.. :)

What do you mean by the term sandboxing...and how does Netveda do that. Please explain in simple terms...remember I'm clueless in tech talk.
If I set...so and so.....to so and so.....what will that accomplish.
Kerado...Again...I can't speak "geek" talk ...so I'll explain as best I can
http://www.techsupportalert.com/best_46_free_utilities.htm
If you use that tcp optimizer it will ping your computer.
if you look in the network activity log...refresh you should see imcp activity.
Also on that 46 best free software site..that dstr.de program has all sorts
of goodies for you "techie guys".

-{ Quote: "What do you mean by the term sandboxing...and how does Netveda do that. Please explain in simple terms...remember I'm clueless in tech talk.
If I set...so and so.....to so and so.....what will that accomplish.
Kerado...Again...I can't speak "geek" talk ...so I'll explain as best I can
http://www.techsupportalert.com/best_46_free_utilities.htm
If you use that tcp optimizer it will ping your computer.
if you look in the network activity log...refresh you should see imcp activity.
Also on that 46 best free software site..that dstr.de program has all sorts
of goodies for you "techie guys"." }-

Sandboxing means that your security application [Tiny firewall, norman AV] will STOP an unknown (not present in database) application from performing any action (execution, connecting to net) at some point when it is loading, and while it is suspended, it will give you options on how to respond to this behaviour. Norman AV analyses the application using Heuristic techniques, and reports whether it is a virus or not. [Norman simply calls there heuristics as Sandbox™... otherwise most AVs have this capability... anyone wants to correct me?]

So basicly ....Just another way of saying application control ....like most FWs, PG, SSM and many others have.....aaah my bulb is getting a bit brighter.
Yeah I had trouble with pcauditII and most of the afwt tester.
Have you tried my rule set posted earlier in this thread...on my machine..it
aces them

Just Wondering,

I am still trying to find out the mysterious issue of reboot, as soon as NetVeda gives me a solution for that, I will check out the rule.

Application control can mean a lot of things. At its most basic level is a firewall that only allows approved applications to make a connection. Sandboxing with respect to firewalls usually means that other tests are being made such as inserting global hooks, starting other applications, modifying physical memory and other behavior of a process that is likely to be malware or attempt to defeat a firewall.

-{ Quote: "Application control can mean a lot of things. At its most basic level is a firewall that only allows approved applications to make a connection. Sandboxing with respect to firewalls usually means that other tests are being made such as inserting global hooks, starting other applications, modifying physical memory and other behavior of a process that is likely to be malware or attempt to defeat a firewall." }-
Ahh... the sign of a master...
thx for the correction Diver!

okay....second part of my guestion...How is Netveda sandboxing..
What do you do to set it up....or is it pretty much set up to do that.

Now on this machine...I'm pretty much the only user...
buuuuuuuuuuuuuut at home, there is a 12 year old boy...who really did a number
on my old machine....clicking on a pop-up....and going to cheat sites.

If I understand this correctly...If I set up a log on account for him....It should
be a breeze...to limit him to the hours...sites... etc.....He he he.....hmmmmm
looks like I'd have total control....I't will take me 2-3 hours...to reset up.

Oh and by the way....of course he said he didn't do anything.

P.S. to last post....meant 2-3 hours to set up old machine....
Looks like to set up the filters should be a breeze

Just Wondering - Ok, I will try once again to see if I can see any ICMP activity. I wrote them an email last night asking about it also and am curious what they will have to say. Perhaps I overlooked something, although I'm pretty sure there's no ICMP logging. But if you are seeing some then I must be doing something wrong. I'll try again..

Ok, it looks like I was wrong, and it was just a case of user error. Netveda apparently does log ICMP but it's turned off by default. You have to enable it. Here's the reply they sent me this morning. That's pretty prompt response time too, so that's impressive. I'll have to put Kerio 4 aside for a while and try this firewall again and experiment with it for a while. It did look pretty nice...

"Hi,

Thank you for trying Safety.Net.

By default the Alerts for the ICMP scans is turned off. You may enable it by selecting the option in the 'Configuration' screen, Alert Reports -> Options -> "Hide computer on Internet".

This should start printing the alerts in 'Alert Viewer'.

Please let us know if you have any questions.

Regards,

NetVeda Support"

kerodo..You and Arup seem to be getting pretty good response time...thats
impressive for a freebie app.....

He he he....I just found out another side benefit of Netveda

My G/F was just online....on Ebay and she told me she couldn't get to
the next page to see the pictures....My first thought was the Filters
So I looked....Default user....Web Filters...Block Web Site Group
I had Advertisements Checked

Hmmmmm Now I know for sure gotta get this FW on our new home PC

Kerodo,

Are you using Avast with NetVeda? In my case, I sent them my minidump file and they mentioned aswmon to be the cause of the crash. I have sent them a feedback on this telling them to provide a rule to bypass port 12080 as we do in Kerio 2.15

By the way, how about Jetico, let us not forget this wonderful firewall as well, as long as it is free, let us also take the benefit of it, I am using it on my second PC, finally have the rules tamed to an extent, Jetico is very nice to block out all the ad related stuff that comes with your mail, most MSN as well as Yahoo group mails would have those pesky bandwidth robbing ads and it is very easy to create a rule in Jetico to filter them out.

The other request I am giving to them is to devise a IE piggyback prevention rule, this should always be set to 'ask', in fact I am requesting them to both Jetico and NetVeda. I have explorer.exe block rule in Netveda but that same rule cant be applied to Jetico as that blocks IE as well. This can be added as an option rule for those who don't use IE for browsing and only use it for Windows update.

Just Wondering,

NetVeda is truly an awesome tool for home net access management. No other program which is free offers so much, as a matter of fact, even LAN groups can be assigned individual access and facilities rights. For parents concerned about their children's surfing habits, time limits as well as content filtering can be easily applied and that too for individual group accounts on LAN. If NetVeda weeds out their bugs, I am recommending it to all home users I know as well as small office users where the admin will have total control on access.

Arup - I have changed back to AVG AV for the time being. Avast with it's proxy stuff made things a little more complicated with all these firewalls. I got some really weird results with Kerio 4 beta and Avast, some apps needed the proxy ports and some didn't. Not like Kerio 2 which worked fine with Avast and proxy. I tried using my Kerio 2 proxy rules in Kerio 4, but got different results. I'm thinking Kerio 4 is just a little weird there. In fact, just about anything is possible with Kerio 4... :)

Tried out Kerio 4 on my other system a day back, what a nightmare, locked up the entire system, wont even let me load explorer, had to go to safe mode in remove it but wont let me do so, took a lot of coaxing and prodding and headaches to remove it, am going to stay far away from Kerio 4 for now till I hear some more favorable views.

Sorry to hear about the problems. It works fine here for the most part on a Win2k machine.

It may be years before you hear any more favorable views on it though.. :)

-{ Quote: "kerodo..You and Arup seem to be getting pretty good response time...thats
impressive for a freebie app.....
" }-
It's always nice when you get a response like that from a developer. Jetico is like that too. It's in sharp contrast to some of the other bigger players.. :)

One of the reasons I would always stick to companies like these, also the fact that they are less popular makes them less prone to hacker's target.

By the way, another company which responds to personal mail for a free product is Softperfect, they have just released a new version of their firewall yesterday, at 960kb, this has to be the leanest firewall out there, time for a trial. What do you think Kerodo? Would be nice to hear your opinion in it too.

If I remember right, SoftPerfect doesn't have app control? I think I looked at their web site, but haven't really tried it yet... For firewalls without app control, I'm pretty much sold on CHX-I and 8Signs. CHX-I can't be beat, especially for free..

Yes, no app control but truly a lean, mean firewall. Highly customizable, you can set your rules like Kerio 2.15

CHX-I is the leanest of the lean... :) Granted, it takes a little work to understand it, but once you do, it's great. I guess I'll have to look at SoftPerfect too, just to be complete...

I used to lean towards these no app control firewalls, but lately I'm leaning toward app control again and perhaps more security for Windows. My project this weekend will be to dive into Tiny Pro 6.5 and see if I can make any sense of it.

Arup, could you send me the minidump as well? Thanks.

vlk at avast dot com

Hi Vlk,

Already sent out the mail.

One of the reasons I would always stick to companies like these, also the fact that they are less popular makes them less prone to hacker's target.

I had checked with diamonds pg demo.exe and it doesn't target the Netveda
firewall....but it does target whatever other security app I am running.

Has anyone on a dial-up or on a non firewalled isp..or router ran the stealthe
tests at PcFlank or grc...and checked the results.

Still is running great on my system.....it's passed everything I've tossed at it.
Running normal...I get no alarms.

Just a couple minor wish list things...The ability to have it boot ..block all.
and to be able to kill apps or services......I'm pretty sure Outpost can do that
if I remember correctily.

It is the only FW that I've used so far....That with my very limited FW knowledge... that does what I want it to, and in a very short time.

I think I got me a keeper here.

I found out today that my ISP is totally firewalled so installing another firewall is redundant, I ran my system without any firewalls and it passed all the stealth tests.

-{ Quote: "I found out today that my ISP is totally firewalled so installing another firewall is redundant, I ran my system without any firewalls and it passed all the stealth tests." }-
Your ISP may filter traffic from outside networks but this would not protect your system from others on your ISP's subnet.

Regards,

CrazyM

Crazy M,

Good point, the only problem now is how do I test my firewall, do I live with a false sense of security thinking my firewall is working and I am totally safe from attacks.

This ISP firewalling is new, without any announcment, they decided to implement this, I will run a firewall just to be safe.

Ther is a lot that ISP's can do to improve security for everyone. I have not seen an emaill virus in a few years since my former and current ISP's started scanning the mail. My ISP blocks ports 135 and 445. There is some new technology that allows ISP's to identify bots (compromised machines) by the type of traffic they make.

-{ Quote: "... the only problem now is how do I test my firewall ..." }-
If there is someone you know and trust on the same ISP subnet get them to scan your system for you.

-{ Quote: "... do I live with a false sense of security thinking my firewall is working and I am totally safe from attacks." }-
Do you see anything in your logs at all from systems on you ISP's network?

Regards,

CrazyM

Sometimes I do recieve pings from my ISP, dont think that is normal.

Arup....If you showed stealthe using whatever FW...before your ISP provided
a FW.....won't the same FW, still do the same thing?

My ISP has a firewall too....thats why I asked earlier..if anyone had tested
on a dialup...and not behind a router, or ISP firewall

Yes, but I have started using Jetico and NetVeda only recently and I have no idea when my revered ISP decided to raise up their firewall behind our backs, prior to using Jetico and others, I was a smugly happy man using Kerio+BZ and was quite happy in doing so.

I for one would rather have my own firewall than the ISP, this way, no one is under a false sense of security, furthermore remote firewalls can lead to lots of problems like port access etc. It is your question that got me pondering about ISP firewall so I decided to check out my system without one and there is the result.

-{ Quote: "Sometimes I do recieve pings from my ISP, dont think that is normal." }-
ISPs tend to do that.

It's normal... perhaps blockable. Maybe it will stop your internet connection [time it out]... But I'm not sure... you need to try this out.

no13, thanks, will try it out. I usually block them but dont get any connection problems.

Had a friend of mine on the same ISP ping me with firewall on and off and all his requests were timed out.

Thats why I liked when I was trialing Outpost...and now using Netveda...you can see all the goodies that happen when you first go online..I have prevx
on my machine....not in use right now...but that tries to ET home..one of
the many things my ISP hooks up to is shareholder.com...I've checked it out
It seems legit...but I have it blocked for G.P.s, Mozilla was another one that
would send out went I connected....Giant/MS antispy...etc.
I've read that Zone Alarm seems to do the same thing.
Now I'm sure... ahem... ahem....they are all gathering this information..out of the goodness of their hearts.. to help all mankind.
But if I had my druthers....I'd druther not share that info.
I have none of my apps...on auto updates.
Thats why on my wish list for Netveda....to able to set it on block when I
first boot up.....I'm always online.....thats when a alot of these apps..try
to "call out"

There is a feature in NetVeda to block particular sites, have you tried using that? I too would rather not share any info, I have seen as soon as I open Firefox it tries to connect to bbc.co.uk, doesnt happen with Opera.

-{ Quote: "Thats why I liked when I was trialing Outpost...and now using Netveda...you can see all the goodies that happen when you first go online..I have prevx
on my machine....not in use right now...but that tries to ET home..one of
the many things my ISP hooks up to is shareholder.com...I've checked it out
It seems legit...but I have it blocked for G.P.s, Mozilla was another one that
would send out went I connected....Giant/MS antispy...etc.
I've read that Zone Alarm seems to do the same thing.
Now I'm sure... ahem... ahem....they are all gathering this information..out of the goodness of their hearts.. to help all mankind.
But if I had my druthers....I'd druther not share that info.
I have none of my apps...on auto updates.
Thats why on my wish list for Netveda....to able to set it on block when I
first boot up.....I'm always online.....thats when a alot of these apps..try
to "call out"" }-
Mozilla was probably just checking for updates.

Happens when I've just started firefox. Probably same for mozilla?

-{ Quote: "There is a feature in NetVeda to block particular sites, have you tried using that? I too would rather not share any info, I have seen as soon as I open Firefox it tries to connect to bbc.co.uk, doesnt happen with Opera." }-
Firefox is probably trying to access any RSS feed bokmarks you have in your bookmarks, Arup.
About site blocking... if you know the domain name, it is much more faster to use the hosts file [and better for someone who's going to trial many firewalls].
IP blocking firewalls are also available [like the one from BlueTack whose name I forgot...]

Protowall is the name of the ip blocker. [if you can't see the board, and don't wanna register, simply move to the downloads page]
http://www.bluetack.co.uk/forums/index.php?showforum=127

IP Blacklists are available for download. They may not be to your liking.

I have used Peer Guardian with Bluetack manager, pretty good stuff for enterprise level, not really needed for home users.

You guys are a lot more tech smart that I....but I'm sure I'm far older than
anyone here....so I have a different way of looking at things...and it may be
a left brain thing.
The bottom line....is that it is so old....that it is new...
My phone company.....sells it"s new business customers name to who knows
how many....."spammers" been in biz now about a year and a half...and still get
callers daily......My state used to sell car buyers names to ppl.
A retailler offered a free ISP service a few years back...just fill out a form
with questions number ppl in family ...income range...etc....I wonder how
many poor lambs filled that in....having complete trust in the company...and how many times that info was sold.
Why do you think double click ...ccw....and all the rest gather this information
in the GREAT DAtABASES IN SKY......the more info they have on you....
the more your name is worth....for resale.

Its just a high tech way of doing things....Just a little bit different slant
but samo samo bottom line......MONEY

Just a quick note here before I go to work.. I have been in touch with NetVeda about another issue. I believe that I am seeing fragmented packets getting thru here, just like Kerio 2. Same scenario. They asked me if I would like to see an option to block fragmented packets and I said Yes, that would be excellent. So perhaps they'll add that soon. And even if I am wrong here, it will add some further peace of mind and security to the product. Other firewalls have the ability to block fragments, so it would be excellent to see this in Netveda as well.

Kerodo,

Does Jetico block fragmented packets? I know that it blocked Wallbreaker pretty effectively.

Arup, yep, I have no troubles with Jetico. If you look in the Internet section (I think), there's a specific rule to block fragmented packets. I never had any problems with Jetico.

The whole fragmented packet phenomenon is interesting. Running Jetico, Sygate or Look N Stop, I can see the fragments come in (in the logs) maybe 6 to 8 times a day. There's always a pair of UDP packets. One fragmented and one along with it (same exact time) to port 1026. I believe it's just messenger spam and they're trying to use the fragmented packet thing to get past some people's firewalls. Anyway I can see them in the logs. I have no router, just a cable setup here. If you're running a router you'd never see them. And probably not if you're on dial-up either.

When one gets thru Kerio 2 or Netveda, I see an immediate outbound icmp type 3 code 3 to the address of the sender (not my dns servers address). This means that the UDP fragment got thru the firewall to the OS, and the OS is responding with the outbound icmp type 3 code 3 (port closed). I saw it yesterday in Netveda, just like Kerio 2.

I'm sure that's what's happening, but I suppose there's some slight chance that I'm wrong. But those are the only two firewalls I've ever seen it happen in, and I've tried dozens here.

The good news is that NetVeda is likely to add an option to block them, so that's nice. With Kerio 2, you have to live with it because it's no longer being supported or worked on.

Again, whether it's even a valid concern or not is another question. Incoming UDP to a closed port is of little concern. I wouldn't worry about it much I guess. I think it's just interesting when I do see it happen. NetVeda seems to be interested also. I'd look for (hopefully) this option in the next release if there's time.

K,

I saw that rule too, although in Jetico, by default, they are set to 'Accept', I set them to 'Reject', Jetico is truly a very good program and as others have mentioned, a good successor to Kerio 2.15 What it really needs is a better interface for rules, like one in NetVeda.

I didn't know it defaulted to accept. I thought it was reject. Should be anyway.. The Jetico interface is a little weird and something one has to adjust to I guess. I kinda liked it first time I saw it, but later thought that it was overly complex and a little difficult to use. Still, it's a good one..

Seems like most people around here are early birds instead of night people. I get up late around 10:00 or so and find a thousand new posts already. At night it slows down considerably.

K,

I am in India, it is 12 in the afternoon here.

Wow.. I guess you have a point. I tend to think that everyone is in my own time zone. My mistake!

No problem, we all tend to do that from time to time, one question about Jetico, do you get services.exe popping up from time to time, even though you have put in in the services zone rule already?

No, I don't get any popups from Services.Exe. Only thing it does here is DNS lookups. I never see any prompts though...

Strange, I get services.exe pop ups at least once in a day.

Arup,

I have spent a bunch of time in India, although it has been a while since my last trip. Fascinating place.

Re: Jetico. What that baby needs, in addition to a lot of regular firewall features they left out, is to cut down on the user interaction. Too many requests for network access from programs that do not actually connect out.

Diver,

Next time you come down here, be my guest. What exactly fascinated you about India? I am curious, PM me.
I have moved back to India after 17 years in NY, so for me, it is another learning process, left India when I was 16.

Arup - Re: services.exe, you might take a closer look at what Jetico is telling you in the prompts for services.exe.. i.e., is it trying to connect to some remote address and port, or is it just trying to access the network, etc etc. That may give you a clue as to what's going on. Could possibly be something unsavory.. hard to tell though. The only thing services.exe does here (on Win2k) is dns lookups only to my dns servers, never anything else, ever.

K,

That was the first thing that stuck me, however, this was a app related pop up and not an access to network type, funny thing is that the new Jetico looses connection with LAN after 10 minutes or so and I have to hit Allow All and then Optimal to get LAN access. I have done a thorough scan with Avast, Ewido, a2, Clam and BitDefender so dont think there is any chance of a virus left.

For the time being I am back with the trustworthy Kerio 2.15+BZ with SSM.

You guys are going WAY OFF TOPIC here can we please try to keep it to netveda. If you have problems with another firewall then start another thread or pm each other please this ones getting long already. ty!!!

-{ Quote: "You guys are going WAY OFF TOPIC here can we please try to keep it to netveda. If you have problems with another firewall then start another thread or pm each other please this ones getting long already. ty!!!" }-
anonymous moderation!
LOL

Yeah, that's a good one eh no13? ;D

He does have a point though.. ;) But I don't see how you can stay on topic in any thread. The subject matter is always going to wander some no matter what you do...

Everyone-

Forgive me for bumping this thread and its previous 50 off topic posts. However, I did get around to taking a look at Netveda. It did not use much memory. Like Hipgnosis, I could not get it to allow netbios inbound from trusted lan addresses. The interface is, from my point of view, frustrating. Sorry that I can not be more specific, it just did not impress me. Anyone can quote me on that, but try it yourself. After all, it is free.

It might become pretty good in the future, but it did have a lot of features that I don't make use of. Can't say about the LAN problem as I don't have one here. Seems like another potentially good firewall which needs a little more work.