Outpost Pro 4.0.971.7030 (584) Released

seems there is no fix for that Vulnerability/Bug published by Matousec in this version ...

 

Outpost 4.0 will beat jetico in leak tests.

As for the Spysweeper issue, I don't know if it has been resolved, but it is Outpost's security architecture Anti-Leak that prevents malicious activity by suspicious applications. It is simply doing its job. When a known safe application requires certain system privileges guarded by Outpost's Anti-Leak option, you just have to exclude the application from those areas. An example screenshot is provided showing SysSafe.exe (System Safety Monitor) allowed DNS API requets and Process memory injection. So whatever it is that Spysweeper needs exclusion from, it is simply necessary to choose "Allow" for those parameters. If there are still stability issues between Spysweeper and Outpost after all necessary exclusions are made, then something has to be fixed in either Outpost or Spysweeper, or possibly both. BTW, for "Use Global" I have "Prompt" for everything.

 

The firewalker tests put Jetico right up there, evening besting Outpost 4 in many or most tests. KIS was a bit stronger in some instances. But overall it looks like Jetico was best.

I would *expect* Outpost to do better than these tests indicate, so maybe it's a case of which settings these apps were running. Without knowing this, such tests are almost meaningless.

 

If these adjustments within Outpost will effectively avoid any conflicts with Spy Sweeper, then it is a powerful argument to give Outpost another look. I liked it a lot when I used it last month, but one BSOD is too much for me -- I'm not as young as I used to be!!

I may have to re-evaluate the value of Spy Sweeper, now that I've gone to NOD32 as my av and since I've recently learned more about security layering. Problem is I just re-upped on my SpySweeper for two years (at 30 bucks), so I'm not excited about ditching it.

 

Outpost ver 3.5 was tested at that time. The latest ver 4.0 passes all the leaktests. It was also Jetico ver 1.0 tested. I'm not sure how much better, if at all, the latest beta 2.0 is.

The first ver of Outpost 4.0 was pretty unstable, Iwill admit. I didn't like it even though it ran okay for me, but it did exhibit some minor nuisances, especially the missing taskbar icon and some general lagging issues. I tried Comodo, liked it alot, tried Kerio 2.1.5, liked it alot, then tried the latest Outpost 4.0 release and found it to be excellent. Since I have a license, I went with it and so far very pleased with it.

Whether or not it will work for you can only be determined by trying it. Hopefully it will work for you if you do decide to give it another whirl. It is a very powerful security app and quite user-friendly if you set it up accordingly.

 

Yeah, I'd like to see some tests with up-to-date versions of Outpost and Jetico. I'm running Jetico 1.0, to get an idea of how to use a heavy rules-based fire wall (I'm a newbie at it); before I jump into the beta 2.0.

Do such up to-date-tests exist?

 

AFAIK, not yet, but some, myself included, have run the available leaktets on Outpost 4.0 and it did pass them all.

 

CPR, I know this is a bit OT, but you mentioned you tried (and liked) Kerio 2.1.5. Have you also tried Jetico? If so, how do they compare??

I know they are both more simplified, "light", rules-based firewall apps -- as compared with today's more bloated and multi-faceted "firewall suites". As far as being able to set up strict rules that don't require a PhD in programming to write, do either of these qualify, in your opinion??

 

You're right -- the proof is in the pudding! Guess I'll have to saddle up the new version of Outpost to see if they've cleared up the conflicts with Spy Sweeper. But first I want to have a longer look at this Jetico 1.0 I just installed last night. It derseves more than one day at the beach.

 

Kerio 2.1.5 is an excellent little rules based firewall. Very light, very configurable for controlling application traffic and not too difficult to use. If you are comfortable using/learning a HIPS, I would recommend partnering one with Kerio to bolster defenses. With those two and a good antivirus app, you will have a very powerful security setup, provided you configure everything properly.

I briefly tried only Jetico 1.0. Similar to Kerio but it offers better overall security, lots of pop-ups and a little more difficult to figure out. I don't reemember too much else about it because I didn't keep it very long. As much as I like pop-ups, even Jetico's were a little overbearing for my liking. Still, you might want to try it out and post questions in this forum if you have any. There are a couple members, at least, who are highly skilled at configuring Jetico and would likely help you out.

 

So you think Jetico offers better security than Kerio 2.1.5? After what you said above about Kerio, that would make Jetico that much better!

Btw, as I've been using Jetico this past 24 hours, indeed there pop-ups -- but I see them as a normal part of the learning curve. Even Zone Alarm puts you through that. KIS, too. Most firewalls, as far as I know have a learning curve.

What I've noticed on Jetico is that when it gives me a pop-up there is often a choice to put the program/app in question into the "trusted" zone. Aftter doing that, the pop-ups diminish substantially. Do you think it's wise to put an app, like NOD32 for example, into the trusted zone?? I can't think of any reason why not. If one knows the app and what the pop-up is asking, then I see no reason why trusted apps cannot go into the trusted zone. Am I missing something??

 

It's not something I would do, but it depends on how securely you want to control your applications. I don't know what Jetico's trusted zone entails, but it likely means any local ports and any remote ports and hosts.

In my case I have nod32krn.exe allowed to connect out to port 80, TCP, local port range 1024-5000, and also out to port 53, UDP, remote ip my router's lan ip (for dns querries), local port range 1024-5000. I could have made it more restrictive than that even, tying it down to my local NIC's ip and also restricting the http connection to Eset's update server ip's, but I just didn't bother.

For Ad Muncher alone I have 12 different rules for it, so I'm probably in the fairly paranoid group when it comes to configuring firewall rules.

Again, I really can't help you with Jetico configurations because of my lack of knowledge and experience with it.

 

The above rules you have made are for Outpost 4? Yes, I would say your restrictions on NOD are tight! What are your reasons for that? Afraid of imposters calling themselves "NOD32" getting installed and calling out??

 

Yes, for Outpost 4. To answer your second question, I guess hanging out in these security forums has made me increasingly paranoid Well, that's part of the reason. Several security experts in these forums recommend these types of retrictions, even on well known apps, so that is part of the reason for my rules, and also it is simply a nice way to learn about networking.

I suppose there could be malware created that disquises itself as NOD32, if it hasn't already been done. It is quite common, I understand, for malware to disquise itselt as svchost.exe, a common Windows process that manages services, usually as a group. That is why it is especially important to apply tight network restrictions on it.

 

Yes, and thank you some of us have older systems and it is an issue.

 

Hello cprtech,

Yes I agree with you. The newest version of Outpost 4.0 is a MASSIVE IMPROVEMENT over the first final release. Agnitum have fixed a number of issues in this particular version, in my case the situation with Avast's Standard Shield module, and they have fixed some other problems too. Reading the Outpost Forums there are now more users happy with it than previously. There are still a few things to be ironed out, but Agnitum seem to be getting it sorted, slowly but surely. RESULT!!!!

Richie

 

Yes, and a big RESULT that is!

 

The problem I find with Outpost Pro 4, is no matter what rules there are for Windows Live Mesenger, is that it absolutely refuses to let it auto sign in during Windows startup or rebooting the computer, the initial installation allowed it to sign in,but after that, it requires a manual sign-in. I've missed countless messages due to this cause I keep forgetting to sign it in, as all the other firewalls I used allowed it. I had an online chat with some technical help person at Agnitum,but they said to allow port 1900 UDP Outbound, the automatic created rules in Outpost block this port, wtf is going on?. I noticed Outpost has set my LAN too 10.0.0.1 but on one occasion it was set at 10.0.0.2 and that allowed WLM to auto sign in, how do I get it back to 10.0.0.2, or in short, "How the hell can I get Windows Live Messenger to Auto-Sign In"

 

Yeah i have noticed that as well, i use messenger 7.5 and it doesn't seem to want to auto sign in, and it also seems to always take two attempts to sign in before it actually does it.

 

I dont know If I'm onto something here,but I tried this and it worked for me :

I came across this site by accident www.agnitum.co.uk and I chose to download Outpost 4,and discovered it was only a 12.6MB download English/Deutch languages I think, dont quote me on it as I'm not sure, anyway I dont think it has ALL Languages in the install. It installed but it was the previous version still, not the update that was released Nov 7. I chose to reboot later instead of after installation, and changed the policy to accept most, from the default installation of rules wizard, and chose predifined rules,and not automatically create rules. I checked the rules settings in msnmsgr.exe and found some rules that I did not on previous installs see, except for Block 1900 port. I clicked modify rules from block to allow, and renamed it Allow 1900 port. From then on I tried 5 reboots,and each single time MSN MEssenger has auto signed in. Lastly I went to www.agnitum.com and downloaded the Deutch/English version 12.6MB this site has the most recent version, and I chose to keep my settings and they were configured into the new version. MSN Messenger is still signing In. Like I said it worked for me, and it might work for you too.