RFW 2009 (Rising Firewall) Free + RIS 2009 Free

Someone · #1 July 2nd, 2008, 01:55 AM

Hi

http://www.tucows.com/preview/512796#MoreInfo

Has anyone used this? How good is the security? Is it light?

Thanks

Kees1958 · #2 July 2nd, 2008, 03:42 AM

Feature set somewhat simular to new Sunbelt FW (paid), without HIPS (beacuse that is in Rsiing AV):

- operations mode, I like the silent mode(=allow only whitelisted) and smart mode(=ask user)
- nice granular appplication control (not only processes but also dll's) and network (protocols & ports)
- image exection control
- ARP Spoofing protection
- trojan scan (looking at which ports are in use -> programs related -> run against malware blacklist)
- admin password

Runs on a Pentium III, so should be light

Someone · #3 July 2nd, 2008, 08:29 AM

Quote:

Originally Posted by Kees1958

Feature set somewhat simular to new Sunbelt FW (paid), without HIPS (beacuse that is in Rsiing AV):

- operations mode, I like the silent mode(=allow only whitelisted) and smart mode(=ask user)
- nice granular appplication control (not only processes but also dll's) and network (protocols & ports)
- image exection control
- ARP Spoofing protection
- trojan scan (looking at which ports are in use -> programs related -> run against malware blacklist)
- admin password

Runs on a Pentium III, so should be light

Hi

What's image exection control and ARP Spoofing protection?

Thanks

acr1965 · #4 July 2nd, 2008, 08:49 AM

Anybody have a link to a comparison chart of the differences between the light and paid version? This looks like it may be one of the few stand alone firewalls that runs on Vista. I plan on checking it out over the next few days.

acr1965 · #5 July 2nd, 2008, 08:55 AM

Well here are the paid versions features-

http://www.rising-global.com/Publish...isingav.html#2

http://www.tucows.com/preview/501164

Key features: 1. Supports Multiple Users, Rising Personal Firewall provides an administrator account and a user account; 2. Trojan Identification Technology; 3. Prevents Misuse of IE Features; 4. Anti Phishing and Anti Trojan Features; 5. Protects from Suspicious Modules.

Free v. Paid look like the same features?

Kees1958 · #6 July 2nd, 2008, 02:10 PM

Quote:

Originally Posted by Someone

Hi

What's image exection control and ARP Spoofing protection?

Thanks

Image execution control = checks a calaculated/hashed total of the executable trying to connect to the internet (and sometimes also path) against a value in an execution allow data base = when numbers mataches => executable is not changed and still to be trusted = to be allowed to connect

ARP spoofing/poosining see http://en.wikipedia.org/wiki/ARP_spoofing

Note in general

Do you have a router?

When yes it is a good idea to change the router defaults.

Admin and user/client passwords, disable remote management
change IP address of your router (what you type in your webbrowser to enter the configuration utility of your router, note stay out of the managed zone, ofter a range in your IP address range)
Check IP addresses of all clienst loggged on and figure out their mac addresses, enable mac address control
When on wireless change make sure you use encryption key, when on WiFi make sure you use a PIN,
Change the name of you network

Go to your firewall look for SPI, and check it when its available, loof for Nat and check at least (UDP =address restricted, TCP = port and endpoint restricted), check whether DMZ is off (when available), look for anti-spoof checking (if so select=check), you could also disable wan-ping response as an extra, sure others can tell more, but this shoudl cover the basics (most people do not change the router's defaults, so they are easy hackible, in my neigbourhood, 3 linksys routers, 2 d-links, 1 netgear, 1 belkin, three private names), just try the default IP addresses, passwords and your in.

Regards Kees

Fuzzfas · #7 July 2nd, 2008, 02:46 PM

How is this "free edition"? In Rising's site, it says 31 day trial. Same in download.com. Am i missing something?

Kees1958 · #8 July 2nd, 2008, 03:06 PM

In other download board it said six months trial

I do not care for an software firewall:

I want my guard on the physical item which is protected, not to protect it from (meaning malware is already in, now trying to keep it in, makes no sense)

For post infection there are better analysis means
- Anvir taskmanager
- AVZ
- clean Avira CD
- Prev CSI

Someone · #9 July 2nd, 2008, 10:31 PM

Quote:

Originally Posted by Kees1958

Image execution control = checks a calaculated/hashed total of the executable trying to connect to the internet (and sometimes also path) against a value in an execution allow data base = when numbers mataches => executable is not changed and still to be trusted = to be allowed to connect

ARP spoofing/poosining see http://en.wikipedia.org/wiki/ARP_spoofing

Note in general

Do you have a router?

Regards Kees

Hi

Thanks for the explanation. I don't have a router.

aigle · #10 July 3rd, 2008, 05:02 AM

Quote:

Originally Posted by Kees1958

change IP address of your router (what you type in your webbrowser to enter the configuration utility of your router, note stay out of the managed zone, ofter a range in your IP address range)

How to do that? Thanks.

Kees1958 · #11 July 3rd, 2008, 08:03 AM

With D-link see pic

aigle · #12 July 3rd, 2008, 10:42 AM

Thanks.

alex_s · #13 July 3rd, 2008, 04:57 PM

Quote:

Originally Posted by Kees1958

- ARP Spoofing protection

Declared protection or real ? Outpost also declared ARP-spoof protection but really it just makes it possible to load some web pages. I'll try it tomorrow on the subject. I just do not believe this is possible without cooperation with gateway.

Kees1958 · #14 July 4th, 2008, 01:02 AM

Quote:

Originally Posted by alex_s

Declared protection or real ? Outpost also declared ARP-spoof protection but really it just makes it possible to load some web pages. I'll try it tomorrow on the subject. I just do not believe this is possible without cooperation with gateway.

Alex_s,

I have not tested (to be honest would not know how to test it), so declared at least, but your more knowledgeable on FW's, so please post your findings

EDIT: Could not resist testing this FW, because the AV is good. IT IS FAST AND MINIMAL SEER, STEM, ALEX WOUlD YOU GIVE IT A SPIN?

acr1965 · #15 July 4th, 2008, 05:56 PM

Quote:

Originally Posted by Kees1958

Alex_s,

EDIT: Could not resist testing this FW, because the AV is good. IT IS FAST AND MINIMAL SEER, STEM, ALEX WOUlD YOU GIVE IT A SPIN?

+1

Also, anyone else with experience with this firewall please post a review- conflicts, issues, resource usage, a few more screenshots, etc.

thanks

acr1965 · #16 July 5th, 2008, 11:38 PM

This runs pretty light 7,800 k at start up and rises up to about 11,000 k- I am assuming pasrt of that is due to logging.

A couple questions-

Where do you adjust the log settings? I just want logs for the past 48 hours or so and have no idea how far back RPF will keep these.

What is preferred setting for outbound connections? I see you can check by application or IP address.

Any other recommended settings?

deanmartin · #17 July 6th, 2008, 12:19 AM

settings,detailed settings,create logs settings, the smallest you can set is to 5mb. sry for the fast explain bed time. And running fine on my XP, it took my PCtools firewalls place which i had used for 2yrs or more.

zhoubaoqi · #18 July 6th, 2008, 03:24 AM

do not use this Firewall .this so bad.

sukarof · #19 July 6th, 2008, 03:38 AM

Quote:

Originally Posted by zhoubaoqi

do not use this Firewall .this so bad.

Why is that?
If you want to be taken seriously you should provide some proof of your statement. Otherwise you just look like fool.

whoiam · #20 July 6th, 2008, 04:23 AM

Quote:

Originally Posted by zhoubaoqi

do not use this Firewall .this so bad.

if have you have tired it , let us know the reason why you said it is so bad .
or you just want to say bad?

alex_s · #21 July 6th, 2008, 08:25 AM

Quote:

Originally Posted by Kees1958

(meaning malware is already in, now trying to keep it in, makes no sense)

It does sense. There is not just a single approach that allows to detect malware in case it was not analized and verdicted as malware (zero-day malware). In this case some nastie, been started, is not detected as malware, but trying to send something somewhrere in can be blocked and localized. The chances to get zero-day malware are actually low, but they still exist. And I estimate them higher than a chance to go outdoors and catch an accidental brick hitting your head

faterider · #22 July 6th, 2008, 11:43 AM

Quote:

Originally Posted by sukarof

Why is that?
If you want to be taken seriously you should provide some proof of your statement. Otherwise you just look like fool.

Having respect for China products I just tried it. When noticed that there is only one setting - allow or deny network access I'm forced to uninstall. You can't specify any details here. For example if you allow localhost access to a music player he can go to the internet too and so forth. Otherwise looks promising, very light feeling (24MB of RAM) and perfect combination with utorrent. I found a torrent with many seeders and speed around 2.3MB/sec and it was like there is no firewall.