Firewall with these features??

[jon_fl]

Do any firewalls have additional protection from process injection and termination tricks employed by malwares?

[Kerodo]

I'm not at all sure, but Tiny comes to mind. You might check into it..

http://www.tinysoftware.com/home/tiny2?la=EN

[jon_fl]

I was recommended two that looked interesting. Anybody comment on Look n Stop and Outpost? They seem to have a lot of features as PG, SSM etc.

sygate 5.0+ has dll authentication which should protedt you from any process injectio i.e dll's into explorer etc

[Infinity]

all firewall practically feature the dll authentication. if they weren't they were out of the business for a long time now.


Tiny firewall is let's say a "rules based firewall meets ssm"

it is a hellova protection with tiny but a steep learning curve...

but it is only Tiny featuring a full process control. with reg protection, windows protection, ids, network firewall.

it is recommended if you like rules making

[bigc73542]

Both versions of sygate firewall paid/free should give the protection against injection

yup but since sygate was the first to employ this security feature it has become the first target of an exploit to bypass it :-) discussion here -http://www.securityfocus.com/bid/9312/discussion/

maybe this could also be a threat to other process injection defenses

@ jon_fl - yeh outpost does, just got it today its quite tidy, also has a plugin interface.

[Kegel]

Get Process Guard. Most important piece of software you can own. If I could only have one, this would be it.

[se7engreen]

The latest beta of Tiny Firewall looks promising from a standpoint of being more user friendly. Like anything else, it'll still take getting used too. It's probably the most powerfull sandbox type application ever deployed with a firewall.
Also Process Guard is incredibly effective against process injection and termination tricks. It's also very easy to use. You'd need a seperate firewall in conjunction with this.

[JayTee]

se7engreen,

do you find tiny 6 heavy on your resources.

thanks

[nadirah]

Quote:

Originally Posted by pl4y3r

yup but since sygate was the first to employ this security feature it has become the first target of an exploit to bypass it :-) discussion here -http://www.securityfocus.com/bid/9312/discussion/

maybe this could also be a threat to other process injection defenses

@ jon_fl - yeh outpost does, just got it today its quite tidy, also has a plugin interface.

Sygate is already safe from this exploit.
Vulnerable:Sygate Personal Firewall 5.0
Sygate Personal Firewall 5.1.1615
Sygate Sygate Personal Firewall Pro 5.0
Sygate Sygate Personal Firewall Pro 5.0.1

The latest version of sygate should not have any exploits like this. It should have been fixed. Sygate is currently at: 5.6.2808

[se7engreen]

Tiny's resource usage is probably somewhere in the middle compared to other firewalls. I don't really notice any drag while the firewall is running, but it does feel slow when navigating the user interface. So far in ver 6.5 it's still that way. Hopefully that'll be fixed before it's final release (or at least by ver 7).
Honestly, if you combined Process Guard with a firewall like Kerio 2.1.5 or Look 'n' Stop, you'd use less resources.

Tiny doesn't require a 'steep learning' curve! It comes pre-configured out-of-the-box for adequate protection. (One just has to trust ALL the apps and system apps in his/her trusted app list) If not, just remove the ones you don't. the firewall and IDS/IPS are very nice if you have a LAN and have an occasional game, FTP and web server. I have a 1.3 GHz system and don't notice any lag or slow downs. Statefull firewall, also the built-in process/application guard is a plus. It seems to have come a long way since version 1!!! A good personal firewall in my eyes.

Cheers
Lowen

[yahoo]

Tiny uses about 25MB memory (RAM + Virtual) on my computer normally. If the GUI is opened, more memory would be used. For comparison, Outpost Pro 2.1 uses about 22 MB on my computer (with Ad block, active content, and DNS cache plug-in).

From the view of functions, Tiny = a rule based firewall + SSM/Prevx/ProcessGuard/AbtrusionProtect + more, and I love it. I agree that it's not so easy to configure Tiny with the current user interface (TPF 6.0). Although the interface works for me now, it did crash on me a couple of times at the beginning. The interface is also slow. To us who is considering to use such applications as TPF, SSM, PG, or whatever, it's most likely that we are looking for the maximum security. So I personally do not think the out-of-box configurations will serve us well, and it is un-avoidable to take the pain (if it is) of making configurations.

[se7engreen]

I bought a Process Guard license a couple months ago and decided to give Tiny fw a rest on my main computer (I have TF 6.5 beta on a test machine). There are a number of things I do miss about Tiny, such as running applications in install mode, track 'n' reverse, and I loved being able to guard services and prevent them from being stopped.
I just might switch back tonight after thinking about it...

Anyway, I agree with yahoo, TF is not for the faint of heart. It works best after some configuration, but it's very flexible so the amount of configuration is up to you.

HI, I also agree mostly with both of you, except that what I meant by out-of-box protection is, that it is adequate enough to protect you. Not give you max protection as Yahoo stated. Of course you are going to have to manualy 'tweak' it to your likings and circumstances, to get the full benefit of using a sanbox and firewall... It is not that difficult to operate and use. Pretty straight forward in my eyes. Unless you see something in configuration that needs pain staking steps?

Cheers
Lowen

[se7engreen]

Quote:

Unless you see something in configuration that needs pain staking steps?

No, not really. I understand what you are saying about being protected out of the box. And about the learning curve, I think it would help if people realize that Tiny is more than just a basic firewall. I know the first time I tried it (ver 5.1 I believe), I didn't know what the hell a sandbox was and I thought a dll was an error message in Win98. I just wanted to try a firewall other that Norton's, and needless to say, I screwed up my system that day. I think if people know ahead of time what Tiny is meant to do & have a general idea of how a sandbox works, the learning curve lessens that much.

[isnogood]

I second opinions of se7engreen and yahoo. People should realize that Tiny is a complete security system which contains a firewall among other features.

Starting from that, it's a matter of taste if you prefer all in one product or separate apps doing the same thing. My personal preference is all in one in this case. To replace Tiny, I should have a network firewall, system forewall (sandbox), registry protection, file access control system, IPS/IDS, integrity checker.
Inevitably I would end up using much more system ressources and risking potential conflicts between all these apps.

I've already tried such configurations, ex. Outpost+SSM+Regrun+PrevX+PG, sometimes screwing my system badly, especially with SSM which is still beta. Somehow, I am always back to Tiny feeling more secure with it.
As for out of the box protection, its superior withTiny than with any other firewall out there. Tweaking it just a little give you a level of security difficult to achieve other way. And it's not that hard to do it !
Learning curve is steep if you need to configure it for particular configurations like LAN, or Web server, but in general case it's really overmystified. Agree, however, that GUI is a pain : complex and slow. If they change this it will be perfect.

Just my 2 cents

Isnogood

[Notok]

I tried Tiny for a while and really liked it, but after uninstalling it I noticed that I got a lot of performance back out of my machine (p4 2.4 ghz, 512mb ram) Granted this was v5, and I have yet to try v6 although I eventually will. On the whole, however, I prefer a nice light rules based firewall (using x-wall currently) with ProcessGuard.. they fit together perfectly for me

[AJohn]

Notok, I noticed that the current beta version of the Tiny GUI runs a lot smoother on my computer than any previous versions I have tried. I only have 533MHZ and 256RAM, so you shouldn't have any problems. When I gave it a try (2 weeks ago) it was missing the IPS/IDS configuration page, but this may be updated now.

[isnogood]

Yes, a lightweight solution like yours would be ideal, Notok. If it just offered me the same security. Anyway, it's a matter of individual preference and needs.

I can't for example stop all leaktests using just PG+Outpost for example. I need to add something like SSM and that's already too bad. You can argue of course if it is really kind of reference and necessary. It's perhaps sufficient on a system where you don't take much risk surfin' and don't install many new apps. I have a multiboot system and I would perhaps adopt such a solution for everyday work.
But for my testing boot I can't do without Tiny actually. Here the system resources is not the most crucial issue, it's the control you have. And Track and Reverse feature is so cool, also .

It seems there's no ideal generic solution. But people seem to really need their optimal secure/low cost configuration badly and this is confirmed by many threads over the same topic.

Just define your real needs in terms of want/don't want, and go ahead with trial and error approach to converge to what's most acceptable for you

Isnogood

PS. Ajohn, I have not tried Tiny 6.5 beta yet, beacause people on Tiny forums reported quite a lot of bugs in it. Can you confirm this ?

[AJohn]

I diddn't test it much, because it was missing the IDS/IPS configuration pages. The GUI seemed to be about twice as fast to me though. It was two weeks ago, so it might be different now.

[isnogood]

Twice as fast may be still qite slow I'm afraid But I will give it a try. Thanks.

[Paranoid2000]

Quote:

Originally Posted by isnogood

I can't for example stop all leaktests using just PG+Outpost for example.

You should be able to block every published leaktest with these two - the only "awkward" one would be DNSTester since blocking this requires use of the "Application DNS" setup covered in section D1(b) of A Guide to Producing a Secure Configuration for Outpost. If you had another leaktest in mind, please supply more details...

Paranoid2000- I know you are an 'Outpost' fan and all, but I don't consider a firewall that uses partial spi (or some variant of it) to be a good firewall in my eyes. Not saying that Outpost is bad, it has, also come a long way! Just because a product passes most of those 'leak tests' doesn't make it a top competitor. In fact, I would just assume have a firewall that didn't have any application filtering, since it is only 'illusionary' anyways... I used to think just like you and others here on the subject. But I would rather take a firewall that implements proper SPI functions then an application filtering 'based' firewall any day! I know that app filtering gives you a 'good sense' of protection, but it is not a 'protect all' security solution!!!

My 2 cents
DRI