I just installed Jetico due to the best leaktest results posted here: http://www.firewallleaktester.com/ The only problem is that I am not sure how to configure it so that I get the same level of protection. For example I trained it to ignore windows explorer, otherwise it is almost not useable. Now the only problem with that is if an unwelcome process creates a new instance of explorer to send data, I won't be alerted, or am I missing something? So how can I minimize the popups without reducing the security, or is it a trade off between popups and security?
hey khazars! I saw that post and was reading through it as a sort of tutorial and getting the hang of setting up the rules. The only problem is once I create a rule for an application, doesn't it compromise the security of the firewall? What I mean is that if I create a rule in the application trusted zone for internet explorer, allowing it access for me to browse, then if my pc is infected with a trojan or adware they could create an instance of internet explorer and send data through the firewall and the rules would permit it to do so. Perhaps it would be good to have an option to ask for confirmation every time a new instance of the application is started. Hmmm but then a tojan could try and take control of the authorised intance of internet explorer, unless something like process guard could be used to alert you of such activity. So for me I don't mind authorising a new instance of internet explorer manually, but I can't stand having to authorise every little piece of internet traffic to and from internet explorer which leads to hundreds of manual confirmations just to check my hotmail account. So can I set up Jetco to ask for each application intance to be authorised and then protect each application instance with process guard?
It is not good practice to place applications within the trusted zone....but even with this...the application is hashed (checksumed), if there is a change to the application that is allowed access then Jetico will inform you via its "attack module" If another application attempts to start your app (parent-child) Jetico will also alert you to this. Edit, see attached pic for application attack protection covered within Jetico.