I Ain't Afraid Of No GhostWall

I just installed Ghostwall 1.150, and it seems spooky to me. It appearred to be set to allow anything and everything to pass either to or from the computer. But I saw in the sticky above, something about deleting the ghstwall.fir and that by restarting it would load a default list. But, when I did this, the windows that had shown the parameters for each protocol, was blank. The IP Block List button pops a dialog saying that it's not implimented yet, and the GhostWall Help button doesn't do anything.

I have never had to bother with setting up a firewall in this manner before, so I'm totally lost. Can someone shed so light on the subject?

 

Hi,

You might have to re-install the ghostwall to enable the ruleset again.
Then modify it to stop the Port 0 & 1 "Unkloaked" issue (See 1st rule in Graphic)
As for the wide open (Outbound) trafic its ok if you are using Port explorer and Some Process monitoring tool (Appdefend works good for me). Just keep in mind that anything above the "****Block all protocol****" is "Live" while everything you put bellow is blocked.

Once you have it up and "Customized" go and get tested at www.grc.com using Sheildsup! https://www.grc.com/x/ne.dll?bh0bkyd2
or http://www.auditmypc.com/

 

I understood the part about reinstalling, but I'm not too sure about anything after that. I guess the part about deleting the ghstwall.fir was wrong.

If I understand properly, those items above Block All Protocols require additional monitoring via a program, such as you mentioned. I hate to admit it, but I'm a bit lazy, and want the firewall to do all of the monitoring. I guess that you are saying that GhostWall can't creat individual rules, based on either applications or websites...right?

 

ghostwall (by default) allows all outgoing traffic. if u want to control outgoing traffic u could use appdefend. and if u just want to monitor outgoing traffic, u can use port explorer.

it cant make rules based on applications, but if u know the IP u can allow/block specific computers (or sites).

 

I couldnt have said it better myself!!!

 

That being the case, I can't see any advantage of GhostWall over using the Windows firewall. That is the reason that I want something more, because Windows firewall only protects from incoming data, and not any outgoing data. I have no idea of what appdefend is, but I will Google it.

 

appdefend is a HIPS program by the same people (err person) who made ghostwall. it has its own section in these forums as well.

outgoing network control is just one of its many features.

 

The advantage of using ghostwall over the windows firewall is the ability to filter ip addresses. I had a need to open specific ports, but only wanted certain people / ip addresses to have the ability to get in. Windows firewall does not offer the ability to do this.

 

I reinstalled GhostWall, but it still had a blank rules window, but then I remembered that I hadn't emptied the Recycle Bin, so I restored the original. Now, I'm studying Hermescomputers pict, trying to decide how to apply it for myself. I might figure it out someday.

 

I just installed AppDefend, and all looked well until a couple of minutes after I opened it's window, and a dialog popped, saying that it couldn't be started and protection was not active. Does this have to be installed in the same folder with Ghostwall?

 

Before I go running around the forum, tell me what is a HIPS program?

 

HIPS = Host Intrusion Prevention System

their functionality may differ, but they focus on preventing programs from doing changes to your computer.

 

It's becoming apparent to me, that I have alot of studying to do before fully implimenting this. I suppose that it would defeat the purpose that some here would put this program to, but I wish it were a bit more automated. But, that is because, like I said, I'm lazy.

 

I personally feel it is much better to manage clear and concise Task specific application modules instead of enormous applications suites doing way too many things, where most of these functions are often performed poorly. In my opinion these “Automated” functions are effectively cloaking some vital security events from our awareness and control. They are obviously attempting to render these into “Idiot Proof “tasks but it can actually leads to counter productive results.

This automation while being nicely convenient, can eventually end up creating a false sense of safety under which people tend to delegate these tasks mindlessly to the suite either out of exasperation or perhaps ignorance but often with obvious negative results and thus creating opportunities for hackers to have multiple easy weakened entry points to exploit. Not to mention those times when users block essential functions unwittingly…

Being lazy in this case can lead to unnecessary reload of your operating system and having to spend a rather large number of hours to reconfigure and reset everything... In the end taking charge of ones own security while initially requires a steep learning curve and is a lot of work but could prove to be the path of least resistance and as such the first choice for a lazy person!!!