Is Jetico v1 still up to it?

I know there are already tons of threads about Jetico v1 and I have basically gone through most of them. My question is basically what's in the thread title.
If one is using Windows XP and doesn't care about it not running as a service and that it's hard to configure, is Jetico v1 still up to it? what is the current outlook regarding this firewall? Are there forums users who still regularly use it or depend upon it?

thanks in advance to all!

 

I'm using it on the main system

 

I'm still using it and I never found a better firewall for my old laptop (celeron 650mhz with 256mb ram).

Very light, stable and not so hard to configure after a learning period.

It's the only resident piece of security software I'm using (in addition to Hardware router, SandboxIE, Returnil, on-demand AV and imaging software) and I never had a single problem.

Cheers

cello

 

Thanks for the replies. Am currently using CHX-I, Sandboxie and Returnil combo (yeah, got tired of classical and behavioral hips! ), F-Prot6. Might add Jetico for outbound.

 

Not much of a problem anymore, there are plently of programs which can run it as a service. The best way I found is a service app which starts it, unfortunately there are problems with logoff/shutdown, but these can also be easily overcome with a timer restart in the service app. The one I use right now is a service app (56kb) has restart timer if it gets shutdown (by logoff etc) is very light (1200k) and can start multiple services. This one is a cut down version of RunAs and UWS etc, has settings for pause before start, pause before end so it gives time for the changed entries dialog and works very nicely.

 

Hello acowild,
What application do you use to run Jetico as a service?

 

I am using XYNTService, its cut down version, also open source same as RunAsService and UWS which are much more comprehensive.

 

I use NTWrapper, free version. They give you *one* app to run as a service. Have used it for the better part of a year with zero problems. I've been running Jetico 1 on NTWrapper, and it's a nice light firewall. I like it, but will likely try Comodo 3 when it's ironed out, just because I'd like a little more security when I'm on the road. I like the idea of some HIPS function in a firewall, as long as it's still light on resources.

 

Running Jetico1 as a service will not give the expected protection on boot. Jetico1 needs to load the actual policy in use before protection is given (I did check this some time ago, due to another thread on this)

Even Jetico2 (runs by default as a service) does have a short window of time where the system is open during boot.

 

... which then leads to: what hard or software protection is there during boot up/down? Is a NAT sufficient?

 

Sorry, please expand on this. Do you mean with Jetico or other solutions?

NAT in a router will protect from unsolicited inbound from its external (so will protect your PC from unsolicited inbound from (non LAN) at any time).

From the point of protection on boot:

Some firewalls will give an option to protect during boot, but this can usually be a complete cutoff during this period, and can lead to some problems with DHCP (getting the PC IP). Some do actually take this to a stage where only needed outbound is allowed.

Comment
I did look at Privatefirewall some time ago (forum thread),.. I found from this, that that firewall would actually use the inbuild XP firewall to block unsolicted inbound during boot. (the testing I made was due to the fact boot protection was available in XP. but not in W2k)

 

I'm asking about any way to protect the machine from unwanted infiltration during boot-up or boot-down. Does my NAT do that? and/or does another software besides JPF1 do it?

[You go a long way to anwering this below. Point of confirmation: you are saying that the in-built XP fw *does* lock out unwanted during boot? Both up and down boot?]

 

Thanks
I'm using NTWrapper. Why did you choose XYNTService over the other two?
IMO, protection during user switching is much more important than boot protection.

 

A router NAT will protect from unsolicited inbound. But outbound is still allowed, and replies (possibly spoofed~ depending on router SPI) allowed. This window is quite small, and a monitor of your IP would be needed to wait for this (for any possible exploit).

The built in XP firewall will block unsolicited inbound on boot. Outbound is allowed.

 

Gotcha ........ I think. What's "router SPI"? And why would any "spoofing" be going on -- I thought spoofing was for websites, hackers who wanted you to think their web link was something other than what you think it is (ie, going to the hackers instead of to Barclay's Bank or e-bay) ??

OK, so here I am behind my NAT and I'm running JPF1 w/ NTWrapper, is this totally secure or not??

Now, what's your view on keeping the XP firewall turned on while also running Jetico1? Ten years ago I used to hear that one should not use more than one firewall at a time; then lately I've heard that *as long as they don't conflict* two FWs are OK (though I don't know why such would be necessary -- except in the case of XP firewall + another for outbound control).

 

I guess there is some time window at start, I guess It was more the idea of protection before I login. The load of policy etc I am not sure about, since it acceses the policy from the NetworkService App data. I did test basic pings and blocking its access on some ports on lan and it either reported the ip coudlnt be accessed and ports timed out. So I think it must be very short a window after networking activates. I did manage to stop DHCP from working on my system this way.

Mainly because I didnt need the extensive options offered by the others, and smaller footprint. I was also trying to modify the source to get jetico to ignore CTRL_LOGOFF_EVENT and wanted to make life simpler by the cut down code.
ps. timed version seems to be the best option, ignoring the event and wrapping jetico in the service give their own problems which require a much bigger solution.

 

Thanks again acowild I will try XYNTService. Do you have any tips about it to share?

 

If you visit the codeproject page for XYNTservice, it gives detailed help and lists all the options etc, you'll have it running in no time.

 

Some (now most) routers will have an inbuilt SPI (Stateful Packet Inspection). As to the depth (how deep the inspection is made) of the SPI, I am unsure, I have never taken time to check.

It looks like you are thinking of "Phishing" or where a website may have embedded re-directs.
With Spoofing, this is (basically) where packets contain incorrect info, to attempt to cause problems. A simple example would be a "Spoofed Dos attack".

For packet filtering, this is a good setup. As for "totally secure", you would need other layers of defence.

I would not advise this.

 

Such as... ?? (with regard to my aforementioned set-up of JPF1 + NAT router; or JPF1 + WAN/like an airport or coffee shop wireless connection). What would you suggest ? WSFuser on another thread mentioned something about "application control". Now that leads to things like system "monitors" and the like? OK, so with my setup of JPF1, nod32, BOCLlean (Comodo's), NAT at home and Wifi on the road, what else do I need to be invisible and locked down?? (I do accept brand-name recommendations.)

I've been using both for some weeks now with no apparent ill effects; what could go wrong?? Conflict --> BSOD?




//

 

You did mention "totally secure", so I would add a base HIPS, one of the free versions that will give you termination protection for your security apps, and execution prevention for unknowns

The lack of a BSOD would not indicate no conflicts.

 

1. I did use SSM free for a long while, but I was getting so many pop-ups, from both JPF1 and SSM, that I decided to pull SSM. Any other ideas?

2. What other indications would there be if a conflict was occurring between JPF and XP firewall??

Thanks.


Sam

 

Hi Sam,

Popups from such as SSM should calm down after a few days, only if you are constantly installing programs would "many popups" continue.
With such as SSM, you can config this, to only protect certain areas as I have mention, for protection of termination attempts against your security software and interception of execution of unknowns,... other protection can be disabled (or at least, a default "allow" for certain protection)

You would need to check on the packet filtering, as packets could bypass (out/in) due to driver (packet interception) conflicts.

Regards,

 

Hi, Stem, I'm trialing ProSecurity and like what I see so far. Doesn't seem as polished in ui as SSM, but seems to have a better efficiency rate (if that one test on anti-hooking is a serious and representative indication). In setting up PS I did an extensive Learning mode, where I started my most frequently (and not so frequently) used apps; of course this was after I had already done the initial set-up via the wizard. So now almost no pop-ups. Your opinion/comparison of both would be appreciated.

How to check packet filtering I haven't noticed any slow-downs or lost paging requests from my browser or e-mail clients (haven't done any FTP, yet, though), so I don't think there have been any conflicts with JPF1 and XP fw both working. Again, any experiences you've had or know about would be appreciated.

Thanks.

SS


|||

 

You know what, I'm having more pop-ups with JPF1 now that I have tried to set rules than when I just was clicking OK to the pop-ups. Seems my rules ("allow any port") don't seem to get recorded.

So I uninstalled JPF and installed Comodo 2.4.XX. It's running stably, asks me far fewer questions, and seems to remember better than does JPF. I like the simplicity of JPF but the rules are to arcane for me. I trialed JPF2 a while back; seemed more forgiving, but it costs 39 euro + tax where I live, and that comes to about $55 -- too much. I could see $29, but I won't pay twice that.

Thanks for the help, Stem and all.

SamSpade


|||