outpost 2 beta - ive got it :)

Discussion in 'other firewalls' started by tahoma, Mar 30, 2003.

Thread Status:
Not open for further replies.
  1. tahoma

    tahoma Guest

    as a betatester of outpost v1 i have now been given access to outpost 2 beta and ive been using it for 2 days now. here are my views:

    - protection against dll-injections (new feature) - works perfectly. its brilliant
    - the rest: not much new here, just updates and minor enhancements, better interface (or worse if ur a minimalist)

    -seems to be a bit mroe heavy on resources, and also a bit slow responding at times (ive got an athlon 1.2 ghz and 768 mb of ram) but this may be sorted as it approaches a final release

    - test results: stealth everywhere, just like op1

    - no errors, crashes, bluescreens (xp pro)

    so basically, altho its just a beta i will never ever change back to something else, as far as i can see its just 100% perfect already, and the dll-injection guard in my opinion now makes op2 the best product out there
     
  2. CARCHARODON

    CARCHARODON Registered Member

    Joined:
    Oct 1, 2002
    Posts:
    68
    Location:
    Portland, Or. USA
    Do you use fast user switching in XP? if so, is it working well?
     
  3. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    Is ICS now working under Win2000/XP ?
     
  4. tahoma

    tahoma Guest

    sorry guys, im not using either and cant tell :/ ill let u know if i find out
     
  5. CARCHARODON

    CARCHARODON Registered Member

    Joined:
    Oct 1, 2002
    Posts:
    68
    Location:
    Portland, Or. USA
    Please do. Outpost 2 is shaping up to be a very exciting product.
     
  6. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    Still vulnerable to ACK streaming attacks ...
    Nice blue screen if you flood the wall with random packets ...
    Still vulnerable to code injection ...

    Security holes known since some early betas of Outpost 1.0 - but still not fixed. I think should give up searching for security holes :D.
     
  7. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    And you are an expert on Outpost because......?
    All firewalls are vulnerable to code injection in a number of ways. It is a Windows problem and there are numerous ways to get around firewalls that have not yet been released as leak tests. It is my understanding that a sandbox approach is the only way to completely solve this problem. Agnitum is aware of the last two exploits that were released and considering the best approach.
    Are you a beta tester? If you are, then have you reported these Problems? If not, how are you so familiar with the beta version?
     
  8. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Hi root,

    Till yet no reply from Angelo, so I guess he is just blowing some hot air around... ;)
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    To answer some previous questions, ICS is working fine for me with XP and Win2K SP3.
    I have heard no complaints about fast user switching yet.
    I do believe the problems that plagued XP users before have pretty much been taken care of.
    I have even got Kaspersky working on my machine now, which was a problem.
    I think most will be very pleased with the new version.

    Hi Smokey. Who knows? If there are any serious problems with Outpost, I would hope whoever discovers them would take the approved approach and notify the vendor first to give them a chance to fix it, before going public with any information that might cause a serious security problem.
     
  10. CARCHARODON

    CARCHARODON Registered Member

    Joined:
    Oct 1, 2002
    Posts:
    68
    Location:
    Portland, Or. USA
    That is great news indeed root. Please keep us informed about both the good and bad things you find in version 2.
     
  11. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    You'll be pleased to hear that the logging and log viewing system is very much enhanced.

    V2 feels very stable. The bugs I'm aware of are not very serious (this systems feels better that the latest V1 beta's :) ).
     
  12. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    >Till yet no reply from Angelo, so I guess he is just blowing some hot
    >air around... ;)

    No, have to prepare my "Matura". Its compareable to A levels or "Abitur". Not much time :(.
     
  13. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    >And you are an expert on Outpost because......?

    I am not an expert of anything. Just posted some bugs that are there since some early Outpost 1 Betas.

    >All firewalls are vulnerable to code injection in a number of ways.

    Meeeep. There are several methods to block code injection. DLL injection is easy to detect - just trace the call back to the calling module.

    Code Injection can be easyly blocked using Process Memory checksums.

    >It is a Windows problem and there are numerous ways to get
    >around firewalls that have not yet been released as leak tests.

    Thats why i won't recommend ANY personal firewall. Most time they are abused as an application filter. But as application filters they are nearly useless. They can't even block spy ware.

    >It is my understanding that a sandbox approach is the only way to
    >completely solve this problem.

    Exactly. Its my opinion, too.

    >Agnitum is aware of the last two exploits that were released and
    >considering the best approach.

    *rofl* ... i mentioned bugs that are VERY VERY old and still not fixed in current beta.

    >Are you a beta tester? If you are, then have you reported these
    >Problems? If not, how are you so familiar with the beta version?

    Well ... in austria you would say: "Vitamin B". It means that i have enough connections to get the outpost 2 beta without being a beta tester.

    I reported the bugs many months ago. As i said ... found it in a outpost 1 beta and the version 2 is still vulnerable to them.
     
  14. kabronsete

    kabronsete Registered Member

    Joined:
    Dec 20, 2002
    Posts:
    4
    Can you describe better this two tests? With this vague description it's difficult to figure and I want to test it with both v1.x and beta 2 and also with other firewalls.

    TIA
     
  15. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    ACK streaming:
    Generate several thousand ACK packets and send them as fast as possible to a client "protected" with Outpost. The firewall driver (well, not exactly, the integrated IDS) will produce a nice blue screen.

    Random UDP flood:
    Get an upd flooder of your choice and generate a huge number of udp packets (including spoofed and illegal packets). After that send them as fast as possible to the Outpost "protected" client.
     
  16. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Just so you don't lose any sleep over this, I have contacted Agnitum about this and if there is a problem it will be fixed.
     
  17. controler

    controler Guest

    Angelo

    Could you try the same experiment using Hacker Iliminator 1.2 and post the results here?

    Thank You

    controler
     
  18. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    152
    Angelo B

    Please advise which in your opinion is the best firewall for Windows 98SE and XP Pro ?

    Thanks for your time !

    SKA
     
  19. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    For a normal home user? No firewall is recommended. I am strictly against the usage of firewalls on a workstation. I will say you why ...

    1. As more software you install as higher is the probability of bugs inside the code. An error on the application level is "quite harmless". But an error on kernel level/ring0 is very dangerous. So i think it is highly recommended to keep the "code" running on kernel level/ring0 (mostly drivers, firewalls mostly using drivers) as little as possible.

    2. Firewalls have to trust its basis. The basis on workstations is mostly Windows. Windows is a quite unsecure operating system. There are many ways to manipulate firewalls. You can easyly manipulate the firewall rulesets or the firewall processes itself. You can inject code of your choice into any process of your wish and so on.

    It would better if you say what you would like to do and what you would use a firewall for. That would make it much easier :D.
     
  20. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Far out So you are saying what the wizard was saying , another day, that as long as ones ports are closed the average home user who may not be on line 24/7 might as well not bother with a firewall . For instance im on dial up and are not on 24 hrs of the day so I really do not need a firewall ? Interesting as I noticed in the news letter from Kaspersky today they vaguely echoed that comment too , but stressed the need for anti virus etc.
     
  21. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    And I am against the use of Trojans and worms and ddos tools.

    I agree that in normal dial up cases the use of a firewall is hardly needed. But given the rise of always on connections other measures can be taken. Using a software firewall i not the best, but it's far more easy and affordable than using an extra box.

    Not only firewalls bugs exploit kernel mode holes. There are plenty of bugs in other kernel level software. The last one still isn't found. So adding a firewall hardly is a greater risk.


    Yes Windows is not very secure, but to say that thus you can manipulate a firewall is not your best affort sofar ;)
    Besides, by testing firewalls (that's what this thread is about) you can see how realistic these threats are. I's like to see more evidence on the Outpost issue.

    Couln't agree more. But many users are so scared of the internet that helping them lessen the fear by installing a firewall an av-software is a nice point too.
     
  22. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    Firewalls on a workstation are in fact placebos. There is no danger they can protect a home user for. They cannot block trojans/backdoors or spyware. Its just unneeded code and a waste of system ressources in my opinion.
     
  23. Douglas

    Douglas Guest

    I confess I'm not understanding this emphasis on resources. I'm sitting here on a used computer, a lowly Pentium ll, 350 Mhz, 128 ram.
    In the background I'm running Spider guard,SpiderMail, LnS, TH Guard, SpeedFan, NotesArea, RegProtect, AutoSizer, plus the necessary tasks.
    And yet CPU usage is hovering around 3-6%, and I have 44 MB of free ram.

    Douglas

    EDIT: Re-reading this post, it sounds like an attack. It's not. I'm wondering if I'm not understanding something about resources.
     
  24. anvil

    anvil Guest

    @Angelo
    That's funny, because I have been "playing" with a lot of (backdoor-)trojans and, apart from the few "famous" firewall-bypass trojans, none could even pass the very basic firewall 'Kerio2' without my knowledge (note: Kerio2 has a feature which blocks all traffic, when the firewall process is shut down.)
    More advanced firewalls (Sygate, ZA, Outpost 2,...) or additional security software will even be able to block the currently "available" FW-bypass trojans.

    So, what "trojans/backdoors" are you actually talking about (examples, please... ;) )
    Or are you only talking in theoretical terms and not about "real", current dangers? This way, you could "smash" every security software, especially AVs (packing/crypting, patching...) :rolleyes:

    Anyway, your general statement made above is quite doubtable or needs detailed explanation (which I am sure you are aware of... ;) )

    Then, I wonder why you are developing a "system firewall" like a², if you have this opinion about personal "network firewalls":
    1. from what I understand, a² will probably be a perfect addition to simple firewalls (similar to SSM), because it can block many of the known bypass methods and process termination.
    So most of your arguments _against_ firewalls will become obsolete by the use of your own product!? :eek: :rolleyes:
    2. a² will suffer from the same weaknesses as firewalls:
    it runs on the same system as the malware (a² can be terminated/modified, buttons can be clicked by malware,...); the unexperienced user won't always know what to block and what to allow; possibility of bypassing a²;...

    Still, I think a² will be useful for many users - as well as desktop firewalls... ;)
     
  25. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    >So, what "trojans/backdoors" are you actually talking about (examples, please...
    >;) )

    Optix Lite Firewall ByPass, MoSucker 3.0 with several Firewall PlugIn etc. .

    >Or are you only talking in theoretical terms and not about "real", current
    >dangers? This way, you could "smash" every security software, especially AVs
    >(packing/crypting, patching...) :rolleyes:

    Well - there is a solution for nearly every "attack" against anti malware protection.

    >Anyway, your general statement made above is quite doubtable or needs
    >detailed explanation (which I am sure you are aware of... ;) )

    Just say what you want to know.

    >Then, I wonder why you are developing a "system firewall" like a², if you have
    >this opinion about personal "network firewalls":

    Well, i am not a developer of a². I will just do the "public" stuff. Its developed by Andreas Haak and Jens Hornung.

    >1. from what I understand, a² will probably be a perfect addition to simple
    >firewalls (similar to SSM), because it can block many of the known bypass
    >methods and process termination.

    A² is much more powerfull than SSM. It can block anything you want.

    >So most of your arguments _against_ firewalls will become obsolete by the use
    >of your own product!? :eek: :rolleyes:

    Right - but we are talking about firewalls as stand alone - esspecially outpost 2.

    >it runs on the same system as the malware (a² can be terminated/modified,
    >buttons can be clicked by malware,...); the unexperienced user won't always
    >know what to block and what to allow; possibility of bypassing a²;...

    Its wrong. Its hard to manipulate a² and in my opinion nearly impossible. I will try to explain you why. Windows has several layers. Application layer, where the applications are running; Service layer where system services are running; Kernel mode where drivers are running and so on.

    A² will add a completly new layer. A² adds a layer after the kernel at the same layer as the APIs are exported to the rest of the system. All programs and services beside drivers uses this functions - even if it runs in a DOS box (the DOS interrupts are emulated by the API).

    A² can prevent any attempt to manipulate its own configuration by simply deny the access to his ressources. It denys that ANY process can modify the layer a² has installed and it simply denys any try to access the a² configuration. A² has a powerfull tracing engine that can prevent any abuse of the a² internal routines to be called from outside the a² routines and so on.

    Even if someone finds a way to circumwent a² protection layer a² can simply add the new circumwent method and won't be vulnerable any more.

    >Still, I think a² will be useful for many users - as well as desktop firewalls... ;)

    Well - you can not compare it.
     
Loading...
Similar Threads
  1. jhr76
    Replies:
    20
    Views:
    1,236
Thread Status:
Not open for further replies.