Outpost Firewall Pro 8.1.2 - Oct 18th

I would recommend installing Outpost firewall first then install avira suite , avira suite edition (I presume) uses windows firewall so I would suggest un-ticking this option during the avira install and use Outpost as your preferred firewall. I am sure somebody will correct me if this is not the case. I hope this helps.

Circe.

 

I have a question for those that are using the combination of OA and EAM, is there any overlapping? Is there anything I should deactivate? Like for example both have a host list.
Thanks in advance for help

 

I'm no expert by any means and I very well could be wrong but this is what the user manual says:

"By default, Outpost Firewall Pro is automatically loaded when your computer starts up providing immediate protection at the earliest stage possible. Once it is loaded, the default icon with the white question mark on the blue shield
is displayed in the system tray, the right end of the Windows task bar. When you see this icon, it means that Outpost Firewall Pro is operating and protecting you."

Somewhere there is a thread where Manny confirms this also. I have used this combo for a while and this is the only icon I have had. Although it doesn't really matter, the combo works well and I like it.

 

It is recommended that you run in Rules Wizard ( White Question mark in Blue icon) until you get all of your programs set up then swap to Block Most Mode (Green icon). But the final choice is yours. If you are happy with your set up as it is then leave it.
Circe.

 

Makes sense. I'll give it a go. Thanks.

 

No problem, Glad to be of some help.

 

Left rule wizard on, opened all the programs I usually use, set to block most and happy and green. Whaddaya know. Used OPFWP this long and never experimented. So far everything works great. This old dog learned a new trick.

 

That's great news. I'm glad you are happy.

 

Outpost firewall is not to safe by default from what I see.

First ,the Enterteinment rule preset policy is set by default to Alow Most .Why in the name of God would it be like that.
Add to this the fact that in Enterteinment mode Antileak stuff gets disabled.

Then the Autocreated Svchost rule allows by default raw socket and allows upnp and so many other useless stuff that can lead to infection.

The last thing i have discovered is that on Block All Policy ,at PC start up ,there are DNS requests leaking.Just after OS load and before the icon gets in the taskbar. Sure there are legitimate ones made by the OS in my case ,but what if i get infected ?!

Windows 7 x64 ,Wireshark and latest trial of outpost used for this stuff i have observed.

Firewalls of today are quite wide opened ,i hope it s not NSA and similar in stake here.

Almost forgot ,the firewall has also some excluded ports in the network attack section , i understand the DHCP ones to be present ,but why are the others there and why can t they be removed ?!And this ones are for years there.

 

I would like more info on this also

 

A large number of people have looked at this. No one knows?

 

What to know ,it s a fact ,the network attack module has a flaw in my opinion ,but most probable they think the SOHO routers most of us have should kick in if needed.
If you can t install Outpost for some reason here it s a picture :

But i would take a look at the Block All behavior first as described in my previous post.
The Antileak stuff is nice ,but the only time i ve saw real threats blocked by Outpost Antileak was years ago with Outpost 4.If i were to buy Outpost i would look for better network protection and ruleset by default.The traffic sniffer was OpenSUSE with Wireshark.



As you can see you can add but not remove
The ports list is quite long.

 

hi Sm3K3R & rainwalker:

you might want to have a look at this thread started by our user 'sunfrog' at our support forum who asked the same question. he has had a moment of revelatory enlightenment as the penny dropped...

...and thanks to minoka for directing my attention back to this thread after the serendipitous posts here & there.

 

Have you taken the time to read all the stuff i wrote ?!

The Block ALL is not working as at start up firewall lets thru DNS requests seen with a sniffing machine.
Then it s the default policy with the Allow Most for the Enterteinment Mode
Then it s the Antileak stuff that turns off under Enterteintment Mode

Then it s the Network Attack stuff that has excluded ports that should not be there and that CAN T BE REMOVED by the user.

Then it s the Svchost rule that by default allows all kind of goodies for the guys that need them.

All this are security flaws in my opinion ,it s just some feedback from some user.

But if you think this is idiotic feedback from me no problem , i couldn t care less.

 

we never implied your concerns were idiotic. they are just misinformed and ignorant of the facts. i will answer your concerns so that other users have a more informed picture.


Q1:The Block ALL is not working as at start up firewall lets thru DNS requests seen with a sniffing machine.[/COLOR]

A1: Outpost starts up & loads it's driver at the lowest level of the OS, well before the network is active. at this point it is in a block everything mode.
by the time a user is logged in, it has read and implemented the rules, and whatever mode the user has set thus allowing dns requests. the GUI you see iconised in the notification area is NOT the firewall, it's just the user interface.when the tray icon appears has nothing to do with when the firewall starts working.

Outpost should be in block most for secure operations after your installation settles, or rules wizard as you train the firewall rules. block all and allow all are for diagnostics and not for normal ops. allow most is a relaxed setting for games that may not work with strict rules. as most games like this are full screen, you have the option to detect this and switch to allow most so that it will work.

Q2:Then it s the default policy with the Allow Most for the Entertainment Mode

A2:See last part of A1. this is because new users tended to get upset that their games would not run. turn off if you do not need it.

Q3:Then it s the Antileak stuff that turns off under Entertainment Mode.


A3:see A1&A2, it's so new users do not have a blocked game, experienced users can set more stringent defaults. i have not heard of anyone being exploited in this mode.

Q4:Then it s the Network Attack stuff that has excluded ports that should not be there and that CAN T BE REMOVED by the user.


A4: that's just wrong. please actually read the posts in the linked thread. the list at the bottom is just for reference, the only ports excluded are those typed into the upper text entry box which is empty by default. double clicking an entry in the lower reference list will conveniently add it to that upper text box. you can easily remove the entries in that upper box by the normal windows text editing methods, ie. delete key, backspacing, cut/paste etc...the list is a compendium based on the RFC standards for that protocol and thus are not editable as they do not need to be. if the standard changes, i'd bet agnitum will update this reference.

Q5:Then it s the Svchost rule that by default allows all kind of goodies for the guys that need them.

A5: SVHOST is an OS process that is used by programmers as a catch-all comms process. tighten it if you must, but you may find that a lot of OS functions stop working. the default is set fairly loose to prevent this. the rules are auto-generated from the improvenet system, and have been reviewed by agnitum to provide a basic level of protection while still allowing svchost to function. yes, it can be tightened up a bit if you so desire

i'd suggest you read our 'Guide to producing a secure configuration', which was written for an earlier version of outpost, but is still a useful starting point.

if you need more info, feel free to visit us at the Outpost user's forum, searching there, or joining and posting your queries can no doubt provide even better explanations and info.

 

I know how to tweak it but the excluded ports list is quite strange as it is.

It doesn t matter if there are known attack methods ,it s about making the software as tight as possible from the factory.
Unknown attack methods may still work.
I would add to the list of default wrong rules, in my opinion,the Component Control section, which is disabled by default.

Maybe at install the firewall should deliver 2 sets of predefined settings (in case we don t want to use fully manual), a very tight one and the lax one for beginners.

Allowing Most and keeping the Antileak OFF while in entertaintment mode by default ,while gaming, can lead to a machine being exposed to attacks.Game hackers have all kind of tools that can be used against the player live.
I would prefer to have the Antileak in a Block Most like state ,when in entertainment mode as the network stuff is.Thanks God it doesn t go into Allow All mode so the gamers to not be disturbed when in Enterteinment.
Allow All policy under Enterteinment mode means ,so readers understand ,that the firewall will allow any connection that does not have DENY rules.So anything can connect ,no questions asked.

This firewall needs more tweaking to deliver more safety even for paranoids by default.

Thank you for taking the time to post some detailed answers, even if with some i do not agree.But increasing the user base is indeed logical for a software that needs to make money.