PC Tools Firewall?

Or you have have the firewall block all incoming and outgoing traffic.

 

I use the following rules in Kerio 2.1.5 to achieve that. Maybe you could do something along these lines. The first column is the rule name, the second column is protocol, the third column is local port and the fourth column is remote port.

 

I know how it's done in Kerio 2.1.5 (or Sygate), but those are some of the few firewalls who give the user this oportunity (KAH too). I was talking about PC Tools Firewall.

 

I know you were talking about the PC Tools Firewall. What I offered was simply a suggestion as to how it could be accomplished in one particular firewall, with the thought that maybe something similar might be possible in the PC Tools Firewall.

 

nice firewall!

 

How does the firewall do with Shields Up?

 

Closes all ports.Ability to import advanced rules coming later.

 

I tested PCTFW with Shields Up - Failed (ports 1024-5000 were closed but not stealthed).

I couldn't figure out how to configure it to stealth those ports without cutting off my internet connection, and I don't know if it is possible. Perhaps someone with more experience can explain how to do so.

Shame, as I really like this firewall due to its low resource usage (about 4 mb on my computer).

Oh, well, back to Comodo for now (a great firewall, but much more resource-intensive - 20-25 mb, and I have 512 mb RAM).

 

I am not sure why stealthed is so much better than closed. As long as hackers cannot get into the system, why should we care that it is not stealthed?
I suppose that in theory it is better for them not to know you are there, but is that more theoretical than practicable?

I don't care if they know I am here as long as they cannot get in.

Thanks,
Jerry

 

I am getting all stealth with pc tools firewall, but am using router firewall so i guess that is why. i have only 512 ram too, and that is why i am using pc tools. i tried ashampoo and liked it, and comodo, but with router i think pc tools should be ok.

 

I downloaded the new version of the PC Tools Firewall, and it is very, very light - PCTFW.exe 4,096k.

My PC starts up in about half the time in used to when I used Comodo. I didn't even notice Comodo was slowing things down, until I installed this firewall.

A few people have mentioned that the default rules are a bit loose. My PC is behind a wireless router, and I share the internet access with my wife's laptop. Are there any obvious rules that can be tightened, if so, which, and what setting? A screen shot would be very helpful!

 

Nice to see you ran that leaktest correctly. From your result, it does show that an application is only checked by location, and not by checksum/hash. It can be a problem, as you mention, if that application is compromised or replaced.


Hi, Stem,
I am using comodo firewall but I want to change my firewall to PC Tools firewall.Since I am behind a NAT router and I am using SSM free can this be a problem(the thing you mentioned above).Because SSM free checks MD5 is it okay?.Can you give any advices on how to tighten the rules.Or should I go back to jetico1,which I had used before without any problems.
Since I read everyday most of your posts I have learnt many things.Thanks.

 

Hi cet,
The problem with the checksum/hash as been reported to of been corrected http://www.pctools.com/forum/showthread.php?t=44697 but I have not had time to check this yet.


Update:
Yes, the hash check is now working correctly. So it does stop the leaktest1.2

 

Stem,

I am running the PC Tools firewall on my test box and do like it. On my primary PC I am running Kerio 2.1.5 but have been considering replacing it with the PC Tools FW, especially in light of continuing development and improvement. My primary reasons for considering the change are consistancy between computers and the fact that PC Tools is in active development.

I would be interested in your thoughts on this. Are there any glaring reasons against such a change?

By the way I am behind a hardware NAT/SPI firewall/router.

Regards and thanks in advance

 

Stem,
thank you for a quick answer.I will install PC tools firewall today.One last question :do you have any suggestions to tighten the rules.

 

Hello Hipgnosis,

I think the main difference (apart from (as you mention) the fact that PC tools firewall is still being developed) would have to be the ability to bind rules to an application (rules per app).
In my own setup / use of the internet, I only mainly use a browser and an e-mail client, so this is not such a possible problem (I do like packet filter firewalls, like Injoy/ CHX-I, which do not even have application access control, I use such as SSM for this control). The only time I use other Internet access applications are for testing/ compatibility etc.

So really, it is just down to yourself, as you need to consider what applications are/need to be allowed Internet access, and the rules that you need to put in place, as all applications will be able to use all rules in place.

So for example: using PC tools firewall, you should place rules for your e-mail client to only connect to your e-mail server, and ensure that your e-mail client as the abilty to block itself from making outbound HTTP connections.

Apart from this, at this time, I see no problem with using PC tools firewall.

 

Stem,

Thanks for the quick response and advice; it is greatly appreciated. I think I will work on developing and testing rules on my test box with the plan to migrate to my primary PC in the near future then.

Best regards and thanks again.

 

This would be down to what applications you use. If you use P2P/torrent clients, then you will need a ruleset to suit. Of course you can make temp rules (enable/ disable when needed). Let me know the software you use, so I have an idea of the type of ruleset you would need.
Also, which base ruleset are you using? I see from the PC tools forum, there is a replacement ruleset posted. I am not currently a member of that forum, so I cannot download this to check what changes have been made.

 

Hi Hipgnosis,

I am going to set this up on a test box and play. I will post back to thread if I find any problems.

Best Regards,
Stem

 

Well, if you dig into the forum deep enough, you'll find a thread where i'm describing some nasty BSOD's caused by Jetico 1.x, that unfortunately could not be resolved...
So, i had to ditch Jetico and this one seems the most suitable one (mainly becuase it's free and light on resources).
However, i could not understand how to set rules per application...
It's seems to me you can only have global rule set and just specify if an application will be allowed to follow this rule set or be blocked completely.
I really hope someone could correct me...
I'm already beginning to miss Jetico
(btw, if this is indeed the only option... can someone point me to a more suitable Jetico replacement?)

* EDIT *
After a second thought, i think i'll stick with Jetico and try to ditch KAV 6.
Seems to me Jetico is more important in general, and i can find suitable free AV solutions to replace KAV.
I'd like to get an answer, though...

* EDIT 2 *
Well, got my answer at the PC Tools forum.
At the moment, it's indeed all you can do... global rule set and decide if application will follow it or be blocked completely.
It should change in future versions.

 

I unchecked the box near:Allow file and printer sharing
and Allow messenger to receive ICMP because I dont have a home network
I use Limewire and windows live messenger can you please tell me how to make a rulesets for these.
The latest ruleset is in the picture.

 

cet,
As you use P2P(limewire) then you need open rules for this, as I mentioned, temp rules can be made for the P2P, and then a more tight ruleset can be made for browsing/e-mail etc. I see you are using Live messenger, this in itself is another application that likes many ports for use. You may possibly be better leaving the default TCP/UDP in place, as changing these may give you connection problems.

I will download the latest ruleset, and see if any mod can be made

 

Has there been any giving information regarding how long they figure PC Tools Firewall will remain free? I can’t help but get the impression we are simply being their guinea pigs just long enough for them to build a proper foundation.

 

I haven't seen anything to that effect; not to say it couldn't/wouldn't happen, but then again, I suppose the same could be said about any successful freeware product.

That is how I felt (and still do) about Comodo. I personally believe Comodo will eventually be bought by another company and will become payware.

 

Off the top of my head...
I think I've read a post in their forum that they plan to implement the FW into Spyware doctor, but also keep it as a free, stand alone product.