PCTools Firewall ESV?

I have posted this in the anti-malware section because the anti-malware aspect of this Firewall is what interests me.

Can someone explain, in basic terms, what ESV does and how that differs from a classical HIPS?

 

ESV is a classical HIPS in the sense that it monitors and alerts on individual behaviours but AFAIK doesn't provide the broad spectrum coverage of a standalone HIPS product. The main purpose of ESV appears to be to harden the firewall to enable it to pass leak tests.

 

Not the "main purpose". Passing Matousec's silly tests are pretty much ALL there is to PTL's ESV.

ESV is to a classic HIPS as a toy poodle is to a Rottweiler.

If you want a Rottweiler HIPS + Firewall, go with something like Online Armor or Outpost.

 

I was trying to be diplomatic and avoid being contentious.

 

And what's wrong with Comodo's Defense+ ?

 

Not a thing wrong with D+. I said "something like Online Armor or Outpost."

As to D+, I find it a bit more confusing to configure than is the case for OA & OP. But that's just me-- your mileage may be different.

As to OA, I am totally enamored with its Run Safer option.

 

How is the ease-of-use when it comes to Run Safer? Is it just turn on and go? What if I wanna update/install something, etc.?

 

Turning Runs Safer (RS) on or off is easy.

One way- Right clicking the program you want to Run Safer (e.g. Firefox)
Another way- access OA configurations>Programs & right clicking the program there.

On = Run Safe
Off = Open Normal

OA also offers an "Install" mode option during an install.

Bottom Line: Run Safer is VERY easy to use.

 

.
The "Run Safer" option is very easy to toggle On/Off for individual applications - very useful for internet facing apps if you use an admin account in XP, or have UAC turned off in Vista/Win7. If UAC is enabled in the latter though, I don't know that "Run Safer" adds additional protection.

 

Thanks for the tip on PCTools firewall HIPS, bellgamin.

I purchased a 1 year license for OA for $5 and plan on giving it a spin. I would also like to try Outpost. Perhaps Look n Stop, too. I tried PrivateFireWall for a short time and liked it.

 

Glad to have helped.

Be aware that both OA & OP are Firewall (FW) + HIPS whereas LnS is FW only.

Witn OA you can turn off the FW & run only the HIPS, OR you can turn off the HIPS & run only the FW, OR you can run both Hips & FW, which is what I do.

If you want to run LnS & still have a HIPS, LnS + Threatfire is an option, but I have never tried that particular combo.

 

i am very tempted to try Online Armor again

 

Thanks for all the information. I had thought that the PCTools Firewall HIPS was more complete when I chose to install it.

Right now I'm headed out of the country and I don't want to get into changing anything as long as it is running well but I would like layered protection.

I think I'm still well protected. In addition to the PCTools Firewall, I am running Avast 5, Prevx (SafeOnline), and I Sandbox my browsers.

I have one of the Online Armor licenses, but this is a netbook and I really don't want a heavy app. but I might try it anyway. I too really like Run Safer.

 

Thanks for the further tips, bellgamin.

 

Thanks for the answers on Run Safer - it seems to be a great feature.


1. Now would it add anything in protection when already running DW?

2. Is there any difference in this area of OA's protection comparing its free and paid version?

3. Would you say there are any important differences between the free and paid version of OA overall?

 

... may cause BSOD

 

DW main emphasis is on running threatgates as untrusted, thereby isolating them & their outputs from your computer's groin area. ("Threatgates = browsers, email clients, etc.)

OA can achieve similar protection of threatgates IF the user runs them as Run Safer. With OA, that is optional, whereas with DW "untrusted status" is more automatic. Therefore, DW is perhaps a better choice for careless or inept users.

Both DW & OA can also protect ANY app (not just threatgates) . . .
+ DW will run ANY application as untrusted if the user adds it to the untrusted list.
+By the same token, with OA the user can easily run ANY application as Run Safer.

Bottom Line (my opinions)- - -

OA in addition to DW? NOT a good idea. The combo might cause some instability. Also, it is unnecessary duplication of protection.

OA INSTEAD of DW? - - -
+For protecting a careless or inept user against his own mistakes (where 10=perfectly idiot-proof), DW is a 9.8, OA is 9.5.
+As to degree of protection, both DW & OA are top tier. The choice comes down to trying each of them so as to determine which one of these 2 *feels better* to you & your computer. (I suggest you ALWAYS make an image of your system disk before trialing ANY complex security app such as DW & OA.)

Goto HERE, scroll down to display of OA versions, click on "Show Features" and you shall have your answer. (Be sure you have allowed Java Script for this site or the "Show Features" won't work.)

See answer to #2 above & judge for yourself.

IMO, I prefer the paid version *primarily* because I am a tweak freak & actually use the paid version's "Advanced" features. (I also like Tabasco on my french fries.)

 

Thank you, I love thorough but precise answers. This answered my questions to give me enough insight.

 

How about the PC Tools FW and Threatfire?

The PC Tools FW seems to be quite light on resources, and the UI is decent. It's also free.

Threatfire would then seem to add in the features that might be missing from the PC Tools FW. It's also free. In addition, they're both PC Tools products, so maybe they've done testing to ensure they're compatible?

Both products also claim to work with 64-bit Windows.

 

It's a good combo IMO. TF isn't a full-scope classic HIPS. It is a behavior blocker. However, it allows the user to set advanced rules; therefore it can cover almost as much as a classic HIPS in the hands of a proficient user.

If you decide to try TF, I suggest you read suggested rules by Kees at following threads...
https://www.wilderssecurity.com/showthread.php?t=183020
https://www.wilderssecurity.com/showthread.php?t=253507
https://www.wilderssecurity.com/showthread.php?t=191802
https://www.wilderssecurity.com/showthread.php?t=234443
https://www.wilderssecurity.com/showpost.php?p=1059723

I haven't sorted through the above threads in a long while. Not all of them pertain directly to TF, but all of them contain excellent suggestions as to registry hives & files that might ought to be protected via TF's advanced rules.