Personal firewall

Discussion in 'other firewalls' started by sn00py, May 15, 2002.

Thread Status:
Not open for further replies.
  1. sn00py

    sn00py Registered Member

    Joined:
    May 15, 2002
    Posts:
    9
    Hi

    I am quite new to the security side of the net but am trying. After reading around I think I will settle with @guard3.2.2 and Keirio as firewall.

    If There Is A Reason Why I Should Not Please Kick Me !!

    Assuming i go this way and have read the faq I would then want to configure the in/out options.

    As most if not all of u have been at this longer than me what would your in/out list look like to maintain best security (Aware that u are never totaly secure) I would immagine there is a standard plus preference ??

    If i have overlooked an answer to the above somewhere then a nudge would be nice.

    later

    00 :)
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi  sn00py. No kicking around here, but following is my personal opinion.
    Using two firewalls together is not a good idea. Too much chance for conflicts of interest. Choose your firewall well, as it should do the job for you without any help from another.
    If you do not use Win2k SP2 or XP with ICS, then Outpost is an excellent choice for you since you had an interest in @Guard.   Here: WWW.agnitum.com
    @Guard is no longer supported and that is not a good choice to start with right now. You will find Outpost does much the same thing. You will also get excellent help if needed at the Agnitum Forum.
    Kerio is ok for some users, I prefer Outpost as it is more powerful, versatile, and a wonderful work in progress with improvements coming all the time.
    I imagine others will come along with their choices. Just ignore them. I was here first. He he he.  :D :cool:
     
  3. snowman

    snowman Guest

        Snoopy

        may I VERY much suggest the you take Root's advice an not use two firewalls....thats not a good idea at all!!!


                              snowman
     
  4. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Root, what criteria did you use to come to the conclusion Outpost is more powerful and versitile?
     
  5. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Hi Sn00py!
                    I think ZoneAlarm or Sygate are respectable firewalls, with ZoneAlarm being a little more user friendly! Sygate 5 (what I use) seems to work fine and is more configureable than ZA (free). The general consensus on this board seems to favor Look n' Stop. I've never tried it, but they have a "lite" version available for free !

               good luck !!
                                 bill   ;)
     
  6. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi UNICRON.
    Well, lets say I'm the kinda guy that like to see how things perform in the real world.
    I have been beta testing and moderating the forum for Outpost since almost the beginning. I have had users post results on having their machines placed under "heavy attack" by friends machines and still being able to surf with no loss of speed. As you know there are various levels of packet sniffing that can be accomplished by various firewall and IDSs. One of the things I like about Outpost is the ability to change certain settings in the IDS module to control the level of filtering that takes place.
    I have had several new users that switched from other firewalls which they had been faithful to say that their experience was that Outpost was a far superior product. I have had literally hundreds of positive responses to Outpost, and the negatives I can count on one hand.
    At present time, there are a couple of new features being implementated in the next version that is going to impact just how powerful Outpost will be, so I have to say, since the logging system is being re done, any statements I make concerning the current build may change somewhat. For the better I assume.
    I do not like to put other firewalls down as there are several good firewalls out there. Outpost is not just a firewall since it also incorporates plugins, and any programmer can add to the system if he/she so chooses.
    Currently there is ad/site filtering. content /site blocking, a DNS cache, active content filtering for ActiveX, cookies, JS, and VBS, java applets, referrers, and popup windows. These can be controlled on a site to site basis, except for referrers, which will come later.
    There is an email attachment filter and of course, the IDS, the attack detection module.
    The ability to write rules is virtually limitless, unlike some firewalls. I believe the next version will cover all ICMP types. What protocols that are not named in the rules is covered by an unknown setting that will take care of the rest.
    There is a trusted zone making it safe and easy to set up networking.
    There are other features that I am still learning about. Like I said this program is very versatile.
    I have not been able to find a scan test I cannot pass with stealth readings. It passes all leak tests but one or two now, and that has already been fixed in the next version.
    Powerful and versatile can be viewed as more subjective terms than objective, I think. To me powerful is the ability to set up the rules that I want to control all the traffic in and out of my computer without impacting the performance. Powerfull also means the ability to ward off any kind of attack for a sustained period of time and at the same time have the ability to intercept all local traffic seeking a connection out.
    Versatile, being the ability to do many things well, while still being able to perform its primary function of being a firewall. Outpost has done all this for me.
    If you have not given Outpost a fair trial, please do so. You may be surprised. I tried Kerio, and I like Outpost better.  :)

    PS Notice I didn't point you to the Agnitum comparison page. Just tried to give you my honest opinion.  :D
     
  7. controler

    controler Guest

    @Guard will not work with any operating system above Windows 98 ...
    You will have to get Symantec's version , since they bought @Guard.
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Hey root, since i have never tried Outpost before, I spent some time at http://www.agnitum.com and I have these initial comments:

    OPINION ONLY. MAKE YOUR OWN DECISONS.

    Other than some places where the report was just plain wrong like TPF/KPF can't run as a service, and splitting hairs on updating, the rest was quite informative.

    I would say however that most of the stuff that outpost does that TPF/KPF doesn't are not firewall related and are handled by Proximotron on my machine. I cannot say whether Outpost can do these things better than Proximotron (since I haven't tried it). I can say however that proximotron is the 400 pound gorilla of the content filtering world, so Outpost has their work cut out for themselves there.

    Also email virus checking is left to an actual anti-virus program on my machine (NOD32). I won't even bother stating who I think can do this job better.

    So if we remove stuff that is better left to dedicated programs, the few things left are trivial. Who needs presets for applications?

    The ONLY feature I see that interests me is the ability for plug-in writing. As a programmer I have to admit that is a nice feature depending on the power and flexibility of the plug-in interface. However, open-source means I can get the source code, not write plug-ins, so in that case they overstate the open-source aspect. Hardly a valid comparison to Linux open-source. Also, "plug-in technology" is far from revolutionary.

    With normative statements presented in a positive statement manner, Agnitum is claiming their opinions are unchallengeable facts.

    Says who? You? me? This is an opinion, not a fact. Stuff like this leads me to think this product is targeted towards newbies. I am just supposed to believe this, and rush to "buy now"?

    Other statements are almost certainly a bare-face lie:

    Pretty strong words don't you think? ANY environment? NO MATTER WHAT? Hardly fair to say that to someone who might not know it is bull. D@mn near false advertising. If it was true, every trans-national corporation would throw away tens of thousands of dollars worth of  security equipment. Peace of mind is something that I won't have with Outpost after stuff like that.

    I am sure that Outpost is a fine firewall, but they shouldn't advertise it as something that it isn't.

    As I stated earlier, I have not tried Outpost, but I did download and install the SDK to see how extensive this open-source went. I plan to fully evaluate Outpost and see just how it works for ME personally. At that time I will decide to switch or not.

    Root, please don't take this as an attack on you or Outpost, but just my opinion (and surely not yours! lol) Feel free to reply in kind.

    Everyone else, you'll have to try it for yourselves.
     
  9. sn00py

    sn00py Registered Member

    Joined:
    May 15, 2002
    Posts:
    9
    Hi

    Well that was nice, think i'll drop @guard and stick with keirio for a minute and see how I get on. There seems to be a preferance angle to this, I have proxomitron,and Kasperski so maybe I dont need Outpost (maybe!!) to begin with but can move on to it when I know a bit more.

    Thank You All

    00 :)
     
  10. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Not true!
    AtGuard works with W2K
     
  11. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    snOOpy,

    In addition to what others have said about the possible vulnerabilities of running two software firewalls concurrently, I would like to add one thing about your particular suggestion.

    First, the ruleset in AtGuard and that in Kerio are configured in such a closely similar manner that any mistake you made in setting one up, you'd probably also make in setting up the other!  So, even if there's no conflict whatsoever, it's highly unlikely that you would get any added protection whatsoever.

    Let's see, anything else?  Oh, yeah -- compatible OSs for AtGuard.  It definitely works with the Win 9x series and Windows NT4.  It usually doesn't work with Win ME unless you pull off a third-party hack.  It almost always works with Windows 2000 Pro.  And it works rather poorly with Windows XP (no logging of firewall events, for sure).

    Finally, at least one of the alternative software firewalls suggested here (and I've now forgotten which one) balks at being run concurrently with another software firewall.  
     
  12. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi again, UNICRON. You said:

    "Root, please don't take this as an attack on you or Outpost, but just my opinion (and surely not yours! lol) Feel free to reply in kind."
    ----------------------------------------------------------------------

    Hey, after moderating at Agnitum for I don't know how long, my skin has become pretty thick. :) I never mind other people having their own opinion.
    Let's see, first of all, No, Outpost is not going to out filter Proxo, but it filters quite well for me and my requirements. There are different levels of concern for security and privacy and in my case its a high concern for security and a moderate concern for privacy. So Outpost works for me quite well.
    The comparison chart at Agnitum has been updated several times. It is difficult for Agnitum to get all the functions listed and kept up to date as they are constantly changing. They will make changes if people submit errors and they can verify it.
    The attachment filter actually works quite well for the design, but I too use another program to check my email. I use M@ilDefense, and it is the only other program I use for doing something Outpost will do.
    As for the advertising that Agnitum does and the statements they make - Mikhail and the Agnitum team are very passionate about their work. They truly feel they have a superior product, and of course they are trying to sell it. I don't believe anybody would knowingly make a false statement about the abilities of Outpost, but they make some statements that are purely their point of view. FWIW, I do feel completely confident that the firewall is protecting me in the manner that I believe it is designed to do. I am aware of its limitations. If you read through the posts at the Agnitum forum, I think you will notice that questions and problems are dealt with quickly, honestly, and thoroughly, with no BS.
    The plugins are "open architecture" not open source, I think is the way they put it. DMUT has made a couple of plugins that a couple of people have really liked. I am anxious for more programmers to start writing plugins as it will greatly enhance the product.
    I have had a couple of discussions with Paul about the putting all your eggs in one basket concept. He has a different feeling about it than I do and there are many that will take his "side" on this.
    I look at it like this. Outpost is my firewall. It also does some filtering that enhances my surfing privacy and speed. If Outpost fails, or if I were using Kerio and it failed, I would be loosing one IMPORTANT piece of my multitiered approach to security. I would also loose some filtering, but if that happened, I would be immediately aware and I could take steps to fix the problem. So in my mind, I don't see a problem with having Outpost do some filtering too.
    I look forward to your trying Outpost and getting back to me on what you think of it. I have found Outpost sells itself.
    If I missed something, sorry. I'm only on my second cup of coffee.  :D

    sn00py, hi. You're right, preference has a lot to do with it. Try some different ones and see what works for you. Please just try one at a time, and when you uninstall, clean the registry also. Test at the scan sites to see if your ruleset is working and you will be OK.
     
  13. sn00py

    sn00py Registered Member

    Joined:
    May 15, 2002
    Posts:
    9
    Hi

    It gets better but " Y " no one answered the second part of the question. Am i to assume it is very newbie of me to ask it ??

    I have the second part under Personal Firewall (2) if anyone would care to comment.

    later

    00 :)
     
  14. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Hey root, there is value in much of what you say. Without any real experience with Outpost, I will risk a guess and say Outpost is probably better suited to inexperienced computer users than say KPW/TPF with Proxo. Those do require a more intermediate skill level.

    A couple things though.

    1) KPF/TPF Has been able to run as a service since I started using them (TPF first of course). This is no new development.

    2) open-architecture by definition is not what they are offering. What they offer is access to thier interface if we are to be technical.


    3) if Proximotron fails, My browser can't hit the net anyway so it doesn't matter. The proxy is set in IE connection properties. IE can no longer live without proxo unless I reconfigure IE. This is one of Proxo's strengths.

    4) I shouldn't have to read the forum to "know what they meant" about the level of protection I can expect. If I am a newbie, I will have no idea what I can expect Outpost to do for me. Look at ZA pro; huge sales to people who don't understand why they are even buying it, but marketing is a powerful tool.

    One possible conflict I see is a clash beteween proxo and Outpost. Paul ZX said earier that it shouldn't be a problem so I hope not. I am unwilling to give up proxo now that I finally got around to using it.

    So wish me luck, I'll be installing it today after Macro Economics class.
     
  15. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    UNICRON, I'm glad to hear you are going to give it a try. I just replied to Paul about the Proxo issue. I trust you will be able to make it work, as it should.
    Unfortunately, I am going on vacation starting tomorrow for 10 days and won't be around a computer for over a week.  :'(
    Hopefully you are trying the pro version. If you have problems, Danil at the Outpost Forum can give you some excellent help. He is one of the developers team.
    As for the user skill level - It's one of those programs that a beginner can use with minimum learning curve, but it is sophisticated enough to be finely tweaked by more advanced users.
    It has a lot of features that are not immediately obvious, unfortunately, so some reading in the forum FAQ and the help file helps a lot.
    It is not perfect as it is still being developed. It is fun to learn how to use, and it does its job of protecting quit well while one learns the ins and outs.
    UNICRON, I agree with you in that Agnitum has made a couple of statements I wish they had not, and the wording in some areas is a bad choice, I think. Some of this may be due to translating ideas from Russian to English, but not all of it, I know.
    I have come to know Danil, and Mikhail over the past few months, and I think they are great people with a passion for their product. I think it will show in the end.
    regards
     
  16. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Well, we will see :).

    If you say the developers are good people I will take you at your work.

    Marketers have a hard time staying realistic sometimes I know. Who would want a product that advertises:

    "Buy our product and you'll get decent protection from most known baddies, but we did miss some. Also if a new baddie comes out you are on your own till we get a copy of it, and update our db. That shouldn't take more than a week. Oh one more thing, any REAL hacker will slice through this mickey mouse product easier than a light-sabre can chop off an arm. It is only meant for poor idiots since they would have no idea or money to run enterprise level equipment."

    Not alot of buyers for that product I bet, but probably closer to the truth in many cases (sadly). That quote was not intended for any one product but a class of products, and is only an exagerated dramatization. Please don't take offense anyone!

    PS have a good time on vacation. Do forget to go see star wars.
     
Loading...
Thread Status:
Not open for further replies.