The best free firewall...

Discussion in 'other firewalls' started by fax, Aug 2, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
    Thank you.

    I cannot find the phrase 'default server' in my Router manual. Do you have a list of compatible Routers? Which Make and Model of Router do you have?
     
    Last edited: Aug 10, 2013
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Look under your NAT settings. Referred to as "NAT Default Mode." On my old Netopia 3347 router it has two config. options for NAT default mode; "default server" and "IP pass-through."
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
    I had looked at a shortened version of my Router's User Guide. I found the detailed User's Guide, and I do have the option for 'NAT Virtual Server'.

    How safe is adding a Honeypot? Are there any Security 'Risks' for having a Honeypot?
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    None that I am aware of. The unwanted traffic is being redirected to an IP address with nothing connected to it. It justs sits there till it times out.

    Note that if your a gamer you will have problems with this. A default server is also used for games where the inbound connection destination can not be predicted.
     
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
    Thank you.

    I need to do some research on Honeypots.
     
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    I've experimented with a bunch of firewalls on 64bit... Jettico...Fortknox...Net Peeker, OA, etc.. I've so far settle on PFW.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  8. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Well, Avast Free + ZoneAlarm Free did not play well on my Virtual Win 7 Ultimate x64. Basically it slowed to crawl and became unusable, but maybe that's just because it was a VM rather than conflicts. Also, I hadn't updated the VM for a long time so maybe Windows updates and old softwares were running havoc too.

    In any case, if anyone has had luck running Avast+ZoneAlarm together please let me know which components of Avast you chose not to install to avoid conflicts. (I tried to skip everything browser/web/network related).

    Of course if ZA does include some form of effective HIPS, then maybe it would be enough to just run it with MSE?

    Now as for MSE+Privatefirewall, I tested that on the same VM, and while it works, the VM did suffer a noticeable performance hit, and that's with PFW still in training mode. I also notice little issues, like MSE always starts off red (system at risk) in the system tray, and only turns green (system secure) when I click it. also, when I opened my downloads folder, which is on a VBox shared drive, MSE's CPU usage jumps very high and the folder refuses to load (or keeps loading forever). Also several times shutdown has frozen. fwiw, I allocated 4 GB of ram, 4 (virtual) cores and 64 MB of video memory to this VM, which is a lot by VM standards, but I do run it off a regular HDD as opposed to SSD. My actual system is on SSD so there should be much less slowdown.
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Normally ZA + AVAST is a good combo. I know several users having this setup without problems :thumb:
    I would suggest avoiding testing software with VM. You can get false sense of success or failure. Better the real machine and good imaging strategy.
     
  10. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Last edited: Aug 12, 2013
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    It does poorly on the Matousec leak test suite. That would make sense since the default security level for firewall is medium. Would be interesting if any one tested ZA firewall at high setting using the Matousec x64 test suite.

    Perhaps someone has run the old Comodo leak tests using the various ZA zone security levels?
     
  14. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    849
    I am currently running Online Armor with 360 Internet Security without any problems. Low resource usage and great protection. :)
     
  15. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Open program interface and click View Details under the Firewall tab -> click Settings for Application Control -> click Advanced Settings for more control (also I prefer to put the firewall setting to Max and DefenseNet to Manual, otherwise ZA may auto-block programs you want to work properly). Under Advanced Settings you can change trust settings under View Programs. Some pics below.

    Edit: Just to add, this is not a full HIPS in the sense that it doesn't seem to block or ask about new programs (exe launches). For example, when I launch EasyBCD, it will ask if I want to let the program connect to the internet (to look for updates) and when I use EasyBCD to add an entry to Windows boot menu, ZoneAlarm's HIPS will initially block that action and ask me whether to allow it or not. I assume it would similarly stop malicious programs from editing the MBR, boot files, sensitive registry entries and such, maybe start up entries, but it doesn't block the programs themselves from launching.
     

    Attached Files:

    Last edited: Aug 13, 2013
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Yes, application control has the HIPS component. A program can be assigned to a state of "kill", "trusted", "super trusted" or "no enforcement". This is under the smartdefense column. Safe applications will be automatically set permission/trust level based on the cloud database.

    In case the program is recognised as malware (cloud database) ZA will set it as "kill" and will not allow it to execute. "Trusted" software can only do some limited activity and "super trusted" will allow any suspicious action.

    Setting smartdefense to manual will still allow to consult the cloud database but give the user the choice. While "off" will cut the link to the cloud (not recommended).

    Please note that MS certified applications will override the application control whatever setting you apply. This is due to the mess many users did playing with MS files causing the systems all sorts of problems (hidden or not) then wrongly linked back to ZA. If you still want to play with safe MS applications and block them then you need to UNcheck "Enable Microsoft Catalog Utilization" (reboot the PC).

    Before anyone complaints, after 20 days of use your will get a pop-up asking you to rate your experience with ZA... you can of course opt out from the survey.

    Cheers,
    Fax
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ fax

    Yes I know the HIPS in ZA has never really been that advanced and you can´t even configure it precisely.

    @ pajenn

    Thanks for the pics, but I was actually looking for the programs control window, where you can see which apps have access to the web.

    That was the strong point from ZA back in the days, that you could quickly see that info. Looks like they completely screwed that up, so no ZA for me. :thumbd:
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Strong point? Just displaying 2 or three processes and nothing else? IMO, it was totally useless, thats why it was removed. Simply use the OS or Microsoft tools like TCPView and Process Explorer to understand in detail whatsup with your connections. No need to bloat ZA for this. :)
     
  19. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Not sure what you mean exactly by program control window, but if you pressed the 'View Programs' or 'Advanced Settings -> View Programs' in the last pic, then you can see and modify settings for specific processes.

    Specifically, you can set the Trust Level for a process (Super, Trusted, Restricted, Ask, Kill, or No Enforcement) and you can check(v)/cross(x)/ask(?) Outbound Trusted, Outbound Internet, Inbound Trusted, and Inbound Internet. However, I'm not sure yet how well those settings stick and whether they reset automatically when the exe file for the process is updated or modified, or if the internet access settings change as you change networks (which I do frequently in terms of VPN routes). For example, I could have sworn I okayed all 360 processes for full internet access (to avoid conflicts), but as I took the attached pic it seems they have mostly defaulted back to ask (?) setting.
     

    Attached Files:

  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    You have a lot of "?" is the defense net active or been turned off?
    When an exe is changed a new entry will be added and depending on your settings you will get a prompt. When you connect to a new network you should get a pop asking you to set it (public/trusted).
     
  21. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    DefenseNet is on and set to Manual.

    When I make a new VPN connection, ZA does ask me about public/trusted, but regardless of the answer I think it treats them as public, the first time at least. I had to change the firewall's zone setting to medium for public networks because at the high setting I had connection problems when connected to a (new?) VPN.
     
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ pajenn

    Thanks, that was exactly what I meant. ;)

    @ fax

    Are you kidding me? :blink:

    Call me crazy but I´m very picky when it comes to the GUI. These kind of settings and info should be visible straight away IMO. I hate "extra clicks".
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Just a matter of preferences. I personally like clean solutions, if something is done better by the OS I don't see why duplicate it somewhere else.
    But.... De gustibus non est disputandum... ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.