This setup will pass all leaktests

Shek ......How come you state this.

if people use winxp sp2's ICF and Kav (real time protection with up-to-date extended database), what's the chance to get infected and sent out user's personal info by a malware? I think it is very low and the extra benefit from a better FW, which pass the leak test, will be less than 1%, i guess.

And you run all these?

AntiVir Personal Edition + EScan toolkit Utility + Jetico Firewall + Process Guard 3.0 (free version) + MJ Registry Watcher + F-secure Anti-spyware ( from Shaw Secure)+ Script Defender

 

Topper do you mean the 4th test of Wall breaker?

I'm not really sure what it does...Always acts the same no matter what I try.
I notice no modem flashes when I try it...does that mean I pass it.

The first 3 are a breeze with my FW

 

I'm just going by the results given here:- http://www.firewallleaktester.com/tests.htm

Plus the fact PG defeats all the ones ZAP fails on, save for WBreaker.

 

When I test for leaks.....I let PG pass them first..so I'm testing the FW alone.

I use Netveda now....and have trialed most of the others.

Like I said....block first 3 tests no problems....I am just not sure what the
forth one means....when I test it...it just says a "task has been scheduled at"
and lists the next minute.....but i see no flashes on my modem ....when I do it
So I assume I pass the test...

 

just wondering-

i do run all the apps in my signature to cover that 1%. although i know there is no big difference with a good av plus a traditional FW, no app filter, I just feel better and i also try different security combinations all the time.

my hypothesis for that statment is the majority of the computer user in the world is novice to computer security. Maybe they are experts in other field, but they don't know how to handle the pop-up warnings from advanced security apps such as jetico and process guard. So using these apps will cost them more. For example their system might crash and they have to discuss with tech support for hours so that they could not finish their professional work. IMHO, a good av and a traditional FW is enough for beginner. on the other hand, i am pretty sure that the people who visit forums like wilders security regularly are able to respond properly to the pop-up warning. of course, they could use whatever apps they like to.

 

I have come to the point where I have to define a new term "hobby computer security" as opposed computer security in the normal sense of the word. Hobby computer security is when installing and testing computer security applications becomes an end in itself, on one's home computer, were little useful work actually gets done. Perhaps, I can refine that definition later. Hobby computer security involves a lot of cutting edge stuff that is not ready for most users IMO. In that category I would have to include Process Guard, SSM and similar utilities, Jetico PF, Tiny PF and even some of the leaktest oriented optional features of products that are considered to be main stream like Zone Alarm.

Most of us have the freedom to put whatever we want (subject to budget restrictions) on our home PC's. However, I feel it is necessary to draw the line when folks act like all this advanced stuff is really necessary and start giving advice to clueless people who will be worse off with it, as shek noted. Its too bad more folks do not have that insight. I often get comments like "how could anyone serious about computer security not want application filtering". Those are people that concern me.

I am not too wild about the conclusions reached on the leaktest web site. Back in October it rated Looknstop as the top firewall. Anyone can check in the LnS support forum on this board and see just how many serious issues have been fixed (some in the form of beta drivers) since that time. It may be a decent firewall now, but I don't think it was then. The rating was based solely on one criteria that is not the only criteria for firewall performance. To me it is a perfect example of becoming enchanted with this leak test thing to the exclusion of all else. Just like the hunter who had the elephant centered in his telescopic sight, then a lion jumped out from the side and ate him. It never fails.

 

The best protection comes from all the process blockers, Winsonar is a prime example, the online mode will not let any process execute, period unless that mode is disabled and the process is added to the trusted list. The best part is that unlike app bound firewalls, Winsonar can be shut off when not needed.

 

Good response Shek.....Terse and to the point... you explained yourself well.

I see you felt no need to get on a pedestal and orate to the great unwashed
on the follies of our ways...and how stupid we are, for not following "HIS" one
true path for total bliss, world peace and computer security.

 

I can get you total bliss, but it is expensive.

 

Very good ...short and sweet......Plus ya gave me a good chuckle

 

First time isn't free?

 

The best bliss is always free, never paid.

 

There are many ways to pay...

 

Great post Diver!!!!

 

Yes, budfox is telling you that the setup I described will pass wallbreakers tests no problem. Copycat was an issue until I saw that PG wasnt protecting Firefox against modification. I passed every leaktest on the site of my original post.

As for the kernal mode..Netop installs a NDS driver which operates at ring zero. Since it operates here, the security is enabled before the network drivers are loaded. Also, since Netop uses a NDS driver, if the program is terminated, the driver remains still protecting the system

 

That driver thing sounds like a good design to me. I can't knock the company as they have several well regarded networking products, including their Remote Control and School applications.

 

As do all drivers

Look n Stop does this as well NetOp is undoubedly a good firewall, and probably better than many, but almost all firewalls install as a network driver and filter the traffic before it reaches the TCP/IP stack.. without this a firewall would be pretty much useless since anything running in user mode can not access hardware without requesting service from a driver. Generally the interface that you see and use just allow you to change the rules set in the driver. Some firewalls will continue filtering after the UI terminates, others will allow all traffic to, I suspect, ensure compatibility, however I'm sure this will change at some point in the future. Without the UI, however, it will not alert you to new applications trying to connect, it will simply filter the traffic, which is why it is important to have a strong set of rules. You wouldn't want it to block all traffic because it would make users on networks unable to log on.

I got that it does, but was asking how. Does NetOp alert you when something new tries to start a trusted application to connect, or did you just use the workaround of only allowing IE to run (via PG) or connect (via NetOp) just once so it alerts you to it each time? PG and NetOp may both be powerful applications, but they won't do a person any good if they don't know how to use it. It would be helpful to other members of the forum if you detailed how you achieve this protection. Pretty much everyone is here to learn

 

Hello all, wanted to hopefully jump in and clarify a couple of things - and I'm sure raise even more questions. BTW I am a tech with NetOp Desktop Firewall (NDF) and came accross this great exchange about the product, "everyone is here to learn" and Ive learned alot already just reading this thread.

Driver-centric: OK, kind of a marketing term initially but really does mean something pretty unique A lot of personal/desktop firewalls these days install both an NDIS and a TDI driver for traffic filtering true; however, NDF not only monitors communication but can also prevent processes from launching - similar to process gaurd but not something most other desktop firewalls do. This is handled completely by the NetOp driver, so if you exit the GUI and stop the service your rule set still applies - hence, driver-centric. Alot of other firewalls (i.e. application-centric) stop filtering and open right up if the service is stopped or disabled on the system, so their NDIS driver does not stand alone, it requires the service to function properly.

You're right in that no GUI means no pop up alerts, no service with NDF means you can not receive policy updates from the central server, and then ofcourse no driver means in this case no traffic filtering (disable the driver by unchecking the Danware Security checkbox in the LAN properties of the network adapter bindings).

NetOp will check processes twice according to a checksum, once when they try to execute and once when they attempt to communicate; however, to protect processes in memory from being altered or from dll and process injection attacks (like some of the leak test mentioned), PG is the way to go cuz it monitors all processes all the time while in memory and NDF doesnt do that yet. The combination of both is pretty powerful stuff and as many of you have pointed out - its all about taking the time to configure them.

Even with no driver the process firewall rules of Kill Program in NDF still apply however the packet filtering part will finally be disabled, and ofcourse no new rules can be created so the firewall is locked down to the current rule set only until the service and gui are restarted.

Also, process hijacking and process renaming fraud are prevented by NDF because it is aware of the parent process and identifies processes by their checksums not their names. So if there is a deny communication on the parent process and an allow on the process that is launched the more restrictive rule counts - I think this answers one of the posts earlier on in this thread.

More info on the NDF and the central Policy Server in the Evaluators Guide:
http://www.crossteccorp.com/support/resources/NDF3EvaluatorGuide.pdf

Hopefully this info has been useful, please comment at will but don't shoot to kill

Al

 

Thanks for dropping in Al.

Will it be okay....if I just shoot to scare?

Just a couple things.....No where on your site could I find the price.

Wouldn't it be a good marketing gimmic...to have the price easily found?

Another thing I noticed....You are asking a lot of personal sensitive info to

register .....on an un-locked page.

 

Well, here's the scoop. NetOp is developed by Danware Data A/S - Danish company and their site is www.netop.com but they've got distributors all over the world so price varies.

In the US if you're lookin' to buy NDF you would go to www.crossteccorp.com, prices listed here http://www.crossteccorp.com/buyit/index.html

BTW I forgot to make a mini-disclosure - the ideas presented in these posts are solely my own and not that of my company

Had to say it!

Al

 

Thanks for the quick reply

But what about the second part

Another thing I noticed....You are asking a lot of personal sensitive info to

register for a trail.....on an un-locked page.

 

Right, sorry.

Well the main difference with the NDF and the rest of the firewalls mentioned in this thread is that its not really designed or marketed for the home/personal user (although I use it at home as well as many security savvy end users, and in its first few versions it dud have a home/presonal version that was not centrally managed). So most people that sign up for trials provide their company info which is usually public knowledge, not their personal information. Nevertheless you make a valid point so I'll bring it up with the powers that be. Thanks.

 

Good quick response again.....Glad you joined the forum, you should be a great
help to persons wishing to shed their "training wheels" to learn more of the mysteries of setting up a firewall.

 

luky13,
Danware should create 5 and 10 client pack for Home/Family/Personal users (with policy server). That wuld help to spred this great firewall.

 

Yeah, there may be a market plan to target the home user at some point but not sure, atleast they kept the single license around... some vendors require an NDA just to test their product! Not sure what they've got to hide, but the NDF is up for the testing and the policy server doesnt require a dedicated server or sql backend, so you can install it at home real simple like. I dont recommend installing the policy server on the same box as the NDF cuz some key features wont work. Anyway I hope to get around the forum more, great stuff on all kinds of products.