Preview of Outpost 2010 features

Discussion in 'other firewalls' started by CogitoTesting, Dec 11, 2009.

Thread Status:
Not open for further replies.
  1. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    New Anti-Malware features in Outpost 7 part 2:
    http://agnitumblog.blogspot.com/2010/02/anti-malware-part-2-auto-updated-engine.html
     
  2. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    I think it will be 2011 before they get 2010 out the front door.

    I just really hope their alerts get a makeover, it's the main thing that's stopping me from reinstalling OPP.
     
  3. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    This is like watching that proverbial pot of water trying to boil, uh?

    What don't you like about the alerts? Personally I find them concise and to the point compared to other firewalls I've tried. What do you think is missing?
     
  4. Kapiti

    Kapiti Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    274
    Location:
    Paraparaumu NZ
    I use OutPost Pro and like it a lot, but 1Boss1 has a point in regards the alerts. Whenever I receive an alert from Outpost I takes me a moment to release that it's an alert from Outpost and not from another programme. In my opinion it need a more striking alarm type alert rather than the one given at the present. Saying that, the present alert is not enough to stop me using Outpost Pro, I've used most firewalls on the market to-day and in my opinion Outpost Pro beat them all:)
     
  5. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    They are not that informative to me, i'm often left staring at an alert with absolutely no clue what it means or if i should even allow it or not. Some actions, the alerts contain so little info and are so vague the dialog may as well just say "We detected something".

    Here is a very simple one:

    TU-Alert.png

    Ok there's something called TU.exe calling out, but where on my machine is it? Is that the one in program files, or a piece of malware in system32 with the same file name and resource icon?

    Where is it connecting to, is it going to an FTP dump in Russia to drop off my passwords? Who knows.

    TU-Alert2.png

    Ah that's better, it's the TU.exe in my program files, the publisher is verified, i can see what server, IP and port it's connecting to and in one click i can get the full whois and hosting details.

    Right away i can apply granular rules right down to the port level and so on. All the info is laid out, no killing workflow by hovering on things waiting for some tooltip to popup a path etc. The above screenshots were just a simple example of what i mean.

    So personally i just find the information presented in OPP to be lacking and what to do relies on gut instinct more than sound info presented.

    But anyhow, i also hope 2010 allows for an .ini setting to write the logs to an alternate location or drive. With more people running SSD's deferring the constant small writes over on to a mechanical disk (or RAM Disk) would be great.
     
  6. wat0114

    wat0114 Guest

    1boss1, in the Outpost alert it can be seen the tu.exe belongs to the program Total Uninstall. You do have a point that the MD alert displays more detail, and the option to create a granular rule is available, but so much information can be too confusing to those with less technical expertise. Agnitum I believe wants to make it easier for the typical home user, who certainly outnumber the more technical savvy. A balance has to be struck somewhere, I guess.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    DNS request is port 53 -> dns resolving -> name to ip
     
  8. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Is it how do you know? I could compile an exe that sends all your passwords out and then deletes your user space, and just give the exe file description and resource icon the same as Total Uninstall.

    I don't feel comfortable at all blindly clicking "Allow" because something called TU.exe that's located somewhere on my computer is connecting to some other computer somewhere in the world. It's just guess work, and there's not much room for guesswork when one bad click can get your system owned.

    It's not to hard to have a checkbox "Comprehensive Alerts" and display important data like the fact the author of TU.exe has done Photo ID and Phone verification to get a digital software certificate and the executable hasn't been tampered with, where on my machine it's located, and what web servers it's connecting my PC to in order to exchange data.

    Then they can satisfy a larger audience and in turn increase sales.

    But as i said, the TU.exe was a very simple one i can show much better examples where the info is very lacking.

    Also, i showed my partner the alerts who is a typical home user. For OPP she said "TU is starting up", she had no idea what "Submitting a DNS Request" was so didn't know it was connecting out.

    For the other alert she said "It's downloading from that website", which is not quite right either but close.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    you talk about apples and oranges.
    wat has right so far as MD shows the better information.

    "veryfied" says: digital signature was approved and not faked.
    that does Outpost not show! (thats why i like MD)

    anyway i think thats not the point here.
    either a program is trusted to have outbound traffic - or not.
    a simple yes/no - the rest is icing - and RTFM.
     
  10. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    If you click Smart Advisor it will tell you many things including file location, PID, file SHA and size.

    OP uses the SHA signature to identify applications. If the app identity doesn't match then it'll say unknown application rather than as in your case where it says Total Uninstaller at the top of your screen shot.


    If you wrote an app called TU.exe it would not call it Total Uninstaller as it does now because the signatures wouldn't match. Signatures are collected and sent to users via the Improvenet program and as I said they are shown when you click Smart Advisor.


    Probably so. That Smart Advisor could be a little smarter than it is.


    . For a typical home user the point is to not show any dialogs at all. Improvenet can automatically make these rules using preset rules defined by Agnitum which matches the application signatures.

    But I do get your point that at times you do want more information and it could be provided either with the Advisor or make the dialog bigger and putting more details there.
     
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    reason that i dont like that feature at all - usefull for newbies.
    but how should that help so far? my critics are that user gives away control.
    Improvenet seems to me a majority decision.

    there is something similar at Anvir Taskmanager - if a program is out of
    regular path the "bad" indicator grows damn fast.
    Or Hijackthis - a program gets "bad" if the usual path does not fit.
     
  12. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    For people that like to tweak then I agree that it does give control away. It's purpose is to get new users up and running quickly with a ruleset that is safe since it's been looked over by the Agnitum guys. More advanced users will prefer to tighten the rules so they can be much more restrictive.

    The path is a bad measure of an applications authenticity. I almost always place them elsewhere. The SHA signature from an authentic application is pretty much foolproof.
     
  13. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,841
    Location:
    KEEP USA GREAT
    Its plain as day what the pop-up is for!!
     

    Attached Files:

    • tu.jpg
      tu.jpg
      File size:
      30.5 KB
      Views:
      1,173
  14. Technic

    Technic Registered Member

    Joined:
    Aug 31, 2005
    Posts:
    430
    Not for me!


    :D
     
  15. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,841
    Location:
    KEEP USA GREAT
    I can believe it.....*puppy*
     
  16. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Who would pay for a software firewall these days...
     
  17. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    If you used OP you'd know. ;)
     
  18. Trailblazerman

    Trailblazerman Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    23
    What is MD that 1boss1 is referring to? I really like that alert format! I am also an Outpost owner who has not installed it yet on new Win 7 x64 install.

    Thanks!
     
  19. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Malware defender
    http://www.torchsoft.com/en/md_information.html
    Outpost has 64bit version whereas i dont believe MD has.Whether this makes a difference in the scheme of things i dont know?
    ellison
     
  20. falkor

    falkor Registered Member

    Joined:
    Sep 26, 2009
    Posts:
    205
    Try to trust me when I say you do NOT want Agnitum to release too quickly . They have done this in the past and what a nightmare . They need to take their time and get it right .
     
  21. Trailblazerman

    Trailblazerman Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    23
    Thanks Ellison. Never heard of it...I'll check it out!
     
  22. qpok

    qpok Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    63
    A new Agnitum blog post explaining the file and registry activity monitor: http://agnitumblog.blogspot.com/2010/03/on-road-to-70-file-and-registry.html

    I hope that holds water as I've dragged on with Windows firewall while waiting for the public beta release.
     
  23. Technic

    Technic Registered Member

    Joined:
    Aug 31, 2005
    Posts:
    430
    So where is the file? :p

    We are living year 2010 atm. Open beta, soon...:argh:
     
  24. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    So is it going to be file/folder read, write, delete.. control (manipulation permissions) and manual adding of registry and files/folders to guard or not?

    Somebody from beta testing people of Outpost support forum willing to answer?
     
  25. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    Nope, beta testers can't say because if they say they won't be beta testers for long. And I like testing new versions that are just released privately.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.