Private Firewall Updated (again)

It runs great with Emsisoft Anti-Malware. (See my signature.)

I wouldn't recommend running it alongside Online Armor as they are both Firewall/HIPS/Anti-Logger apps and will (most likely) cause conflicts.

Choose either OA or PrivateFirewall depending on your particular needs or whichever runs best on your machine. I have used both extensively and think both are great...however, PF runs much more smoothly and quietly on my setup (in terms of much lower CPU and RAM usage) and therefore is what I choose.

 

Hi all

Quick Question:

There is an option in "Advanced Application Settings" to run any detected process as "Limited". Is this a comparable to OA's "Run Safer" and SS's "Restricted Application" feature? In practice, does it have the same effect as running an app/process with reduced rights?

 

Thanks. I'm running a demo of Emsisoft and OA... (i've found a good deal). If this combo causes some problem, i'll try PF.

Regards

 

Yes. Right click the process and choose "limited" and you will be running the app with reduced rights similarly to OA's "run safer".

(That's a feature request I had brought up with Greg some while back and which he and his staff were able to incorporate in later releases. )

 

That's the best way to go.

 

Thanks Blues7. Great feature! Overall, great FW/HIPS/AL!

 

The "Limited" click spot takes a bit of digging. To reach it:

Open PFW's main GUI. Click "File" in upper mid-left margin of GUI. Then click . . .

settings>advanced>detected applications>processes tab>Right click the process & click on "Limited."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I prefer NOT to use this feature of PFW. Reason: it can (for example) interfere with updates to limited processes (such as Firefox). Instead I use Drop My Rights (DMR). Using Firefox as an example -- my launcher has a link to "safe" FF (using DMR) and also "unsafe" FF (NOT using DMR). Ditto for my other internet-facing processes. However ------ To each his own...

 

Bill, fwiw, I use the "limited" feature and run Firefox and have never (yet) had an issue with my updates or anything else for that matter.

That said, it's good info to bear in mind.

 

That's good to know. However -- it makes me wonder. Namely, is it truly *good security* whereby PFW allows (for instance) an online app to change the executional guts (files/registries) of a "limited" FF whereas DMR does Not allow this?

In my less-than-encyclopedic understanding, "Limited" should mean (I think) that PFW has placed users of FF into limited-user status, so to speak. Therefore, changing the executional guts of FF (example) should be off-limits (I think). Otherwise --- if PFW's "limited" has not restricted changes to the executional guts of FF, then what exactly HAS it done to protect FF?

Of course, PFW's HIPS aspect will notify of a changed FF exe (which is part but NOT all of FF's executional guts), but only after-the-fact. On the other hand (with FF as my continuing example), DMR prevents changes to FF's executional guts from happening in the first place. For this reason, I always have to use my "unsafe" version of internet-facing apps when they are being updated.

The bottom line of my questioning attitude is THIS --- If PFW's "limited" status offers me NO discernible inconvenience, then perhaps it does not inconvenience the bad guys, either.

 

Bill,

I can't say, having never used DMR. (I do use the "Drop Rights" setting within Sandboxie, however.)

That said, when running Online Armor over the past several years I religiously used "Run Safer" (their limited rights setting) with Firefox and never had any problems updating Firefox or extensions either. So, this doesn't seem to be exclusive to PrivateFirewall.

Perhaps the setting just prevents the limited apps from making changes to critical system settings.
(Greg may be able to provide more info on this and I've emailed him a link to this discussion.)

 

Well, i've installed PF before OA, for testing purpose. Lighter but... BSOD at first run (some problem with memory). Not spanish language too... So, i uninstalled PF and now i'm trying OA again.

 

That would be great, since web-searching doesn't return any significant directly related result and the built-in help/user guide/site tutorial only mentions the existence of this feature. I'm very interested in how it works.

A few more questions, if i may (W7 Ultimate 32-bit/"Client for MS Networks" and "File and Printer Sharing" uninstalled & "NetBIOS over TCP/IP" and IPv6 (through registry) disabled --- PFW 7.0.25.5/"Internet Security" and "Network Security" set to HIGH in all profiles, "Process Monitor" set to HIGH, "Security Alert and Threat Management" set to MANUAL CONTROL ("Display alerts for blocked incoming/outgoing packets", "Disable Auto-Response" checked), "Process Detection" enabled & only PWI kept in "Trusted Publishers"):

1. Is it safe and/or secure to move (the IPv6 related, i believe) ff00::/8 and fe80::/64 to "Untrusted Networks"? BTW, my router's IP (sorry, not familiar with the terminology) isn't displayed correctly.

2. Should i uncheck any FW rules (especially, IPv6 related) in Internet/Local Network Settings? Any suggestions to harden things up?

3. It's my understanding that, in order to update from .25 to .26, i have to uninstall PFW. Is the built-in uninstaller sufficient or should i use Revo/Zsoft instead, just to avoid any possible leftovers?

PS. Hopefully, i'm not going off-topic here... Anyway, i didn't want to start yet another "PFW questions/recommendations" thread.

edit: I knew there was something more i'd like to ask.

4. Does PFW functions properly under SUA?

 

I must have missed that - I installed .26 over .25. The installer detected .25 and said it would upgrade it. Afterward it didn't ask for a reboot, but rebooting was in fact necessary for the "about" box to say that .26 was installed. It appears to work fine. Hopefully all the files were properly updated.

 

Avast doesn't have a signature What's wrong here?

 

I think that's just the temporary file that Avast creates when it runs the updater... not the actual software itself. Maybe that's why... avast.setup is deleted after the updater is finished.

 

Thanks for clarifying.

 

Bill, I just got this reply from Greg regarding the "limited" rights option in PF.
Hopefully it will help put things in some perspective:

"Limited Rights in Privatefirewall is similar to the User Account Control (UAC) provided in Windows 7 (and Vista). It drops Windows process privileges to minimum and disables administrators and power users group memberships in the process token (if current user is a member of one of these groups). “The primary difference between a standard user and an administrator is the level of access that the user has over core, protected areas of the computer. Administrators can change the system state, turn off the firewall, configure security policies, install a service or a driver that affects every user on the computer, and install software for the entire computer. Standard users cannot perform these tasks, and they can only install per-user software.

I hope this provides at least some helps clarify what is implemented in Privatefirewall.

More information regarding UAC is available here: http://technet.microsoft.com/en-us/library/cc709691(v=ws.10).aspx"

 

Every single time I export settings, uninstall the old and then install the new PF version, my computer freezes. I have no choice but to force a reboot. After the first reboot, I close the "Tip of the Day", select File --> Import Settings... and then the computer freezes again! After another force reboot, File -> Import, there is another computer freeze, and so once again I am compelled to yet again force reboot my computer. Only after the third force reboot am I allowed to import the PF-Settings. Is there a solution to this problem, or should I just give up and look for another firewall?

BTW, since I've read here that some of the people have got other issues with PF running together with Avast Free, I must say that I'm using Avast Free as well.

Thanks,

Koliko

 

koliko, I think you'd be best off discussing your particular issues with the developers:

https://www.privacyware.com/support_ticket.html

 

I will. Thank you, Blues.

 

My pleasure. They are very quick to respond...and if they don't have an immediate solution will work with you on providing one as quickly as possible.

 

They are very quick indeed. I am really impressed!

 

Somewhat confusing explanation... So, the PFW's "Limited Rights" feature has no effect under (the hybrid) PA account, as opposed to a pure Admin account? I thought of it as like an enforced DMR feature.

 

I believe the explanation, but actual results tend to be the acid test that I usually go by. To wit -- On my XP SP3 computer, PFW allows changes to (for example) a "limited" app's exe, whereas DropMyRights does not allow them.

 

Does anyone have compatibility issues between PF and DefenseWall?