Application Control

I have absolutely no problem paying for GhostWall.

If it had app control I would gladly pay.

I just don't like appdefend that's all. And I love ghostwall. But ofcourse, I can't use it without app control.

Please Jason. I'll give you money if that's what this is all about.

 

You can of course also decide not to have a software firewall on your
computer(s), but to buy a external one.
Seperate or in combination with a router or so.
That way it doesn't have any negative performance impact on your computer resources,
you only need one in your network, and don't have to worry that
it will be disabled by a trojan or so.
And it has other extra pro's as well.

Then having a application like AppDefend that will control
the outgoing application network traffic,
is also a logical, secure and perfect solution.

And there are plenty of Firewalls with application control out there.

AND:

I agree with the above, and i think there is also another reason,
to have a firewall-only firewall.
Because there are still lots of users out there, that still want to use the old
system of building their own security system,
by stacking their own choosen products.

Anyway, The only real reason for wanting to have Application-control
added, is because it is going to be free, but as history proofs,
it won't be better.

.

Except if those 'productive things' are testing Security Software,
and that IS your core-business ...

And there are people who collect stamps or coins,
please allow others to collect Security Software as well..

 

Not quite "perfect", since AppDefend only identifies when an EXE makes an explicit outbound connection attempt. It doesn't monitor components, or watch for things like EXEs sending URLs to other applications.

 

I already have a router. It does it's job.

I use look'n'stop now.

I want to switch to ghostwall because it uses alot less resources.

I need app control.

I don't want appdefend because it comes bundled with regdefend and plus is has way too many features that I don't need.

Ghostwall seems like it would be perfect for me if it had app control.

Jason, just give us a plain yes or no answer.

Also, it wouldn't make sense for me to run ghostwall if I have a router right?

 

meargh wrote:

You are correct, for this moment, but i was refering to future
versions.
Because i am convinced that if Jason decides that Application
outbound control must be done with this application instead of a/his firewall
that he will have look at this in near future (in release / not Beta) versions

 

Hi ,

At this point in time alert based Application Control will most likely not be added to GhostWall. I like the fact GhostWall is simple and sits on my system tray not alerting to me unless I want to click onto it. GhostWall will be getting some more features soon which will make it somewhat exceed that of a common router/firewall, however at this stage unless you want the "stats" information GhostWall provides, a hardware router or firewall could easily replace what GhostWall does, network wise. There is a possibility non alert based application control (as in explorer.exe can visit 127.0.0.1 but nowhere else) will make it into GhostWall, but it isn't certain at this stage.

AppDefend along similar lines to GhostWall, isn't bloatware, but one of its jobs is to "ask the user" certain things. As such it is better suited to application type requirements than GhostWall is.

 

Hey, thanks for the reply Jason.

So basically what you are saying is that I am not benefiting from ghostwall as it is right now because I have a router right?

I just want to make sure.

Anyways, I am using LNS right now because I need app control. But does that mean that the "internet filtering" part of LNS is not need since the router I have takes care of that as well?

If that's the case, then really all I am looking for is a way to allow/deny applications the right to internet access, which mean AppDefend might be good for me after all.

I did the firewall test at pcflank and I see my ports are stealthed wether I have internet filtering in LNS enabled/disabled. So what is it really doing for me? I guess I don't need it since the router will take care of it right?

Also, is Gostwall and LNS's internet filtering part basically the same thing?

man... i am a confused kid...

 

Hi GSownz,
To clarify for ya,nat routers are exallent 'inbound' firewalls becuase they keep track of what has left your computer,and will only allow 'back in' what it is expecting to receive according to what has left your computer,everything else is dropped (blocked). But they don't provide outbound protection,you need something (like a software firewall) to monitor the outbound stuff.

 

And to make it even more complicated,
if your software firewall notice that a new application wants
to have Internet Access it will ask you if you want that.

Normally this is software that is installed by the same user who needs to answer this question.

It can be difficult to decide when NOT to allow access.
And if you give access to a, for your idea legitimate application,
it is almost impossible to know WHAT kind of information is transfered.

Of course you have networksniffers etc.,
but if you look at the amount of data that sometimes is transfered,
it is almost impossible to know what is sent.
And it can even be crypted somehow as well.

In the past, we have seen this over and over again,
that well-known software companies have secretly sent
personal data for some reason.

In all these cases, this was software that you normally would
give access to the Internet.

There are even people that don't trust what XP is sending
see this:
http://xp-antispy.org/content/view/12/40/

So in the end it is always a matter of trust, and hope you make the right decision.

 

tonyjl and tuatara, I appreciate your replies, but you don't answer my question at all.

I am basically trying to determine the following:

1) Is Ghostwall and LNS's Internet Filtering the same thing? If not, which is better?

2) Do I need GhostWall if I already have a router? If so, Why?

3) Do I need LNS's Internet Filtering if I already have a router? If so, Why?

Sorry if I ask too many questions. But I really want to know if switching to GhostWall or possibly AppDefend would be a smart move for me.

 

hi GSownz

1) Regarding INBOUND about the same,
this means that both firewalls protect you in about the same
way regarding hacker-attempts etc. FROM the Internet or other networks.

2) That really depends on the router and setup.
there are routers that have a firewall built in.
Like 80% of the broadband (DSL/CABLE) routers have today.
In that case you don't need a firewall to protect your pc
READ THIS CAREFULLY: regarding the protection from dangers FROM THE INTERNET.
(you are not protected from computers in your private network,
or from applications that 'phone-home' from your PC = outbound).

3) If the router is router only, it depends on what exactly it does,
in the worst case scenario, it doesn't do NAT or anything like that
and gives you no protection at all.
But for example a Cisco router WITHOUT a firewall can still
use access-lists that can also give you protection for this.


So, you must know these things:

1) What kind of router do you have, how is it conifgured?
2) has it a firewall built-in, and is it enabled, and if so how?
3) Do you want to have outbound protection
or with other words, do you want to decide which of your computer applications/progs is allowed to have a Internet Connection.

What you can do, is test your protection by visiting shields-up:
http://grc.com/

and try to see what happens if your disable your pc's firewall
for a minute, and check your router that way.

Hope this makes things a bit clearer, if not please ask.

 

tuatara, thanks alot for taking the time, I really appreciate it.

I performed the shields-up tests on both of my computers.

One PC uses LNS, the other, GhostWall.

I Disabled GW and LNS (leaving only my router's firewall on)

I passed the tests with flying colors. All ports stealthed.

The router I use is Linksys WRT54G and here is a screenshot of my settings:


http://img440.imageshack.us/img440/1200/fw7yl.th.gif


So I guess it is safe to assume that ghostwall is not required for someone who has a router-firewall.

By that same token, LNS's "Internet Filtering" is not needed either. So all I really need is application control which I can get from LNS by disableing internet filtering and leaving only "App Filtering" enabled. ---- OR --- I can get AppDefend to handle this department.

I don't really care about passing leaktests either. Less memory usage is more important to me. LNS uses about 3,000k on my system so that's pretty good.

Ok lets just clarify this one more time just to make sure I am not confused here. I have a router, which means all I need is a way to control applications from internet access and i'll be fine. At least this is what I have been lead to believe... Any objections to that?

 

appdefend is what you need I guess + gives you the control of your whole setup .. the rest is up to you ...
It's like having a firewall because you can use the app filtering (outbound protection) seems like using a firewall with an antivirus/antispyware modules built in just to disable the av/as module for whatever reason ...

 

So I guess it is safe to assume that ghostwall is not required for someone who has a router-firewall.

--> That is correct in this case

By that same token, LNS's "Internet Filtering" is not needed either. So all I really need is application control which I can get from LNS by disableing internet filtering and leaving only "App Filtering" enabled. ---- OR --- I can get AppDefend to handle this department.

--> Yes, but to be honest, i expect that AppDefend can and will improve
it's control on outbound traffic.

I don't really care about passing leaktests either. Less memory usage is more important to me. LNS uses about 3,000k on my system so that's pretty good.

--> You must ask yourself what kind of information is on my
pc that i don't want to share with others.
perhaps there is none, perhaps this is an important item for you.

--> yes, it is nice that your security programs don't have too much
performance impact on your system.
Or with other words, prevent you from running your favorite
software in a normal way.
Perfomance impact is for me a important selection criterium/item.


Ok lets just clarify this one more time just to make sure I am not confused here. I have a router, which means all I need is a way to control applications from internet access and i'll be fine. At least this is what I have been lead to believe... Any objections to that?

--> In this case you are right, but not generally spoken,
you have said that the shields-up test was fine, even
with your pc sw firewall disabled.

--> In that scenario only outbound control is important. regarding the
regular firewall features.

But as discussed earlier, everyone has different idea's on what
a firewall must do.
Two most extreme difference is comparing Ghostwall with Tiny Personal Firewall 2005 pro
Both are excellent firewalls but are COMPLETELY different.
One is a firewall-only for the other one the real firewall part
is perhaps 5 percent. of the application.

 

tuatara, thanks again. You have been very helpful

Since I only have 1 license for LNS, and two computers to protect, I will have to make my decision.

Purchase another LNS license or get AppDefend.

I tried appdefend on this computer but I didn't like the fact that it came bundled with other software that i don't want installed on my system.

But, I will give it a 2-week trial on my other PC and see how it goes.

 

I like the idea of GhostWall, but I cannot use it because it does not have the application controlling feature. The problem situated on the user side because I do not have enought knowledge on firewalls and computer security to configure my firewall perfectly without application controlling feature. It would be difficutlt to predefine such a rules that presume preliminary knowledge about the network security and etc.

So I am using my Sygate Personal Firewall which is sutable for ordinary user. But I prefer to change it to the GhostWall because of its low ressouce and efficiency.

 

well i read over a bit on the windows firewall and i found that it does actually have a tiny, little sliver of outbound control....very primitive though, but it is some kind of outbound control! if ghostwall were supposed to be a better firewall to WF, then i think the next version should include a simple outbound control feature as well or else it will probably lack a few things the simplistic WF has. i understand your argument on what a 'true firewall' is but ghostwall is not as popular in being used because it doesnt even have outbound protection (or any hint of it at all) and adding in a tiny outbound control feature wouldnt destroy appdefend's purpose or anything, it would probably just help the firewall be a bit stronger in defense AND leak tests. WF got destroyed in any leak test and probably this wouldnt do good either without some kind of outbound protection. i don't think something huge should be implemented that eats up a lot more ram and resources, but adding in something small would be perfect! remember, a firewall is much like a physical wall with doors. it should be able to control what walks through those doors by either closing/locking them...INCLUDING things trying to walk back outside through those walls or else its nothing more than a wall with a hole in it where people can jump through to get back out.

still, i like ghostwall, but i'm sure a LOT of people would appreciate it having some kind of outbound protection (even if it were small)

 

I might be getting this wrong, but a Firewall is needed for incoming protection. They stop the packets just before they get in the 'Door', as it has been said.

With Appdefend, an app is not even able to get permission to use the network. It seems better to stop a program from getting permission to use the net, than to try to intercept the information just before it gets out.

Gary

 

Well, after reading through this thread, I have gone back and forth on the subject of application filtering (after all, it's a woman's right to change her mind. ).

In the past I have used ZA Free, then ZA Pro, and then back to ZA Free. I had gotten real used to Application Control. I always liked knowing what applications were requesting access to the internet. ZA Pro went way overboard, so back to ZA Free. After all, it did a great job as a firewall, which is ALL I want a firewall to do. But since the two firewalls I had used to date both had application filtering, I thought application filtering was an integral and needed part of a firewall.

After rebuilding my PC I decided to try Ghost Firewall. I had always trusted Jason, and have a lot of respect for the tools he has built. Right away I noticed something was strange - no application control. This really concerned me because I like to know what applications have access to the internet. But now I'm wondering how valuable that really is.

I do agree that even trusted apps can send slightly personal data over the internet that I would rather them not do. But stopping that, and at the same time allowing it to do what it needs to do over the internet, would be very difficult.

So I think I have now decided that as long as I am really good about only letting VERY TRUSTED applications run on my PC, then I should not have a real problem letting all of them have unlimited access to the internet.

Right now I am using PG to control what applications run on my PC, and I am confident that ONLY VERY TRUSTED apps are running on my PC now, so I think I am as protected as one can be, even without app control within my firewall.

Comments?

 

I am very interested in this as like Daisy I am waiting for a new build on my computer and want to have a level of security which does not hog the system overlapping the security with my router - fully stealthed with this but running Outpost for application control.

I like Jason's approach about firewalls loosing their way & purpose.
I have considered LnS (light & didn't realise that it could be used for app. control only)

I hope to maintain a strict policy on software installs and trust as far as we can the software I know.
I never let software (apart from security) go wandering off to check for updates (do this myself)

I am behind a router firewall so inbound is taken care off therefore like Daisy I would like to have the comfort in knowing what may be going out but hopefully not at the expense of resources or overlaps. I have searched and asked a lot of questions but still have the dilemma when my computer has got to the stage of installing security specifically the firewall

 

Hi, Robyn!

I have tried Jason's firewall and found it to be very light. Right now I am comparing it to Kerio's free firewall. With all of their bells and whistles turned off (which is basically all you get with the free version), it also seems to be light. This is compared to Zone Alarm Pro and Free, both which I have used since I learned how to turn on a PC.

I'll probably wind up uninstalling Kerio and go with Ghostwall, but if you like to have excellent App control and a light firewall, Kerio seems to be pretty good!

 

Thanks Daisy

I am considering everything in this post and in others. Ghostwall sounds great as it hasn't lost its way regrading resources.
I have used severaly firewalls over time but when they start to add bells and whistles I realise I have added to my resource usage.
My main PC will be powerful enough to cope & it is difficult to come away from the 'what application is doing what'
I will focus a lot on browser based security and filtering.

I will not rush into a hasty decision even if my computer is ready soon - it will have the very basic of installs regarding software to begin with (hopefully to continue) I will be behind my router and hopefully have a firewall which does not just add bloat but gives me a little control.
I am actually reconsidering a lot of things and perhaps re-format my laptop to keep it 'lean & speedy' for browsing and e-mail and then test one of the lighter firewalls.

I definitely will have browser protection plus an AV etc but have to decide just how much control I want with my applications.
I am not into online games/p2p or visit dodgy sites I don't just install something on a whim either.
Thanks for your extra advice even when you are trying to configure your own level of app. control.

 

It seems to me that any software firewall worth installing on XP must be able to monitor traffic in BOTH directions, otherwise it's pointless since the Windows Firewall already monitors incoming traffic - installing Ghost merely duplicates what XP already has (especially the improved SP2 version).

We are constantly being reminded that the Windows XP firewall is inadequate since it only monitors incoming traffic, so on that basis, Ghost is also inadequate. A 'true' firewall monitors both ways (or should do) in my opinion.

It seems only logical to me that any firewall you install should monitor both ways and not need a second application to give you bi-directional protection.

Judging by the majority of previous posts, mine is not a minority view. I can't help thinking that, with Ghost in it's present form, many would-be users will instead choose (or stay with) the excellent (though a little too resource-hungry) free version of ZoneAlarm which doesn't need a separate utility to monitor outgoing traffic at application level.

 

although ghostwall doesnt have app control, iirc u can make rules for outbound traffic.

as for incoming traffic, ghostwall lets u make rules for blocking certain IPs which kinda makes its more powerful than the Windows Firewall.

like u tho, i do prefer a firewall with application control.

 

I must have missed something....

why can't you use Appdefend for application control and Ghostwall for IP/port control??

do they not play well together?

damn I miss Atgard!!!