ATGuard too old?

I've used ATGuard for years. When Norton bought it, I tried their bloated, awful, expensive version and rapidly went back to using ATGuard in its original form. It has never failed me, as far as I'm aware, and I love its simplicity and array of features. The only problem is that it hasn't obviously been updated in five years.

So recently I've been wondering if there are intruders around nowadays which contain technology that can circumvent ATGuard, so that once running on my disk they are able to connect out to the internet without ATGuard knowing?

If so, what firewalls should I look at, for Windows2000 SP4?
I've tried ZoneAlarm and absolutely hated it.
Comodo seems to be getting mixed reviews.
I don't mind paying for a new firewall.

cheers.

 

In terms of outbound traffic, there are plenty of methods to bypass AtGuard (though it is being updated, see AtGuard Support Forums back online). For inbound traffic it should still provide good protection.

However you could go the route of keeping AtGuard and installing a process firewall that also controls outbound traffic to supplement it, like System Safety Monitor or AppDefend (SSM appears to be the most actively developed currently, with frequent updates). These offer control over numerous actions in Windows (process launch, modification and termination, driver/service installs) so are worth considering even with the latest firewalls.

If you wish to consider an alternative firewall then check the results at FirewallLeaktester and evaluate the top 2 or 3 - the performance differences between them are small enough to make other factors (user interface, performance, etc) significant and what is best then will depend on your preference.

 

AtGuard doesn't even do crc/md5 checking itself, and the unofficial AtGuard project seemingly will just fix some of the problems which caused it not to run correctly on NT systems like XP, which it had serious problems with. In its day it was great, but things change.

Now leaktests.... in reality are exploiting the operating system through holes microsoft is not patching, and many of the leaktests just try to run through IE as a .dll It is very funny to see a so-called leaktest that exploit IE say it worked when iexplore.exe is not even on your system!

 

While many tests do target IE for demonstration purposes, the techniques they use (DLL/code injection, DDE/OLE automation, command-line parameters) can also work on many other programs (other browsers, email clients, download managers, etc). The only truly IE-specific leaktest I recall is TooLeaky which uses IE's "hidden window" option.

Aside from modifying other trusted applications to gain network access, another option is to modify the firewall itself (either by direct termination or by modifying it to allow their traffic - either by changing its configuration or code) and there are a couple of methods that use common protocols (DNS notably) for information transfer. AtGuard would not handle any of these.

Process modification can rightly be considered a Windows issue (there are ways of doing similar things in Unix/Linux but not so easily) but nevertheless many people do expect firewalls to address this, so many have now added functions to cover this.

 

Do you think 'look n stop' is a good replacement for ATGuard?
I also had a look at the 'outpost' website, and liked the look of that one.

They're the only two that I think I'd bother trying.

I am using NOD32 for my antivirus.


cheers.

 

http://www.matousec.com/projects/wi...ysis/leak-tests-results.php#firewalls-ratings

 

I disregarded that website for obtaining reliable information due to the posts on this forum which slate it for various reasons. Should that link be taken seriously? Why doesn't Comodo generally do very well in any other reviews I've read on the net?

 

Darn it.

I installed Comodo to see if I liked it, because some reviews were favourable.
It installed and loaded fine. However, then I enabled my internet connection and got a pop-up regarding 'services.exe'. I pressed 'allow', and my machine immmediately rebooted and wouldn't stop; windows couldn't load.
I had to use safemode to uninstall Comodo before I could get windows back.

I had NOD32 running whilst I installed/ran Comodo. Could that have been the incompatibility? I had turned off ATGuard, but not uninstalled it; it wasn't running and wasn't memory resident so I doubt that it caused the reboots?

Apart from that, I'm at a loss. any ideas?

 

When reading reviews just be sure they are talking about the 2.3+ version. Many reviews in the past were about the Comodo 1.1 which did not fair very well.

 

I run NOD32 with Comodo and they seem to get along just fine. But it may not hurt to disable NOD when you install. IIRC the Comodo site recommends that you uninstall any firewall before downloading and installing their firewall. So that could be an issue. Also, make sure you are downloading version 2.3.6.81 as the more recent versions are all still beta. There have been some reported problems running the betas.

Hope that helps.

 

I uninstalled my beloved ATGuard completely and tried Comodo again, but the same thing happened; constant reboots. Not a good start, and I doubt I'll ever try it again whilst I have this computer.

So I am trialing Outpost. I have reservations; it seems a little bloated to me.
Lots of people seem to be turning their back on Outpost.

 

Good luck, I ran AtGuard for years, and switched to Tiny 2.x due to AtGuard didn't run correctly on xp, which Tiny 2.x became Kerio 2.x that I continue to run to this day. In the end Kerio 2.x has been discontinued for years now, just like AtGuard, but I find all the other options bloated, along with more annoying to configure.

The rules in Tiny/Kerio 2.x were very similar to AtGuard, and it was an easy transition for me.

 

Yeah, outpost can be a little bloated with the default settings. I turn off all the stuff i do not need which helps to reduce the bloat a little bit. Currently i only use attack detection & antispyware plugins and i turn the logging feature off.
If you want something light then look'n'stop, jetico v1 and kerio 2.1.5 are all good.

 

Just an update.

Outpost seems fairly good. No major problems, and some nice features (although all the features do make it a tad complex compared to ATGuard). The three-year, single license is 25-30 euros at the moment, which isn't bad at all. I read somewhere that the spyware plugin wasn't good, but it caught about eight problems that both adaware and spybot missed.

I'm still annoyed that comodo didn't work on my PC, because I think it is more what I was looking for in the first place, but I'm not prepared to troubleshoot a problem which leads to complete system failure.

Thanks for the advice.

 

The spyware plugin is actually quite good imo. Its based on their anti-trojan app tauscan and its performed well in recent tests. It also has ID theft protection and a whole host of other options which almost make it an all in one protection. Just add an AV and you're well covered.

 

> It also has ID theft protection

I don't use it; it is a bit silly. If you want to sign into a forum or your bank, at the moment you have to disable it first.

Rather than just blocking your info regardless, it should prompt you. In addition there should be a list of domains/IPs where you don't even want to be prompted!

All I do really want to know is that a trojan or keylogger is trying to send some protected information to a thief or script kid somewhere in the background.

 

I've never had to disable it to do my online banking.

 

Really?
If I 'protect' my user names and passwords, OP4 doesn't let me enter them into any login form fields. I have to disable that part of the plugin before signing into a website.

 

Don't rely on this feature for that then. Like all other firewalls, Outpost's data blocking only works with non-encrypted traffic - most malware now encrypt their data. Indeed, it won't alert on https: sites for the same reason - they are encrypted.

The only use I can think of for such an option is to prevent you from mistakenly entering sensitive data (like a credit card number) on a non-encrypted webpage.

 

Ah, thanks for the information about malware encyptions; I didn't know that. So yes, that use is the only use I can think of too, but my browser already prompts me when a form is being sent unencrypted, so this feature is not really needed at all.