Firewall

Nobody said anything about the firewall . What do you think about it ?

I find it excellent . I tried Automatic mode and Interactive mode . Chose for myself Automatic . Works automatically and flawlessly , no user intervention .
In the help you can find that in Automatic mode blocks all unauthorised incoming connections and uses all default ougoing which is perfect in my opinion .

 

Works great for me as well.
Feels fast and very secure

 

Well i haven't test it but i wonder how many leaktest it can prevent

I also like a option to block an attacker for 1 hour if he scans my pc. I hope they will add this option in the future.

In the options there is a IDS section. You can find some known attacks that can be blocked. I first found there where where not many attacks blocked (IDS rules). But when i looked closer i found the folowing log entry:

"Detected ARP cache poisoning attack"

I cound not find this attack type in the options so there must be more rules (it think)

 

I'm planning on testing it this evening.
Curious how leaktest proof it is.

I am very impressed with the ani-hacker in KIS. Let's see if they can compare.

 

Hallo,I`ve checked the firewall too(leaktest) from http://www.pcflank.com/pcflankleaktest.htm
(in "Automatic and interactive modus).Results:failled.
I`m on line on DSL through one router.
My PC:windows XP home with SP2

 

From what I've gathered, the automatic mode is pretty much like that of XP integrated firewall. And one has to look to interactive mode for considerably dependable protection. Tell me if I'm wrong of course.

 

Make your tests with these leakers and post results to us: leak-test softwares
I cannot install ESS because my OS is 64 bit, but I am very curious about ESS performance in leak tests.

 

It has some issues with rules not being saved, and rule status for inbound/outbound won't update either.
Other than that, it's pretty easy to figure out.

 

But it has a critical lack of :

• Adding a subnet directly (configuring zones isn't that practical on a connection prompt)
• Exclusion mask : For example, for MSN Messenger I want to allow port 80 except for some subnets, which are ad servers. I have to create a rule to allow port 80, then a 'zone' containing the subnets, and then again, create a rule that blocks it. *NOT* very practical, either.
• Also, the interface isn't quick : you have to enable checkboxes, etc, losing time, and often timing out. Not very good IMO either.
• Leak test protection.
• Preset rules.

I'm sorry but for now it's not quite satisfying for me. That may however be normal since it's beta, I look forward to future releases.

 

Suggestion on Popup Windows Layout

Suggestion:

-[Firewall] In interactive mode, make the popup windows ALWAYS fit within the screen. As for my resolution 1024x768, when I expand the popup windows (when clicking on "Show Settings"), it always go below the bottom edge of my screen~~

It would be better if the popup windows re-position itself to fit inside screen~

 

I tested the Firewall with several leaktests.
All are tested in interactive mode

Leaktest results:

DNStester: FAIL
Tooleaky: PASS
Jumper: PASS
Leaktest 1.2: PASS
Outbound: PASS
PcAudit: PASS
PC Audit2: PASS
PCFlank leaktest: FAIL
Surfer: PASS
Thermite: PASS
Wallbreaker: FAIL
Yalta: FAIL


Failed 4 out of 12
pretty ok but still 4 too many.

Hope Eset will do something about it

 

Any one else tried the leaktests?

 

cant test it myself since like other people the firewall rules cant be loaded ive reported the bug in my thread.
lodore

 

Hmmm....I have it set to interactive mode and all of a sudden it's stopped prompting me whenever something tries to make a outbound connection; it just automatically blocks the connection.

 

The firewall seems nice for a beginning...

Although, I found some problems with the incoming and outgoing connections. It seems that ESS doesn't intercept correctly some programs like outgoing for stunnel, and I add to manually change the rule for Ad Muncher to allow incoming traffic through it...

The Allowed services should be disabled by default, and on installation the users can be prompt about them and choose with a nice explanation...

 

Yes, all valid concerns. Am I missing something, or are the rules in my attached screenshot all hard-coded? They seem to be. The firewall has potential, but in its present form it is not to my liking. The log entries are also way too crowded. It has refresh problems as well, as it is often necessary to click in the blank spaces to get some of the entries to display. The "Open in new window" option doesn't do anything yet, and there are also no right-click options the suite's tray icon.

Ad muncher problems here too. Finally got rules created for it after ESS initially did not recognize it, though it was logging its connection attempts.

I agree

This suite has terrific potential. Hopefully the developers do away with the hard-coded rules and improve the logging layout in the firewall. This beta is truly only for the very adventurous

 

Offcourse the firewall isn't we all like.
It's the first beta. It looks good but also me hope it will be tighter and offcourse with some kind of HIPS

 

Yes - same results unfortunately!

 

Then, it's a bug : No hard-coded / preset rules were existing in my configuration, I had to create them all manually.

Also I second Sjoeii about the HIPS idea.

 

Okay, because I could not edit nor even delete any of those screenshot rules.

 

Some/all of the pre-defined system rules do seem to be hard-coded.

 

There is a little bug in the GUI:



Maybe it would be a nice idea to add a column "other zones".


And another suggestion:
instead of changing the filtermode between "Interactive mode", "automatic mode" and "Policy-based mode" a "last" rule for "any other applications" with the possibility to change the "ask", "deny" or "block" for all zones seperatly.

 

What is with the zone "Add to trusted zone without asking"?

 

Hi, I'm here again and on my way to deeper leak testing. Only one thing I'd like to say : the internet speed is impressive, faster than with OP or KIS, almost like I had no firewall/webscanner at all. Very nice

(however, still my previous concerns stay valid)

 

I agree with you, IcePanther

Until now it works very smoothly, besides of the normal bugs for a initial and beta version...