PCTools releases Firewall Version 3.0.0.36

PCTools forum has announced firewall v.3.0.0.36 HERE with download thereof availble from HERE

 

Interesting. Wonder just how it stacks up against the more popular offerings everyone is pretty much settled into as of late.

I would be hard pressed to part with Kerio 2.15, but then i been full circle with them all except this one. Maybe a surprise?

 

Is this firewall a re-branded LookNStop?

 

I think I read that here also. If so, it's almost 10x the download size. ~600kb vs 5MB. And that was supposedly because of an improved GUI. But I just read that here. Haven't tried it.

 

So what does this wondrous software firewall do better than the last version, or any other software firewall for that matter?


edit:

32-bit only.

 

3.0.0.36 is the final version of what was previously a beta. The beta version was extensively discussed, including Stem's testing thereof, HERE. Those comments should still be applicable to the released version.

 

Having used LooknStop for a while, Ive just tried this firewall from PC Tools, and it looks to me like a rebranded Zone Alarm Pro. The icon in the system tray is Zone Alarm as it fluctuates between the PC Tools one and the Zone Alarm one.

Also the style of the whole set up is Zone alarm except the GUI.

Seems to be working top class, with everything showing Stealth at Shields Up.

 

So it's a re-branded ZA Pro.
Thanks Delgado.

 

Can't imagine its ZA Pro........ZA Pro is paid for, this is free. Moreso ZA Pro is not Vista ready (only free or suite is), this one is.

I'd like it to be true but I can't see how it could be. Maybe its ZA Free?

 

This program is a nightmare on my Vista computer. Wouldn't let my AV and other things start up. Forgot the OLE protection rule, too.

 

Haven't experienced it here, it just ran fine.
Did you remove your previous firewall completely?
Maybe there's a conflict somewhere with your software or perhaps hardware.

Or it just won't work on your computer.

 

ZA free? I highly doubt that ( I guess you mean the program to resemble a watered down version of ZA Pro?). I haven't read anywhere that Checkpoint Software and PC Tools were sharing programs.

 

No.

It is basically a fork of LnS. It was rebranded then PCTools have continued to develop it independently.

 

Yes, I used all the registry cleaners and things. Just might not work.

 

wont work for me ,keeps rebooting computer.When stealth is selected it closes port to p2p

 

it runs very well here. It seems to be a stable and powerfull firewall even if it fails some leak tests.

 

I'm trying it now, too. Running smooth.

 

Could not get this program to start up properly after installing. no go here and don't have a clue about the problem.

Gary

 

This version is great . the previous version was unable to stealth all service ports ; well this version makes the pc totally invisible ( grc shields up test) . This firewall also can detect and stop code injection so hopefully it will do better in the leak tests . Recourse usage is average . 12-18 mb in my machine . amount of popups is also tolerable . Well personally i am waiting for comodo 3 final release . Go ahead , give pc tools a try .........

 

Well, at least the description of the SPI implementation as now changed, from "Full" to:-

This is very basic, and offers no protection from spoofed/invalid etc. Basically they are putting forward that any outbound connection made is then trusted with any packet that is returned from that IP (or in fact any spoofed packet with IP/port will be allowed in). Personally, if SPI is to be implemented, then at least do this at some level that actually helps.

 

Yeah, there's not much point to it unless it's well done..

 

Having read all that was said regarding SPI not being well implemented and so, I've decided to give this FW a chance anyway.
Actually, I think it's works pretty well for my needs.
However, I believe I may have found some weird bug, and would like to know if anyone else is able to confirm my findings (or better, come up with a solution ).

I've set up the following rules for using DC++:
(1) allow outbound tcp/udp ports 1025-65535
(2) allow outbound tcp port 80
(3) allow outbound udp port 53
(4) allow inbound tcp/udp port 34678

The problem arises from the 4th rule.
The port number is just some available port I've chosen randomly.
When enabling logging of DC++ activity I can see that inbound connections that match this rule are indeed allowed by the FW, however, only by setting the exact same rule under advanced rules, I can get DC++ to work.
Let me clarify - it's the exact same rule, the packets that are allowed by the new rule are associated with DC++ and already allowed without the new advanced rule.
Needless to say, I would prefer not using the global allow rule, and only use specific application rules as much as possible...
Thanks in advance, Adam.

 

I am unsure what your saying is wrong with the SPI implementation?

If a connection is made which is valid, then anything on that connection is allowed. So only data that matches local IP, local Port, remote IP, remote Port.

If some one does a spoof packet for a valid connection, how are you suggesting that it should be detected?

If a valid connection is made, what packets on that connection should be dropped?

 

Hello nhamilton,
Nice to see you still about, my regards to you,

Spoofed inbound is quite easy against an outbound with no (or limited) SPI. Now we do need to look at what is classed as SPI. To me this is "Stateful packet inspection", and personally would indicate a check of state of each packet. This would normally be done by IP/ port/ checksum/ and sequence of TCP. Yes I know, even with sequence check it is still possible to spoof, but it is difficult (well for me anyway).

I know, as we now see, most put forward this need for "Leak prevention",.. Personally, I would prefer a firewall that can controll all possible inbound, be it from such as "out of sequence TCP", "unsolicted inbound DNS", "Invalids", "Malformed" "low level~ such as ARP). Unfortunatly, I know most do not understand this need, and look at such reports made for "leaktests".

Please, you tell me if a full depth SPI is not needed in todays web-browsing.

Regards,

 

@Stem: Maybe this one will satisfy you:

http://www.deerfield.com/products/visnetic-firewall/workstation/

/C.