Pure firewalls list

Discussion in 'other firewalls' started by kareldjag, Jul 10, 2011.

Thread Status:
Not open for further replies.
  1. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Only AV and Firewall are selectable components on install now, Defense+ has to be disabled after installation.

    Why? Open source is not a valid reason.

    You guys forgot GhostWall. Also, I'm having problems downloading AS3, Firefox right-click > save link as an htm.part.htm file. Left-click re-directs to simtel.net.
    Otherwise, thanks for the links.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Bellgamin,

    I just checked.

    On installation, there are the options for installation. I opted for firewall only.

    CPF.png

    Near the end of installation, it attempted connecting out for a check on running processes. (I did not like that, although there was no active Internet connection anyway)

    The comodo screen does show 4 tabs. Summary: Firewall: Defense+: More:
    In the "summary" tab, you can actually enable/disable Defense+ (re-boot needed). So the files are there, but just disabled.
    I checked for any SSDT entries for Comodo, but none there for just firewall active (with D+ active= 30+). But there where many "message hooks", not sure as to why they are there just for the firewall, or even why so many (35).

    So probably not what you want.


    - Stem
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    They changed the setup again huh. Well that's good, but not pure.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
  7. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Last edited: Jul 11, 2011
  8. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,096
    Location:
    QC
    Is there somewhere a firewall of this very kind running smoothly on Windows 7 64-bit systems (something like CHX could also be near anough to be of interest to me) ?

    And doesn't Jetico II be included in this listing (if the hips part can be put out wile installing), but I did not try this one lastly, so it is just a long shot IMO's guess...
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Well, maybe It's the worst BUT is it the worstest of the worst? :doubt:

    I know you said "some of these" but let me pick nits anyhow. To wit -- AFAIK, Ft Knox is not one of the "some". It is still being developed.

    Yes, but they screwed it up rather quickly. Worse yet, they don't even know the correct way to spell "Viper." (hisssss)
     
  10. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    This thread is an eye opener, there so many pure firewall.
    Any recommendation?
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    VisNetic Firewall is a nice choice, James Grant really knows a bit about software firewall development. Sadly, I think the latest release was in 2007. And a note on their download page “VisNetic Firewall is not compatible with Vista, 2008, Windows 7 and 64bit Operating Systems. Wireless adapters are not supported.

    CHX-I was another good one, sadly that was discontinued.
     
  12. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    AFAIK, very VERY few of the listed firewalls are compatible with Win7, whether 32-bit or 64. I fear the day of the pure FW is drawing to a close. Further, it seems to me that *stand-alone firewalls* of any vintage are also disappearing from the scene.

    One of the few pure AND contemporary firewalls is Ft Knox FW.

    Ft Knox is still being actively maintained &, furthermore, actually WORKS with Win7-64!! Better yet, FtK currently has a no-strings 6-month trial offer HERE. How long will it last? Who knows? Grab a code while you can. (I got mine).

    @Stem --- PLEASE give Ft Knox a trial. We need your comments on this FW -- one of the few actively-maintained pure FWs on this list, & (AFAIK) it has never yet been competently tested. Please take FK for a spin of meaningful duration & share your views.
     
  13. newline

    newline Registered Member

    Joined:
    Dec 3, 2010
    Posts:
    39
    Location:
    .au
    +1 (for x64).
     
  14. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    WOT not always points correctly:
    - on Helpmyos.com (The Ultimate Geek TaskForce) link and post was removed
    - on Spywarewarior.com "false positives work as goad to purchase; poor scan reporting [A: 7-15-04 / U: 7-15-04]"
    - installation file - VT scan result 0/43
     
    Last edited: Jul 11, 2011
  16. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    No doubt , no doubt, worstest of them all.
    No-one can explain why , but I heard that CEO of that company is a very evil man , he certainly has plans to usher a New World Order via this product.
    Nothing wrong with the product, but stay away from it, just stay away.
    Use anything else but this one, don't even think about using the evil one.
    Just go with the Wilders flow, follow the trends.
     
  17. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Thx for the answer Phath0m and Bellgamin
    Its surely sad to have them gone/not compatible with win 7.

    @stem : yeah please review fort knox if you have time :D
     
    Last edited: Jul 11, 2011
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi bellgamin,

    Well, are you sure? You should know me and how I test, and I post the results (regardless good or bad), which unfortunately do not always show a result the user was expecting.
    For example: I have installed the trial version of FK. On boot, there is a period of time with no protection (no full boot protection). FK process just after boot attempts outbound to "fortknox-firewall.com". It is using an hard_coded rule (AllowFirewall). I have disabled updates(which are not actually given anyway for trial), even a specific rule to block all comms does not work againt FK. The only way to stop it is by enabling "Block all", which does stop the outbound. (it does at least log the events).

    So, do you really want me to fully test?


    Edit. Yes, I know some may think that the firewall giving itself outbound is OK, however, from the user_manual:-
    update: As the outbound is HTTP, I allowed to check. There is a check for updates and also (what appears to be) a validation of my trial period, which, looking at the sniffer log, appears to end in 9 days. So no real concern(apart from lack of control), but would of thought any checks would of been made via HTTPS.



    - Stem
     
    Last edited: Jul 11, 2011
  19. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I'm sorry but I wasn't paying attention before (reading your tests before) , I missed them somehow , that's probably cause I don't read all the topics here.

    Have you tested Comodo before and if you did can you please post a link to it ?
    I would be happy to read it.

    Thanks.
     
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    There are some results I have posted, but not for Comodo, or some of the other "favorites", simply because most of the replies to such postings would be from fan-boys/trolls who do not like the results.
    I got such replies (as a simple example) when I posted the fact that a well known firewall did not check an applications checksum.



    - Stem
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Are you familiar with Armor2Net?

    I never heard of it until now. I checked URLVoid and got this http://www.urlvoid.com/scan/armor2net.com


    Thanks
     
  22. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Dear stem

    Thx for the brief review
    Even when I'm blind with love, I'll always value an objective review from an expert :thumb:
     
  23. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Ah okay, well, that's a shame, I would really love to hear your thoughts about it.
    But then again, why would you worry about comments from fanboys/trolls , if your test/results is/are valid , then just ignore them.
    They can't say that "something" is white , if that "something" is clearly black , if you know what I mean.
    That's what I would do if I were you , but it's your choice and I respect it.
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi blasev,

    That was not a review, just really a question. My testing does take quite a while, as I have to repeat the tests many times to ensure correct results. I will be making the tests over the next few days when time available (that is if bellgamin still wants the testing).

    ----------------------------------------------------

    A word of warning concerning FK (just in case it was missed). In the "Options-> Enhancements" there is a setting for "Enable local network traffic"(enabled by default). That setting should be disabled unless on a trusted LAN.
    Normally with such a setting, it would distinguish between a private LAN (such as 192.168.*.*) and a public LAN (such as a cable connection through ISP LAN), but FK does not. So if that option is enabled when connecting to an ISP LAN, ALL inbound and outbound connections will be allowed to any application on the PC without notification (example, no popup for an application to be allowed inbound connection from that LAN).


    - Stem
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Unfortunately is does not go like that. One of the problems is that users and vendors have a way of redefining what is meant by the protection shown/stated. As example:- I am having a quick look now at FK. I see in the "Options-> Enhancements" there is "Enable anti-MAC spoofing". Now to me, that would mean that it will block a spoofed ARP packet. In the FK user manual it states:-
    OK, so I can actually send a spoofed ARP request to the PC with FK installed and cause redirect (possible man-in-the-middle) and/or cause DOS by ARP spoofed gateway MAC.
    Now, is the protection actually there as stated? I would say no, but the user manual could be shown as saying it does not actually protect from a "spoofed ARP request" as the request can be seen as expected, and it only blocks unexpected ARP traffic, which could be correct, however, then should the protection not be shown/stated as "Block unexpected ARP"?


    - Stem
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.