A review of PC Tools Firewall Plus

Discussion in 'other firewalls' started by dmenace, Jul 17, 2007.

Thread Status:
Not open for further replies.
  1. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Here is a review of PC Tools Firewall Plus I wrote beforehand. Thought it might be helpful to someone choosing a firewall or suggesting to PC Tools how it can be improved.

    The PC Tools Firewall surprised me as it appears to be superior even to Look'n'stop (in which it is based) in several areas. I will try to explain this as simply as possible:

    By having 2 sets of "rulesets" (one set for internet zone and one set for trusted zone) it is more secure than Comodo and Looknstop because they only have one ruleset for both zones. So if you create a file / printer sharing rule in Looknstop for instance you could accidentally open your pc to the internet.

    When installed, there were some un-needed allow rules present for things I dont use. Such as allow ICQ voice chat. This is a security risk if a worm is created to exploit this open ICQ port. Thankfully these un-needed rules can be disabled (rather than deleted so they can be enabled when required). However I would prefer them to be disabled in the beginning.

    These un-needed rules make it easier to configure the firewall for novice users. Here lies the problem in the Look'n'stop architecture - it takes ages to configure properly. PC Tools has partly addressed this problem with the two points I mentioned above.

    ZoneAlarm's popularity is due to its ease of use - say if you play an online game you just allow it to act as a server and thats all. In Looknstop and thus PC Tools, you have to create an Advanced Rule - know what ports it uses etc.

    Initially when PC Tools firewall was released it didn't work blocking all internet activity showing that even the developers couldn't get it right. This was a real turn off for me when I tried it - it wasn't ready for prime time.

    Ok back to the point - security of rules - I think it is better than Comodo if the un-needed rules are disabled. This is because rather than allowing all network activity for an application, it is much more restrictive with the Advanced Rules section. Furthermore it can detect certain network based attacks that Comodo can't.

    Final note: The trusted / internet zone is configured by network adapter... and only by network adapter this is bad. If I use one network adapter to access the trusted zone and internet, I cannot properly configure PC Tools to differentiate between Internet and Trusted Zone traffic.

    Verdict - Thumbs down. It tries to make the hard to use look'n'stop architecture simple to use, but in practice this means that it is weaker due to unused allow rules and differentiation between trusted and internet zones only by network adapter.

    Extra thoughts: For inbound network security, your router with SPI and NAT is sufficient. Software firewalls are only useful these days for securing your outbound application-based network activity. Thats why I believe more emphasis should be placed on firewall leaktest performance to determine the level of outbound security it provides. Here PC Tools Firewall fails to impress scoring only 2625 in the Matousec tests vs Comodo's class leading score of 9475.

    I know people are bound to argue with me on this point i.e. if you are on a hostile network you need inbound security more or if malware runs on your PC it is already compromised - leaktests are redundant. But I reply that most people access the internet through a NAT router and leaktests are still applicable even if your PC is compromised as they offer the last defence against trojans, spyware and other malware from stealing your private information.
     
  2. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Though I know very little about pc's in general and even less about firewalls, I agree with your statements.
    If my router's firewall and other installed protection also fails, then my only hope would be with the software firewall.
    I don't care what firewall I use. But I need one that scores highly in Matousec's tests and is easy to use. I don't understand rules and have no time to learn about them.
    I just went with Ghostwall but it leaks like a seive in default mode. So it's going soon.
    I tried it because most of the others come with other software that I don't want.
    Thanks for sharing your views.
    Doc
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hi dmenace. ;)

    I have just one question. You say -

    and

    ,

    but then you claim this -

    If PCTools is so superior to LnS and Comodo, and you gave it a "thumbs-down" verdict, how do you rate LnS and Comodo then?

    Cheers :)
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    The strength of a firewall lies (mostly) in the strength of the rules. If you don't care and don't want to learn about defining the rules, then you will never be sure about the protection you have. And you can never expect someone to make a firewall that offers you - out of the box - exactly the kind of protection that you require.
     
  5. fosl

    fosl Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    54
    Dmenace,

    So would you suggest using windows firewall with vista instead
    of PC tool fw? Ive seen good and bad things written about pc tools fw
    and a whole lot of bad things written about vista firewall.
     
  6. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    These are the reasons it APPEARS superior.
    This is why it falls short of being better than LnS/CFP. I personally liked the PC Tools-f/w, but when I tried to connect it to my home network-it failed miserably. Had it not been for my network, it would still be on my pc! Sorry for the "chop-job" dmenace, I was summarizing your review to make my point as short as possible.
     
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello.

    What does built-in rules have to do with firewall quality? CHX-I has no rules at all - by default. But it does a pseudoSPI of ICMP...

    BTW, I used PCTools for a while on my test box. I gathered it's a very good firewall, and easily configurable too...
     
  8. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Built-in rules make it easier to set up, then you just need to config rules that aren't included. Much better than "allow all" rules. If I could figure all the rules myself, I would have kept Jetico. PC Tools-f/w is just more "noob-friendly", which is why I tried it out!
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Sorry monty if I was a bit harsh, my question was directed to the OP really...

    Regarding rules, the only one that should be built-in (not hardcoded) in every firewall is "block all (not processed, as Jetico says)". :)
     
  10. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    No offence taken. I was venting frustration over what appeared to be a solution to my "network-issues". Comodo is the only f/w that will allow my network, but they are adding so much "bloat" that needs to be config'd to the point of being just as complicated as Jetico. Sorry for venting again! I use a router for in-bound, but I'm "naked" for out-bound!!!
     
  11. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Good. Go for it. :D

    So, you have tried the Alpha. Yes, Defense+ is quite intrusive. Well, I won't recommend you a standalone HIPS with outbound control, these also tend to nag quite a bit. Outbound control needs some user interaction. An observation, if I may - I'd say you would have to find a way to deal with nagging and configuring if you want a good outbound protection. You have to use a software, not just install it.

    Cheers.
     
  12. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I agree!!! I look forward to the task of Comodo's final(o_O)version!!! What causes my palpitations (lol) is learning that one of my teen-aged daughters has "discovered" a chink-in-the-armour that needs my immediate attention!!! They could find a way to crash a car (lol) that doesn't even have gas in the tank!!! OI VEY...where's my glycerino_O
     
  13. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    :D LOL, monty. Glycerin... :D

    But, we're hijacking a thread here. Enough with the OT for both of us.:blink:
    So, until OP returns with replies, I'm outta here.

    See ya... ;)
     
  14. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Hey Everyone, here are some replies to your questions:

    If you are asking me to write another review... umm no! :eek: But I'll cheat :D and answer your question quickly:

    I think a proper set of network rules are very important for a firewall to function well. Look'n'stop excels here as it comes with an excellent standard/enhanced ruleset...

    By having 2 rulesets (trusted/internet) and more standard rules to help newbies, PC Tools APPEARED to be better than looknstop.

    In Comodo, if you use the wizard to create a trusted zone (lan) it simply creates 2 rules that ALLOW ALL traffic from pcs in that zone... instead of opening just the 137,139 file sharing ports to those pcs. Thus with Comodo your pc is vulnerable to a lan sourced attack. This is why I said PC Tools may be a better firewall if un-needed allow rules are disabled.

    In the end though, a software firewall focus more on outbound filtering and thats why I rate Comodo/Looknstop higher due to their superior leaktest results. Weird, I know :ouch: ;)

    I personally haven't used the Vista firewall so I can't comment BUT i would recommend PC Tools because it is easier to manage than vista fw - you can see the list apps allowed to access the internet, etc.

    Yes SPI is more important than built in rules however built in rules make your firewall tighter knit by defining more precise rules for applications and is able to detect and block certain attacks SPI wouldn't detect such as Stealth XMAS scans or fingerprinting attempts etc. And yeah they make your firewall easier to configure as SPI blocks people from connecting to you in a lan, in an online game, when you're file sharing or running UltraVNC.

    More replys later... :gack: o_O
     
    Last edited: Jul 18, 2007
  15. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hi dmenace.

    K, see your point now.
    So that's a comparison of out-of-the-box settings, and how would PCTools or Comodo suit a newbie on first run? Alrighty, I have no complaints about that. Please carry on... ;)

    I agree, you woudl have to have a rule(s) to block this.

    Cheers!
     
  16. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Can someone tell me why the hell i can't get this thing to work in Vista? It's suppose to be compatible, yet it just won't work. It locks up while installing, then locks up while uninstalling, when i manage to install it it won't start on system bootup. WTF!? And of course there isn't any way to contact developers about it. Yey.:rolleyes: Comodo is still ages away from Vista compatibility and ZoneALarm creates 5 second delay for webpages load. Even more WTF.
    So what gives? PC Tools Firewall works great in VirtualPC where i have WinXP SP2 but not a chance in Vista. Really stupid...
     
Loading...
Thread Status:
Not open for further replies.