about ideal firewalls. Does It really exist?

Discussion in 'other firewalls' started by carioca, Oct 24, 2007.

Thread Status:
Not open for further replies.
  1. carioca

    carioca Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    96
    o_O
    Hi, Frederic and look'n'stop companions,

    I read this article at Matousec about ideal firewalls. I'd ask you if look'n'stop 2.06 covers this aspect or at least most of them? Does It really exist? Please no heartfeelings only the truth. Best Regards.

    "Design of ideal personal firewall

    The following article describes the design of the ideal Windows personal firewall from programmers point of view. First of all the ideal personal firewall is secure. So, this article is about secure design leaving other features like easy of use in the background. At first we say something about the common concept of personal firewalls and then we show important rules for the security design of personal firewall that should be respected during the development of Windows personal firewalls. During our analyses we examine whether those below mentioned rules, that are important for the security, are respected by tested products. In the following article we often use a term 'firewall' but we always mean 'Windows personal firewall'.
    Contents:

    * Common concept
    * Self-protection
    * Verification of own components
    * Inbound and outbound protection
    * Process protection
    * File and component protection
    * Driver protection
    * Service protection
    * Registry protection
    * Protection of other system resources
    * Parent process control
    * Control of automatically started programs
    * Sniffing protection
    * Protection of system resources
    * No ring3 hooks"

    :oops:
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi

    No as far as I know and, to speak frankly [with no feelings at all], I don't care.

    Here a short (and lazy) answer:

    * Common concept

    What's that ?

    * Self-protection

    Check termination test there: http://www.firewallleaktester.com/termination_overview.php

    * Verification of own components

    I don't think so... (an auto-checked up ? Is this make sense? )

    * Inbound and outbound protection

    Yes : already done (but never enough for leak tests paranos)

    * Process protection

    No : it's not a HIPS but a FW

    * File and component protection

    See previous answer...

    * Driver protection

    See previous answer...

    * Service protection

    See previous answer...

    * Registry protection

    See previous answer...

    * Protection of other system resources

    See previous answer...

    * Parent process control

    See previous answer... NO GADGET REPLACE THE PARENTS. (period)

    * Control of automatically started programs

    o_O

    * Sniffing protection

    No

    * Protection of system resources

    No

    * No ring3 hooks"

    o_O


    I sincerly hope that somebody give you a better answer but this is the maximum I can do for you.

    To be totally honest with you, Sir, I can't search such IDEAL FW, since I'm working presently on a project concerning Internet phen0menZ like:self-proclamed gurus, false authority syndroms, and all sucking and boot licking related to this.

    Best regards.
     
  3. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    Yes a firewall is not a HIPS, but it should protect drivers,services and registry entries belonging to him. A security software should protect the machine and itself.
    That's my neutral opinion.
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi carioca,

    As answered by Climenole, most of the items are not supported, because out of the scope of NDIS/TDI filterings which is the purpose of Look 'n' Stop.

    However some basic and important protection are there anyway:
    - Internet and Application filtering can be persistent: even if the application is stopped (manually or by a malware, or simply when windows is shutting down), packets and application are still blocked as per configured rules
    - password protection, to prevent automation
    - service mode to have filterings active before the Login (except Vista so far, but working on a solution)
    - and in a process to have all exe/drivers digitally signed (like for x64 drivers)

    Regards,

    Frederic
     
  5. prozabor

    prozabor Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    38
    IMO firewall must be without any HIPS and other progam guards. It should filter IPs and detect atacks from Internet, not only detect a lot of behaviors and ask for everythink (COMODO firewall:/)
     
  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi all :)

    IMHO the security of a computer system must be based on layered security programs and devices (without forgotting the most important factor: the user itself and his common sense also known as the "Safe-Hex).

    I prefer to rely on different specialised tools: HIPS, Anti-virus, anti-spywares, Firewall , Router, etc. instead of ONE program (even it's a good one!). If one of these tool failed for any reason the other may prevent damages to the system ...

    For sure, some FW include HIPS features and some other (e.g. Outpost) add some plug-in for specialised filtering. This is not bad but I really prefer specialised tools instead of an All-in-one tool... I don't like to put all my eggs into the same basket...

    For LnS I guess every skilled user appreciate the flexibility of a rules set FW.
    Many of LnS user start from the rules set provided by LnS and later create new rules based or install a more complete rules set such as the most recent version of Phant0m's rules or create their own rules based on the Climenole's experimental rules. There's a lot of possibilties to explore with LnS.

    But this is only my opinion. I'm interested to know your point of view about this and also which features you expect from LnS firewall in the future. (A kind of "Wish List")

    Best regards,

    :)
     
  7. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore

    Hi, Climenole, I am a little curious about the new features of the expecting version 3.:p
     
  8. carioca

    carioca Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    96
    :thumb:
    The new release of look'n'stop 3.0 must keep the same lightness mixed up with the best security. This is the best common sense. I do agree with you at all when you said to us you'd rather combine such different security stuffs. Great statement! We do not rely only one software, this is your best advice and the experience of mine. But we have to take care about the security combinations. Nowadays, I'm using looknstop,avira av scanner, winpatrol plus, superantyspyware,linkscanner free, avira, sandboxie, ssm and drivesentry (file protection). But I'm under a hardware firewall and I've never had any problem for a long while. Best Regards.
     
    Last edited: Oct 25, 2007
  9. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nuser :)

    Version 3 ... I have no idea!
    I guess Frederic prefer to keep the surprise ! :D

    :)
     
  10. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Carioca :)

    Wow ! You are well equiped!

    One question: what is linkscanner?

    :)
     
  11. baK99

    baK99 Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    11
    Location:
    somewhere in europe
    i think if you have just full updated windows & hardware\software simple firewall is totally enought... but only if you got brains and don't surf\download lots of dangerous sites :)
    got what i mean ?
     
  12. carioca

    carioca Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    96
  13. carioca

    carioca Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    96
    Hi Climenole,
    As regards drivesentry V. 3.0 .The sticky topic is concerning file protection. Thus, watch the post at the ssm forum, mainly the 'bellgamin' post at the http://www.syssafety.com/forum/viewtopic.php?t=1004
    Best Regards.

    PS: I'm using the new drivesentry V. 3.0 beta (freeware)(http://www.drivesentry.com) together with ssm in one of my computers, that I liked most. FYI the author will be about to release the final version in a short time and there is no conflict with ssm and look'n'stop firewall. It's not a good idea with comodo firewall.
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It is easy for others to state what a firewall "Should be", let "Matousec" build a firewall that will do all they say. I will then test, and probably kill it. (very easy from internal, as the testing they do)
     
  15. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi carioca :)

    Okay: thanks Carioca :thumb:

    :)
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    HI,

    It is problably the same as using offencive language in church (in the LNS part), but Online Armor gets close to ideal FW described.

    ;)
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    OA is a suite, this is a construction of a firewall/HIPS etc. If OA firewall was a standalone, then it would be compromised quite easily.

    Too many fall away from what a firewall actually is. This being a packet filter. Yes, we do see bindings of packets to application which then gives the added benefit of this (rules per application).

    Personally,.. I do not use L`n`S, I use another packet filter. But,.. given a choice between L`n`S and any of the suites available,.. L`n`S would be my choice every time. Any other protection I thought to be needed, such as an HIPS I would add. This then being a layer of protection, one protecting the other. (this is for me the old saying,... "never put all your eggs in one basket")

    IMHO of course.
     
  18. carioca

    carioca Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    96
    How does OA get closer to ideal firewall? Could you explain better and give us detais about it? I'm eager to know about this. Is for the layered protection? I thought OA was only a hips that includes a FW. Is that right? Does It cover all the fw Contents for the ideal one? I would rather use a solid fw as look'n'stop fw is and add to it another security stuff aside like hips, av scanner, sandbox, antispyware and parental control. All separated for the reason I rely most with the different softwares and not trust only one company. This is my humble opinion.Best Regards.
     
  19. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi all :)

    I guess this thread is more related to the "Other Firewall" forum than the LnS forum since it's a discussion about any FW not only LnS...

    This may be interesting for all users of Wilders not only the LnS users. Right?

    Since Carioca started this new thread isn't possible to start a new one (on the same subject) in the right forum instead?

    Did you accept this suggestion?

    Best regards.

    :)
     
  20. carioca

    carioca Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    96
    :thumb:

    Hi, Climenole. You got totally right! Thus, I authorize the Wilders Security Forum administrator to move it to the "Other Firewall" topic or start the same thread (with the same subject) there by ending here. If frederic & you don't mind. Best Regards.
    :cool:
     
  21. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Carioca :)

    I ask the Wilders mods to move it to the forum "Other firewall".
    So see you in the other forum for this subject.

    Best regards,
    :)
     
  22. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    I belive comodo 2.4 is closest. CPF 3 probably passes all of those but it has a hips like online armor.

    * Common concept

    Every firewall should have this :D :thumb:

    * Self-protection

    :thumb:

    * Verification of own components

    :thumb:

    * Inbound and outbound protection

    :thumb:

    * Process protection

    :thumb:

    * File and component protection

    :thumb:

    * Driver protection

    :thumb: :thumbd: (CPF3 Has this)

    * Service protection

    :thumbd: (CPF3 Has this)

    * Registry protection

    :thumbd: (CPF3 Has this)

    * Protection of other system resources

    :thumb:

    * Parent process control

    :thumb:

    * Control of automatically started programs

    :thumbd:

    * Sniffing protection

    :thumbd: (CPF3 Has this)

    * Protection of system resources

    :thumb:

    * No ring3 hooks"

    :thumb:
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Firewall is meant to control traffic - nothing more nothing less. Hence:

    1. Stability, will not crash.
    2. Usability, GUI side, allows the user to actually use the program.
    3. Usability, processes, will not go to 50% when using IM or P2P.
    4. Good logging, so the activities can be understood.

    That's the ideal firewall. Anything else is just for show.

    Cheers,
    Mrk
     
  24. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    The defination of a firewall can mean different things among different users. Sure a traditional firewall only monitors network traffic, but COMODO is bringing a whole new definition to their firewall by adding a full HIPS with it.

    They allow installing without the HIPS features or installing and then disabling the HIPS features, but even then you would have to disable some features in the firewall to make it only monitor network traffic.

    Personally for people behind a router just about any application firewall is generally more usefull than a strictly network firewall and even if the user is not behind a router COMODO is taking this to a whole new level and is providing excellent network filtering and application filtering along with a full blown HIPS for all other issues.

    Look 'n' Stop is also an excellent firewall and even Frederic has implemented application filtering as he realizes how usefull it can be in many situations.

    Basically it is up to the user to choose what level of protection they want from their firewall (this would be only the Firewall component in COMODO Firewall Pro) and then choose if they need any more protection (this could be any HIPS software, but not limited to the Defense+ component in COMODO Firewall Pro).

    Different users need different levels of protection and although there are many out there that say "A firewall should do this" or "A firewall should do that" it all comes down to terminology and it is up to the user to make the final decision, although Matousec is going for the absolute strongest protection a 'firewall' can offer and personally I mostly agree with their 'ideal firewall' s

    By the way, COMODO's objective is to make their COMODO Firewall Pro the ideal Matousec firewall and I support this :D

    So to answer carioca's question: Yes it is about to and Tiny Personal Firewall provided this (or very close to it) back in 2005 before CA bought them out and changed the development to strictly commercial (CA sucks donkey ***** and likes it).
     
  25. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    That is a rather long set of specifications, some of which I am not sure of the technical benefit.

    The answer is pretty much in the eye of the beholder. I don't want a bunch of user interaction, especially for things that have nothing to do with internet access. From my point of view Sygate, or its decedent, Symantec Endpoint Protection 11 is ideal.

    Under Vista the built in firewall (default inbound filtering mode) is a decent alternative, provided UAC has not been disabled, the user understands the UAC prompts and a decent AV is installed. For my purposes anything that received an Advanced + rating in the last av-comparatives qualifies. If you have not had a chance to look a the advanced interface, it allows a great deal more control than the previous Windows firewalls. There are some articles out there on its improvements. You might gather, I don't put a lot of stock in leak tests and outbound filtering as a last ditch malware detecion system.
     
    Last edited: Oct 28, 2007
Loading...
Thread Status:
Not open for further replies.