Anybody interested with personal Firewall from China?

Rising Personal Firewall 2006
Trial version can be downloaded from here:
http://www.download.com/Rising-Personal-Firewall-2006/3000-10435_4-10515831.html

I am in charge of the TEXT RESOURCE translation, any suggestions would be appreciated.

 

Just a quick response as I have downloaded and decided to try it out. Now I have a older pc OS ME which I use to try different software's out. Well I had nothing but problems with this firewall. Installation was no problem, however I was not able to access the Main GUI which was producing numberous error messages, unable to access web as errors were happening via my IE.....their web site states compatible with ME.......you can't prove by me!!!!!......The only suggestion I was given is to upgrade to XP......well I have XP on my per computer but not willing to take the chance!!!!....Just thought I 'd let everyone know this from my stand point is a dud!!!!!!!!!!

 

or update yr graphcard drver pls. and try again.

 

Let me clarify.....I have updated my graphic drivers, and at this point I am able to access the main GUI.......however from that point on the firewall is causing multiple errors in my IE.....and my antivirus........and in the core kernel......... Now as I have stated the firewall is suppose to be compatible with ME......can't prove it by me......also the smart updater will not accept my license key........one problem after another........I uninstalled and tried 3 other new firewalls ran smooth as silk no problem.....NOw...........what's wrong with this picture.....

 

uninstall all your other firewall first, pls

 

You don't seriously think he has another firewall installed?

 

I need to confirm, are u Tony email me with my gmail account?

 

HI,
Have installed to have a look.
I am not seeing any slow down or problems with internet connection, so no problem there. I am a little concerned on what connections/Protocols are being allowed for the programs, and the fact that the "rules/IP" do not have a direction control,.. but more, they do not appear to be filtering traffic.

Examples: (rule/IP)
I would want to set a rule to "Allow inbound ICMP echo", but as there is no direction I can select in the rule, then this, I assume, would also allow outbound echo?
I can see that for TCP IP rules, these can filtered down to flag level, but once again, no direction can be set.

Bug, possible conflict: (rule/IP/Ports)
A "Block all TCP IP" rule is being ignored, as this, at the moment is the only IP rule in place, but my browser is still able to connect.
A "Block" local/remote port rule is not being followed (ports blocked are still being used)

 

(1)
In detailed settings's standard page, we have support "Rule priority"!

In default's setting, we make the Applications's rule first.

if u make the ip first,u can filter the ip's rule.

(2)ICMP's rule support the direction,pls see the ICMP.JPG.

(3)TCP/IP'S rule, in personal pc we assume the both direction!
remote ip ==> local ip (recieve, inbound)
local ip ==> remote ip (send , outbound)
//many user's are confused by ip's rules, we make it easy to use.

(4)there are many ip rules, they are filted in sequence.
blacklist rules
whitelist rules
ports rules
applications rules(mybe below to ip rules)
trusted rules
ip rules
default rules

 

Hi, thanks for the reply/info,

Have found this setting.
Could you confirm, from the default settings, where for example, firefox is given access as "web browser" with "act as server" allowed, what internet access is allowed (from the "act as server" selected as default, this would infer inbound connections are allowed?, is there any filtering at all on this setting? (local/remote ports / protocols))

thanks

From your explanation of this, it seems similar to ZA pro "expert rules", but in ZA it is more of a format "from=to".
from "internet" to "local"
from "local" to "intrnet"

Looking at your rules, I am only seeing "local IP" and "remote IP" (attachement), so to filter an outbound Packet, I would set "local IP" as my IP, and "Remote IP" as internet IP. But how would this be set to filter inbound packet? (does the local IP become the internet IP?)...OR...are you saying it is not possible to filter packets one way? (no rule direction, as I posted)

Is this order of rules correct?, as a "block all local/remote ports" was in place (as mentioned in my last post), but application rule (firefox) bypassed this (allowed the blocked ports)

Thanks,

 

@JosephWang --
#1- If Rising doesn't already have a support forum, I recommend you to get one going. If you give too much one-on-one support here at Wilder's the Mods will eventually come visiting. When/if they do, don't feel offended. They apply this *rule* with complete impartiality, as far as I can tell.
#2- A quote from Rising FW's page at download.com...

It might not bother some folks, but the fact that I must register at Rising's home site is a deal-killer as far as I am concerned.

 

There is a forum in chinese, the firewall is simple so it takes little time to learn by yourself. By the way, there is anther very interesting rule sets that can block trojan and virus different from any firewall here. It was developed by another party , it said microsoft has interests in bying it to offer genius windows users.

 

No registration is required to run the trial. When the registration window popup appears, just close this.

Yes the firewall is very simple to use, you allow a program access to the internet, and this then, on default settings seems to allow all in/out connections for the program. Easy to use, but possibly dangerous? That is why I posted my questions concerning this, as I wanted to know the "rules default" for programs.

There is mention of this in the "rules IP"

but if the "threat rules" are added here, in the "rules IP", then as already mention by JosephWang, in the default setup, application rules come first.

Maybe I should not be asking questions about this firewall?

 

Tested it "out of the box" as non registered trial.
Many open ports !!
Uninstalled it. The GUI is very nice.

 

I would guess that this is due to the fact that all the progams default rules (that are in place after installation) have "Act as server" (allow inbound connection) set to allow. (I never got as far as going onto the internet, or port scanning against this firewall,... only had a look on linked VM`s))

 

Doesnt sygate and a few others also do this though?I dont think it is a security issue as long as the user knows its doing that.I wonder how many sygate users know its doing that by default too?
ellison

 

I re-installed onto a network PC, to use grc to port scan, all (common) ports showing as closed. (2 showing stealth)
I did change the rule priority to IP first, to see if it was possible to filter the inbound (SYN) scans, but no change. But what was puzzling, is the fact that I placed an IP rule to block TCP SYN packets, which, as there seems to be no direction which can be placed in the rule, should of blocked all in/out connections, but it did not. I then changed this IP rule to simply block all TCP for local/remote IP/ports, but again, all TCP comms was allowed.

 

Hello,
Sorry? I never saw an open port on Sygate firewall, except when specifically initiated by a program. Nothing acts as Server by default, unless allowed.
Mrk

 

Applications are by default allowed to act as a server in sygate.
http://forums.sygate.com/vb/showthread.php?postid=66179
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html
ellison

 

Hello,
A misunderstanding on my behalf.
Mrk

 

Hi ellison64,

I cannot comment on Sygate, I have not used this firewall on the internet. But if a program/windows service is allowed to "act as server" then a firewall will allow "listen/inbound connections" for that application/service while it is active (which can show an open port). Its really a case of finding which program/service is bound to the open port, and changing the rules for that application, or disabling a possibly un-needed service.
My own XP setup is hardened with most (Unnesessary to my setup) services disabled, and I dont run any programs that require inbound connections.
But unfortunately a lot of users still connect directly to the internet with, as an example, netbios/uPnP/dcom still active, which can show open ports.

 

Hello,
As long as there is nothing to be exploited behind the open port, no danger there.
Mrk

 

Hi Mrkvonic,

Yes of course,... but as you/all should note the constant race between hackers and microsoft (concerning open ports for services), I personally believe it easier to disable all non-needed services (which can close a number of open ports)

 

Hello,
I agree, concerning services. But very few apps install services. I'll give an example - TU2006. Let's say you grant it server rights. You even connect to make an update online. Let's say it keeps the connection alive for 5 minutes. Let's say that in those 5 min, a hacker stumbles upon your "open" port, which in the majority of cases is port 80. What he's gonna do exactly? Buffer-overflow TU2006? Make it clean registry errors faster?
The problem is mainly with Windows services, like you said. However, even in this case, it's more fear and paranoia than the real thing. Most ISP stealth the common ports. Plus, if you use the most up to date XP, the configuration is rather solid.
Mrk

 

To Stem

Where Your friends are, that do run some special attacks (connection attemps)? My associate managed to connect in? continue run, run, run.. LOL