Anybody interested with personal Firewall from China?

Discussion in 'other firewalls' started by JosephWang, Jun 8, 2006.

Thread Status:
Not open for further replies.
  1. JosephWang

    JosephWang Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    18
    Location:
    Beijing
  2. Antus

    Antus Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    76
    Just a quick response as I have downloaded and decided to try it out. Now I have a older pc OS ME which I use to try different software's out. Well I had nothing but problems with this firewall. Installation was no problem, however I was not able to access the Main GUI which was producing numberous error messages, unable to access web as errors were happening via my IE.....their web site states compatible with ME.......you can't prove by me!!!!!......The only suggestion I was given is to upgrade to XP......well I have XP on my per computer but not willing to take the chance!!!!....Just thought I 'd let everyone know this from my stand point is a dud!!!!!!!!!!
     
  3. JosephWang

    JosephWang Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    18
    Location:
    Beijing
    or update yr graphcard drver pls. and try again.
     
  4. Antus

    Antus Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    76
    Let me clarify.....I have updated my graphic drivers, and at this point I am able to access the main GUI.......however from that point on the firewall is causing multiple errors in my IE.....and my antivirus........and in the core kernel......... Now as I have stated the firewall is suppose to be compatible with ME......can't prove it by me......also the smart updater will not accept my license key........one problem after another........I uninstalled and tried 3 other new firewalls ran smooth as silk no problem.....NOw...........what's wrong with this picture.....
     
  5. JosephWang

    JosephWang Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    18
    Location:
    Beijing
    uninstall all your other firewall first, pls
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    You don't seriously think he has another firewall installed?
     
  7. JosephWang

    JosephWang Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    18
    Location:
    Beijing
    I need to confirm, are u Tony email me with my gmail account?
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    HI,
    Have installed to have a look.
    I am not seeing any slow down or problems with internet connection, so no problem there. I am a little concerned on what connections/Protocols are being allowed for the programs, and the fact that the "rules/IP" do not have a direction control,.. but more, they do not appear to be filtering traffic.

    Examples: (rule/IP)
    I would want to set a rule to "Allow inbound ICMP echo", but as there is no direction I can select in the rule, then this, I assume, would also allow outbound echo?
    I can see that for TCP IP rules, these can filtered down to flag level, but once again, no direction can be set.

    Bug, possible conflict: (rule/IP/Ports)
    A "Block all TCP IP" rule is being ignored, as this, at the moment is the only IP rule in place, but my browser is still able to connect.
    A "Block" local/remote port rule is not being followed (ports blocked are still being used)
     
  9. JosephWang

    JosephWang Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    18
    Location:
    Beijing
    (1)
    In detailed settings's standard page, we have support "Rule priority"!

    In default's setting, we make the Applications's rule first.

    if u make the ip first,u can filter the ip's rule.

    (2)ICMP's rule support the direction,pls see the ICMP.JPG.

    (3)TCP/IP'S rule, in personal pc we assume the both direction!
    remote ip ==> local ip (recieve, inbound)
    local ip ==> remote ip (send , outbound)
    //many user's are confused by ip's rules, we make it easy to use.

    (4)there are many ip rules, they are filted in sequence.
    blacklist rules
    whitelist rules
    ports rules
    applications rules(mybe below to ip rules)
    trusted rules
    ip rules
    default rules
     

    Attached Files:

    • ICMP.JPG
      ICMP.JPG
      File size:
      62.7 KB
      Views:
      696
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi, thanks for the reply/info,
    Have found this setting.
    Could you confirm, from the default settings, where for example, firefox is given access as "web browser" with "act as server" allowed, what internet access is allowed (from the "act as server" selected as default, this would infer inbound connections are allowed?, is there any filtering at all on this setting? (local/remote ports / protocols))

    thanks

    From your explanation of this, it seems similar to ZA pro "expert rules", but in ZA it is more of a format "from=to".
    from "internet" to "local"
    from "local" to "intrnet"

    Looking at your rules, I am only seeing "local IP" and "remote IP" (attachement), so to filter an outbound Packet, I would set "local IP" as my IP, and "Remote IP" as internet IP. But how would this be set to filter inbound packet? (does the local IP become the internet IP?)...OR...are you saying it is not possible to filter packets one way? (no rule direction, as I posted)

    Is this order of rules correct?, as a "block all local/remote ports" was in place (as mentioned in my last post), but application rule (firefox) bypassed this (allowed the blocked ports)

    Thanks,
     

    Attached Files:

    • rule.JPG
      rule.JPG
      File size:
      25.8 KB
      Views:
      636
    Last edited: Jun 20, 2006
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @JosephWang --
    #1- If Rising doesn't already have a support forum, I recommend you to get one going. If you give too much one-on-one support here at Wilder's the Mods will eventually come visiting. When/if they do, don't feel offended. They apply this *rule* with complete impartiality, as far as I can tell.
    #2- A quote from Rising FW's page at download.com...
    It might not bother some folks, but the fact that I must register at Rising's home site is a deal-killer as far as I am concerned.
     
  12. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    There is a forum in chinese, the firewall is simple so it takes little time to learn by yourself. By the way, there is anther very interesting rule sets that can block trojan and virus different from any firewall here. It was developed by another party , it said microsoft has interests in bying it to offer genius windows users.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    No registration is required to run the trial. When the registration window popup appears, just close this.
    Yes the firewall is very simple to use, you allow a program access to the internet, and this then, on default settings seems to allow all in/out connections for the program. Easy to use, but possibly dangerous? That is why I posted my questions concerning this, as I wanted to know the "rules default" for programs.
    There is mention of this in the "rules IP"
    but if the "threat rules" are added here, in the "rules IP", then as already mention by JosephWang, in the default setup, application rules come first.

    Maybe I should not be asking questions about this firewall?
     
  14. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    Tested it "out of the box" as non registered trial.
    Many open ports !!
    Uninstalled it. The GUI is very nice. :rolleyes:
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I would guess that this is due to the fact that all the progams default rules (that are in place after installation) have "Act as server" (allow inbound connection) set to allow. (I never got as far as going onto the internet, or port scanning against this firewall,... only had a look on linked VM`s))
     
  16. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Doesnt sygate and a few others also do this though?I dont think it is a security issue as long as the user knows its doing that.I wonder how many sygate users know its doing that by default too?
    ellison
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I re-installed onto a network PC, to use grc to port scan, all (common) ports showing as closed. (2 showing stealth)
    I did change the rule priority to IP first, to see if it was possible to filter the inbound (SYN) scans, but no change. But what was puzzling, is the fact that I placed an IP rule to block TCP SYN packets, which, as there seems to be no direction which can be placed in the rule, should of blocked all in/out connections, but it did not. I then changed this IP rule to simply block all TCP for local/remote IP/ports, but again, all TCP comms was allowed.
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Sorry? I never saw an open port on Sygate firewall, except when specifically initiated by a program. Nothing acts as Server by default, unless allowed.
    Mrk
     
  19. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    A misunderstanding on my behalf.
    Mrk
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi ellison64,
    I cannot comment on Sygate, I have not used this firewall on the internet. But if a program/windows service is allowed to "act as server" then a firewall will allow "listen/inbound connections" for that application/service while it is active (which can show an open port). Its really a case of finding which program/service is bound to the open port, and changing the rules for that application, or disabling a possibly un-needed service.
    My own XP setup is hardened with most (Unnesessary to my setup) services disabled, and I dont run any programs that require inbound connections.
    But unfortunately a lot of users still connect directly to the internet with, as an example, netbios/uPnP/dcom still active, which can show open ports.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    As long as there is nothing to be exploited behind the open port, no danger there.
    Mrk
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Mrkvonic,
    Yes of course,... but as you/all should note the constant race between hackers and microsoft (concerning open ports for services), I personally believe it easier to disable all non-needed services (which can close a number of open ports)
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I agree, concerning services. But very few apps install services. I'll give an example - TU2006. Let's say you grant it server rights. You even connect to make an update online. Let's say it keeps the connection alive for 5 minutes. Let's say that in those 5 min, a hacker stumbles upon your "open" port, which in the majority of cases is port 80. What he's gonna do exactly? Buffer-overflow TU2006? Make it clean registry errors faster?
    The problem is mainly with Windows services, like you said. However, even in this case, it's more fear and paranoia than the real thing. Most ISP stealth the common ports. Plus, if you use the most up to date XP, the configuration is rather solid.
    Mrk
     
  25. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    To Stem

    Where Your friends are, that do run some special attacks (connection attemps)? My associate managed to connect in? continue run, run, run.. LOL
     
Loading...
Thread Status:
Not open for further replies.