Are commercial firewalls going to suffer?

Completelly agree, I had AS allways disabled and without it Outpost's "efficiency" suffers a bit.

 

Fileforum.betanews is not what I'd call a "White Hat Paradise".


http://img45.imageshack.us/img45/7596/1kf6.png


There are files in there that contain adware and crapware. There are better download locations online than this one and Softpedia; for instance, Snapfiles or Majorgeeks.


Cheers.

 

Please read the title of this thread. This is not a discussion of download sites.

Further, your statement that Betanews is "not what I'd call a White Hat Paradise" infers that BetaNews has malware code. That is a serious accusation. If you have any proof of that accusation, you should open a thread here and present it, because several of us Wilders fans are frequent users of BetaNews.

Also, it would be helpful if you would send your proof to the representatives of outfits such as Kaspersky, AVG, Lavasoft, and dozens of other legitimate software programs whose updates & beta issuances are daily publicized on the Beta news website.

 

I consider a well configured firewall far more important than any signature based security software. Traffic control is critical to security. I would gladly pay for a firewall if ones like Kerio 2.1.5 weren't free. Anti-spyware software isn't worth paying for. There are no defined criteria as to constitutes spyware, adware etc. The vendors choose their own standards regarding what is/is not acceptable, then only detect and remove a fraction of that. The best they do is give a false sense of security. Why pay for that "service"?
If Comodo gets a large enough user base, they could take a bite out of some security suite vendors pockets. I hope they do, starting with the 2 most commonly used ones. I doubt they'll hurt the best single purpose products that made performance their priority.
There's always been high quality freeware available, but I'm not aware of it putting any payware vendors out of business. If quality and price were the deciding factors, Open Source would be on everyones PC, but it's not. With "typical users", advertising and hype are still the dominant factors. Ease of use and a fancy interface also sell more than configurability and power. I can understand an average user being cautious of freeware. When you're dealing with a product you can't really see or examine (unless you a coder) there's no way other than taking anothers word for it or reading potentially biased reviews to know that a payware version is any better. If price=quality, why is XP so expensive while Linux and BSD are free? If free=questionable, why is Mozilla and FireFox cutting into Internet Explorer's market share? If more people would look into Open Source software, not just for security-ware but for all software, maybe the vendors of commercial bloatware could be forced to make better products at reasonable prices instead of spending it on advertising and passing the cost back to us. The internet is the ultimate in word of mouth advertising when people ignore the ads, prices, etc and start seeking real info from informed sources regarding what products are good.
Rick

 

To All:

I'll ask that We confine the discussion to Are commercial firewalls going to suffer ?....not whether BetaNews has malware code or other pros\cons of certain download sites.

Thanks,
Bubba

 

To all:

I've removed one followup off-topic post. I'd request all to please heed Bubba's initial request. Thanks in advance.

Blue

 

I have asked Agnitum twice on the lifetime license issue and they gave the same answer that it is no longer offered. But lifetime license may be available as part of a competiton or game sometimes. I got my lifetime license for being a winner of the World Cup quiz.

They may have special promotion sometimes and not sure if they will have special promotion for the coming 4.0.

I am using Outpost and Zone Alarm and have tried the latest version of Comodo Firewall. Although it is free, I would still keep Outpost and Zone Alarm for the time being, since I am already used to using them.

 

This point has been mentioned previously but bears repeating - Outpost does not require annual renewal. The 1-year (or 2-year) licence is for free access to upgrades - aside from the anti-spyware plugin (which needs signature updates to be effective, like any other malware scanner), Outpost will continue to work indefinitely.

As to whether commercial firewalls will suffer, it is unlikely since free products have been available for several years now. If a free product gives a paid one a run for its money then it is ultimately to everyone's benefit - but businesses do have to make money somehow (a point excellently made in Bellgamin's post) so either a charge will be levied (directly or indirectly) or the product will cease development (one possible example being NetVeda's SafetyNet which, at 3.61, has not seen an update for over a year now).

 

For many people, price is not an issue. Honestly, I know people who will drop $40 at the bar, and that is just a warmup for their evening! There is a large contingency who will happily pay $$ for software if they feel it is the best, especially for their situation. No, commercial firewall vendors will not suffer, even with the excellent product Comodo is offering free of charge.

 

Yeah, I asked them about it too and got the same thing.

Hopefully their "special promotion" will be a limited time, "lifetime license" offer for consumers to purchase. Because like I said previously, it might help to draw interest and attention away from freebies like Jetico and especially Comodo that are attracting several new users....

 

I just installed Comodo after being a bit hesitant. I know FWs are like spoiled children, you need that extra time to satisfy them.

I was a Sygate user but I gave up since I feared this FW cannot offer protection forever.

Now, Comodo runs well in my machine. Very pleased with it and surprised that a product like this is free! Very nice. I also heard they are planning to incorporate a HIPS feature in future version, that'd be the icing on the cake.

Jetico is awesome too, but this is not a spoiled child, it's a wild horse. I gave up on it.

Yes these two freebies can actually give their commercial competitors a run for their bucks. Not sure whether Jetico v2 would remain as such once it comes out of Beta.

 

Unfortunately, Jetico 2 is not going to be freeware, one great freeware will be down.

 

Originally posted by gesc

I recall seeing a posted message that indicated that Comodo Firewall already did have some HIPS functionality starting with version 2. A user reported a problem running the firewall with Process Guard and the tech support told the user to use one or the other since they overlapped.

 

Yes, Comodo's Aplication Behaviour Analysis and Component Control are like HIPS.
Both those can be disabled, in order to achieve compatibility with other software.

 

How will you know it will not be a freeware, currently Nail has not decide on the decisions. Therefore do not make false assumption.

 

They confirmed it in an email interview, but I hope, that they will change their mind.

 

It always amazes me that people treat firewalls like AVs. Just because some vendor releases a new version doesn't make the previous one worthless. Firewalls don't depend on definitions or reference files. They don't have to be constantly updated, at least the actual firewall component doesn't. A firewall either works or it doesn't. Internet apps use the same protocols. They use the same ports. IP addresses work the same as they did before. As far as controlling traffic in and out of your system is concerned, the rules work the same as they always have.
If people didn't insist on having all the other features bundled to a firewall, like HIPS, popup blockers, antispyware components, etc, there'd be no need to update it, unless some exploit is discovered. Most of the security apps being offered as firewalls are security suites with firewall components. If you use an actual unbundled firewall, you can stay with it and use other software to cover the rest of the functions. I'll take a rule based firewall and separate HIPS program over any security package, free or not, and in all probability get a more secure setup in the process that uses less disk space and system resources as well. As long as you use a security suite, you'll have to update regularly and put up with increasing prices, discontinued brands, increasing bloat, and the always present risk that the next version might have new bugs or not be compatible with something else you use. Why go thru this repeatedly when you could spend a little extra time and effort configuring a few good single purpose apps, then stay with them?
Whether Comodo can put a dent in the sales of security suites remains to be seen. It might, if it gets enough exposure. It won't affect the usage of the better single purpose security apps.
Rick

 

Firewalls also have their vulnerbilities. They are just alot harder to crack because of the nature of the intended function of firewalls. Most of these vulnerbilities are always identified first by the security companies themselves and get fixed silently. It does not mean that if something is not in the change log, means that nothing has changed. Its just that you cannot see things under the hood and security companies want that to be so as this would slow down hackers alot.

Don't always assume HIPS and additional features will stop deadly things from happening. Once someone finds out how a particular HIPS works, it will be easy for them to create a malware to exploit the area not monitored by HIPS.

 

Well, that's very relative. I used to be a "happy" Sygate Personal Ed. user (v. 5.6.2808 ) until recently a hacker scanned my ports went past that obsolete fw and delivered me a nice, nasty virus that forced me to reinstall Windows again. Before doing that I looked at Sygate's last log and I read the critical attack by someone located in San Jose, Cali (btw, son of a...). So why Sygate didn't block it?? It shows that outdated FWs are worth crap.

Now, I have installed Comodo and realised that running old stuff can sometimes very bad -especially in the area of virtual security, where you ought to keep an eye on every single thing- despite the claims of certain websites (thinking here of oldversion.com, where I got my copy of Sygate).

 

You wonder about the vulnerabilities of old and unsupported software. I still have a 486 machine with Windows 3.11 and Netscape Navigator 3.0 and a very OLD copy of McAfee VirusScan on that machine. I wonder what is the chance of being hacked if I decide to power it on and surf the WWW?

I have considered using some of the older firewall programs still available on some websites (such as Sygate, Kerio, Zone Alarm, Outpost programs created back a few years ago). Some website still have copies of the old programs and allow you copy and use them (of course with no guarantees or warranties). I thought Sygate was based in Silicon Valley in CA? Maybe the attacker was a former employee who got laid off after Symantec bought out Sygate? I thought Sygate provides port stealth protection? Does this mean that you can still be hacked even when stealthed?

 

What's the odds that anyone would want to or is even looking for such a unit? I was referring to firewalls only and I definitely wasn't going back that far.

That's true if you're referring to the actual firewall component. When you start adding all the other features, especially ones that need regular updating, that's when they become vulnerable. How many times have users had problems with ZA when they "updated" to a new version? Norton has managed to crash their security suite completely with a bad update.

Stealthed doesn't mean closed. Stealthed means that the port isn't responding either way, trying not to reveal that it's even there. Ideally, you shouldn't have ports open in the first place, not just relying on a software firewall to protect them.
Regarding old versions of firewalls, I've been using Kerio 2.1.5 for years. It's protected me (and many other PCs I've installed it on) completely. To my knowlege, only 2 "vulnerabilities" have been found in it, one almost meaningless and one of questionable usability. The first is easily defeated by using its password option instead of leaving it blank. The 2nd involves passing fragmented packets thru it and trying to do something with them. Yes, some fragmented packed will go thru Kerio 2.1.5, but I've yet to see an instance of this being used successfully to compromise a system. Even if it can be done, it would need to be done in such a way that my HIPS won't detect and block.

While I do rely on HIPS, SSM specifically, I would never count on it alone, just as I don't rely on Kerio alone. I rely on the whole package. Kerio won't allow the net to connect to SSM. SSM defends Kerio from termination. File integrity software keeps tabs on both SSM and Kerio files. SSM protects the file monitor. While it may be possible to attack any one of these alone, when configured to protect and support each other, it's much harder if it's possible at all. That's how layered security should work, tough single purpose apps supporting and protecting each other. I consider Kerio 2.1.5 one of the best firewalls around, so I stay with it and back it up with one of the best HIPS programs, SSM. I see no reason to drop Kerio. It's never crashed and never failed to protect me. Even on a test unit I deliberately use on drive-by sites and every other unsafe behavior I can think of, the combination of SSM and Kerio 2.1.5 has yet to fail.
Rick

 

Some clarification would be useful here - a stealthed port is a closed port that does not return "Destination Unreachable" messages when sent a connection request. Open ports are ones allocated to applications and allowed to receive incoming traffic - these cannot be stealthed without blocking that application's ability to receive data (note that ports can be allocated and used without being open to outside traffic if they are used for internal communcation or outgoing requests only).

While having no publicly-open ports is an ideal security-wise, in many cases it is not possible. Any server-type program (including file-sharing and IM applications) will need to be able to receive unsolicited traffic (websites are one example, using servers that have port 80 publicly accessible).

Where older personal firewalls tend to fail nowadays is with blocking outgoing traffic if malware is disguising it by hijacking normally-trusted applications. For blocking incoming attacks, most will do perfectly OK.

This is a point well worth making - known deficiencies in one program can be countered by another. The downside is the increasing chance of conflicts as more security programs are added.

 

Not if the company is a truely altruistic one.

From this thread at Comodo forums...

http://forums.comodo.com/index.php/topic,223.0.html

Thanks for the response. Well, we don't want donations to go to Comodo. I understand that our user's wish to express their appreciations thru donations to Comodo, however, we have other revenue streams that we rely on and we very much to channel "user appreciation" donations to Charities.

The world would be a much worse place without the good work that charities do. At Comodo we try to follow a responsible business model in order to better life for the human race and the world! Helping the organisations that tries to better lives of millions of human beings out there is one of the ways that Comodo can help.

Melih

 

There can be no truly altruistic companies since they all have to make a profit at some point. Commodo may be willing to subsidise development of their personal firewall with income from their corporate business for the time being but as development/support costs increase, this will become increasingly hard to justify ("goodwill" only goes so far).

 

Paranoid,
Thanks for fixing my poorly worded response on "stealthed". Your point on open ports is is also well taken. It should also be said that when users are running apps that need a specific port open, the traffic to that port should be limited to only the IP address(es) and protocol(s) that specific app needs to function, not left open to everything. IM (instant message) software for example usually listens on one narrow IP range, and a firewall rule for that app should limit connections to that IP or IP range. That way, the port in question is open to the IP or IP range that needs to contact the application, but is closed (or stealthed) to everyone else.
I realize that a casual user can feel a bit overwhelmed when IP addresses, ports, and protocols come into the discussion. It would really help you in the long run to take a crash course on the basics of how this works. It's not as difficult as it sounds, actually takes more to explain it than it does to work with it. The average person can pick up on the basics in less than a day.

It should also be said that this problem isn't limited to single purpose security apps. Security suites and packages are usually bundles of separate programs integrated together. It can and has happened with security suites when a rushed update or a vulnerability found in a non-firewall component has crashed the entire suite. Several years back, I was running Norton Internet Security and was searching Google for something, don't remember what. I opened the top link displayed in Google and was greeted with a huge number of popup windows that wiped out the popup blocker of NIS. Must have been over a hundred of them. The rest of Norton crashed shortly afterwards. I ended up with an infected system, the one and only time it's happened. With separate apps, there are no common vulnerabilities, save the actual system files. If one component is attacked, the rest keep working.
Getting way off topic, sorry.
Regarding the quote from the Comodo forums, I very much like their motivation. For their sake and those who are using it, I hope they can make it work. In a world driven by cut-throat capitalism, it won't be easy. I hope their "other revenue streams" are steady. It would be refreshing to see more companies with that attitude. I might even try their product if they release a version that works with DOS based systems. Just remember people, with companies that offer good free products and services, they don't have advertizing budgets. You are the advertizing. If you use and have come to trust their product, tell others about it. Not just at security forums, that's preaching to the choir. Get to the casual users whenever you can. Exposure is everything.
The internet is a lot like a fairly new world, where several opposing sides have gained a foothold, but no one owns or controls. It's not just good vs evil. There's those with only financial interests who want to own and control everything, aka big companies. Then there's the casual user who wants nothing to do with the battle, but gets targeted constantly. Most of them never heard of Comodo (or SSM, Kerio, etc). They only know of the big money names. What the casual users do will decide the outcome. Ever dreamed of being in one of those Sci-Fi movies, battling for control of a new world? Well, you are. If you're reading this, you're in that world, this incredible virtual world. Software is your tools, weapons, and defenses. The plot isn't finished. You can try to just survive or you can jump into the battle in whatever capacity you can, and enjoy it!
Rick