ca's hips, is better than tiny?

Discussion in 'other firewalls' started by areyousure, Feb 18, 2007.

Thread Status:
Not open for further replies.
  1. areyousure

    areyousure Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    13
    heard that ca's new hips is out. don't know if it's better than tiny.
    but so far, the cookie control of the new release doesn't work for me.
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Considering their firewall is worse than tiny, i wouldn't hold my breath.
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Did CA give you Tiny guys any sort of deal when they took over the firewall? I noticed the CA support for TPF was nearly non-existent, at least that was the word on the Tiny forum.
     
  4. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    At their purchase webpage, one even cannot put an order for 1~48 user's license into cart at the time of posting. It seems just a joke to me. On the home user's market, CA makes many products. But NONE of them is good enough for looking at.
     
  5. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    I'm still trying to figure out why CA would buy Tiny and not utilize its full power. That's unimaginably bad business IMNSHO.
     
  6. CVSCorp

    CVSCorp Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    4
    Having posted most of my Tiny Firewall info at www.Snort.org and stumbling into a message originally posted here, I decided to join this forum for clarification.

    I have been a beta tester for Roman Kasan and the Tiny Software line for twelve years, as well as spending eight plus years as a software builder on Windows NT at Microsoft Corporation.

    I was saddened to see Tiny Software sell out to CA. Be this as it may, there has been some interest in keeping Tiny's last version, TPF 2005 (Build 6.5.126) running. This is due to two reasons. One, it uses the Snort 2.0 RuleSet and two, the Activity Monitor lets you directly see what is going on, in real time. No other firewall does these two things.

    Tiny Software included in a previous version, a tool called SnortImp.exe, which we soon learned, would not import Snort 2.6 Rulesets, and later learned, would not import updated Snort 2.0 Rulesets. This is due to SnortImp.exe's lack of translation of the new parameters included in the .conf file, which it converts to .xml format.

    As far as CA-HIPS, and whether it is better than Tiny's TPF 2005 product, I just finished testing it. It is very similar to Tiny's last effort for a "Hosted" firewall, which used SQL to distribute rulesets to "clients" connected via the network, in a Network Group arrangement. Tiny called this product "Host Security Server", and embedded was TPF 6.0, and not TPF 6.5.126 (Commonly known as Tiny Pro 2005).

    CA-HIPS and Tiny's "Hosted Security Server" with TPF 6.0 embedded, both use databases to hold the "File Integrity Checksum" data, and the "Application/DLL" lists. CA-HIPS uses Apache TomCat (a unix version of a SQL like distribution database, called Catalina), while Tiny HSS uses both SQL, MySQL and Oracle to store and distribute database information.

    With reference to Tiny Firewall Pro 2005 and CA-HIPS, these are two completely different products. CA-HIPS is based completely on Tiny's Hosted Security Server product and NOT "TPF PRO 2005", although both use Snort Rulesets.

    There does not seem to be a compatable CA derivitive replacement for TPF Pro 2005 (v6.5.126) stand-alone firewall.

    Furthermore, stated in the CA-HIPS Advertisment Brochure, Former Tiny Software users will get no upgrade/migration discount on CA-HIPS, or any equivelant CA products, and CA apparently does not want former Tiny users as their customers.

    Finally, I did have a website up to support Tiny Users, but due to legal issues pertaining to code copyrights, had to take it down. I am still willing to support former Tiny Firewall users personally. If you would like to post questions or requests here, I would be happy to answer them.

    On a personal note, Tiny Firewalls are still the best in the world, and if we could find a user who can figure out how to "import" Snort 2.0/2.6 rulesets into .xml format, TPF Pro 2005 will remain solid for the foreseeable future.

    Also note that Windows Vista's use of UAC, parallels closely TPF's "Active Windows Security Gaurds" and "System Privilages">

    See http://www.wincustomize.com/articles.aspx?aid=144947

    Apparentely, Tiny's line of Firewall Products, did this first, and Roman Kasan told me personally, well before he sold out to CA, that Microsoft was, at one time, interested in purchasing the Tiny line of products, but the deal fell through. I suspect this is where Microsoft's UAC concept and implementation came from.

    We (Tiny users) have been clicking "Accept" or "Deny" from those "Security Warning" dialogs for years now. Yet when Windows Vista implements UAC, the world goes nuts over it, to the point of Apple making fun of them with commercials.

    In conclusion, I have spoken to Snort.Org about having them provide support for Snort Rulesets in TPF, but apparently there is little interest, or few requests by TPF users to Snort officials to get them to do this.

    Our only recourse seems to be, to figure out what "SnortImp.exe" does, or did, and to duplicate it somehow, to be able to import current Snort Rulesets into TPF Pro 2005.
     
    Last edited: Mar 2, 2007
  7. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    Hi CVSCorp,

    I"m still running Tiny Pro on my old computer and recently purchased a new one. I've had Tiny Firewall 3 - 4 years now and I feel like I should try new technology. I downloaded CA firewall but I'm not liking it very much. I don't know if I should stay with Tiny or move onto something else. I think I will try Blink next. Have you spoken with any of the other guys from the forum.

    Thanks,
    Brian
     
  8. Wakanaka

    Wakanaka Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    3
    CVSCorp, I agree with u in many points. Still hope there are more users out there who will support the the implementation of SNORT-Rulesets. For my opinion TPF Firewall is the best I´ve ever seen. CA, shame on you!!!:ouch:
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi CVSCorp, nice to see you here.
    I still use TPF on one of my machines keeping it alive - a great firewall unfortunetly abandoned.
    I think CVSCorps post sums it up.
     
  10. Robereyewhy

    Robereyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    171
    Hello everyone.

    Still using TPF on all machines as I got all the free activation codes from Tiny Software. Sure would be great to be able to update the snort rules to keep TPF current.

    Wish Tiny Software had not been sold until Vista was released AND it was compatiable! TPF, NOD32 and BoClean...done again!

    I was a beta tester of CA's HIPS when it first became available to beta test. Used it for 3 updates but did not like it for a number of reasons.

    I should have tested TPF on Vista RC1 and 2.
     
  11. HIPS

    HIPS Registered Member

    Joined:
    Feb 27, 2007
    Posts:
    2

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      103.9 KB
      Views:
      44
    Last edited: Mar 7, 2007
  12. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    I still use TPF 6.5.092 on all my hard drives as it seems to be compatible with most of the anti-malware and anti-everything software that's out. I had problems with TPF 6.5.126.

    Everytime I have been to the SNORT website, it seems like they want a bunch of money to subscribe.
     
  13. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    CVSCorp and HIPS, thanks for the information!

    I finally decided to give the new CA HIPS a try, and it is running on my laptop now.

    For those who are interested, the trial link is here:
    http://www3.ca.com/trials/collateral.aspx?cid=99399

    One has to register first with a valid email address, then CA will send the download link in email. The whole package is about 78MB. But it seems to me that the only useful part for home users is the file "Harness-1.0.172.exe" under "self-learning"(or something alike) directory in the package. It is about 8MB in size. It is indeed the new version of TINY Firewall, although with different name. The screen shot is provided by HIPS above, which is almost the same as TINY 2005. Sadly, it seems that one could not import old TINY 2005 rules. At least, I failed to do so.

    From my first impression, it is a great improvement upon TINY 2005. There are quite some new functions added, such as Windows API hooking control, Email protection, ID lock, privacy, and so on. Just have tried it for a couple of hours, and still need to make the rules all over again. So I could not say much more about it right now.

    I just checked the CA website, they have fixed the problem on their web. The price of CA HIPS for a single licence seems to be $40.00. Not bad at all, at least not really bad for previous TINY users.
     
    Last edited: Mar 7, 2007
  14. CVSCorp

    CVSCorp Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    4
    No Support from Snort.Org

    From Mike Guiterman <mike.guiterman@sourcefire.com>

    Hi Bill,

    Sorry for the delay in responding with a decision. I've had a number of
    conversations with our both the research and the development team.
    Unfortunately with the pace they're working at on Snort, developing
    rules updates and Sourcefire commercial products I haven't been able to
    come up with a resource to support the translation on an ongoing basis.

    I understand the situation that you and other Tiny Firewall users are in
    and wish I could be of more help. From following your thread there
    seems to be a good number of loyal users - has anyone in that community
    attempted to maintain a translated rule-set?

    Regards,

    -mg

    My reply:

    Unfortunately, the "snortimp.dll", which contains the translation matrix, can not be altered without permission from Computer Associates, or without having the source code, neither of which we have. The translation matrix does not include newer parameters included in newer snort 2.0/2.6 rulesets, for which snortimp.exe does not understand. We have tried.

    Our last resort was support from Snort.Org itself. We don't want to get into copyright violations with CA, or reverse compile their code, since output of prior .xml rulesets exist. It would be optimal for snort rulesets to be directly translated to .xml format by snort.org, to avoid these issues. TPF is a very good firewall and lacking current snort rulesets, leaves us (both TPF users and the world at large) with the plain jane, subscription based firewalls offered to the general public, which offer minimal protection at best. TPF was the only non-subscription firewall, which offered IDS/IPS based on snort rulesets, and file protection based on checksums, and comprehensive rules for applications and registry entries. Only Windows Vista now offers this level of protection, with a nagging UAC,which folks turn OFF.

    It would be ashamed to see TPF go the way of the dinosaur just for lack of snort rulesets.

    One other point. Malware protection, and the Malware protection market in general, came about because of a few disgruntled adolescent individuals had nothing better to do with their coding skills, than to hack and destroy honest peoples work and equipment. To protect a computer, honest folk are being forced to spend their hard earned buck on protection software, that would not exist, and would not be necessary, had it not been for these hackers and adolescent individuals. There is now a feeling prevalent in the world today, that the Malware Market in general, secretly pays and fosters these hackers and adolescent individuals to continue their efforts, because without them, Malware software would be obsolete. I personally believe this is true. It's a self feeding scenario. Hackers make malware, which we have to protect ourselves from, and Malware makers are only to happy to take our dollar for the software that does so.

    There are only a handful of companies, like Snort.Org and TPF, who offer a basic level of their products without asking for subscriptions. I personally will not pay for Malware protection in any form. I will shut my machine off permentantly before I do that.

    And on a personal note: There is an "Antivirus Software" company, called "Avast!" (http://www.avast.com/index.html) which will allow users to use their basic edition, without annual subscriptions, provided it is used for personal use ONLY. I would recommend this software be used to supplement TPF and non-updated Snort Rulesets.

    CVSCorp :'(
     
    Last edited: Mar 7, 2007
  15. CVSCorp

    CVSCorp Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    4
    Re: ca's hips, is better than tiny,? (for a price!)

    Yahoo: Did you look at CA's brochures. They specifically state that Former Tiny Software Users are entitled to No Discounts on Upgrades to any of their products. They dropped us like a hot rock.

    I would also say that on my trial, I found no "Activity Monitor", which is one feature I love. It gives you a "Real Time" look at what is happening on your system. Maybe I missed it.

    $40.00 dollars, for this firewall, when TPF 2005 was $29.95, and without an annual subscription. You can bet when CA gets you on-board, the price for annual subscriptions will skyrocket.

    This may be the reason they are dropping a ready made market of former TPF users.

    Yahoo, my intention is truely not to argue or debate you here, although my comments may sound that way. I'm just a bit ticked off at CA, and any comment that defends what they did.

    If I offended you in any way, accept my apologies in advance. :oops:
     
  16. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    CVSCorp:

    No apologies needed at all. :)

    The activity monitor is still there, quite similar to TPF 2005. If you could not get it on your computer, there must be something wrong with your installation. I thought that TPF 2005 Pro was around $99.00, and TPF 2005 was around $59.00. So if this new HIPS is $40.00, it is not really bad. When I checked CA's website some time ago, I could not put a single license into cart. Instead, I could only put multiple licenses into cart. It was $1000~$2000. I guess that's what makes me feel okay with $40.00. Anyway, I will try it for a while and then decide if I will spend money on it. I somehow dislike CA due to this TINY acquisition too.
     
    Last edited: Mar 7, 2007
  17. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    I seem to remember $49.00 for TPF 2005. Anyways, I would say $40.00 for the HIPS is pretty reasonable, especially if it's as promising as your initial observations would suggest.
     
  18. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Adding ShadowSurfer to my armory seems to have made computer bulletproof for now.
     
  19. Robereyewhy

    Robereyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    171
    Just installed on XP Pro SP2 test machine.

    1) No IDS/IPS rules. Same like TPF v126.
    2) Change from Classic Design to Top Menu. Now only get Applications control. Cannot change to anything else...period!
    3) User account missing features.

    It's already out for purchase. Same thing as TPF with added features.

    Beta tested for Tiny from the beginning and what happens. Sell out to CA. Granted, senior members got all the activation codes for free however, will NOT beta test for CA. No Vista support too.
     
  20. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    What is the advantage of TPF v126 VERSUS TPF v092?
     
  21. Robereyewhy

    Robereyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    171
    Mr Y. said,
    6.5.126 Changelog:

    - device rule (and partially UI) fix. Internal rule for acces from system itself was missing for USB and Firewire protection.
    - new protection feature: Block access to physical memory from user mode applications and loading and running some code in kernel memory through use of undocumented APIs in ntdll. Note: Not all Windows were affected (it is not implemented on 64bit version of TF). Temporary for build 6.5.126 only: It is disabled by default. You have to turn it on manually - in registry HKLM\...\Services\KmxSbx set value "SystemGuards" (REG_DWORD) to 1. Reboot is needed. It takes settings from Inject Code access from System Privileges guard.
    - in TF64 fixed incorrect handling of rules creation from AskUser
    - UmxCfg memory leak fixed
    - fixed CloneDVD and other applications compatibility
    - USB drive letters fix
    - redone WAN interfaces handling
    - Tracklog Analyzer now enables exporting collected data into a predefined object

    Remember, this build (126) has the problems with IDS/IPS being empty if you clean install.

    There was build 110 between the 92 and 126.
     
  22. areyousure

    areyousure Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    13
    ca hips has been running in my computer for 20 days, so far so good. feels like an old friend who is still there, and his new suit makes him look younger.
     
  23. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    It's a pity that there is no support for Vista in this software....
     
  24. Robereyewhy

    Robereyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    171
    Are you people getting the FULL IDS/IPS rules?

    Thanks.
     
  25. NathanX

    NathanX Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    4
    Yes, you can get them here http://cahipsdownload.ca.com/
    Good to see other tiny users here. Cheers
     
Thread Status:
Not open for further replies.