ca's hips, is better than tiny?

heard that ca's new hips is out. don't know if it's better than tiny.
but so far, the cookie control of the new release doesn't work for me.

 

Considering their firewall is worse than tiny, i wouldn't hold my breath.

 

Did CA give you Tiny guys any sort of deal when they took over the firewall? I noticed the CA support for TPF was nearly non-existent, at least that was the word on the Tiny forum.

 

At their purchase webpage, one even cannot put an order for 1~48 user's license into cart at the time of posting. It seems just a joke to me. On the home user's market, CA makes many products. But NONE of them is good enough for looking at.

 

I'm still trying to figure out why CA would buy Tiny and not utilize its full power. That's unimaginably bad business IMNSHO.

 

Having posted most of my Tiny Firewall info at www.Snort.org and stumbling into a message originally posted here, I decided to join this forum for clarification.

I have been a beta tester for Roman Kasan and the Tiny Software line for twelve years, as well as spending eight plus years as a software builder on Windows NT at Microsoft Corporation.

I was saddened to see Tiny Software sell out to CA. Be this as it may, there has been some interest in keeping Tiny's last version, TPF 2005 (Build 6.5.126) running. This is due to two reasons. One, it uses the Snort 2.0 RuleSet and two, the Activity Monitor lets you directly see what is going on, in real time. No other firewall does these two things.

Tiny Software included in a previous version, a tool called SnortImp.exe, which we soon learned, would not import Snort 2.6 Rulesets, and later learned, would not import updated Snort 2.0 Rulesets. This is due to SnortImp.exe's lack of translation of the new parameters included in the .conf file, which it converts to .xml format.

As far as CA-HIPS, and whether it is better than Tiny's TPF 2005 product, I just finished testing it. It is very similar to Tiny's last effort for a "Hosted" firewall, which used SQL to distribute rulesets to "clients" connected via the network, in a Network Group arrangement. Tiny called this product "Host Security Server", and embedded was TPF 6.0, and not TPF 6.5.126 (Commonly known as Tiny Pro 2005).

CA-HIPS and Tiny's "Hosted Security Server" with TPF 6.0 embedded, both use databases to hold the "File Integrity Checksum" data, and the "Application/DLL" lists. CA-HIPS uses Apache TomCat (a unix version of a SQL like distribution database, called Catalina), while Tiny HSS uses both SQL, MySQL and Oracle to store and distribute database information.

With reference to Tiny Firewall Pro 2005 and CA-HIPS, these are two completely different products. CA-HIPS is based completely on Tiny's Hosted Security Server product and NOT "TPF PRO 2005", although both use Snort Rulesets.

There does not seem to be a compatable CA derivitive replacement for TPF Pro 2005 (v6.5.126) stand-alone firewall.

Furthermore, stated in the CA-HIPS Advertisment Brochure, Former Tiny Software users will get no upgrade/migration discount on CA-HIPS, or any equivelant CA products, and CA apparently does not want former Tiny users as their customers.

Finally, I did have a website up to support Tiny Users, but due to legal issues pertaining to code copyrights, had to take it down. I am still willing to support former Tiny Firewall users personally. If you would like to post questions or requests here, I would be happy to answer them.

On a personal note, Tiny Firewalls are still the best in the world, and if we could find a user who can figure out how to "import" Snort 2.0/2.6 rulesets into .xml format, TPF Pro 2005 will remain solid for the foreseeable future.

Also note that Windows Vista's use of UAC, parallels closely TPF's "Active Windows Security Gaurds" and "System Privilages">

See http://www.wincustomize.com/articles.aspx?aid=144947

Apparentely, Tiny's line of Firewall Products, did this first, and Roman Kasan told me personally, well before he sold out to CA, that Microsoft was, at one time, interested in purchasing the Tiny line of products, but the deal fell through. I suspect this is where Microsoft's UAC concept and implementation came from.

We (Tiny users) have been clicking "Accept" or "Deny" from those "Security Warning" dialogs for years now. Yet when Windows Vista implements UAC, the world goes nuts over it, to the point of Apple making fun of them with commercials.

In conclusion, I have spoken to Snort.Org about having them provide support for Snort Rulesets in TPF, but apparently there is little interest, or few requests by TPF users to Snort officials to get them to do this.

Our only recourse seems to be, to figure out what "SnortImp.exe" does, or did, and to duplicate it somehow, to be able to import current Snort Rulesets into TPF Pro 2005.

 

Hi CVSCorp,

I"m still running Tiny Pro on my old computer and recently purchased a new one. I've had Tiny Firewall 3 - 4 years now and I feel like I should try new technology. I downloaded CA firewall but I'm not liking it very much. I don't know if I should stay with Tiny or move onto something else. I think I will try Blink next. Have you spoken with any of the other guys from the forum.

Thanks,
Brian

 

CVSCorp, I agree with u in many points. Still hope there are more users out there who will support the the implementation of SNORT-Rulesets. For my opinion TPF Firewall is the best I´ve ever seen. CA, shame on you!!!

 

Hi CVSCorp, nice to see you here.
I still use TPF on one of my machines keeping it alive - a great firewall unfortunetly abandoned.
I think CVSCorps post sums it up.

 

Hello everyone.

Still using TPF on all machines as I got all the free activation codes from Tiny Software. Sure would be great to be able to update the snort rules to keep TPF current.

Wish Tiny Software had not been sold until Vista was released AND it was compatiable! TPF, NOD32 and BoClean...done again!

I was a beta tester of CA's HIPS when it first became available to beta test. Used it for 3 updates but did not like it for a number of reasons.

I should have tested TPF on Vista RC1 and 2.

 

CA HIPS Toolkit Test Harness
CA HIPS – Global English version – Click Here
ftp://escmftp:c0nt3nt@ftp.ca.com/CA_HIPS_r8.zip

 

I still use TPF 6.5.092 on all my hard drives as it seems to be compatible with most of the anti-malware and anti-everything software that's out. I had problems with TPF 6.5.126.

Everytime I have been to the SNORT website, it seems like they want a bunch of money to subscribe.

 

CVSCorp and HIPS, thanks for the information!

I finally decided to give the new CA HIPS a try, and it is running on my laptop now.

For those who are interested, the trial link is here:
http://www3.ca.com/trials/collateral.aspx?cid=99399

One has to register first with a valid email address, then CA will send the download link in email. The whole package is about 78MB. But it seems to me that the only useful part for home users is the file "Harness-1.0.172.exe" under "self-learning"(or something alike) directory in the package. It is about 8MB in size. It is indeed the new version of TINY Firewall, although with different name. The screen shot is provided by HIPS above, which is almost the same as TINY 2005. Sadly, it seems that one could not import old TINY 2005 rules. At least, I failed to do so.

From my first impression, it is a great improvement upon TINY 2005. There are quite some new functions added, such as Windows API hooking control, Email protection, ID lock, privacy, and so on. Just have tried it for a couple of hours, and still need to make the rules all over again. So I could not say much more about it right now.

I just checked the CA website, they have fixed the problem on their web. The price of CA HIPS for a single licence seems to be $40.00. Not bad at all, at least not really bad for previous TINY users.

 

No Support from Snort.Org

From Mike Guiterman <mike.guiterman@sourcefire.com>

Hi Bill,

Sorry for the delay in responding with a decision. I've had a number of
conversations with our both the research and the development team.
Unfortunately with the pace they're working at on Snort, developing
rules updates and Sourcefire commercial products I haven't been able to
come up with a resource to support the translation on an ongoing basis.

I understand the situation that you and other Tiny Firewall users are in
and wish I could be of more help. From following your thread there
seems to be a good number of loyal users - has anyone in that community
attempted to maintain a translated rule-set?

Regards,

-mg

My reply:

Unfortunately, the "snortimp.dll", which contains the translation matrix, can not be altered without permission from Computer Associates, or without having the source code, neither of which we have. The translation matrix does not include newer parameters included in newer snort 2.0/2.6 rulesets, for which snortimp.exe does not understand. We have tried.

Our last resort was support from Snort.Org itself. We don't want to get into copyright violations with CA, or reverse compile their code, since output of prior .xml rulesets exist. It would be optimal for snort rulesets to be directly translated to .xml format by snort.org, to avoid these issues. TPF is a very good firewall and lacking current snort rulesets, leaves us (both TPF users and the world at large) with the plain jane, subscription based firewalls offered to the general public, which offer minimal protection at best. TPF was the only non-subscription firewall, which offered IDS/IPS based on snort rulesets, and file protection based on checksums, and comprehensive rules for applications and registry entries. Only Windows Vista now offers this level of protection, with a nagging UAC,which folks turn OFF.

It would be ashamed to see TPF go the way of the dinosaur just for lack of snort rulesets.

One other point. Malware protection, and the Malware protection market in general, came about because of a few disgruntled adolescent individuals had nothing better to do with their coding skills, than to hack and destroy honest peoples work and equipment. To protect a computer, honest folk are being forced to spend their hard earned buck on protection software, that would not exist, and would not be necessary, had it not been for these hackers and adolescent individuals. There is now a feeling prevalent in the world today, that the Malware Market in general, secretly pays and fosters these hackers and adolescent individuals to continue their efforts, because without them, Malware software would be obsolete. I personally believe this is true. It's a self feeding scenario. Hackers make malware, which we have to protect ourselves from, and Malware makers are only to happy to take our dollar for the software that does so.

There are only a handful of companies, like Snort.Org and TPF, who offer a basic level of their products without asking for subscriptions. I personally will not pay for Malware protection in any form. I will shut my machine off permentantly before I do that.

And on a personal note: There is an "Antivirus Software" company, called "Avast!" (http://www.avast.com/index.html) which will allow users to use their basic edition, without annual subscriptions, provided it is used for personal use ONLY. I would recommend this software be used to supplement TPF and non-updated Snort Rulesets.

CVSCorp

 

Re: ca's hips, is better than tiny,? (for a price!)

Yahoo: Did you look at CA's brochures. They specifically state that Former Tiny Software Users are entitled to No Discounts on Upgrades to any of their products. They dropped us like a hot rock.

I would also say that on my trial, I found no "Activity Monitor", which is one feature I love. It gives you a "Real Time" look at what is happening on your system. Maybe I missed it.

$40.00 dollars, for this firewall, when TPF 2005 was $29.95, and without an annual subscription. You can bet when CA gets you on-board, the price for annual subscriptions will skyrocket.

This may be the reason they are dropping a ready made market of former TPF users.

Yahoo, my intention is truely not to argue or debate you here, although my comments may sound that way. I'm just a bit ticked off at CA, and any comment that defends what they did.

If I offended you in any way, accept my apologies in advance.

 

CVSCorp:

No apologies needed at all.

The activity monitor is still there, quite similar to TPF 2005. If you could not get it on your computer, there must be something wrong with your installation. I thought that TPF 2005 Pro was around $99.00, and TPF 2005 was around $59.00. So if this new HIPS is $40.00, it is not really bad. When I checked CA's website some time ago, I could not put a single license into cart. Instead, I could only put multiple licenses into cart. It was $1000~$2000. I guess that's what makes me feel okay with $40.00. Anyway, I will try it for a while and then decide if I will spend money on it. I somehow dislike CA due to this TINY acquisition too.

 

I seem to remember $49.00 for TPF 2005. Anyways, I would say $40.00 for the HIPS is pretty reasonable, especially if it's as promising as your initial observations would suggest.

 

Adding ShadowSurfer to my armory seems to have made computer bulletproof for now.

 

Just installed on XP Pro SP2 test machine.

1) No IDS/IPS rules. Same like TPF v126.
2) Change from Classic Design to Top Menu. Now only get Applications control. Cannot change to anything else...period!
3) User account missing features.

It's already out for purchase. Same thing as TPF with added features.

Beta tested for Tiny from the beginning and what happens. Sell out to CA. Granted, senior members got all the activation codes for free however, will NOT beta test for CA. No Vista support too.

 

What is the advantage of TPF v126 VERSUS TPF v092?

 

Mr Y. said,

6.5.126 Changelog:

- device rule (and partially UI) fix. Internal rule for acces from system itself was missing for USB and Firewire protection.
- new protection feature: Block access to physical memory from user mode applications and loading and running some code in kernel memory through use of undocumented APIs in ntdll. Note: Not all Windows were affected (it is not implemented on 64bit version of TF). Temporary for build 6.5.126 only: It is disabled by default. You have to turn it on manually - in registry HKLM\...\Services\KmxSbx set value "SystemGuards" (REG_DWORD) to 1. Reboot is needed. It takes settings from Inject Code access from System Privileges guard.
- in TF64 fixed incorrect handling of rules creation from AskUser
- UmxCfg memory leak fixed
- fixed CloneDVD and other applications compatibility
- USB drive letters fix
- redone WAN interfaces handling
- Tracklog Analyzer now enables exporting collected data into a predefined object

Remember, this build (126) has the problems with IDS/IPS being empty if you clean install.

There was build 110 between the 92 and 126.

 

ca hips has been running in my computer for 20 days, so far so good. feels like an old friend who is still there, and his new suit makes him look younger.

 

It's a pity that there is no support for Vista in this software....

 

Are you people getting the FULL IDS/IPS rules?

Thanks.

 

Yes, you can get them here http://cahipsdownload.ca.com/
Good to see other tiny users here. Cheers