Deficiencies of Private Firewall

Discussion in 'other firewalls' started by turtlesoup, Feb 7, 2012.

Thread Status:
Not open for further replies.
  1. turtlesoup

    turtlesoup Registered Member

    Joined:
    Jul 16, 2011
    Posts:
    10
    After reading many positive comments here about Private Firewall, I decided to give it a try, and I must say that I am disappointed, as it's missing a number of critical features.

    Unconditional Port Blocking

    The main feature that I really need that PF does not have is the ability to block ports unconditionally, no matter what application is trying to use them.

    Please correct me if I'm wrong about this, but it seems PF aboslutely needs to associate port blocking/allowing rules with particular applications. I could not, for example, block access to all ports below and including 1024, no matter which application is trying to use them.

    This feature is really important to me, and it's lack in PF is a deal-breaker.

    Non-contiguous Ports in a Single Rule

    Another feature I'd like to have is the ability to specify multiple non-continugous ports in a single rule. For example, I'd like to make a rule concerning ports "135,137,445". This can't be done in PF either, as far as I know.

    Fortunately, you can specify port ranges, like "1-1024", and (of course) you can specify individual ports, like "135", but not both individual ports and ranges, like "135,137-139,445".

    Undocumented XML Format

    Though I am happy that PF can export and import rules in a relatively easy to understand XML format, that format needs to be thoroughly documented somewhere so that the XML file could be edited by hand or by external tools. I don't want to have to guess what 'Mode="2"' or 'Rule flags="122"' or 'Value="1"' are, or what the <AppsParent> section is for.

    Too Much Clicking

    Without thorough documentation, the XML file that PF imports is only really editable by PF itself, which brings me to my last complaint: creating rules in PF involves way too much clicking!

    I know clicking a lot is the traiditional Windows GUI way, and that may be fine if you've got only a handful of rules to configure. But any more than a handful is going to become seriously painful to create in PF. I'm afraid to even imagine how many days or weeks it would take to create a few hundred rules in PF.

    Such a large ruleset would still be pretty painful to make even if you could type it in using a capable text editor, but at least if PF's export/import XML format was well documented, it could be done and it would save you a monstrous amount of clicking.

    Copying and Pasting Rules

    Now, if click you must, at least PF should allow you to copy and paste existing rules. But no. All you can do is modify, add, or delete them.

    Keyboard Shortcuts

    If you're going to be creating a lot of rules through the PF GUI, you should at least have keyboard shortcuts for every possible action, and allow these shortcuts to be user-configurable.

    Conclusion

    Considering all these deficiencies, I really can't take PF very seriously. It may well be a good firewall, for what it does. But its configuration ability is sorely lacking.
     
    Last edited: Feb 7, 2012
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The firewall portion of PF is geared toward "newbies." People who really don't have the expertise to create advanced firewall rules.

    You are correct as far as non-application rule creation. On the other hand, PF assumes everything that accesses the Internet requires an application. No application, no Internet access. You really can't get more secure than that.

    As far as specifying the ports, you can enter in the local or remote port field of a firewall rule, anything in the 1-65535 range. The port option of 1024-65535(user) refers to your subnet. For example if you wanted to block inbound to ports 1-1023, you would manually enter 1-1023 in the local ports field of a firewall rule.
     
  3. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Why bother using it? Just use the windows firewall.
     
  4. turtlesoup

    turtlesoup Registered Member

    Joined:
    Jul 16, 2011
    Posts:
    10
    On a modern Windows PC today, there are probably thousands of "applications" (little programs installed as part of Windows that do god knows what). Do you really want to specify a seperate rule for each of them?

    And what about those applications you don't know about, such as those some malware app will create without your knowledge? If you had to specify a seperate rule for each app, you couldn't specify one for these types of apps, because you won't even know they're there until too late (if at all).

    No. What you really need is the ability to create port blocking rules that apply no matter which app is trying to connect.

    For example, "block inbound ports 1-1024" -- as simple as that.

    But PrivateFirewall won't let you.

    You are forced to have to specify something like:

    "block inbound ports 1-1024 for app A"
    "block inbound ports 1-1024 for app B"
    "block inbound ports 1-1024 for app C"
    ...
    "block inbound ports 1-1024 for app AA"
    "block inbound ports 1-1024 for app BB"
    "block inbound ports 1-1024 for app CC"
    ...
    "block inbound ports 1-1024 for app AAA"
    "block inbound ports 1-1024 for app BBB"
    "block inbound ports 1-1024 for app CCC"

    for thousands of apps!

    You can get a lot more secure than what PrivateFirewall will allow.

    But you can't specify something like "135,139,445" or "135,137-139,445" in one rule. That's the problem.
     
    Last edited: Feb 7, 2012
  5. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    836
    Location:
    Québec, Canada
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    PF works like the WIN 7 firewall with Outbound rules checking turned on. You create rules for anything you want to allow. Anything without a rule is auto blocked.

    With default PF firewall settings, any application with a trusted publisher will have rule created for it and no alert is given. This can be changed to the level where you receive an alert for every outbound connection. Your choice.

    PF documentation needs to be read multiple times and experimentation is required to fully understand it's capabilities. If PF does have a fault, it is not the easiest firewall/HIPS to understand; even for IT pros.
     
  7. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    What current software firewalls have all these features that you mention?
     
  8. turtlesoup

    turtlesoup Registered Member

    Joined:
    Jul 16, 2011
    Posts:
    10
    I don't know about Windows firewalls, but on Linux you could use iptables, and on BSD you could use PF.
     
Loading...
Thread Status:
Not open for further replies.