Does the free WebRoot Firewall support HIPS?

Discussion in 'other firewalls' started by truthseeker, Aug 4, 2008.

Thread Status:
Not open for further replies.
  1. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Directly from the "Features" tab...
     
  3. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Yes, it does. More advanced (stricter?) controls is also available in preferences.

    Had it for awhile. Semi-satisfied with it until it started to block a program from the internet and was not even listed in one of the blocked programs. Reinstalling and clearing rulesets to default did not work. Uninstalled it shortly afterwards.
     
  4. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I just downloaded and installed WebRoot version 5.5.10.20.

    It says 2007.

    Do you think this is too old to be effective on Vista?
     
  5. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    So what are you using now instead?
     
  6. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Used it on Vista before. It basically did everything that I wanted it to do, until it blacklisted one of my programs from the internet without telling me.

    I'm using Windows Vista inbound/outbound. Satisfied. Does what I want it to do by blocking all programs and letting programs that I want outbound access to go on the internet. Only downside has been finding the filepath of the program, but it's easy enough with Task Manager and "Open file location". It's not the easiest solution, but it's a decent one for Vista if you're not constantly installing programs that require outbound access. You can also use the Sphinx outbound control, I just choose not to.

    It also won't tell you that it blocked a program, but at least you know it does what it's made to do: "BLOCK ALL until I tell you that you can stop blocking it."
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    You mean the bundled Vista firewall? o_O :doubt: It has no real outbound protection, any application can whitelist itself by using API functions of the firewall.
     
  8. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    I wouldn't say no real outbound protection. You just have to know how to configure it. :X
     
  9. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    I beg to differ... ;) The bundled Vista FW is not usable for outbound blocking, as documented in the above thread.
     
  10. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Once again, not entirely "not usable".

    Sure, there are ways around everything, but that's also why I use other tools [see also: not firewalls] for finer control. But the OP asked what my alternative was for Vista, and that is what I have stated: My experience with both softwares.

    :D
     
    Last edited: Aug 4, 2008
  11. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Why do you say Webroot has no real outbound protection? I am running Webroot now. Do I have to configure it a particular way?
     
  12. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    That debate is about bundled Windows Firewall, not Webroot.
     
  13. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Ah ok :) Because I am using Webroot and wanted to make sure it supports 2 way protection and HIPS.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Webroot Firewall (WFW) is a re-branded edition of Private Firewall (PFW). The HIPS module of both WFW & PFW is Defense Security Agent (DSA).

    DSA can be used as a stand-alone HIPS, downloadable for free from HERE. In its stand-alone form, DSA is a competent SPI firewall all on its own, BUT with VERY few options for setting rules or other such configurations.

    In effect, the "firewall" module (for both WFW & PFW) has the main job of providing greatly increased configurability to the DSA module. Therefore, over & above DSA's HIPS capabilities, it also provides a comparable amount of firewall protection as WFW & PFW except...

    (a) It cannot create custom rules for Applications
    (b) It has no firewall log
    (c) It doesn't display port tracking details (which ports are being used by your system at that moment, etc.).

    IN A NUTSHELL -- With DSA, you can control which applications access the Internet, but cannot specify ports or specific TCP or UDP rules per application like you can in WFW or PFW.

    OP asked about WFW's HIPS capabilities. Since DSA is the HIPS module of WFW, the following discussion of DSA's HIPS capabilities constitute my answer to OP's questions about WFW's HIPS capabilities...

    Tests of DSA in 2007 (I do not know of any more recent that these)...
    https://www.wilderssecurity.com/showthread.php?p=925697#post925697

    http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm

    http://membres.lycos.fr/nicmtests/Unhookers/unhookers_results.htm

    My Opinions & Comments...If a given user is behind an SPI/NAT-capable router, then I think that a fully configurable software firewall is unnecessary. For such a user, DSA stand-alone will provide ample monitorship of outgoing connections.

    As to DSA's HIPS capabilities -- DSA is *less powerful* in the HIPS department than "classic HIPS" such as EQSecurity, Defense+, System Safety Monitor.

    Moreover, DSA takes a different approach to HIPS. Namely, DSA is primarily (NOT solely) looking for "anomalies." That is, for the first several days after you install DSA, it "studies" how you actually use your computer. That *studying period* enables DSA to set "norms" which apply to you and your computer ONLY. Then -- if something takes place within your computer which DEVIATES significantly from those norms -- DSA will alert you to that fact. Ergo, DSA's "anomaly-checking" aspects comprise an interesting & (AFAIK) unique approach that can sometimes spot potentially bad/weird things that no other HIPS would notice.

    TAKE NOTE- for someone seeking a full-scope HIPS, I do NOT think that DSA alone suffices. However, because of DSA's "different approach" it makes a nice adjunct to another HIPS. For example, I feel that DSA & Threatfire make a very effective pairing for exceptionally tight protection of one's computer.

    SEMI-FINAL NOTE- DSA's training mode is only slightly effective at cutting down on the number of pop-ups. Thus, DSA can be a bit of a PITA for the first few days but -- stay with it -- & you will have a splendid security application on duty for you.

    FINAL NOTE (finally)- DSA's alert pop-ups have a click spot for "more details." I recommend you click on it for most alerts because the ensuing details have the "remember this" check box which you can check (or not) as appropriate.
     
    Last edited: Aug 5, 2008
  15. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    When I have my firewall off, I still pass all stealth and security tests. I think that's because I have NAPT in my router.
     
  16. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,281
    Something similar happened to me when I was trying Webroot Firewall v. 5.8 (now apparently this version is not available for download). After a week or so, it suddenly blocked OpenOffice completely. No message, the apps were not listed as blocked. I had to uninstall it to regain access to OO.
     
  17. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Version 5.8?

    I downloaded the latest version a few days ago, and its version 5.5.10.20

    Is this the latest version?

    UPDATE: I just found it at:

    http://www.webroot.com.au/En_AU/consumer-products-desktopfirewall.html

    But what's interesting is that v5.8 is not available from their other US website:

    http://www.webroot.com/En_US/consumer-products-desktopfirewall.html

    Anyone know why one of their website offers v5.5 and the other v5.8?

    By the way, it was a sad story about the founder of Webroot. He was found dead recently. He suffered greatly from depression.
     
    Last edited: Aug 6, 2008
  18. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Very nice summary Bellgamin.
     
Loading...
Thread Status:
Not open for further replies.