Does the free WebRoot Firewall support HIPS?

Does the following free version WebRoot Firewall supports HIPS and 2 way protection?

http://www.webroot.com/En_US/consumer-downloads.html

 

Directly from the "Features" tab...

 

Yes, it does. More advanced (stricter?) controls is also available in preferences.

Had it for awhile. Semi-satisfied with it until it started to block a program from the internet and was not even listed in one of the blocked programs. Reinstalling and clearing rulesets to default did not work. Uninstalled it shortly afterwards.

 

I just downloaded and installed WebRoot version 5.5.10.20.

It says 2007.

Do you think this is too old to be effective on Vista?

 

So what are you using now instead?

 

Used it on Vista before. It basically did everything that I wanted it to do, until it blacklisted one of my programs from the internet without telling me.

I'm using Windows Vista inbound/outbound. Satisfied. Does what I want it to do by blocking all programs and letting programs that I want outbound access to go on the internet. Only downside has been finding the filepath of the program, but it's easy enough with Task Manager and "Open file location". It's not the easiest solution, but it's a decent one for Vista if you're not constantly installing programs that require outbound access. You can also use the Sphinx outbound control, I just choose not to.

It also won't tell you that it blocked a program, but at least you know it does what it's made to do: "BLOCK ALL until I tell you that you can stop blocking it."

 

You mean the bundled Vista firewall? It has no real outbound protection, any application can whitelist itself by using API functions of the firewall.

 

I wouldn't say no real outbound protection. You just have to know how to configure it. :X

 

I beg to differ... The bundled Vista FW is not usable for outbound blocking, as documented in the above thread.

 

Once again, not entirely "not usable".

Sure, there are ways around everything, but that's also why I use other tools [see also: not firewalls] for finer control. But the OP asked what my alternative was for Vista, and that is what I have stated: My experience with both softwares.

 

Why do you say Webroot has no real outbound protection? I am running Webroot now. Do I have to configure it a particular way?

 

That debate is about bundled Windows Firewall, not Webroot.

 

Ah ok Because I am using Webroot and wanted to make sure it supports 2 way protection and HIPS.

 

Webroot Firewall (WFW) is a re-branded edition of Private Firewall (PFW). The HIPS module of both WFW & PFW is Defense Security Agent (DSA).

DSA can be used as a stand-alone HIPS, downloadable for free from HERE. In its stand-alone form, DSA is a competent SPI firewall all on its own, BUT with VERY few options for setting rules or other such configurations.

In effect, the "firewall" module (for both WFW & PFW) has the main job of providing greatly increased configurability to the DSA module. Therefore, over & above DSA's HIPS capabilities, it also provides a comparable amount of firewall protection as WFW & PFW except...

(a) It cannot create custom rules for Applications
(b) It has no firewall log
(c) It doesn't display port tracking details (which ports are being used by your system at that moment, etc.).

IN A NUTSHELL -- With DSA, you can control which applications access the Internet, but cannot specify ports or specific TCP or UDP rules per application like you can in WFW or PFW.

OP asked about WFW's HIPS capabilities. Since DSA is the HIPS module of WFW, the following discussion of DSA's HIPS capabilities constitute my answer to OP's questions about WFW's HIPS capabilities...

Tests of DSA in 2007 (I do not know of any more recent that these)...
https://www.wilderssecurity.com/showthread.php?p=925697#post925697

http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm

http://membres.lycos.fr/nicmtests/Unhookers/unhookers_results.htm

My Opinions & Comments...If a given user is behind an SPI/NAT-capable router, then I think that a fully configurable software firewall is unnecessary. For such a user, DSA stand-alone will provide ample monitorship of outgoing connections.

As to DSA's HIPS capabilities -- DSA is *less powerful* in the HIPS department than "classic HIPS" such as EQSecurity, Defense+, System Safety Monitor.

Moreover, DSA takes a different approach to HIPS. Namely, DSA is primarily (NOT solely) looking for "anomalies." That is, for the first several days after you install DSA, it "studies" how you actually use your computer. That *studying period* enables DSA to set "norms" which apply to you and your computer ONLY. Then -- if something takes place within your computer which DEVIATES significantly from those norms -- DSA will alert you to that fact. Ergo, DSA's "anomaly-checking" aspects comprise an interesting & (AFAIK) unique approach that can sometimes spot potentially bad/weird things that no other HIPS would notice.

TAKE NOTE- for someone seeking a full-scope HIPS, I do NOT think that DSA alone suffices. However, because of DSA's "different approach" it makes a nice adjunct to another HIPS. For example, I feel that DSA & Threatfire make a very effective pairing for exceptionally tight protection of one's computer.

SEMI-FINAL NOTE- DSA's training mode is only slightly effective at cutting down on the number of pop-ups. Thus, DSA can be a bit of a PITA for the first few days but -- stay with it -- & you will have a splendid security application on duty for you.

FINAL NOTE (finally)- DSA's alert pop-ups have a click spot for "more details." I recommend you click on it for most alerts because the ensuing details have the "remember this" check box which you can check (or not) as appropriate.

 

When I have my firewall off, I still pass all stealth and security tests. I think that's because I have NAPT in my router.

 

Something similar happened to me when I was trying Webroot Firewall v. 5.8 (now apparently this version is not available for download). After a week or so, it suddenly blocked OpenOffice completely. No message, the apps were not listed as blocked. I had to uninstall it to regain access to OO.

 

Version 5.8?

I downloaded the latest version a few days ago, and its version 5.5.10.20

Is this the latest version?

UPDATE: I just found it at:

http://www.webroot.com.au/En_AU/consumer-products-desktopfirewall.html

But what's interesting is that v5.8 is not available from their other US website:

http://www.webroot.com/En_US/consumer-products-desktopfirewall.html

Anyone know why one of their website offers v5.5 and the other v5.8?

By the way, it was a sad story about the founder of Webroot. He was found dead recently. He suffered greatly from depression.

 

Very nice summary Bellgamin.