Dynamic Security Agent (DSA) to replace firewall??

Discussion in 'other anti-malware software' started by PhoenixWeb, Jan 12, 2007.

Thread Status:
Not open for further replies.
  1. PhoenixWeb

    PhoenixWeb Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    76
    Location:
    Southampton, UK
    Hi

    I am behind a wireless router with a hardware firewall. I am also using the Commodo firewall for added security, but mainly for controlling programme access to the internet.

    Basically I want to know if I can use DSA and do away with the Commodo firewall?

    Will I be adequately protected, and does DSA allow me to control programmes access to the internet?

    Thanks
     
  2. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    I use it with a router and it works great. Foils every leaktest I have on hand. :thumb:
     
  3. EASTER.2010

    EASTER.2010 Guest

    Greets PhoenixWeb

    On the contrary on my end i combine Dynamic Security Agent in combo with KERIO which for me could change to Comodo if it pans out enough for my own satisfaction, because Kerio is been a SOLID performer and long keeper of all my apps.

    I'm still fairly early with DSA but i am impressed with it so far and find it just might have to rival CyberHawk for me because as much as i favored CH at the early betas, it's created slowdown issues that i absolutely will not tolerate on my machines. Slow or delayed to me equals FALSE SECURITY/LULL/DANGER.
     
  4. Arup

    Arup Guest

    I think its the most effective and necessary tool to come out for hardware router users, was looking for something like this for a long time, Outpost had a similar tool like this but long discontinued.
     
  5. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    Wouldn't recommend it. The DSA website is specific in stating that while DSA works WITH your firewall, is not a replacement for your firewall. Also, DSA documentation says it monitors only TCP connections by various applications. My experience is that DSA did not give me alerts on every application accessing the Internet, while my my firewall did. Also, there are other protocols (UDP, ICMP, etc) that DSA does not monitor that your firewall DOES monitor. Another important aspect is the ability to create adequate firewall rules, which DSA does not allow. I would recommend using DSA as your HIPS and let Comodo take care of the firewall stuff.
     
  6. Arup

    Arup Guest

    According to DSA tech Chris, DSA monitors UDP as well.
     
  7. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I was going by what I read at the DSA website:

    Technically the DNS request can be TCP or UDP, so DSA probably does catch outgoing UDP. A DNS request would be at the local machine level (local host cache), and DSA would catch it there. However, I don't think DSA monitors incoming traffic - could be wrong on this. At any rate, I would still want a firewall that is able to do some kind of packet inspection and verification, which I don't think DSA does. The fact that the DSA website states DSA is not a firewall replacement tells me right there it doesn't do everything a firewall does. At the same time, I think there are some firewalls out there that don't do the job, so having DSA there to catch stuff that gets through is probably a good idea. I've tested a lot of the firewalls talked about in the forums and there are very few I felt I could trust. Some of the firewalls are just plain garbage, IMHO. Or, there are people who are using rules-based firewalls who really don't understand how to create rules. In either case, DSA is a good app to have as an added layer of protection as a result of using borderline firewalls or having poorly written firewall rules.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yeah i've found DSA has intercepted every leaktest i've thrown at it. That combined with your hardware firewalll should work well imo.
     
  9. Arup

    Arup Guest

    Point is with a router, inbound SPI is already there, why slow down the connection with a dual layer of software based SPI, the redudancy would do nothing good, only if you need outbound SPI, I see the need for a software firewall behind a router, otherwise all other outbound connections are intercepted by DSA.
     
  10. ciannicello

    ciannicello Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    25
    Hello all,

    My name is Chris Iannicello, Product Manager for Dynamic Security Agent. I wanted comment that DSA does also provide protection for TCP, UDP, ICMP and and UDP Protocols, just like our personal firewall, Privatefirewall. We do have some copy on our website that mentions only TCP, but the other are protected as well.

    However, you are correct in that DSA does not provide any functionality to set specific rules per application like Privatefirewall.

    Thanks,

    Chris
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I agree with Arup, Farmerlee and Expresso.

    I had DSA combined with a FW-router. It chew every leaktest I threw at it. Because some FW-experts kept on claiming that TCP/UDP traffic control was key, I installed GhostWall (fast, simple, nice reporting) to see what uncontrolled UDP/TCP traffic rumbled my PC.

    After running GhostWall some time, I concluded that the lack of UDP/TCP control was not a serious treath. So I de-installed GhostWall to save CPU power.

    Although Comodo is pretty fast itself and security I think it is just a matter of taste.

    I replaced DSA by SSM free (together with SensiveGuard), because you can make them silent (no pop-ups). The weakest link on our home PC was my wife (chosing always allow when DSA popped-up).

    Overall I was pretty content (system anomaly monitor set off) with DSA, you should only be able to secure setup changes/stopping pop-ups after the learning mode period.
     
  12. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    DSA does monitor inbound also...(from their website)

    ...DSA provides Application Security by providing detailed alerts for incoming and outgoing application-specific Internet traffic.
     
  13. EASTER.2010

    EASTER.2010 Guest

    DSA is ok to "compliment" but NOT replace your firewall IMHO.

    DSA is still being examined on this end and so far is doing fairly well but takes some time and loading it down with some heavy duty "Germs" :eek: to see how organized it really is. But as-is, i wouldn't replace your current firewall for it.
     
  14. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    Notice it says "application specific," traffic. In other words, if I understand this correctly, it will monitor traffic from and to an application on your computer. In other words, if you are updating Application X online, DSA will monitor traffic to and from that application to make sure the packets it receives in return are valid. However, what about the incoming traffic that is not necessarily application-specific? For example, port scans and the other like threats have nothing to do with an application you are running. Does DSA monitor traffic coming to services-related ports and protect the system from unauthorized entry the same as a dedicated firewall would (am talking about software firewall only - no router)?
     
  15. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Good point about the "application specific" traffic. In regards to the rest of your post/question, I can't answer.
     
  16. ciannicello

    ciannicello Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    25
    ....For example, port scans and the other like threats have nothing to do with an application you are running. Does DSA monitor traffic coming to services-related ports and protect the system from unauthorized entry the same as a dedicated firewall would (am talking about software firewall only - no router)?....

    ***

    The answer is yes, DSA does make ports invisible to port scans and does protect unauthorized entry the same as a dedicated firewall. When referring to 'Application Security', that is only one module within DSA.

    Basically, DSA is the same as Privatefirewall and provides a comparable amount of protection except you cannot create custom rules for Applications, have no access to a firewall log, and does not display port tracking details (which ports are being used by your system at that moment, etc.). With DSA, you can control which applications access the Internet, but cannot specify ports or specific TCP or UDP rules per application like you can in Privatefirewall.

    If you install DSA and then run a port scan (www.grc.com), etc., all the ports should be 'stealth', unless you have an app like Skype that keep certain ports open etc.)

    While DSA has 4 visible modules in its interface (System Anomaly, Email Anomaly, Process Detection, and Application Security), it also contains Privatefirewall's proprietary layer-3 firewall using stateful packet inspection technology running in the background.

    Hope this helps and thanks for all the input and feedback.

    Chris Iannicello
    Product Manager, Privacyware
    www.privacyware.com
     
  17. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    to ciannicello,

    Is there any way to "undo" a choice in DSA?

    For instance, let's say I select "Deny" for something to access the internet and make that a permanent rule but later decide I shouldn't have done that. Is there any way to modify my choice....short of uninstalling the program, then reinstalling and starting over?
     
  18. ciannicello

    ciannicello Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    25
    Hipgnosis,

    If you block any program within the Application Security or Process Detection modules, they get sent to the Quarantine tab within that section.

    So in order to 'undo' a choice, select the 'View/Edit Process list' or 'View/Edit Application list' button from the Main Menu and go to the Quaratine Tab. If there is any program being blocked, it will be listed in this section.

    From there, all you have to do is check the box next to the Process/Application in question and click on the 'Add as Trusted' button.

    Let me know if you have any other questions.

    Thanks,

    Chris Iannicello
    Product Manager, Privacyware
    www.privacyware.com
     
  19. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Thanks, I'll check that out as soon as I can.
     
    Last edited by a moderator: Jan 17, 2007
  20. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    Considering that many PAID firewalls don't have SPI capability, that is very good news. I'm not even sure if Comodo has SPI. I know there was some discussion between the Comodo people and Stem concerning this issue, and I'm not sure if a verdict was ever reached. If DSA performs this duty, then it would defininitely be something you would want alongside your firewall. The one question I would have is whether there would be any conflict using DSA alongside an additional firewall that also used stateful packet inspection?
     
  21. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    To ciannicello,

    I have reinstalled DSA on a test box and am giving it another look.

    I do have one question/suggestion; could you enable the ability to resize the "View/edit process list" and "View/edit application list" windows? I find it very annoying to have to scroll back and forth when it would be preferable to resize the window and be able to see the entire path information at once.
     
  22. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    The interfaces of DSA AND PrivateFirewall need a major overhaul.
     
  23. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    You have any specifics? What constitutes a "Major Overhaul?
     
  24. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    I don't have either installed now, but the main window of Private Firewall looks like it was written by AA Fussy. :D
     
  25. ciannicello

    ciannicello Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    25
    Any specific GUI suggestions would be appreciated! I will say that our philosophy regarding GUI has always been to keep it simple and a 'less is more' approach =). DSA, for example, is a pretty basic window with as little clutter as possible, etc.

    Chris Iannicello
    iannicello@privacyware.com
     
Loading...
Thread Status:
Not open for further replies.