firewall,do your business,don't nag

Discussion in 'other firewalls' started by unnamed, Feb 12, 2008.

Thread Status:
Not open for further replies.
  1. unnamed

    unnamed Registered Member

    Joined:
    Feb 12, 2008
    Posts:
    29
    i am looking for a firewall,something like the one in eset smart security - by default,the firewall in eset smart security does not need any user intervention whatsoever.
    not going for eset smart security because i already have an antivirus
    i need a firewall which does it's business without bothering me at all
    thank you
    looking forward to your suggestions
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The inbuilt Windows XP/Vista firewall.
     
  3. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You likely already have a hardware router, and it likely already doing the job for you. If you just have a modem, and a computer a basic software firewall like the windows firewall will do for very basic inbound protection.

    You can't ask for something to be top of the line security, but not require your input at times as you have to configure it how it needs to run with your applications.
     
  4. unnamed

    unnamed Registered Member

    Joined:
    Feb 12, 2008
    Posts:
    29
    what a ridiculous situation
    i shouldn't even be here asking for assistance.i just want to do my work on the internet safely,i don't want to fiddle with security applications.i buy the software and it does it's business,the end.if i go to buy a tv i don't expect the shopkeeper to sell me a box of tv parts to take home and assemble.
    why isn't there a firewall which provides adequate security,and something which does the job.an eight year old or an eighty year old person deserves to be protected online,not everyone can be expected to know which applications require internet access.i pay money for security software,my part ends there,the software takes over.
    forget application filtering,those of us who want a trouble free internet experience without being bothered by security software,will just assume that there are no rogue apllications sending out personal data from our computers.
    the other function of a firewall,the network filtering or whatever it's called - which firewall does this part the best
    is the xp firewall really safe enough? are there any alternatives? anything like the xp firewall
    thank you
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You're right that this is a ridiculous situation. No firewall on the planet will provide absolute security with zero knowledge on the user's part. You can whine and complain about it all you want, but no amount of petulance will change the facts.

    The XP firewall will provide good, inobtrusive protection - again, assuming you know what you're doing.
     
  6. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,572
    If you only want an inbound firewall you can try cFosSpeed.

    Its firewall protects against network intrusions by means of filtering dangerous packets, state inspection and stealth mode.

    Panagiotis
     
  7. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    There is no magic wand, your computer is not a toaster, its a complex machine capable of running complex software. Sometimes that software is malicious in nature if its allowed to run on your computer.

    You obviously don't understand the situation, the amount of security you want depends on your knowledge, and willing to learn. For most computer illiterate people the windows firewall is fine for inbound as long as any software doesn't edit the windows firewalls rules automatically, and you might get an rare prompt even with that, otherwise a hardware firewall which most people already have will do the inbound job too, however if you need to make any changes it must be in the routers http interface.

    Now only administrators are allowed to make changes to the windows firewall rules, but most users run as an administrator all the time as they don't know any better, this mean any software running has full access, even malicious software. Vista by default runs even administrators in a faux-user mode, and your given prompts for many things, it is there for the users benefit, however many people might disable removing a layer of protection. User accounts do help in maintaining security, and only add a little bit of hassle. Being pro-active about security is much easier than cleaning up after malicious software.

    People need to realize their computer is not a toaster, it is something very dynamic, and you can run a variety of operating systems and software on the same hardware. It is simply being knowledgeable enough, if not willing to learn, or basically annoying your friends/family members to do it for you.....
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Never heard of it. Gave it a quick look (website), the commands seem like iptables commands.
     
  9. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,572
    Its main feature is the traffing shaping. (probably the best traffic shaper; at least for me)

    From the version 3.xx they added the firewall functionality. And yes it's advanced rule editing is pretty similar with iptables. (and it is done from a cmd interface).

    But a normal user do not have to adjust anything (except from enabling the firewall) unless he wants to protect his pc from lan attacks.

    Here are some captures of its main interface.
     

    Attached Files:

  10. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    While I can understand (to a point) the original posters frustration over having to configure and respond to firewall queries, I do understand that firewalls do not know about every application or request that is made of it. It's not possible as there are just too many configurations to deal with.

    If you do find a firewall that never asks.......let me know please..:)
     
  11. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,572
    Windows XP firewall and cFosSpeed never ask. (since they do not offer outbound protection).

    And because of this they do not conflict with any other firewall. :D
     
  12. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404

    I already use CFosSpeed as it happens, but because of the reason you mentioned, have to run an outbound firewall protection as well. (Not XP built in one though :) )
     
  13. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Several of the rule based firewalls may be set up so that they never ask for anything, but out of the box they do not work that way. Basically all that is needed is to turn of any HIPS features and have a rule (or rules) that allow outbound communication of TCP and UDP on all ports that is not limited to a single application. The stateful inspection (and pseudo stateful in the case of UDP) takes care of the rest. Jetico I (free) can do this with one more rule to allow network access that is not limited to a sintle application.

    The Sygate based firewall in Symantec Endpoint Protection 11 works without intervention, but this is a business product with a 5 unit minimum purchase at around $55 each.

    Injoy is similar to CfosSpeed in concept, but more expensive.

    Ghostwall is inbound filtering only, and can be set up quickly.

    The wan ruleset for CHX-I free result in a "no ask" firewall. Its no longer supported, but there are links around on this board from which it could be downloaded.

    Any of theses will work for an 8 year old or 80 year old, provided someone with a bit of computer skills sets them up first.
     
  14. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Addendum:

    What the OP is asking for is not so unreasonable, it just seems unreasonable to many that hang out around here in the quest for the ultimate leak proof firewall. I have posted many times that attempting to control outbound traffic has the lowest return on investment of any security measure, in terms of user effort and machine resources, of any security measure. After all, the original leak concept is detection after the fact of infection.

    A better way to do things is needed and I think the Sygate based firewall in SEP 11 is it. Rather than relying on overly broad behavior characteristics like "application A starts application B", it looks for communications patterns that are common to malware, along with behavioral analysis in a separate module. IMO, its the most forward looking product out there. It does need some work. The initial release was buggy. An improved MP1 is out, but its not perfect, and CPU usage is a pig if you are on batteries. Its likely Norton Internet Security 2009 will look like this.

    The best way to goof proof a computer is to set it up LUA/SRP with the administrator password not known to the user. This prevents the user from screwing it up accidentally or on purpose since they can't install anything new. It works for millions of enterprise workstations.
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Diver, indeed, but even that needs something to be set up.
    One can even picture a firewall that just blocks unsolicited. Then, to use P2P or whatever that needs unsolicited, how does the fw do that automagically?
    Of course, the built in fw does something like that, but that's just about the only answer, Windows firewall.
    You cannot ask for a better one, and demand AI. Wait for Skynet.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Install NIS.
     
  17. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Yes, for example you can set the KIS firewall to Low Security mode.
    http://img165.imageshack.us/img165/192/kisfwlszb7.png

    There will be no popups, all your programs will have unlimited internet access and you will be protected from network attacks.

    Cheers
     
  18. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Windows firewall is as dummy-proof as a firewall could be. It only lacks good facilities for a notebook computer user to choose between trusted and untrusted networks easily. I am not sure if network discovery is turned off when file & printer sharing is unchecked, you must remember to do that when you leave home. The Vista firewall is better in that regard and it allows for some granular control in the rules.

    Is what I am asking for AI? Well it needs to be better than firewalls and HIPS that can't differentiate malware from harmless software. If the user sees to many pop ups there is really no protection, unless the user is an expert (who should be smart enough to protect himself other ways) and not distracted by trying to do some work at the time. In that sense a lot of security programs are worthless.
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    When i say "You cannot ask for a better one, and demand AI." i mean "One cannot .."
    About HIPS: it depends on the users you're trying to appeal.
    Even if one such developer intends the larger audience, building a "classical HIPS" doesn't mean he failed. It could just mean that he built the framework to build on (OS mechanisms etc). Anyway, its down to the user.
     
  20. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126

    look n stop, one time rule setup & it doesn't nag, good outbound detection...
     
  21. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    As well as excellent inbound protection. :thumb:
     
  22. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Lucas,

    Unless better security comes to those with few computer skills, things are not going to get any better for anyone. The malware for profit thing has gotten so strong because it works. If there were a lot fewer successful attacks there would be less reason to try and things would get better.

    There just has to be a better approach than the present technology of training a two way fierwall with HIPS, and then accepting that it is quiet enough because there is only one pop up every other day for all eternity. That's like having an AV giving a false alarm every other day. Such performance would stop an office dead. As far as I am concerned, pop up fatigue makes leak proof firewalls useless, and classical hips even more useless.

    That system is as dumb as it can get as every thing these programs check for is done by harmless software as well. Without some intelligence these programs are a big waste of time. Effort is better spent on things like LUA/SRP and DEP which are free, much closer to foolproof, and use very few resources. Sure, it does not prevent infection when intentionally escalating privileges to install something, but that is when the user has to have a brain and think about where that program came from, and what it is supposed to do.

    I bet that for every banking password stolen by a keylogger which phoned home, a hundred were lost to social engineering in phishing attacks. It is likely that the firewall circumvention techniques that leak tests POC are in reality only used by a small number of viruses because every time the question comes up the same 6 examples on Matusec's page or Comodo's web site are mentioned. Just 6 out of over a million possible items of malware. Furthermore, there is almost a total lack of anecdotal evidence of folks being saved by their leak proof fiewall warning them. Yet, so much effort goes into chasing this ghost.

    It really ticks me off when a firewall gives a warning for no apparent reason. What do you do? Approve and go on, or conduct an investigation, which wastes two hours and leads to no conclusion anyway.
     
  23. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404

    Not unless Norton/Symantec have drastically reduced the bloat.
     
  24. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater

    Not so fast. This one has to be trained like all the others, unless application control is turned off, and then you can forget about outbound. No pseudo statefull UDP either. Skype will run, but it will work better on Skype to Skype calls with a firewall that has pseudo statefull UDP. $29 and a serial # system that only allows a single install, when there are free ones that will do the job.

    Outbond control=nags, unless using some kind of protocol/port signatures like Sygate/SEP 11, or an extensive white list and you don't use anything unusual.
     
  25. wat0114

    wat0114 Guest

    Sorry, not quite true. Viruses can and will infest these type machines. I've seen it.

    If the alerts are answered incorrectly or inefficiantly then yes, they are useless, otherwise they make useful security utilities in the right hands.

    Not all users have a brain (or use it correctly), even in an enterprise environment.

    I've never seen alerts given for "no apparent reason", and there is no need to spend two hours investigating the alert...not even close. And to say it leads to "no conclusion"...could be the case in the wrong hands, but then the wrong hands should not be using these products.
     
Loading...
Thread Status:
Not open for further replies.