Firewall with Execution Protection

Discussion in 'other firewalls' started by nikanthpromod, May 23, 2010.

Thread Status:
Not open for further replies.
  1. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    PLZ give me the names of firewall with execution protection.:)
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Private firewall
    Online Armour
    Comodo Firewall
    Webroot
     
  3. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    thanks. :)
    Any other products??
    what about Outpost?
     
  4. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Yes, it also has execution protection.
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
  6. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Thanks SPF paid version has HIPS. going to try it.
     
  7. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Only Application launch control is working correctly. No HIPS
     
  8. FWIW Application Launch Control is available in the free version. So no full HIPS but it can be an anti-executable. Looks pretty cool actually.

    Edit: It is pretty cool. A bit chattier with the execution control than Outpost Free or Pf, and annoyingly the GUI doesn't let you build a whitelist manually, but it's still pretty good.
     
    Last edited by a moderator: May 27, 2010
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Few Sunbelt fw behavior pictures
     

    Attached Files:

  10. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    the 4 pictures, above, for some reason go sideways.
    No idea how to fix it. Sorry.
     
  11. Hmm. Maybe turning off the third behavior option (ask when one app launches another) would make it less chatty. After all we're mostly concerned about *new* applications (malware) getting launched, at least as far as security goes, and non security related stuff can be handled with the main GUI instead of popup windows. So I think that'd be fairly safe... I *think*.
     
  12. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Perhaps.
    For me it's important to know that some trojan application is about to start running the browser or email client behind my back :)
    90% of the time the FW is totally quiet once things are setup for the first time. At least for me.

    One thing not shown in my pictures so might be not clear. If you permit Windows explorer, for instance, to start other applications, it does NOT mean that any and every app is allowed. Each instance of explorer starting an application will get a question from the firewall.
     
  13. Ah... Yeah, my feeling is that it's preferable to prevent malware from installing in the first place.

    I can see where it would be handy to have more than just execution control though, a normal HIPS would in theory raise holy hell when you're infected. Though actually, if the infection is modifying any executable files, Sunbelt FW should also be complaining a bit.

    Then again, malware can be pretty good at tampering with HIPS software once it's established. I did a bit of experimentation a few days ago with Elite Keylogger and Privatefirewall... Pf did intercept the installation (without execution control enabled, mind). However, once the malware was installed Pf was powerless to stop it; clicking "deny" on firewall popups regarding the transmissions home failed to prevent those transmissions, and attempting to edit app permissions of the specific files involved, via the main GUI, failed to bring up the permission editing window (!). It appeared that the HIPS was pretty thoroughly owned.

    Edit: well damn, it looks like I found out something new about Elite Keylogger - it's supposed to be just what it says (and therefore malicious by nature), but it does in fact seem to transmit stuff to some weird IP addresses. I'm going to have to look into this more at some point.
     
    Last edited by a moderator: May 27, 2010
Loading...
Thread Status:
Not open for further replies.