Firewall with these features??

Discussion in 'other firewalls' started by jon_fl, Nov 5, 2004.

Thread Status:
Not open for further replies.
  1. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Do any firewalls have additional protection from process injection and termination tricks employed by malwares? :ninja:
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
  3. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I was recommended two that looked interesting. Anybody comment on Look n Stop and Outpost? They seem to have a lot of features as PG, SSM etc.
     
  4. pl4y3r

    pl4y3r Guest

    111205

    sygate 5.0+ has dll authentication which should protedt you from any process injectio i.e dll's into explorer etc
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    all firewall practically feature the dll authentication. if they weren't they were out of the business for a long time now.


    Tiny firewall is let's say a "rules based firewall meets ssm"

    it is a hellova protection with tiny but a steep learning curve...

    but it is only Tiny featuring a full process control. with reg protection, windows protection, ids, network firewall.

    it is recommended if you like rules making
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Both versions of sygate firewall paid/free should give the protection against injection
     

    Attached Files:

  7. pl4y3r

    pl4y3r Guest

    yup but since sygate was the first to employ this security feature it has become the first target of an exploit to bypass it :) discussion here -http://www.securityfocus.com/bid/9312/discussion/

    maybe this could also be a threat to other process injection defenses

    @ jon_fl - yeh outpost does, just got it today its quite tidy, also has a plugin interface.
     
  8. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    Get Process Guard. Most important piece of software you can own. If I could only have one, this would be it.
     
  9. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    The latest beta of Tiny Firewall looks promising from a standpoint of being more user friendly. Like anything else, it'll still take getting used too. It's probably the most powerfull sandbox type application ever deployed with a firewall.
    Also Process Guard is incredibly effective against process injection and termination tricks. It's also very easy to use. You'd need a seperate firewall in conjunction with this.
     
  10. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    se7engreen,

    do you find tiny 6 heavy on your resources.

    thanks
     
  11. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Sygate is already safe from this exploit.
    Vulnerable:Sygate Personal Firewall 5.0
    Sygate Personal Firewall 5.1.1615
    Sygate Sygate Personal Firewall Pro 5.0
    Sygate Sygate Personal Firewall Pro 5.0.1

    The latest version of sygate should not have any exploits like this. It should have been fixed. Sygate is currently at: 5.6.2808
     
  12. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    Tiny's resource usage is probably somewhere in the middle compared to other firewalls. I don't really notice any drag while the firewall is running, but it does feel slow when navigating the user interface. So far in ver 6.5 it's still that way. Hopefully that'll be fixed before it's final release (or at least by ver 7).
    Honestly, if you combined Process Guard with a firewall like Kerio 2.1.5 or Look 'n' Stop, you'd use less resources.
     
  13. ?Lowen

    ?Lowen Guest

    Tiny doesn't require a 'steep learning' curve! It comes pre-configured out-of-the-box for adequate protection. (One just has to trust ALL the apps and system apps in his/her trusted app list) If not, just remove the ones you don't. the firewall and IDS/IPS are very nice if you have a LAN and have an occasional game, FTP and web server. I have a 1.3 GHz system and don't notice any lag or slow downs. Statefull firewall, also the built-in process/application guard is a plus. It seems to have come a long way since version 1!!! A good personal firewall in my eyes.

    Cheers
    Lowen
     
  14. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Tiny uses about 25MB memory (RAM + Virtual) on my computer normally. If the GUI is opened, more memory would be used. For comparison, Outpost Pro 2.1 uses about 22 MB on my computer (with Ad block, active content, and DNS cache plug-in).

    From the view of functions, Tiny = a rule based firewall + SSM/Prevx/ProcessGuard/AbtrusionProtect + more, and I love it. I agree that it's not so easy to configure Tiny with the current user interface (TPF 6.0). Although the interface works for me now, it did crash on me a couple of times at the beginning. The interface is also slow. To us who is considering to use such applications as TPF, SSM, PG, or whatever, it's most likely that we are looking for the maximum security. So I personally do not think the out-of-box configurations will serve us well, and it is un-avoidable to take the pain (if it is) of making configurations.
     
    Last edited: Nov 12, 2004
  15. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I bought a Process Guard license a couple months ago and decided to give Tiny fw a rest on my main computer (I have TF 6.5 beta on a test machine). There are a number of things I do miss about Tiny, such as running applications in install mode, track 'n' reverse, and I loved being able to guard services and prevent them from being stopped.
    I just might switch back tonight after thinking about it... :)

    Anyway, I agree with yahoo, TF is not for the faint of heart. It works best after some configuration, but it's very flexible so the amount of configuration is up to you.
     
  16. ?Lowen

    ?Lowen Guest

    HI, I also agree mostly with both of you, except that what I meant by out-of-box protection is, that it is adequate enough to protect you. Not give you max protection as Yahoo stated. Of course you are going to have to manualy 'tweak' it to your likings and circumstances, to get the full benefit of using a sanbox and firewall... It is not that difficult to operate and use. Pretty straight forward in my eyes. Unless you see something in configuration that needs pain staking steps?

    Cheers
    Lowen
     
  17. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    No, not really. I understand what you are saying about being protected out of the box. And about the learning curve, I think it would help if people realize that Tiny is more than just a basic firewall. I know the first time I tried it (ver 5.1 I believe), I didn't know what the hell a sandbox was and I thought a dll was an error message in Win98. I just wanted to try a firewall other that Norton's, and needless to say, I screwed up my system that day. I think if people know ahead of time what Tiny is meant to do & have a general idea of how a sandbox works, the learning curve lessens that much.
     
  18. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    I second opinions of se7engreen and yahoo. People should realize that Tiny is a complete security system which contains a firewall among other features.

    Starting from that, it's a matter of taste if you prefer all in one product or separate apps doing the same thing. My personal preference is all in one in this case. To replace Tiny, I should have a network firewall, system forewall (sandbox), registry protection, file access control system, IPS/IDS, integrity checker.
    Inevitably I would end up using much more system ressources and risking potential conflicts between all these apps.

    I've already tried such configurations, ex. Outpost+SSM+Regrun+PrevX+PG, sometimes screwing my system badly, especially with SSM which is still beta. Somehow, I am always back to Tiny feeling more secure with it.
    As for out of the box protection, its superior withTiny than with any other firewall out there. Tweaking it just a little give you a level of security difficult to achieve other way. And it's not that hard to do it !
    Learning curve is steep if you need to configure it for particular configurations like LAN, or Web server, but in general case it's really overmystified. Agree, however, that GUI is a pain : complex and slow. If they change this it will be perfect.

    Just my 2 cents

    Isnogood
     
  19. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I tried Tiny for a while and really liked it, but after uninstalling it I noticed that I got a lot of performance back out of my machine (p4 2.4 ghz, 512mb ram) Granted this was v5, and I have yet to try v6 although I eventually will. On the whole, however, I prefer a nice light rules based firewall (using x-wall currently) with ProcessGuard.. they fit together perfectly for me :)
     
  20. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Notok, I noticed that the current beta version of the Tiny GUI runs a lot smoother on my computer than any previous versions I have tried. I only have 533MHZ and 256RAM, so you shouldn't have any problems. When I gave it a try (2 weeks ago) it was missing the IPS/IDS configuration page, but this may be updated now.
     
  21. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    Yes, a lightweight solution like yours would be ideal, Notok. If it just offered me the same security. Anyway, it's a matter of individual preference and needs.

    I can't for example stop all leaktests using just PG+Outpost for example. I need to add something like SSM and that's already too bad. You can argue of course if it is really kind of reference and necessary. It's perhaps sufficient on a system where you don't take much risk surfin' and don't install many new apps. I have a multiboot system and I would perhaps adopt such a solution for everyday work.
    But for my testing boot I can't do without Tiny actually. Here the system resources is not the most crucial issue, it's the control you have. And Track and Reverse feature is so cool, also :).

    It seems there's no ideal generic solution. But people seem to really need their optimal secure/low cost configuration badly and this is confirmed by many threads over the same topic.

    Just define your real needs in terms of want/don't want, and go ahead with trial and error approach to converge to what's most acceptable for you :)

    Isnogood

    PS. Ajohn, I have not tried Tiny 6.5 beta yet, beacause people on Tiny forums reported quite a lot of bugs in it. Can you confirm this ?
     
  22. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I diddn't test it much, because it was missing the IDS/IPS configuration pages. The GUI seemed to be about twice as fast to me though. It was two weeks ago, so it might be different now.
     
  23. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    Twice as fast may be still qite slow I'm afraid :) But I will give it a try. Thanks.
     
  24. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    You should be able to block every published leaktest with these two - the only "awkward" one would be DNSTester since blocking this requires use of the "Application DNS" setup covered in section D1(b) of A Guide to Producing a Secure Configuration for Outpost. If you had another leaktest in mind, please supply more details...
     
  25. DRI

    DRI Guest

    Paranoid2000- I know you are an 'Outpost' fan and all, but I don't consider a firewall that uses partial spi (or some variant of it) to be a good firewall in my eyes. Not saying that Outpost is bad, it has, also come a long way! Just because a product passes most of those 'leak tests' doesn't make it a top competitor. In fact, I would just assume have a firewall that didn't have any application filtering, since it is only 'illusionary' anyways... I used to think just like you and others here on the subject. But I would rather take a firewall that implements proper SPI functions then an application filtering 'based' firewall any day! I know that app filtering gives you a 'good sense' of protection, but it is not a 'protect all' security solution!!!

    My 2 cents
    DRI
     
Loading...
Thread Status:
Not open for further replies.