Firewall

Discussion in 'ESET Smart Security v3 Beta Forum' started by ASpace, Apr 6, 2007.

Thread Status:
Not open for further replies.
  1. ASpace

    ASpace Guest

    Nobody said anything about the firewall . What do you think about it ?

    I find it excellent . I tried Automatic mode and Interactive mode . Chose for myself Automatic . Works automatically and flawlessly , no user intervention .
    In the help you can find that in Automatic mode blocks all unauthorised incoming connections and uses all default ougoing which is perfect in my opinion .
     
  2. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Works great for me as well.
    Feels fast and very secure
     
  3. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
    Well i haven't test it but i wonder how many leaktest it can prevent :blink: ;)

    I also like a option to block an attacker for 1 hour if he scans my pc. I hope they will add this option in the future.

    In the options there is a IDS section. You can find some known attacks that can be blocked. I first found there where where not many attacks blocked (IDS rules). But when i looked closer i found the folowing log entry:

    "Detected ARP cache poisoning attack"

    I cound not find this attack type in the options so there must be more rules (it think) :thumb:
     
  4. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    I'm planning on testing it this evening.
    Curious how leaktest proof it is.

    I am very impressed with the ani-hacker in KIS. Let's see if they can compare.
     
  5. Nelu

    Nelu Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    17
    Location:
    Berlin,Germany
    Hallo,I`ve checked the firewall too(leaktest) from http://www.pcflank.com/pcflankleaktest.htm
    (in "Automatic and interactive modus).Results:failled.
    I`m on line on DSL through one router.
    My PC:windows XP home with SP2
     
  6. uc-icq

    uc-icq Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    129
    From what I've gathered, the automatic mode is pretty much like that of XP integrated firewall. And one has to look to interactive mode for considerably dependable protection. Tell me if I'm wrong of course.
     
  7. Donald?

    Donald? Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    30
    Make your tests with these leakers and post results to us: leak-test softwares :thumb:
    I cannot install ESS because my OS is 64 bit, but I am very curious about ESS performance in leak tests. :cautious:
     
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    It has some issues with rules not being saved, and rule status for inbound/outbound won't update either.
    Other than that, it's pretty easy to figure out.
     
  9. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    But it has a critical lack of :

    • Adding a subnet directly (configuring zones isn't that practical on a connection prompt)
    • Exclusion mask : For example, for MSN Messenger I want to allow port 80 except for some subnets, which are ad servers. I have to create a rule to allow port 80, then a 'zone' containing the subnets, and then again, create a rule that blocks it. *NOT* very practical, either.
    • Also, the interface isn't quick : you have to enable checkboxes, etc, losing time, and often timing out. Not very good IMO either.
    • Leak test protection.
    • Preset rules.
    I'm sorry but for now it's not quite satisfying for me. That may however be normal since it's beta, I look forward to future releases.
     
  10. wch_net

    wch_net Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    3
    Suggestion on Popup Windows Layout

    Suggestion:

    -[Firewall] In interactive mode, make the popup windows ALWAYS fit within the screen. As for my resolution 1024x768, when I expand the popup windows (when clicking on "Show Settings"), it always go below the bottom edge of my screen~~

    It would be better if the popup windows re-position itself to fit inside screen~
     
  11. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    I tested the Firewall with several leaktests.
    All are tested in interactive mode

    Leaktest results:

    DNStester: FAIL
    Tooleaky: PASS
    Jumper: PASS
    Leaktest 1.2: PASS
    Outbound: PASS
    PcAudit: PASS
    PC Audit2: PASS
    PCFlank leaktest: FAIL
    Surfer: PASS
    Thermite: PASS
    Wallbreaker: FAIL
    Yalta: FAIL


    Failed 4 out of 12
    pretty ok but still 4 too many.

    Hope Eset will do something about it
     
  12. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Any one else tried the leaktests?
     
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    cant test it myself since like other people the firewall rules cant be loaded ive reported the bug in my thread.
    lodore
     
  14. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Hmmm....I have it set to interactive mode and all of a sudden it's stopped prompting me whenever something tries to make a outbound connection; it just automatically blocks the connection.
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    The firewall seems nice for a beginning... :)

    Although, I found some problems with the incoming and outgoing connections. It seems that ESS doesn't intercept correctly some programs like outgoing for stunnel, and I add to manually change the rule for Ad Muncher to allow incoming traffic through it...

    The Allowed services should be disabled by default, and on installation the users can be prompt about them and choose with a nice explanation...
     
  16. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Yes, all valid concerns. Am I missing something, or are the rules in my attached screenshot all hard-coded? They seem to be. The firewall has potential, but in its present form it is not to my liking. The log entries are also way too crowded. It has refresh problems as well, as it is often necessary to click in the blank spaces to get some of the entries to display. The "Open in new window" option doesn't do anything yet, and there are also no right-click options the suite's tray icon.

    Ad muncher problems here too. Finally got rules created for it after ESS initially did not recognize it, though it was logging its connection attempts.

    I agree

    This suite has terrific potential. Hopefully the developers do away with the hard-coded rules and improve the logging layout in the firewall. This beta is truly only for the very adventurous :)
     

    Attached Files:

  17. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Offcourse the firewall isn't we all like.
    It's the first beta. It looks good but also me hope it will be tighter and offcourse with some kind of HIPS
     
  18. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    Yes - same results unfortunately!
     
  19. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Then, it's a bug : No hard-coded / preset rules were existing in my configuration, I had to create them all manually.

    Also I second Sjoeii about the HIPS idea.
     
  20. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Okay, because I could not edit nor even delete any of those screenshot rules.
     
  21. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Some/all of the pre-defined system rules do seem to be hard-coded.
     
  22. timeit

    timeit Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    11
    There is a little bug in the GUI:
    ess_bug_1.gif
    ess_bug_2.gif

    Maybe it would be a nice idea to add a column "other zones".


    And another suggestion:
    instead of changing the filtermode between "Interactive mode", "automatic mode" and "Policy-based mode" a "last" rule for "any other applications" with the possibility to change the "ask", "deny" or "block" for all zones seperatly.
     
  23. timeit

    timeit Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    11
    What is with the zone "Add to trusted zone without asking"?
     
  24. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi, I'm here again and on my way to deeper leak testing. Only one thing I'd like to say : the internet speed is impressive, faster than with OP or KIS, almost like I had no firewall/webscanner at all. Very nice :)

    (however, still my previous concerns stay valid)
     
  25. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I agree with you, IcePanther :)

    Until now it works very smoothly, besides of the normal bugs for a initial and beta version...
     
Thread Status:
Not open for further replies.