For Stem,Wat0114,Diver(and others)-what firewall do you recommend me?

Discussion in 'other firewalls' started by CoolWebSearch, Oct 24, 2007.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Hi,everybody!
    And,hi Stem,too!
    And,hi Wat0114!

    I ask this everyone:what firewall would you recommend me,basically I want solid firewall and if possible to control the traffic and processes.
    Do you recommend Jetico2?
    I just read Stem said Jetico2 has very basic protection.

    What about Outpost Pro-this is the firewall I currently use.It's excellent.No problems at all.However,I still use version 4.0.1025.7828,since people on Outpost forums reported bugs in it.

    Comodo Firewall Pro 3.0-I don't know if anyone has tested this,and I don't know if anyone considers Comodo Pro 3.0 more powerful than Outpost Pro or that Comodo Pro 3.0 Final will be more powerful than Outpost Pro?

    Ok,here's my problem:I've tried almost every software firewall today,and honestly I don't know what to choose?
    Please,HELP ME!

    Thanks!
     
  2. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Outpost Pro 2008 was recently released...
    https://www.wilderssecurity.com/showthread.php?t=189030

    Give it a try and see if you like it. Same with CPF3.

    However if you already like Outpost Pro, I'd recommend checking out the new version of it before Comodo, especially with Comodo still being in beta.
     
  3. wat0114

    wat0114 Guest

    Stem is the best one to clarify this, but I think he means ARP SPI protection. Personally, I feel J2 is a phenomenal firewall. However, you need to work hard at setting up rules the way you want them, as there are no wizards or helpful pop-ups to guide you. You could try it, but be prepared for potential disappointment because, after all, what works for some of us does not necessarily work for others. I also encountered some logon freeze-up issues with J2, until I found the processes that required "Indirect access" and after I removed hash checking from NOD32 and Ad muncher processes.

    Ultimately, I believe Stem and maybe a few others can give you a better analysis of Jetico 2 (and definitely Jetico 1) than I, though I have reached a pretty decent comfort level with it after a couple weeks.

    It is buggy for some but I think it works very well for most, including myself. I use 4.0 on one of my machines and Jetico 2 on another. If you are happy with Outpost 4.0 and it is running stable for you, then why not keep it. IMO it is one of the better software firewalls. If you upgrade to Vista, then there is the latest version that is compatible with that O/S. Just trial thoroughly before you make any license purchase.
     
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,701
    Location:
    Texas
  5. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Big thanks for your answer.
    I have a question,did you,perhaps,try Outpost Firewall Pro 2008 (build 6.0.2162.205.402.266)?
    This is suppose to be a bug-fixing release(Outpost Pro 6.0.2160..... was buggy)?

    And,by the way,I did already try Jetico2-to me it's good-sure I was bombarded by all kinds of questions what to allow and what to deny,however,since I pretty much learned just about every program and process on my computer,I know what to allow and what to deny.

    However what really bothers me is-if there is a guide in Jetico2,like in Outpost(Paranoid posted it) so I can switch from default level to maximum possible level.
    Again,thanks everyone for the answer.
     
  6. wat0114

    wat0114 Guest

    I have not yet had the chance to try today's bug fixing release, but the previous 6.0 version was working okay on my XP Pro machine. Most of those experiencing problems with it are running Vista.

    The "block all" policy will provide maximum protection, but then, of course, you will have no network connection ;) "Optimal Protection" with "learning mode" enabled will provide decent default protection and is recommended to start with, but a great deal of work is required to fine-tune the rules to provide tighter restrictions, as well as better network - and especially -application filtering efficiency. I can not possibly get into that at the moment. I'm very tired after a hectic and abnormally long day at work and need to wind down and get some shuteye :)

    I promise when time and refreshed mental faculties permit, I will share some of my work with you on that, if you are interested.
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Big thanks for that,and just to let you know the next few days,most likely I'm going to be extremely busy,too.
    See you next week,most likely.
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I assume you are running XP. For that I use Comodo 2.4. Its free and not that hard to work with. It is a bit active, often asking for permission for the same apps over and over again. There are a lot of tips for using it over at the Comodo forums. 3.0 will probably be out by December.

    You say you tried them all. It might be interesting to see where the problem areas were as someone around here might know the solution.

    FWIW, I tend to reject any firewall that issues pop ups for applications unrelated to net access, such as "application Z tried to hook" or "application Y is starting application P" when all I am doing is trying to print a document from Open Office.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This was in relation to ARP.
    These has been an update of Jetico2 today, so I will re-check later.
     
  10. wat0114

    wat0114 Guest

    Hopefully, Stem, you find it works as it should or at least better than it has :)
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Certainly better. I can now bind the IP with MAC in the ARP rules.
    I do question the logic behind the ARP SPI, but will leave that for another thread.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello,
    I can fully understand.

    Both Outpost pro and Jetico are good firewalls. If you are more familiar with Outpost, then go with that. Try the new version, then report back your findings.
     
  13. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Hi,Stem,thanks for the reply.
    The thing is on 1 computer I'm using Outpost Pro,but on the other computer I'm using Jetico2-on this 2nd computer I can't simply decide should I use Jetico2 or Outpost Pro.

    However,what really bothers me with Jetico2 is that default level-I honestly don't know how to configure to the highest possible protection level in all areas.
    I wish if someone could show me some guide.
    Honestly,I tried to configure it,but ended with blocking all of the network access.
    Thanks to everybody who can help me.

    And regarding,Outpost Pro-I just tried the newest version(bug fixing release-at least me it's really excellent,it's easy to configure(I configured it no time-basically Outpost can do it for automatically), and I use "block most" mode.
    It simply does whatever an firewall should do.
    It's very similar to the 4.0.1025.7828,the only new thing is that it has Host Protection against kernel-level rootkitso_O?
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Jetico2 base/default installation will give you excellent protection. My only concern was due to the "ARP", and the possible problems that are on untrusted LANs (and the way ISPs are now placing their users onto LANs). This is now resolved with the latest update.(I have not yet tested the latest version of Outpost pro in this area, but the last version did fail on this point)

    It is very easy to block yourself from internet access with Jetico2, this is due to the implementation of the "Leak" prevention.

    Basically. All running processes on the PC will, in some way, interact with other process, certainly with the main OS processes. When indirect access is blocked to an app, this will then block any other process that the app is interacting with. I do not personally like this approach, as many users do find themselves locked out of internet access,... but,... if for example, you set Outpost with dll control and a dll is attempted to load into your browser, you do only get an option to either allow the loading of the dll or block the browser from internet access.
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I'm trying v1 now, with patience for the first time (reading the help file), and it seems most interesting. Gives the user a great deal of control.
    Now if it provides that ARP filtering, well, it just got more interesting.
    Are there any important functions missing, or what are the drawbacks? Everything has some limitation (besides bugs, but do point out bugs too); i know why it's good (seems -one of- the most complete fw's), but i'm more interested in the other side since that's what never surfaces at first glance.

    EDIT: i already see one first problem. Thank you Stem, anything else? :)

    Out of curiosity, the license allows you to update Jetico for one year only, all v2 updates, or ? 40$ seems like a lifetime license, then again.. heh
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    With Jetico2, you purchase a license. This will allow you to update to any new build with your license period. After your license expires, you will no longer be able to update, but the firewall (the build you have) will still fully function. (this is the same as with other "paid" firewalls, such as Outpost)
     
  17. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Stem,thanks a lot for that.But I have one request/question-have you tested the latest version of ZoneAlarm Pro or ZoneAlarm Internet Security 7.0.408.000?
    How safe/secure it is,is it possible to bypass it through ARP spoofing/poisoning?

    I've used ZoneAlarm Pro 7.0.408.000 but also I knew how to configure it to close/stealth all ports,however I do have one question:
    Does ZA Pro 7.0 have advanced HIPS against kernel-level rootkits/drivers installation?
    Basically,what Neil Rubenking said is that ZA Internet Security has excellent blocking abilities against all kinds of malware,but it's weak if you already have malwares inside your computer,because it wouldn't be able to detect them.
    True?

    One more question regarding Jetico2:
    Ok,you said default-level protection in Jetico2,but Matousec when tested Jetico2 said that its anti-leak control was on the top of other firewalls,but what about its default-level,what result would be than,less than 9375 points?

    And also, does Jetico2 protect against kernel-level driver installations?
    And it seems to me that every firewall should have HIPS with it,although my experience says otherwise,because I've been on all kinds of websites(containing viruses,rootkits,spywares,worms everything), and yet I never got infected while I was using either ZoneAlarm Pro or ZoneAlarm Internet Security,despite I've been hours on the Internet and frequently visiting those websites.

    With Jetico2 you can terminate the process manually?
    Thanks for the answers.
     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have not tested ZA against ARP spoofed DOS, I will try and find time later to install and check.

    I do remember alerts from ZA about attempts for driver installation/loading, so I would think yes.
    If there is already a rootkit on the PC before installing ZA, then yes, but it should still see driver loading (unless this was completely hidden)

    This is leaktesting,... the tests made would of been against the default installation. There is no need to change settings for the leak prevention from default.

    Directly, No, not that I know of.

    Yes, but the firewall will still not be bypassed due to this. Depending on what is terminated (jpf.exe or jpfsrv.exe) will give different outcome, either all internet is lost/blocked or only applications with rule to allow will gain access.
     
  19. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213

    Stem I appreciate your answers,but however you have reminded me something I really wanted to ask you for a long time(or any other expert as well):
    Can malware become completely invisible/stealthed and have self-protection so you can't either detect it or delete it,much like any firewall?
    These kinds of malware really worry worry me whenever I surf through the internet,you know compeletely stealthed/invisible and can't be deleted?

    Thanks for the ZA Pro testing,I appreciate it a lot.

    You said also something that drivers/rootkts can be completely hidden-does it mean when firewall,ZA Pro in this case,tries to identify kernel-level drivers' installations-it simply can't "see" it?
    An what you can't see,you can't block from installing,if I understand correctly?

    Also,some personal question:
    Do you always test new version of any software firewall?
    For example:Outpost Firewall Pro 2008(bug-fixing release) against kernel-level driver installations?

    Thanks.
    Can you recommend HIPS?
    I don't know,honestly,but everybody is talking about System Safety Monitor but on tests the best I've seen was ProSecurity:

    Since you test firewalls,let's see how firewalls survive these tests(tests for HIPS):
    http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

    Did you perhaps,test firewalls in these tests?

    Now,if ZA Pro or ZA Internet Security or Outpost Pro/Security Suite 2008 pass all of these tests,than they are fine,but if they all fail,than it's all over.

    Thanks for your time and patience.
    Cheers!
     
  20. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Also,if Jetico2 fails to protect against kernel-driver installations/rootkits,how does it make Jetico2 secure firewall?
    And especially,since Jetico2 doesn't pass HIPS tests on the website I gave you above?

    I'm honestly worried about using Jetico2 if it fails these kernel-level driver installations?
    Thanks!
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Jetico is a firewall, not an HIPS.

    Add an HIPS, or simply dont use it.
     
  22. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    No,I really decided to use Jetico2 and NOD32 Antivirus,but what HIPS should I use?

    Also,one last question-of all the firewalls you have tested so far Stem,what firewall do you consider the most secure?
    You said that default level of Jetico2 gives an excellent protection,so I'll stick with Jetico2.
     
  23. wat0114

    wat0114 Guest

    CWS, instead of taking on both Jetico and a HIPS at once, why not just use Jetico only, for a while until you are thoroughly comfortable with it, then think about adding a HIPS? trying to fine-tune both those utilities for compatibility and a stable system while you are trying to learn them will probably cause headaches. If you do use a HIPS eventually, you will probably want to disable the Process Attack, Indirect Access and Checksum filters in Jetico, otherwise you will potentially have, as Stem has already stated, conflicts between the two products trying to perform the same security functions. AFAIK, all it takes is a completely permissive rule (eg: Event: Indirect access; Rule action: Accept) in each filter to do this.
     
  24. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello.

    No need for a rule... ;)

    j1.jpg

    Cheers,
     
  25. wat0114

    wat0114 Guest

    Ahh yes, I forgot about that :) It looks like a rule is still necessary for the Checksum filter, unless I'm overlooking something?
     
Loading...
Thread Status:
Not open for further replies.