I guess it's time for this..

For outbount protection, very much so. These two features are basically all that there is to outbound. Without them, you have no outbound at all.

I'll just say that it's your last line of defense. Outbound protection is good when your system is already compromised. Certain malicious exe on your system can be used to steal all kinds of personal data and send them out. Application control blocks that exe from accessing network. The same goes for malicious dlls.
Hope that's clear enough.

 

So do I understand correctly then, that inbound windows XP firewall protection is equivalent to inbound Comodo protection? (as "application (exe) control" and the "HIPS features" are important for outbound protection).

 

Hello,

I sincerely hope there will be a firewall for Windows that can match the good ole Sygate. If Eset can deliver the goods, well I certainly won't object.

Comodo is a very fair choice for the average user. In my experience, though, quite a few firewalls did the job of stealthing a variety of ports - on XP, though, cannot say for Vista.

ZoneAlarm is also a very good choice.

My feelings are well known on the issue, as I judge firewalls by their ability to sustain weeks of full dl / ul p2p traffic without coughing, gaming over the web and lan, logs, footprint under load and stability.

All these combined, Sygate remains unmatched. Bits willing, there will be an heir.

Mrk

 

Mrkvonic. When you say ZA is also good, are you talking about the Pro version and if so would you recommend Comodo over it? Also since I know your views on Antispyware programs, what do you think about the actual need for any third party firewall if someone is behind a wireless router firewall?

 

Hello virkelie.

Quite so. Yes. Some Wilders members may disagree with me due to various reasons (Comodo is more configurable) but basically, inbound protection is the same.

 

Hello,

I was talking about the free version. I have always liked ZA, because it is very simple and straightforward. Both are roughly equal when it comes to standard filtering that a firewall is supposed to do.

Never had a problem with either, although I have tried and used ZA for far longer, since Comodo is fairly new.

I think a third-party firewall is a good think, because it allows you to control your traffic out. Not just the matter of trust or privacy or malware control - simply because sometimes you might wish to control outbound.

Mrk

 

Your analogy is weak. If a robber can't get out, you can call the police and have him arrested w/o losing your personal belongings. If an info stealing trojan can't get out, the damage hasn't been done - the damage is only done if it transmits your personal data to an external site. That's the point of having a firewall with good leak resistance. A firewall will notify you about the trojan and you can shut it down and remove it.

Who cares if a port is stealthed if there's nothing there to connect with? Most firewalls will stealth ports but that doesn't help block outgoing connections from malware.

NOD 32 missed a couple destructive trojans on my machine a few months ago and that weak-ass Windows firewall (simple to shut down from the inside) wouldn't have done a damned thing. Luckily I had DSA (basic version of PrivateFirewall) running and it blocked the system file replacement and network connection attempt.

 

This is so very true. I concur. An aspect so often discarded by many.

However, "stealth" does sound better... It gives you a kind of feeling like you're driving an invisible spaceship.

Cheers.

 

Thanks Nick, for clarifying things.

 

Hi virkelie

Application control is very important in most users eyes. You want to be in full control of exactly what has access to the outside world and how much access it's allowed to have. You certainly don't need programs "Phoning Home" just because it's developers want it to relay some information on your doings or habits, and of course wou want to be able to catch any rouge application if it somehow slips past, as it tries to contact it's true owner.
A 2-way firewall is most definitely NOT over rated, it's Mandatory!!! Anyone who relies on an inbound only firewall is putting all their faith into that they can catch everything before it gets into their system...that simply is not a safe way to do things today. Too many Zero Day exploits can find their way in, or anyone can be a bit careless for a few seconds, and that's all that's needed.
Exploits today are far more complex in the way they do things, not like the old days where knowledgable users could stay pretty safe on just their wits...nope, those days are gone...a 2-way firewall is very important, now MORE than ever.

A full HIPS protection (Host Intrusion Prevention System),monitors everything that goes on, every call one program makes to something in memory, anytime a program tries to "hook" the keyboard or screen, anything that tries to access protected files, areas, or registry keys, all things like that are monitored and the user teaches it what's Trusted and what may not be.

It can be overwhelming for some, for awhile the user is constantly asked if they want to allow something, but as it learns it gets easier. Comodo V3 is very good in this, it links the properties of every exe or dll or whatever is asking to do something, and the properties or area it wants to access so you can see who made this (like MS, or HP, or Logitech kinda thing) and know if it's trusted or not.
Comodo tries to help the user understand who made the modules that are wanting to do something, so it's fairly easy to get most of it configured as Trusted if needed.

There really is allot of layers of protection in HIPS and Windows Firewall is nowhere close to being able to provide that. Actually, after the Matousec Firewall tests where Win Firewall scored 0 out of a possible 9625 points, I'm pretty much telling everyone to use it at your own risk...it's obviously a very easy firewall to circumnavigate and fool.

I hope this helps you understand a bit!

BTW - Cheers Seer!! I knew you weren't flaming at all. Time sync is fairly important tho, if your system time goes out of whack, many things can do some very strange and unwanted things. If that's what you meant anyway..and yes, unneeded services should be disabled, but these ones that Windows uses svchost for are pretty important ones.

Anyway, hopefully this little thread is helping some folks figure things out! Good direction it's going in!

Dave

 

Hello Chappy.

It is not justified enough to suggest avoiding of Windows Firewall just because it scores 0 on the leaktests. Additional application can be used to remedy that. Windows Firewall does what it does, and that is all. It's not perfect, but it gives good inbound protection. As does GhostWall, CHX-I, and other excellent packet filters that would also score 0 with Matousec.

Well, if you feel that you need that service, I have no objections. However, NTP does not need to listen on port 123 all the time. Your mobo battery should do sufficient job. It keeps the correct time. If you don't trust your battery, you can manualy update system time occasionally (say, monthly).

I believe I'm not flaming. If I am, mods please warn me.

Regards.

 

I agree, but which version? I've been using ZA Pro 6.5.737.000 with Avira PE Premium, and while I don't think the two work very well together, ZA Pro has always done well on grc.com's leak tests, and the Pro version (but not the free version) is very highly rated on Matousec's site (see my post here that has all the links: https://www.wilderssecurity.com/showthread.php?t=180473) rates the ZA Pro version very highly, but not the free version.

Matousec tested the latest version of ZA Pro 7.xxxx, but if you read the comments on ZA's forums, many are having trouble with version 7.

In my post referred to above, I expressed a desire to switch to Comodo, but after reading comments in this thread and another, I'm not so sure anymore.
Matousec also referred to a security leak in ZA Pro v. 6.5.737.000, which has been resolved in v7:

Is anyone here running ver. 7 (free or pro) and can you comment on it.

 

Hello,
Which version? All of them are ok. As to leaktests and self-protection, that's nonsense.
Mrk