I'm trying Core Force

Discussion in 'other anti-malware software' started by TNT, Jan 21, 2006.

Thread Status:
Not open for further replies.
  1. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, after using Sygate for quite a long time, and after the announcement that Symantec bought it and apparently will not update or maintain the freeware version, I decided to switch to the new Core Force integrated firewall/IDS/lockdown solution (released with a "free" Apache license). Mind you, not that I've ever been such a fan of Sygate, I only used because I was quite accustomed to it and it was a reasonable "personal" firewall.

    So, how's Core Force? Well, I'm trying to contain my enthusiasm here, but THIS SOFTWARE RULES!!! :D It's NOT friendly nor simple, and it certainly is NOT a breeze to configure. In fact, it's probably the biggest Windows security software I've seen when it comes to number of configuration options, and many of those are not easy to figure out if you don't know what you're doing. It is, as stated, much, MUCH more than just a firewall; rather, it is a locking-down solution for network, filesystem, registry, etc. It is still early in its development stage but from what I've seen this seems to promise really a lot. Needless to say, as it is right now, its firewall alone leaves Sygate in the dust.
     
  2. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    I used core force for a while, and I liked it's features. For what it could do, i thought it had a VERY nice interface, and it had a ton of really good features and ran pretty light for what it offered. However, I had problems with the rules i set not loading, and it slowed down browsing. In the future, I think this security software will be very good though.
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Hmmm... for the experience I'm having so far, it does load the rules I set without problems. I must say, however, that I'm having some issue with Firefox, as it seems to hang for a while when handling file downloads/uploads: the windows for folder browsing is slowed down; I see that the default is a "Medium-low" ruleset for Firefox, yet it blocks many attempts of this program at writing/reading from the filesystem (in Windows\Registration) and the registry. I'll see. I'm quite impressed with this software, though; the granularity it offers is quite amazing.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hi,
    I can understand you want to switch because you don't like it, but there's no reason to dump it yet. How long has Kerio 2 been out? And yet, it's one of the favorite little thingies in the community. The current version of SPF is stable and has no bugs. You can probably run it for a while (1-2 years) before it becomes obsolete or buggy or full of exploits (that will have emerged then). Besides, becoming part of Symatec, although not boding well, might not mean anything. Furthermore, the old version might come out of spotlight and not be a popular target. Or the other way around, who knows?
    If you don't want friendly or simple - try Jetico, maybe?
    It is a firewall with application control - very powerful.
    Mrk
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Hmm... I switched already. ;) Sygate was ok, though, never had anything against it.
     
  6. Glad you liked it. TNT
     
  7. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, it's very good, although it has some stability issues (but that's understandable, it's early in the development stage). This has got to be the most fine-grained "lockdown" security software available today for Windows, at least between the ones affordable by people like me. :cautious: I really hope this project grows and gets the support it deserves, because it has the potential to become a really important piece of software (even though it's most definitely not for "everybody").
     
  8. Well TNT, the only other windows security software I know of that might be comparable to Coreforce for fine-grained security is probably the $$ware Tiny firewall with it's super comprehensive sandboxing.

    Honestly though I wonder how Tiny survives, there can't be that many super geeks out there willing to pay for it. It's a strictly niche audience only kind of product.

    I have utter respect for people who can tame Tiny (infinity is one of them i think) and Coreforce. They are the truly super cybergeeks I bow in awe to.

    Besides these two, there is GESWALL, which as I said feels like a slightly less daunting version of Coreforce, altough from what I have gathered GESWALL is more stable then Coreforce.
     
  9. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Tiny is easy if you spend time on it . But , it will take some time . The reason it is so monsterous is because it has many features that standalonf programs can do . It can replace PG , just to name one . Many HIPS programs arew replaced as well by Tiny . So much to this firewall . I agree . It sounds like CoreForce is close to this .
     
  10. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yep, Core Force features many things that Process Guard does (as well as many more).
     
  11. Kenjin

    Kenjin Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    63
    well, actually core force misses the most important features of process guard: protection against termination or modification of a process and global hooks / physical memory protection. the only things they have in common is execution protection and to some extent driver installation protection.
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, they have in common execution hook protection; also, Core Force picks up attempts made by executables to run dll's, which Process Guard misses. As a matter of fact, Core Force protected against the WMF exploit (in its default setting), Process Guard didn't (although with it the infection could be contained). I'm not trying to knock Process Guard here, but the fact that Process Guard does more things on one side doesn't make Core Force less of a protection on the other. Oh, they also feature executable hashing and checking at run time, so that's another thing they have in common. Core Force also has configurable file/directory reading/modification protection (from defined processes), Process Guard doesn't... I'm not sure why this should be considered a 'lesser' feature than process modification.

    By the way, I'm using both at the moment.
     
    Last edited: Jan 23, 2006
  13. Kenjin

    Kenjin Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    63
    execution protection...yes...as i said already. the hashing and checking is part of execution protection feature, it has no use on its own or for other areas.
    i am not trying to knock core force either and i didnt say anything about which product is better nor which is a 'lesser' feature. in my previous post i had just pointed out that contrary to your statement core force does actually not feature many things that process guard does. they simply cover different areas and have only little overlap.
     
  14. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Hmm... ok. They do have a little overlap: I get promped for the same question... "should I run this" ;)... although with Core Force this only happens as an executable trying to launch another executable (or dll). The overlap is not enough to become too much, though, in that I agree. They can coexist.
     
  15. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Version 0.80 seems far more stable. :)
     
  16. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Hmmm... that's a little bit too much. This software is complicated, but not that complicated. :D I love that its firewall is a (somewhat limited... but still ahead of many personal firewalls) version of OpenBSD's pf :thumb: Also great is that you can export rules (I used Deep Freeze, I can test the rules and re-import them when thawed, or on another computer).
     
  17. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    That's one reason why I'm waiting. I just recently reformatted and making this big a shift in my security setup is something I would play around with just before reformatting. But I really like what I've seen so far.
     
  18. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, as I said, version 0.80 seem much more stable. I haven't experienced stability issues yet with this one.
     
  19. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    core force

    Any thaughts on Core Force :rolleyes:
     
  20. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Re: core force

    Well, I re-post the message I sent to another user who asked the same thing:

    It is actually one of the best security apps for Windows I've ever seen. But as said, it requires some learning and a bit of time. Also, it's not an application where "you just try", as misconfiguring it would give a false sense of security.

    Also, although great for locking down your machine, it's not "a security application to end all security applications", and I would still use some other layers of protection to be on the safe side.

    Personally, I use it with Process Guard full, KAV, Deep Freeze and Snoopfree, but this is probably overkill for most users. Of course, it should not be installed along with another software firewall. There are some known issues with other security software listed here: http://force.coresecurity.com/index.php?module=base&page=known-issues but basically, it seems the compatibility issues are quite rare.

    The approach is very interesting, very "fine grained" because you can define the permissions every process can have at network level, filesystem level and registry level. You can, for instance, define that Firefox should be able to read/write only certain registry keys, read/write/execute/delete/list from certain directories (or single files, or types of files as it supports wildcards), and of course be able to connect to certain sites and not others, etc. Every application you configure produces logs for attempted access outside its permissions, and you can decide your own logging setup for every application (you can even log everything it does or tries to do).

    The firewall itself is quite configurable, has stateful detection, you can define TCP flags, etc.

    It also comes with a lot of defined policies for known applications and at system level (for instance, there are policies that make impossible for Firefox to execute or install unknown plugins, etc). You can "raise" the security level for an application (or the whole system) temporarily for example if you're visiting untrusted sites, etc. And of course you can define your own policies for the firewall, the filesystem and the registry protection.

    It has protection from hooks, execution protection (even of dlls)...

    Well, I'm pretty enthusiastic of this product. It does take time to configure it (for some applications, like Opera and Firefox, you need a little bit of initial tweaking); but I really like it.
     
  21. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    Re: core force

    Cheers for that TNT, I need to learn a lot about firewall rules and security and how to set this firewall up but the main reason for me to choose this firewall is that a lot of firewalls are not as configurable and also I am a bit paranoid about large companies and what they sell to the average internet user, I want a rock solid program that I know has been designed by a company that is interested in internet security and not just a quick buck as they say, after what I have read on the internet and what I have seen i also am quite enthusiastic about this - maybe at last a program to be trusted.:cool: :cool: :cool: :cool:
     
  22. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Re: core force

    Good, good... :D I also like the development policy of this product, and I do think it has the potential to become a very important product, though I acknowledge that it's not for everybody... for one thing, unlike say, Sygate personal, you need to create a profile for many applications (at least for the "risky" ones) to really use Core Force at its full potential (it has a limited list of pre-configured application profiles, i.e. Firefox, Opera, Internet Explorer, but these are the basic stuff... and these need some tweaking). It does have a "system" profile, but it's suited for the system, not for applications.

    That said, I had been using Sygate personal for three years. I decided to switch to Core Force about two weeks ago and, in retrospect, I think there's absolutely no comparison. Core Force rules! :)
     
  23. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    Re: core force

    I agree as I was using Kerio up until Dec before the take over but before I also used Sygate but stopped because of the symantec take over, I then used Mcafee which I got with the security suite, the AV is good but I wanted to really streamline security and tighten it up - with a bit of luck help and knowledge I think I can do it.:D :cool:
     
  24. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Re: core force

    Well, feel free to ask me with a private message if you need some help, I'll be happy to help... in case I know the answer... :)... or else you can ask in their forums. :)
     
  25. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    Thanks will do.:D
     
Thread Status:
Not open for further replies.