Jetico Personal Firewall vs Privatefirewall (vs Simplewall vs Windows Firewall Control)

Discussion in 'other firewalls' started by Lexor, Nov 29, 2017.

  1. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    I was Kerio Personal Firewall user on my Windows XP system for many years but after change to Windows 7 I can't use it any more so I am looking for KPF replacement (preferably with built-in HIPS and learning option).

    Currently I am mostly looking at Jetico Personal Firewall and Privatefirewall - both are free to use, no longer updated and (as I read in many opinions) very good. JPF "seems" a "little more complicated" than PFW but I do not care about greater difficulty in learning curve and I am not afraid of "many popups" as long as it comes to better security of my PC in the end.

    There is also the question of updates for JPF/PFW - I know that they are maybe "not so important" (Windows 7, the system I am using, is fully supported by both) but still. That's why I am also thinking about Simplewall and Windows Firewall Control - these are probably best "still updated" firewalls I found - but they work in very different way as they are kind of "overlays" for Windows build-in firewall. Are they worth to use? Are they better/worse than JPF/PFW?

    After many days of reading opinions (also this forum) I can't still decide "which one is better". My main problem is that I can't find any "direct comparison" from the user of JPF and PFW - only separate opinions from users of each of them.

    I would be very grateful for any feedback and opinions if you use or know any/all of these.

    PS. Is using "virtual PC" a good option to do some tests of these firewalls? I'm thinking about VMware Workstation Player or VirtualBox.
     
    Last edited: Nov 29, 2017
  2. Disney

    Disney Registered Member

    Joined:
    Oct 15, 2012
    Posts:
    122
    Location:
    USA
    I personally liked both . Jetico was especially good a few years ago. At this time, Jetico is probably more up to date but, Private Firewall is better. Either would be a good choice in my opinion.4 years ago I would have said Jetico. Today, Private Firewall . I feel Jetico made changes to an excellent product that made it good , as opposed to excellent. Private Firewall has basically stayed the same and has always been excellent. I hope this helps somewhat
     
  3. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    Thank you for your response. Can you be more precise why PFW is better for you?
    Is it more secure? Or is it just the matter of better interface?

    I found these two old tests of firewalls: Proactive Security Challenge and Proactive Security Challenge 64.

    According to their description: "Proactive Security Challenge 64 is a replacement of former Proactive Security Challenge that tested security products on 32-bit Windows XP platform. Proactive Security Challenge 64 uses 64-bit Windows 7 platform."

    In PSC (Windows XP 32-bit): JPF v2.1.0.10.2451 scored 88%, PFW v7.0.25.4 scored 98%.
    In PSC64 (Windows 7 64-bit): JPF v2.1.0.13.2471 scored 58% (-30%!), PFW v7.0.30.3 scored 88% (-10%).
    Last versions are: JPF v2.1.0.14.2481 and PFW v7.0.30.3 - nothing big has changed since last test.

    For me it was quite surprising that JPF "went down" so hard on Windows 7 64-bit, the platform I am using.
    Unfortunately, in "detailed history" there isn't much about PFW, only about JPF: "Jetico (...) suffers from its problems with 'indirect relativeness' protection which does work sometimes but could cause major headaches to its users in case of malware infection of the protected computer."

    As these tests (PSC64) were performed 3 years ago I do not know what should I think about them. JPF "seems" to be much worse choice for Windows 7 64-bit at this moment - is it? Should I still trust these tests I linked above? Does somebody know any up-to-date one?
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    I decided to abandon third party firewalls on Win 8. I would suggest to check out Simplewall and Windows Firewall Control. On the other hand, if you like the firewall + HIPS combo, then you should probably go with PFW, but to me it's too ugly, the GUI is horrible.
     
  5. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    @Rasheed187: Thank you for your opinion. Yes, I'd like to have additional control over applications so I am taking your post as a vote for Privatefirewall (firewall with HIPS). Can you tell me - have you ever tried Jetico Personal Firewall?

    I must say I'm quite impressed by JPF capabilities, especially after quite long reading of this thread but it was definitely worth the time. Here is a handful of useful posts I've bookmarked for myself, just for reference and example:
    - How to create, backup, import (with example) and export ruleset (by @Stem)
    - JPF tutorial (translated by @Ozular, corrected by @Stem)
    - JPF rules tutorial (by @hojtsy)

    My main problem is that all these posts are 10+ years old and (as I believe) relate to JPF v1 running on Windows XP x86. I also liked @Stem's explanation posts but his last time online on this forum was a few years ago.

    The only "up-to-date" ("4 years old") and interesting (related to my situation) post I've found is JPF installation on Windows 7 x64 by @0strodamus - I wonder if @0strodamus is still using JPF?
     
    Last edited: Dec 2, 2017
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,094
    Location:
    Canada
    I've no idea about Privatefirewall but Jetico v2 really is an excellent 3rd party firewall, although it's very important you understand how it processes rules. Also, you can simplify things a great deal by creating "Groups" of common application paths or IP addresses. There is a pdf help file under Support on the website which is recommended reading if you are going to try it.
     
  7. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    @wat0114: Thank you for your reply. This is the first vote for JPF in this topic.

    Yes, I have learned a lot from the topic and @Stem's examples and explanations I mentioned earlier. I think I'm quite ready to try this firewall, but there is a thing I'm afraid of - it is this Matousec test and "low score" as it implies that all effort I put into understanding the logic of JPF may be not worth its trouble in the end which is quite opposite to what I feel and what you said ("Jetico v2 really is an excellent 3rd party firewall").

    Do you know why it scored so "low" under Windows 7 x64 (58%) vs Windows XP x86 (88%)? I've found this post:
    As I understand, @itman suggests that Matousec test was scored using JPF's default settings but on Matousec test site they say:
    So who is right?
     
  8. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,627
    Location:
    Poland - Cracow
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Never tried Jetico, but my general impression is that it's probably a good firewall. But the HIPS is less comprehensive, it seems to be focused mostly on blocking code injection. So it depends on what you think is important.
     
  10. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    @Rasheed187: Can you tell me some advantages of Privatefirewall's HIPS so I could compare?
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    It's simply about the amount of behaviors that are being monitored. If you read the Jetico help-file (page 24/25) you will see what it monitors. A true HIPS would monitor a bit more, but that's not its main aim.
     
  12. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    @Rasheed187: Is this a complete list of monitored events by JPF? I think more events were added in updates, like "critical registry modification" which I can't see mentioned in this help file (or maybe I'm wrong?).

    Do you know where I can find similar list of monitored events for Privatefirewall?

    Also, I've found this article "What is HIPS?" with a list of "bare minimum" HIPS should be guarding:
    Am I right in saying that JPF covers all of these?
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,627
    Location:
    Poland - Cracow
    HIPS in PFW is based on DSA (Dynamic Security Agent) wich was earlier standalone behavioral blocker (from Privacyware also).
    Page #37 from guide
    https://www.privacyware.com/PF_User_Guide.pdf

    PFW has also ability to edit process advanced rules - you can enter into Process IMonitor Rules by double click on process in Process Monitor module...on a page #22 in user guide you can find screen from such window.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Didn't know about that, but I believe member wat0114 can tell you more about what is being monitored by Jetico.
     
  15. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    60
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,094
    Location:
    Canada
    The Process Attack filter monitors the following events:

    Code:
    write to application's memory
    create remote thread
    create hidden window
    install global hook
    modify child process
    direct memory access
    critcal registry modification
    send message to another application
    control process
    critical system object modification
    change process privieges
    There is also Access to Network and Indirect Access to Network.
     
  17. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    Wow, thank you for this comprehensive list. It really seems that I was right in saying that Jetico help file is not up-to-date. Where did you find this full list? I tried to google but with no satisfactory results...

    I found out in your very interesting thread (about Windows Firewall w/Advanced Security) that you are using the same system as I am (Windows 7 Ultimate) and you were using Jetico PF in the past.

    May I ask you why did you stop using JPF? Were there any issues or conflicts between Win7 OS and JPF? (Is your OS 64-bit?) Or you just don't need HIPS any more? (btw: would you classify Jetico's HIPS as an average or a good one?)
     
  18. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    In the thread you linked there is a reply from Nail, Jetico's developer, who said "JPF always produced zero hash for 'System' pseudo process" so it seems normal and not a bug.
     
  19. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,425
    This is what Private Firewall watches:
    Code:
    Create Process
    Open Process
    Create remote threads
    Terminate process
    Set hooks
    Open Thread
    Debug processes
    Read Key State
    Interprocess communication
    Promiscuous or Raw sockets
    Adjust priviledge
    Simulate Input
    Physical memory operations
    Send Windows Message
    Copy screen content -notInGUI -Correction: it is in GUI settings
    Write protected registry area
    Manipulate protected file objects
    Terminate threads
    Monitor clipboard content
    Set Windows Hook
    Initiate shutdown or logoff
    Post Windows Message(only visible in the LOG, is PFW activity)
    Set Sniffer (only visible in the LOG, is PFW activity)
    Edit: I fixed one line and indicated what is not in settings because these are things PFW does and logs in the HIPS log.
     
    Last edited: Dec 9, 2017
  20. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    60
    Probably I linked to wrong thread. Sometimes the hash could be FFFFFFFFFFFFFFFFFFFFFF...
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,094
    Location:
    Canada
    I found that list saved on my storage drive. I stopped using Jetico because I'm satisfied with Applocker using it to whitelist executables and dll's. I use Windows fw w/advanced security with enough outbound rules to restrict my web browsers, email client, Windows Update and a few other apps to specific ports and in some cases specific IP addresses.

    Edit

    I forgot to mention Jetico does not handle IPv6. This may not matter for some, but I've noticed that several Microsoft update servers are using it.
     
  22. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    @wat0114: Thank you for your reply. I did not know about AppLocker - it seems to be some internal Windows application. Is it hard to configure it "properly"?

    About JPF and IPv6 - I've found this in post from the other forum user, @Rules:
    Do you have any idea how should I understand the last part of this sentence?

    btw: That guest wat0114 in that other topic, is this also you?
     
  23. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    Thank you for this list - it looks longer than JPF's one, but it's hard to judge for me if it's indeed more unique events or PFW's list is simply more detailed one.
     
  24. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,094
    Location:
    Canada
    No it's easy to configure and available in Win7 Ultimate.

    Yes I'm in tha thread. I confess to not knowing about the option to add IPv6. If I have time and feel up to it, I might install Jetico and check that out.

    EDIT

    yes, IPv6 is an option. I never before needed it so never looked for it :oops:
     
    Last edited: Dec 8, 2017
  25. Lexor

    Lexor Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    24
    Location:
    EU
    So how does it work? Is it some update or plug-in you needed to install or some "hidden" option you needed to check?

    Now, to be honest, your personal experience made decision very difficult for me as I was not aware about existence of such application as AppLocker at all.

    On the one hand, if the person who uses 3rd party firewall+HIPS (such as Jetico Personal Firewall) decides to stop using it in favor of two Windows build-in applications (such as Windows Firewall and AppLocker) that should indeed mean something.

    On the other hand, I got used to my Kerio Personal Firewall over the years in the past and I liked all the pop-ups and adjusting its configuration on event-to-event basis very much. I'm not sure if I have enough knowledge to be able to configure everything up front (i.e. without "learning mode").

    I've also tried to google for some AppLocker's "how to start" or "guide for beginners" but I haven't found anything interesting.
     
Loading...