Looking for a light FW that has an integral HIPS

So ... now it's over a month later. May I ask how you are doing with OP?

I too am running WinXP Pro with Kerio 2.1.5. But every 4th or 5th reboot of my PC, Kerio fails to load ("two addresses in the transport?!"). This only started happening after I got a PC with two NICs, though I'm not entirely sure that's the cause of the problem. So I'm thinking it's time to move on, but it's hard giving up Kerio.

I've been thinking OP. I looked at OA but I like some of the OP features better (plus I used OP back in version 2.5 and liked it then). The only doubts I have right now are:

1. It's very difficult to find the OP Free download; I'm sure there used to be a link from their products page, but no longer (maybe due to OP 7?). Gives me doubts about their commitment (if they have one) to a free product. Not that I'm whining about it; personally I would use a paid product, but I wanted to see if the free product was useful for some other non-technical users I "support".
2. I wonder about the continued staying power of Outpost -- the "lifetime licence" sounds like a great deal, but it's really not a long-term marketing solution, and I fear it's a short-term cash grab that doesn't bode well. Maybe I'm reading too much into it though, but I'm always reminded of "If it sounds too good to be true..." A two- or three-year licence for the one-year price would've been a better, more sustainable, offer.

So, any feedback on your experience with OP? Still using it? Still happy with it?

Thanks in advance,
TR

 

Very difficult to find? see here
http://lmgtfy.com/?q=outpost free

Anyway I have always had some problems with OP.

 

Sorry, I should've said "very difficult to find the OP Free download from the Agnitum website". I know any search engine can do it, but my intent was to point out that Agnitum doesn't really advertise it; it's pretty disappointing when a vendor doesn't display their own product (even if were in an "archive" section).

 

I think it is following the tradition of AVG.
free.agnitum.com/
free.avg.com/
You can't also find the download link of AVG free on www.avg.com like www.agnitum.com
So, I don't think such a practice exists. My opinion...Lol

 

It's almost like they say "well, we have a free product, but we're not going to push it, so people have to know to look for it nudgenudgewinkwink". Online Armor does list their free product, even right on their front page.

But I guess it's all marketing strategy.

Thanks for the input, though, I appreciate it.

 

That's the point....

Edit
If you see all the main websites of top free AV providers that have a paid version too, Avast is the one that hosts the free AV in their main website. That's why I respect them most. They don't consider the free product as an competitor of their paid version.

See,
Avira
Main Website
Avira free

Panda
Main Website
Free Cloud AV

 

im my opinion lightest firewall with hips is private firewall
fast start up
light cpu and memory usage
very good hips
works perfect with mse
free for all uses

 

It's light but the HIPS is not "very good" - it doesn't provide autorun protection for the registry, so a trojan could stick some files on your hard drive, edit the registry to run them before Pf on boot, and have you owned next time you restart.

Now of course, turning on the execution control component can handily prevent this. But for those who prefer not to use execution control for various reasons, Pf is probably not a good choice.

 

+1 ...

@Gullible Jones: For me execution control is OK and I think Winpatrol can take care of Autorun Registry. Extremely powerful firewall is extremely difficult to use...Lol

 

process monitor to high on private firewall and you have complete reg protection
and you must know has a big white list...... so no popup question for some registry changes

 

sg09: True, I've argued that myself. And it is pretty powerful with execution control enabled, if you use it right.

simisg: Not according to Night Raven's tests, where registry stuff went past it. It was pretty good at blocking everything else though. (And again, with execution control it's a lot stronger.)

But as far as bellgamin's original post goes, it looks like he did not care to use execution control... That's the impression I got anyway.

 

Try checking PFW against the POC from HERE. (Scroll down spyshelter's web page until you see "Test security of your PC" then click the download link directly below.)

As I think you will see for yourself, PFW offers little if any protection against keyloggers, screenshot stealers etc -- & those (IMO) are THE most dangerous threats I can think of. Infect my computer -- it's bloody inconvenient. Steal my private date -- it's a DISASTER!

As to OP I'm not using it at the moment. OP 7 still has some issues (check OP's forum). I will wait until it issues some fixes. In any event, I'm using OA premium at the moment & loving it.

 

Yeah, its keylogger protection is bad. In defense of Pf though, the execution control should very easily prevent the automatic installation of such things, unless they somehow forge the digital signature of a trusted vendor, or happen to be from a trusted vendor.

But yeah. If you don't like execution control, it's not safe as a primary defense.

Anyway... bellgamin, have you thought of trying Geswall along with a standalone firewall? Geswall isn't really a HIPS (it doesn't isolate stuff automatically unless you make rules for doing so, not the free version anyway), but from what I've heard it's very powerful against keyloggers and the like. It's a tad inconvenient because the sandboxing interferes with program updaters and the like, the GUI isn't great, and some games don't like it; but unless you run malware as trusted, it should block just about anything that you'd normally find in the wild.

 

Or can just try default block with SRP/Applocker/Anti-executable 3. Ok?

 

I just tried OA against that POC, OA doesn't stop 1-5b screenshot tests, does it happen to you too?

 

It happened to me with 5b, but only after I ran AntiTest.exe even though OA warned me it was a KeyLogger and Prevx red flagged it as well. Also, I assume it didn't send the screenshot anywhere - I think OA would have stopped that from happening.

 

Yep, I have to agree. My signature says it all

 

You are off-topic. This thread pertains to FWs with integral HIPS. You always repeat the same comments on every thread you visit, no matter what the thread's topic is.

As to Applocker (Al) -- I'm running XP where Al is no-go. Further, SRP is not that convenient on XP (it has to be glued on with a script). Finally, Antiexecutable is mainly a proggie for kiosks & old duffers . . .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes, I have tried GW. Bought a license, in fact (I am a security proggie junkie). I ran GW for several weeks a while back, together w/Kerio 2.1.5.

GW+Kerio = HIPS+FW.

At its heart, GW is a policy-HIPS that "sandboxes" untrusted stuff. GW uses Windows api's to do what it does. For this reason GW is incredibly light & agile.

The proponent of GW hasn't posted to his support forum in ages but he is still "watching the store". A while back I sent an email to gswsupport at gentlesecurity dot com, wherein I requested a 20% discount. GW's proponent obliged rather quickly. The advantage of the pro version is that it has a wizard whereby you can teach GW how to deal with apps that are not presently on its list.

Unfortunately... yes, it does. But that is OA's ONLY "no pass". ( OA is stronger against keyloggers than any other classic HIPS I have tested. However, I haven't yet tested Outpost 7).

 

bellgamin, thanks for answering my question.

So now I'm curious: originally you narrowed it down to between OP and ZAP. What changed your mind to OA? Does it run decently on your 'aging hardware'?

And would you think OA or OP are good choices for novice non-tech users (if you don't mind my asking)? Ones who -- once I setup the initial ruleset -- don't really want to be bothered with popups. (At least I've taught them to "just say no" to unexpected popups, so I've managed to make their surfing behavior a little safer.)

 

You seem endless search for best program. Hobby? Ok. But as I say before alway new way to by pass anti key logger program. Ok? Many thread on Wilder already post new test by Spyshelter and alway seem new way to by pass Zemana Defensewall OA many other. As I say best way to block from run! Man way by pass OA if let run as my chinese hacker discover. OA can block run but then become same as antiexecutable 3. Funny how you say SRP not nice on XP but you willing use and learn classic HIPS and spend many time try new program. SRP is set forget. But yes seem you just want try best program for you. I remember some time you say you stop want try new program? Seem you got disease back? Joke!

 

Plz test it.

I tested outpost with antitest.exe.
But i had bad experience.
i hope it happend only for me.

 

Please check these two posts: a question, AND my reply.

There are those with vast knowledge. I only have half-vast knowledge. However, IMO I would rank FW+HIPS apps as follows (from easiest to most difficult): DefenseWall, OA, OP

NOTE: As to OP, I haven't tried version 7 yet. I base my guesstimate on version 6x.

In any event, when it comes to FW+HIPS programs, DW is 99.9% set-it-forget-it, & gives bloody good protection even if you never touch its defaults.
~~~~~~~~~~~~~~~~~~~~~~~

@nikanthpromod - I would trust your test of OP. Please post the results (pass, fail, etc) for each component of antitest.exe. I would love to see them. (I won't get around to trialing OP7 for a least a couple more weeks.)

@timestand -- If you don't have HIPS, timestand, your pants will fall down.

 

Oh, sure, throw something new into the mix (DW).

And now Prevx! My head is spining.

Thanks, I appreciate all your thoughts (and those of others who've chimed in).

 

The free ZA doesn't have HIPS?

 

private firewall does't have HIPS. See here:

http://www.softpedia.com/get/Security/Firewall/Privatefirewall.shtml

outpost firewall free has no Web control or Identity Protection and does not have HIPS.