Matousec Test Updated

it is essential to PFW monitor traffic on computer where it is installed not for other computers which are on network, that is essential for some other FWs which are used in corporate environment and corporate gateways which can filter per users and not per applications which is essential for personal firewalls

 

I agree with these statements. Matousec has attempted to make it clear what he expects out of personal firewalls, basing results using his criteria on the way personal firewalls should fulfill their roles. His word does not have to be taken as gospel and no one needs to choose a personal firewall based on his testing, nor get all bent out of shape on the way he tests and rates the personal firewalls. It is simply the way he chooses to test and rate them. Unfortunately he has, for whatever reason, not been able to convey this approach effectively enough for everyone who has scrutinized his site.

I'll admit it took quite a while before I clued in to his approach. It meant I had to do some quality reading on the site before I got the message

 

Nope, this is not a play, we look for a definition for a personal firewall. And it appears personal firewall is not a subgroup of the group you defined, but independent s/w group. What plays a game are the names themselves. This looks logical since "personal firewall" name includes the word "firewall" it should be a subgroup, but actually this group has almost nothing common with the "A Firewall is a system which limits network access between two or more networks. Normally, a Firewall is deployed between a trusted, protected private network and an untrusted public network. For example, the trusted network might be a corporate network, and the public network might be the Internet." This looks to be a common mistake -- mixing firewalls and personal firewalls because the later "look" like the subgroup of the first. Actually we see, they have almost nothing common except the word "firewall" in their name.

 

Alex,

we agree that a personal firewall is s/w group installed on a pc, right?
Personal computers and their use are only restricted on their owner, right?
Why then do you exclude, that there are users that use one of their pcs with a personal firewall installed, as gateways for their home network?
In this case a personal firewall does exactly that, limits/restricts network access between the internal network and the external world.
And in the case of a standalone pc, it limits the access between a single network IP of the machine and the external world.
And since the computer has always a loopback IP (127.0.0.1) and an external IP, it is a "virtual network" consisted by only 2 ips.

ps. this is my last post in this thread, since all this discussion is of topic, even thow the thread itself is off topic, and should have been placed under the "other anti-malware software" sub-forum.

Panagiotis

 

I do not exclude anything. Any program, including personal firewall, can do a lot of "extra" things. There are "necessary conditions" and there are "sufficient conditions". You seem to mix them.

 

To me it seems that you are the one who is trying to mix things up.
First you asked me to provide you a definition of a firewall.
When I did, and since it does neflect your personal ideas, you changed the subject of your initial request and started to talk about the definition of personal firewall.
When I said that a personal firewall is a subgroup, you stated that it is not and is an indipendent group. This is your vision and not mine.
For me windows firewall is a personal firewall, Netfilter, iptables, ipfirewall, IPsec are personal firewalls without a guide.
You remind me alot of matousec that tried to push his ideal of what is or what should be the personal firewall.
To some extent he succeded and now the personal firewalls almost no longer exist.
For me the firewall component, of a personal firewall is its ability to correctly filter the net traffic. Everything above that is an extra. HIPS, IDS, IPS, Proxy HTTP, Antimalware, etc. have absolutly nothing to do with the firewall component.
You do not accept my definition and I do not accept any of yours. So, lets end it here.

Panagiotis

 

I'd like to see Matousec add Spyware Doctor* to the fray with the optional Behavior Guard plug-in. IMHO, that one along with the other guards (File, Immunizer, Process) could bear scrutiny by the Proactive Security Challenge.

And, yes, I know Behavior Guard is the ThreatFire Engine service...

*Not "Spyware Doctor with AntiVirus"

 

sorry if it's been asked before, but did free comodo (firewall only) drop a load of points, when the av came out? or am i just being suspicious?

 

And I said "It's OK"

 

firewall only (without d+) drop all and not because their av, to be able to score exactly like you can see in matousec tests you need d+, d+ component of ComodoIS is responsible for great Matousec results, now as before

 

Settled.

 

ah! makes sense now, forgot it's not a firewall test

 

it is not packet filter test at all, but very good personal firewall test...

 

it all puzzles me to be honest, i have never had an infection that didn't take more than 5 minutes to sort, i have never been hacked, had identity stolen, never used a firewall until i thought i was missing something, and certainly never had more than one security program cluttering up any of my pc's.
maybe i've been lucky http://samspade.org/d/firewalls.html

 

yes, your sys is compromised, but you can complete cripple trojan in its installation phase with good PFW, not to mention that you'll block all network requests for it if your PFW is good in tests, people do have personal and valuable data in their systems, some of them value more those data than sys itself, you can always reinstall sys. but you cant turn stolen data back, good PFW will keep it safe...
I think that article is little bit outdated

 

Maybe title of this section should be "other firewalls and HIPS" instead of "other firewalls".
If Matousec is really testing HIPS instead of firewalls?