McAfee Desktop firewall 8.5 port 1034 open

Discussion in 'other firewalls' started by Ludow, Jun 23, 2005.

Thread Status:
Not open for further replies.
  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Totally agree with you.This is a keeper.I dont know if it will help anyone here but ive been sorta transposing a lot of the rules from here....
    http://www.dslreports.com/forum/remark,8023708~mode=flat
    and here..
    http://www.dslreports.com/forum/remark,6642367~root=kerio~mode=flat
    into the mcafee firewall
    They are kerio rules for 2.15 but are very easy to fit into this firewall.
    I think this firewalls gonna be big.Its just like an uptodate kerio 2.15 only much much better.
    ellison
     
  2. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I ran leaktests also, but did differently than you. I allowed the processes to execute(how else can you test the leaks?) and then ran the leaktests.

    McAfee failed on several as listed at: http://www.fluxgfx.com/ssc/showthread.php?t=173

    This is a great firewall, but it could use some work on the Application Hooking Monitor. If you were to run a program you thought was clean and it contained some of these leaks, you wouldn't even know it was accesing the internet.
     
  3. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    ou can save all your rules by clicking task>export policy.It will be saved as a MDFPolicy.pfr file.You can save it (with any name) where you want to.It will then show in the protection level dropdown (where all the other levels are).If you want to load high level for example you will have to untick 1 or both learn mode boxes.thanks.for the reply ellison64.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I have never paid much attention to leak tests myself, but if you go to this site here: http://www.firewallleaktester.com/ and look at the test results, you'll notice that no firewall passes them all. So what's the point of worrying about it? It seems pretty clear to me that it is possible to circumvent any personal firewall with the right techniques. So to think otherwise seems foolish. Why not just accept that firewalls can be compromised and work on keeping the bad stuff off your machine to begin with? That, to me, would be the best approach.
     
  5. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    That site is out-of-date. I know for a fact that Outpost passes all of them, there is also Tiny Personal Firewall(with its Windows Security*) that passes all of them. I heard that the new Kaspersky firewall passes all of them also. Ohh and I almost forgot that L'n'S passes them all.

    If security is the point, than having maximum security seems like a good idea. I believe that an application firewall mise well detect every instance of an application using the internet. Why shouldn't it? Just because it doesn't? I love McAfee Desktop Firewall, and do keep all the bad stuff out, but I think things should be made right.

    Anyways, that's just my 2 cents.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Ok, I don't know about the site, just found it yesterday and I'm not up on all those types of sites anyway. But just because a few of your firewalls pass "all" of them today, doesn't mean it will stay that way. In fact, you can probably bet it won't. And also, these known "leak tests" should not be the objective in firewall development anyway. These are just examples of ways to get around firewalls. They show that it's possible. So to say that Outpost for example can pass "all" the tests, means very little. If I were writing malware or spyware or whatever, I think I'd be a lot more devious and ingenous at finding new and better ways around all the firewalls. Like Jazzie said, it's a cat and mouse game. What's the point? The game never ends. It's a moving target. Why not just make sure you keep the bad stuff off your PC in the first place? Then one doesn't have to worry so much about whether the latest release of xxx-firewall passes all the current known leak tests.

    My 2 cents too. :)

    PS - There is some merit in trying to keep most or as much as you can under control. But one has to remember that this does not guarantee "security". It's just our best attempt to date. Things will always keep changing..
     
  7. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    In that case you should disable the anti-hooking in McAfee firewall, because you keep the bad stuff out before it ever has a chance to affect the application filtering in your firewall. Better yet, you should disable your anti-virus, because it is a possibility(a very likely one) for a new undetected virus to be made. Making signatures and detections for new outbreaks is a cat and mouse game as well. :p
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yep, sure is. Best thing for a user to do is use common sense and keep it clean.
     
  9. Arup

    Arup Guest

    I for one would like to have issue less firewalls with no slow downs or surprises like BSOD, for that I would be willing to sacrifice so called leak tests as the validity of these tests don't mean that hackers are trying to use the very same methods, that would be amateurish on their part. ZAP also passes leak tests as does Jetico, does that make Outpost, ZAP and Jetico the best firewall out there? Certainly not.
     
  10. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I don't know anyone that likes issues, slow downs, and suprise Blue Screen of Deaths, but why not hope for the best? If McAfee updated their Desktop Firewall with the ability to not only stop hooking of applications, but also the ability to pass all known leaktests, how would this be a bad thing? They have already went in that direction when adding application hook control. I never mentioned any firewall being better than McAfee Desktop Firewall, nor did I mention the posibility of a perfect firewall. I just like to think positive.

    So an amateur with the ability to bypass your current antivirus signatures/heuristics can potentially send your information all over the internet without you even knowing?
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    AJohn, I think I'd have to take the position that if you keep putting your faith in passing all the leak tests, then you're doing something wrong. What is it that users are doing to get all this crapola on their machines to begin with? Isn't that where the effort should go? Into changing habits, educating users, and avoiding the problem by nipping it in the bud? Instead most of us rely on firewalls with ever increasing complexity and features, leak test passing, and so on and on. When does it end? What was once a simple firewall is now a monster! So I would say if you're worrying about an amateur sending your "information" out over the net, then first, you shouldn't keep your "information" on your PC, and second, you're doing something awfully wrong to even get into that situation.
     
  12. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I never said I was concerned about anyone sending my personal information through my internet connection, just the possibility of anyting being sent through my internet connection without my consent. Do you think it is an impossible situation for you to install something with bad intentions? Do you not ever try new software out? Safe habbits are great, but not full-proof. What have I said to support firewalls becoming resource hogs? All I have been doing is supporting the idea of McAfee Desktop Firewall being updated to meet todays publicly known exploits. I never said it would be cool if McAfee turned their product into a resource consuming monster. If a company is going to stop application hooking they should also attempt to prevent the exploits that come along with it.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Ok, I'll leave it at that.. Sure, I am constantly trying out new apps and programs, firewalls and AVs and so on. I try to be smart and stay safe as possible. I'm sure it would be nice if McAfee improved their product yet I don't think chasing leak tests is the way to do that. Just my opinion, you surely disagree on that one. No problem. :)
     
  14. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I do not disagree, only think that 'patching' known exploits is a step in the right direction. Either way we will both have a Merry Christmas :D (or whatever you do for the season)
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yep, Christmas here also. Approaching fast too.. :)
     
  16. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It appears that it could be the lack of all that other stuff that makes this firewall appealling to some. While others may want to see improvements or added features, doing so would likely turn off those that like it the way it is. As always, different strokes for different folks :)

    Regards,

    CrazyM
     
  17. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    McAfee Desktop Firewall already has application hooking prevention; I was just wishing it could detect more methods of applications using the internet. I think the reason we disagree is because some think these more advanced impletations would effect the footprint of the firewall. Being the optimistic fool I am, I believe it could be done without doing so. Either way you are right, different strokes for different folks.
     
  18. Arup

    Arup Guest

    If passing leak test for McAfee comes with a price tag of instabilities and issues, then I am definitely not interested, point is, its just not that important to adhere to a concept of hacking when the variables are simply many more than the leak tests indicate and I will repeat at the cost of being redundant, passing leak tests does not make or indicate a good firewall for sure.

    And about bypassing virus signature, yet to be seen.

    Another example of how this leak test obsession totally takes the fun out of PC is Jetico, a legitimately good firewall with very good SPI and yet, pop up hell due to its compliance to the leak test standards.

    Even a router feels faster as compared to loading your system with a leak test passing hog.
     
  19. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    L'n'S a hog? Jetico's path of choice for their firewall is their decision. There are other ways to implement for sure.

    User interface is not an issue here. McAfee could simply use the same screen it uses for hooking.

    I know someone I could pay 300$ that would gladly implement any of the exploits of my choice into a trojan and guarantee it be undetected by any AV until reported by a user. Believe me, bypassing AV isnt impossible. New threats are out daily, even hourly.
     
  20. Arup

    Arup Guest

    And bypassing firewalls which pass the so-called leak tests is not hard enough, bypassing high security Kerebros implemented hardware and software firewalled systems are not that impossible either as the Chinese hackers prove that day in day out, as for LnS, not my category of stable FWs, no matter what tests it passes, others may disagree.
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I disagree mostly because I don't think the leak tests are important. Again, what would having McAfee pass the current known leak tests do for you, except to lull you into a false sense of security?
     
  22. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Nothing false about knowing current exploits are covered. I don't understand why you use application-hook control, but don't see why it would be beneficial for McAfee to cover it fully.
     
  23. Arup

    Arup Guest

    Well in your case, it seems that you see the leak tests as being the method all hackers use, dont think thats the reality, as I said, I would not execute any unknown stuff and the hooking feature will prevent or alert me from that possibility.
     
  24. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    What possibility do you mean?
     
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    The idea is, if you think you're covered because your firewall passes the current leak tests, then aren't you more likely to get lazy and with your false sense of security, do all kinds of things that are even more risky than usual, until eventually one of those programs actually does break out somehow?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.