Need a good firewall -- not a crapwall

Discussion in 'other firewalls' started by comma dor dash, Sep 23, 2007.

Thread Status:
Not open for further replies.
  1. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    I say wait until comodo v3 is out. You should like it. Extremely low mem usage...Under 10mb. Obviously not outdated. It's still in beta. Has been through a long bug killing process. Beta 3 is suppose to be tomorrow. Easy interface and control over rules and active connections....yah....Rules are completely customizable but i am not sure if you can customize them at alert.

    Surprised many firewalls don't impress you. Outpost i thought was good enough.
     
  2. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    your assumption is wrong! looks who's the top 5 in matousec.


    i think you're just joking around :D
     
  3. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    @climenole "How can you evaluate any FW in a couple of minutes ?"

    This is because I have so much experience with firewalls. I go even one step further. Please show me your rule for svchost.exe. I am almost 100% sure that you do not have a proper rule for this application. Otherwise, you would not use LnS.

    @ccsito KAV Anti-Hacker has been included into KIS. However, it was modified and it became worse (as already explained).

    @fce I already explained the problems with KIS. You avoid going into the details. As regards your reference to Matousec: I do not see any contradiction. Do you refer to the leaktests results? Please be specific.

    @coolio10 "Rules are completely customizable but i am not sure if you can customize them at alert."

    This is absolutely necessary (see my example with the steering wheel and the trunk). Show me ONE SINGLE person that has created a good rule set without using a firewall that allows you to create a customizeable, granular ruleset on alert/on-the-fly. It's is extremely painful to do this manually. This is for a simple reason: Do you memorize the required ruleset (including any ports that must be opened) for each and every application? Do you want to spend hours or even days to create such ruleset after you installed a firewall and prior to using your computer? It is so much more comfortable to install a good firewall, simply start working and create your rules on-the-fly...

    "Outpost i thought was good enough."

    In principle, it is VERY good. The rules editor is the best one I have ever seen. UNFORTUNATELY, Outpost crashes you computer. What am I supposed to do? I would love to use it.

    @mercurie I may try Outpost 2.7. Please let me know whether it is really stable.

    @Kerodo Does Jetico have the required rules editor so that I can create granular rules on-the-fly?
     
  4. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Try Kerio 2.1.5-
    -you can create rules on the fly, I just did....
    -passes leaktests....
    -is light and stable....
    -has advanced mode for experts, such as yourself.....
    -experts don't need a supported firewall....
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,027
    Hello,
    Sygate or Smoothwall...
    Cheers,
    Mrk
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I really like this thread, very interesting:

    What about Gmer hip, nice alternative, speedy and light ;-)

    Hehe, so funny and true, it could be the best but buggy til end, BSOD monster, the latest version more stable but still so huge and vulnerable. Best for Antileak tests, but in reality, I´m not sure.

    Klif.sys is the big problem, it slow down your machine to the max and still several bugs.

    Great choice, probably most ambitious but still beta bugs.

    Zone Alarm suite has klif.sys slow down your machine to the max, zone free too vulnerable against attacks.

    Jetico creates heavy network changes in your system in bad cases you are no more able to open a webside, a very heavy thing that blocks everything, so you might better unplug your ethernet cable that would create the same result.

    Sygate is really user friendly and relatively light, but ranged only in midfield if you take it serious with security this is by far not the most secure, nevertheless nice but outdated.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Uh, I forgot to mention, I have the right choice for you: PC Tools Firewall 3, actually made big steps ahead, in my leak tests number 3! But you may get logon problems in some cases.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,027
    Hello,
    Outdated - not a concern because protocols are the same.
    Security - firewall is not meant to be a HIPS, it does what it needs.
    Mrk
     
  9. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi SystemJunkie :)

    Unfortunatelly, PC Tools FW is a version of THAT LnS, a so crap FW (an invitation to unsecure rules) and a so disappointing experience blah blah blah... :D

    Check the comments about all FW mentionned here:
    All crap. No one in the whole universe. Right?

    I ask him (again) this simple question: "what features of rules editing are you looking for?"
    and somebody here will suggest a FW with such features or alike...


    I guess there is at least one user of each FW in Wilders forum to give him the answer... Did you agree with this?

    Check the answers from ,.- ...

    This user is in deep depression pediod and in such case I sincerely hope he feel well as soon as possible (I'm not joking)
    OR
    This thread is a TROLL.
     
  10. Arup

    Arup Guest

    The firewall in AntiVir Suite is quite good and unobtrusive, has minimal slowdowns and lets you make your own rules.
     
  11. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi ,.-

    Sure... :D

    À méchant ouvrier, point de bon outil.

    Free translation:

    For a Pebkac, all FW crap. © climenole

    :D
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Do I understand right, PC Tools is similar to LnS? But has a much smarter GUI.
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Comodo is like that, and Kerio 2.1.5 too, but different.
     
  14. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi SystemJunkie :)

    PC Tools FW IS LnS with a more "user friendly" GUI (for some user).

    An agreement between PC Tools and Soft4Ever...

    BTW: my final answer ~snip~

    1 ) Show me ONE SINGLE person that has created a good rule set

    Me: Climenole's experimental rules - Update v 3.01

    (There's other rules set but you ask for ONE.)


    2 ) without using a firewall that allows you to create a customizeable, granular ruleset on alert/on-the-fly.


    With these two rules it's possible and easy:

    {X. 9998}; [UDP] < Outgoing UDP Forbidden ! >>
    Warning of a "T" rule to be created or modified.

    {X. 9999}; [TCP] < Outgoing TCP Forbidden ! >>
    Warning of a Too Much Restrictive "P" or "S" or "R" rule


    3 method to create a new rule:

    a) On the fly by right clicking on the blocking entry in the log
    b) with a test rules and the raw log feature of LnS
    c) by using these 2 rules... combined with the other methods

    but this is too much painful. Right?

    3 ) It's is extremely painful to do this manually

    No because somebody else do it for you most of the time.

    May be I'm lacking of modesty but this is often me for LnS. (I do it free... :rolleyes: )
    There are many already set rules for specific needs.
    Just to import these rules: is it too much painfull ?

    I'm pretty sure that you'll find the equivalent with the other FW. Any.

    4 ) Do you want to spend hours or even days to create such ruleset after you installed a firewall and prior to using your computer?

    For most users FW comes with preset rules and required few work for user.
    Adapting FW parameters takes less work than all your post here ,.- !!!

    5 ) It is so much more comfortable to install a good firewall, simply start working and create your rules on-the-fly...

    Which one ? An existing one or the one you see in your dreams.
    For your intellectual, moral and physical comfort why not simply use the built-in firewall of Windows XP or Vista? Impossible!

    You want an "on-the-fly" FW and , in the same time, with a "granular rules set".

    Actually: the butter and the money of the butter.

    ~snip~

    Further reading for the other Wilders members:

    Top 5 reasons why “The Customer Is Always Right” is wrong

    :D
     
    Last edited by a moderator: Sep 25, 2007
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,005
    Yes.... no problems there... It gives you as much control as Kerio 2.1.5 (or more), however, it's not quite as elegant as Kerio and a little more annoying to deal with. But I think it would do what you want...
     
  16. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    I use the latest version of outpost. Havent experienced any problems or crashes or anything yet.
     
  17. Rickster100

    Rickster100 Registered Member

    Joined:
    Sep 29, 2005
    Posts:
    152
    Location:
    United Kingdom
    Hi ,.-,

    Thanks for the interesting thread. If you are having problems with Outpost, please post your issues in the Outpost Users Support Forum, where we will try our best to help you. ;)
     
  18. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I don't get it. A week ago there was a thread or two praising Outpost, and how great it is. I even checked out their web site and saved it on my favorite folder in case I need to try it some day. Now I see problems and complaints in this thread. What's the real skinny.o_O
     
  19. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    I don't know if I am one of those who praised and now am seen as complaining, so let me be clear. I have just sort of put up with this issue. If I never log off my problems are much less, but there seems to be an increase in the crashes recently and at some point I just can't tolerate it anymore. Still wanting to use the Firewall because I believe it has potential and is strong security but does have it's problems. I decided to dial back based on the suggestion of several.

    I am on PC1 at the moment, and there has been to short of a time to tell the original poster it is stable, but :isay: I promise I will report back after a time and I feel comfortable that ver. 2.7 is stable.

    Rickster100: Thank you for your post. I will PM you here at Wilders...;)
     
  20. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    I had problems similar to OutPost in log off and log on too. It would hang. It was an earlier version not 3.
     
  21. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    @Climenole

    Although you called me a troll etc., I will not call you a fanboy or personally attack you in any other way. I just want to discuss your ruleset with you:

    1.
    I refer to the .txt file posted here ( https://www.wilderssecurity.com/showpost.php?p=1032531&postcount=1 ) and the screenshots posted here ( https://www.wilderssecurity.com/showpost.php?p=1000786&postcount=9 )

    2.
    First of all: the text file almost looks like a little script or something. Hardly intuitive for the average Joe, isn't it? For me it is a matter of security whether I can easily create my own ruleset or whether I have to rely on someone else's more or less generic rulesset because it's just too complicated to create my own rules.

    3.
    I believe that your ruleset is not good. I believe that your ruleset is insecure. This is not because you are stupid. It is because LnS does not easily allow you to create a better ruleset.

    4.
    Example:

    If I correctly understand your .txt file and your screenshots you have created certain generic rules. (This is similar to what can be done with a hardware router...just that a hardware router is more secure than a software firewall.) Moreover you have apparently created certain rules which are specific to certain application, i.e., the rule is actually tied to an application. (This is the main benefit of a firewall with application filtering. A hardware router cannot do this. It can be mainly used for inbound protection.)

    Now let us look in more detail at the rules for specific applications: I am interested in the rule for your e-mail program. Referring to the screenshot I am not entirely sure whether you have created a rule allowing ALL applications to make outgoing TCP connections via POP3 to any remote address. If this was the case, the rule was obviously insecure. But even if we assume that this rule may only be used by a specific application (i.e., the email client) the rule would not be granular enough.

    For instance, if you allow your mail client (and only your mail client) to make TCP connections via POP3 to ANY remote address, it would be possible to inject a trojan .DLL or malicious code into the mail client which would then transfer data via POP3 to the attacker's remote address. (Of course this assumes that your other security layers like your antivirus and your system firewall have failed. But we all know or should know that an antivirus can be easily circumvented and Matousec has recently shown how easily you can exploit system firewalls because of various bugs resulting from poor coding. Therefore, your firewall layer should be as secure as possible.)

    A safe ruleset would be to allow ONLY your email client to establish outgoing connects via POP3 to the remote address of your mail provider ONLY. In such case, it does not matter whether the mail client gets compromised or not. If it is compromised it cannot reach the attacker's remote address. (Of course, if the firewall was also compromised this wouldn't help. But even a sophisticated attacker will hardly be in a position to properly attack each and everything and, therefore, you should always try to make everything as secure as possible. Even it is still not 100% secure.)

    Please let me know whether you have created such a safe rule for your mail client. If not: why? It would be very easy/intuitive to create such a rule featuring a firewall using a good GUI/rules editor/learning mode allowing you to create granular on-the-fly rules. Such firewall would also resolve the name of the address to which you email client wants to connect so that you can easily decide whether it is your email provider or not.
     
    Last edited: Sep 26, 2007
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    OMG, is that smell a nautilus hound?;)

    Get a router with firewall/SPI plus SSM or Prosec -- that's all the firewall anyone needs... unless (of course) s/he goes around flaming black hats.
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost

    Don't want to insist on your choice of a firewall.. but this can be done easily with "program expert rules" in ZAPRO. You can set exactly which server your mail client can connect and on which port. You can indeed add just the site and ZA will resolve the IP.

    Sorry in advance if I have missed (in the many post here) that ZA is not a choice for you due to whatever reasons.

    Cheers,
    Fax
     
  24. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    Wow hahahaha ,.-

    I really wish you can be the next firewall developer to create Crap Firewall...

    For me, I been going around the products looking for stability and driver like filter packets. I sometimes dislike software-based firewall which does not come with a driver filter this is because of the resources they used.

    But then please think... if you mention so many and yet cannot find one, please use jetico or Lns for the next 3 months....

    I can proudly tell you I have tested all firewall , from ZApro to Outpost to KIS to many brands... even the PC tools Firewall....... all these for 2 to 3 months.

    I fell in love with LNS and Jetico lately do not know why but it gives me the time to choose.

    Though now LNS v2.06p1 has a little disadvantage vs Jetico v2.0 due to the watch dll is removed which makes it a little vunerable. LNS is still quite a nice choice to start off with.


    Climenole <--- this guy rocks I seen the filter.txt experitmental filter rulset. I dun even think a fly can get through these script without notifying you.

    ,.- for what I know firewall is manage by users, Comodo is one excellent software-based GUI interface firewall that improved according to many users requests. Jeticov2 may be a little complicated that I may give up due to the changes of upgrade is really too complex <--- this I understand. LNS <---- man this one is feather light but rules can be set to even a bacterica cannot go through it. ( super strong )

    These 3 product are already super strong.... I will not mention Outpost, KIS users because its their preferences.... of choice that they are looking for.

    Now I begining to use LNS in VPN-area , WiFi area all work well and the speed is super awesome. As one says driver mode firewall filters much faster than software-based mode. They really have their up and downs.

    By the way why are you looking at matousec, these are tests for the firewall developer to see and improve and not you to judge all firewall as CRAP !!! or give so much comments about so many firewall product. ( if this is the case, you might as well plug out your internet connection ?)

    Please do not compare firewalls, because we are the one that causing this leaks, how often you go into porn site, how often will you get a rootkit and leak the firewall o_O If you do all these then you should know the risk.

    I been using Jectico v1.0 because due to it unsupport and getting of BSOD, I use Comodo 2.4 after that due to my taste for internet speed and fast firewall filtering, I decided to try LNS instead of Jetico v2.0 <-- way too complex to understand certain terms and do not have time to clarify with Stem or Nail in other forum.

    Finally to end this, I think you should think about it, why are you complaining so much, show what you have done so far, tell us what you have done in all the firewall product, I think this will be healthier and much more better than just saying all firewall are Crap.

    If you do not mind " Actions ( Screenshots ) speakes louder than words(useless complaining) "

    No one will stop you from hating firewall, because I am happy here with LNS + SSM this two works rocks solid hard.... and also I know more application than you which protects me from leaktest. I do not accept any rogue application or weird process.......
     
  25. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Actually, I need a crap wall. That is, a wall that will keep out all the crap.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.