Need another Firewall

Frankly, I don't understand anything about Firewalls, I only know that I need one and having a firewall with a router is safer according my readings.
I only want to know, if my firewall can live in a frozen snapshot, because a frozen snapshot is a total different environment than a normal one.
Every software that has to do with internet or security is a new area for me.
Of course I get smarter every day, but not that much. LOL.

For instance : Comodo Firewall caused errors during the creation of my freeze storage and I couldn't fix it. So this firewall would be a constant pain every day. I can't use that Firewall.
The other 4 firewalls seem to work in a frozen snapshot.

 

Sorry, but I have to ask.
Are you primarily concerned about inbound?
i.e.: are you running any HIPs apps that address outbound?

 

how about jetico erik? they have a freeware version and a paid version (i had this before i installed comodo firewall):
http://www.jetico.com/

it's also pretty small and unless i'm mistaken it's purely a firewall, nothing more.

 

Thanks. I will try that one too as all the others.

 

As far I understand and that isn't much, I see it this way.
My router D-Link DI-604 protects my inbound, so my new firewall is mainly for outbound protection.
I use Anti-Executable and DefenseWall to stop the execution of malware.
The removal of malware is not a problem anymore.

It's the execution of malware that bothers me the most. If I could stop this for 99.99% immediately, just like my removal method, I would be happy.

 

Hi Erik,

Did you try Kaspersky IS7 yet?

I used RollbackRx Semi Frozen System and I don't encounter any error message coming from KIS...It survive with my Semi Frozen snapshot, you can try it.

Just don't forget to add your imaging software to KIS trusted zone.

 

This seems to be a frequent problem, security apps that do not get along. They all hook so deep int the system that conflicts are likely and no one has the time to test every possibility.

 

http://www.pctools.com/firewall/ ...another fw that you might want to give a try, that just came out of beta...

 

Look at Online Armor Personal firewall, Excellent firewall with or without HIPS.Easy to install, very easy to configure and great protection, Plus support to second to none.
Badcompany.

 

Thanks, but I assume that KIS has one or more blacklists parts and I try to avoid security softwares, which are (partial) based on blacklists.

The freeze storage that cleans my on-line snapshot on each reboot is in fact one big whitelist of ALL objects installed on my system partition [C:], which is my first harddisk.
During each reboot FDISR compares my on-line snapshot with the freeze storage :
- each object that is missing, is added again
- each object that doesn't belong, is removed
- each object that changed, is replaced with the original.
The final result : on-line snapshot = freeze storage, in other words nothing changed.

Faronics Anti-Executable (AE) is also a whitelist, that contains each executable installed on my system partition. Any other not-listed executable (good or bad) is refused by AE.
The main difference between my freeze storage and AE is that :
- the freeze storage covers ALL objects, while AE covers only executables
- the freeze storage acts only on reboot, which is in theory a bit too late, while AE acts immediately, I can't even move my mouse over an unauthorized executable on my data partition [D:] or I get a warning from AE.
These unauthorized executables on my data partition are installation files of legitimate softwares, I didn't install yet.

 

All I'd say about Sygate FW which I have, (depending on the version perhaps), is that if one allows an app through the FW the FW kicks in "auto-pilot" and grants said app server rights. So, uncheck that ea. time you allow an app access to the net.

SG1 (Pat)

 

Hello,
And that makes no difference whatsoever - except for apps that need server rights, which you would grant anyway.
Mrk

 

Mrkvonic;

RE my comment, on Sygate FW:

Read about that a while back, and thought that this was not "a good thing" but I got it wrong, I gather?

Only app I allow as server in FW is Wallwatcher, as it seems to not work without it.

Have I gone down the wrong path, then, on what to allow or disallow as to server rights? Everything seems to work OK as to FW rules, 'net access and the like.

* Don't mean to hi-jack EA's thread, with my question.

 

Hello,

You didn't get it wrong.

But most apps are not programmed to accept incoming packets or to listen to ports. So the rule is symbolic for most.

On the other hand, various IM programs and P2P apps must have server rights to work properly, which you will allow if you want to use them.

This could be a problem if you had something installed that might want to become a server and accept inbound communications, for instance a node for an IM network or such. But then you should know this and act accordingly.

For example, any of the following:

- Remove server rights
- Allow the use for application per port / per session
- Not use the app

Check your ports with server rights for all apps. You will see that all your ports are either closed or stealthed save for server apps - like p2p. Regardless of whether they have the server rights or no.

Mrk

 

Erik,

I'd go kerio (freeware) or Jetico 1 (freeware).Both good,free and light !

 

Any new additions

 

KIS is a blacklist at least to the extent that it has an AV, as are all AV's. Does anyone know for sure if the firewall component has a blacklist? The only software firewall that I can offhand remember for certain using a blacklist is Norton as included in NIS, 360 and the corporate Client Security. Black Ice might have had something like that, but it is now (or soon to be) unsupported. Possibly Outpost works that way, but I am not sure. Interesting concept to white list based on a frozen baseline. Just need some way to be certain everything in the base system is clean.

 

try kaspersky internet security7.0.0.125
if u like standalon firewall use outpost pro its very strong