netveda

Discussion in 'other firewalls' started by S!x, Jan 12, 2005.

Thread Status:
Not open for further replies.
  1. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
  2. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
    I use it. Its very configureable and takes up a small amount of RAM/CPU. The UI could use some work though.

    BTW, check out the forum for it at http://forums.netveda.com/index.php.
     
  3. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    I tried NetVeda SafetyNet but it didn't stay on my system but a very short time. My first impression of it was one of "this looks very promising" but disappointment soon sat in.

    I set it up in learning mode and asked for verification for everything starting up and accessing the internet. The first sign that things weren't going to be as secure as I liked was when I started up some programs and I asked them to check for program updates on the web. (SpyBot S&D, SpywareBlaster, Ad-Aware). All of these programs started and checked for their respective updates without every asking me for confirmation to proceed. STRIKE 1

    Next I ran LeakTest from Gibson Research and specifically configured the permissions to deny this app to run or access the net. It did anyway. STRIKE 2

    Finally I decided to access my company's network with verification required and it zoomed straight in, started accepting full traffic and at no time did it check to see if this was a trusted network, if I wanted access to be permitted or denied, etc. STRIKE 3

    Memory utilization was two processes running at 8MB each and when you opened up the configuration window it started another process that was 6MB. Not the worst I have seen but certainly not a lightweight either.

    To be honest I really wanted this to be a great firewall and it does have the foundation to build a good product on with proper development. I was very surprised by how it didn't require what I consider basic system security for any firewall. On one hand it offers a number of features that would be very appealing to a lot of people, such as private information blocking, content blocking, several parenting controls, ad blocking and much more. However, I question how effective these features are when it wouldn't even stop apps from accessing the internet that I specifically told it to deny.

    With all that said, this is still a firewall I intend to keep an eye on for future development. It could be a strong contender with the right development, IMHO
     
  4. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    I am on a LAN and a NAT router
     
  5. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    No problem. I was just posting my experiences with this particular firewall. Others may get different results. :cool:
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I tried it out recently and noticed that it doesn't seem to log ICMP traffic. Also, I had trouble getting proxy software working with it. Couldn't figure out how to make it work with Safety.Net. But it's otherwise not too bad I guess... I didn't notice any problems with it asking for app permissions or anything...
     
  7. I'm testing NetVeda on my system, and I must say im very impressed, the more I poke around with it...I get even more so. Out of the box it passes most of the
    leak tests, about 16 of them in all.....some of the tests don't work on my PC.
    On my machine all security apps. and so far most of the unknowns, I've tossed
    at it seeking net access ask for permission..... you can even block DLLs.
    For anyone with small children and/or teenagers accessing the internet the filters are great, from blocking chat rooms totally, or limiting their access to
    certain ones....PICS rating....times allowed on internet....an "Eraser" feature
    so kids can't give out data....like their address or phone number.
    I admit I'm an FW tyro and get lost in the sea of accronyms, and it takes me
    a lot of trial and error to learn something....but I believe this firewall is worth
    a try, to learn it's quirks, and explore the many features it has.
    If one of the many FW gurus give it a test..I'd shure appreciate some pointers
    on how to make it more secure.
    P.S. Best of all it's free
    P.S.S. Heres the requisite screen shot for P2K
    http://www.snapfilespro.com/gnomescreen.php?id=108782
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Assuming that it's doing it's job, it seems fairly interesting. It bothers me a little that it doesn't log ICMP traffic and makes me wonder if it doesn't block it either. Don't know.. Otherwise, it seems ok... Lots of features as you say for limiting access to things and so on.
     
  9. Arup

    Arup Guest

    Any idea if ICS is supported?
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    No idea Arup.. sorry...
     
  11. Arup

    Arup Guest

    It supports NAT and is proving to be a very good app once you have the advanced rule making set on patter on BZ rules. So far has passed all the tests.

    Thanks to S!X, we are on the way to finding out a very good and free low resource firewall.

    For proxy configuration, try setting it up in configuration>system configuration.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yes, I did see the proxy settings menu/window, but just couldn't get it to work right with Avast 4.6. No matter how I set things up, it would allow IE and others to access the internet without asking me. Don't know if it was just user error or the program. Maybe a little of both... :D
     
  13. Arup

    Arup Guest

    In my case, I had to grant permisson to all my installed browsers as well as all Avast services. Really good program, only consuming 8mb in my sytem and has passed the Leak Test, Toolleaky as well as PC Flank and Vulchek along with GRC, Sygate and others.
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I may have to give it another try sometime. I still have it here.. Meanwhile, I'm sticking with Kerio 2 for a while I think..
     
  15. Arup

    Arup Guest

    K,

    When you do, please test it for the fragmented packet vulnerability if you can.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I don't think that I can with Netveda. It doesn't seem to log ICMP at all. And the only way I could tell frag'd packets were getting thru was from the resulting outbound ICMP type 3 to random addresses.. that's what I see here anyway.

    You can supposedly do a ping <address> -l 5000, set a rule to block inbound icmp replies, and then see if the incoming fragmented reply goes thru the firewall, but again, I don't think you can do that with Netveda due to it's lack of ICMP logging.

    I doubt it's a problem though. Kerio is the only firewall I know of that has that trouble... and I refuse to worry about it anymore... :)
     
  17. Arup

    Arup Guest

    True but it did pass all the ICMP ping tests at PC Flank and other sites.
     
  18. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Then perhaps it would be wisest for you to believe that there IS no problem. :D
     
  20. Arup

    Arup Guest

    Well in the end, it is a good promising firewall with low resorce need and good interface, the app control is a plus and it is free when more is being charged by others for something far lesser than this. Think I am going to keep it for a while. Does everything that Zone Alarm Pro does but at no cost.
     
  21. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    DLL monitoring as well?
     
  22. Arup

    Arup Guest

    Yes, it does DLL monitoring like in Kerio, Tiny etc.
     
  23. Kerodo It does monitor ICMP traffic....Under default user....application control
    no access...check ICMP...then under netactivity reports it will show ICMP
    Under app trust you will notice it trusts windows explorer.
    What I did ...was go to groups....hit the drop down...select applications
    click new....make an explorer group....then go to default user....and put a
    block on explorer in the application contol no access area.
    Sorry I can't explain things better....but like I mentioned above...I have
    a heck of a time understanding all the internet terms.
     
  24. Arup

    Arup Guest

    Just Wondering,

    You can also deny access to Windows Explorer in the trust settings as well. Really easy to use firewall and features excellent control for LAN as well including access control as well as content filtering. Also among the rare ones to support full ICS in free version with stealth makes it an incredible value hard to ignore.
     
  25. Hi arup.....I found out if I block explorer in trusted apps...I can't access the
    internet....I did what someone suggested in the Netveda forum.
    I also found out....you can do the same thing many different ways.
    If you can show me a screen shot how you translated BZ's ruleset to Netveda
    it would sure help me a lot....like I mentioned before..I dont have a clue
    what most of these terms mean....mostly trial and error...mostly error.

    Thanks
     
Thread Status:
Not open for further replies.