netveda

Just create BZ rules in the advanced firewall column but the default ruleset is pretty tight and keeps the system stealthed real good. I have my explorer blocked and so far can still access my explorer. I just added the Verisign and DNS rules from BZ, rest is all there, will post a screen shot for you tomorrow.

 

Thanks Arup

I'm on a stand alone PC, DSL and my ISP has a FW so I'm always stealthe.

What I've added to advanced ruleset so far.

exporer... outbound... deny all
boottpc.. both...........deny all
boottps.. both...........deny all
icmp...... both...........deny all

This is all guess work on my part...so your screen shot/translation will help
me immensely to understand and use a FW...kinda like "show and tell"

 

Ok, thanks, I will have to take another look at it then. I missed that one. I admit I didn't spend too long on it, maybe a half hour at most. I'll try again soon.

 

Afraid my romance with NetVeda has to end temporarily, I had to system reboots especially when opening up multiple browsers, after second reboot, my FTP stopped working, Thunderbird SSL GMAIL POP stopped working too, I set up rules for them but still no go, after the third reboot, I decided it was time to take it off although with great reluctance, this product has maximum promise but it still needs honing.

I will give the new Jetico a try but eventually would go back to tried and trusted Kerio+BZ+Winsonar.

 

I wasn't aware that we had a romance...

 

LOL! severely apologize for the typo, didnt have my coffee yet, it would be Netveda and not Kerodo.

 

umm..
I need to ask something. The app control feature is destroyed, I don't know why.
It's on automatic ALLOW. Don't know how.

I was playing around in the settings. No option like this.

so... what's the verdict.

PS: I'd be happy if someone has the default config backed up.

 

Same thing happened to me, system rebooted all of a sudden and many of my programs lost access to the net including FTP and Thunderbird Gmail POP which uses SSL with 995 and 443.

 

It's inverted for me.
not same...
ALL progs have allowed access... HOW?

 

Hey Arup dont give up on Netveda just yet...I think alot of your problems
are from having explorer in trusted apps blocked..
1. Make it trusted
2. Uner group management...make explorer an application
3. Under Security...advanced firewall...deny explorer both ways with everything
I found out by doing just that I can pass 21 of the tool leak tests
the other 3 don't work on my machine.

 

I meant to add try a uninstall ....install
and try what i said first.....then work from there.
Also if you have activate component learning checked...the rules won't
take permanent effect, and also make sure you click apply in app trust section

 

I too solved my problem after unistall/reinstall, only to have it come back. Could it be a problem in the firewall itself?

 

I just did the install uninstall to start with a fresh page....I havent realy had
any probs with the program....just a matter of learning purpose for me.
Not bad for a free firewall ...almost out of the box..to stop all those leak tests.
Especially with a FireWall klutz like me configuring it.

 

I decided to give NetVeda SafetyNet another try and got better results with this install. The problems I encountered the first time I tried it were not there this time. ...ah, the mysteries and joys of uninstall/reinstall

The only issue I currently have with it is that I cannot see the other computer on my LAN, and this is an absolute must.

My connection is:

Internet > DSL Modem > Router > [Port 1: PC #1] [Port 2: PC #2]

I cannot get PC1 to see shares on PC2 (or vice-versa)

 

Here's a handy little tool for all you FW experimenters.
http://www.larshederer.homepage.t-online.de/erunt/
When you have everything running great, do a back-up of your registry before
going on further. It just takes a second.
I'm on a stand-alone PC, Dsl, with XP home SP2, and all un-needed ports and
services closed. Here are the basics, of how I set up my machine to beat the
leak tests.
Groups.......group type drop down....application...new....group name...type in
Exporer......find windows explorer...click blue down arrow...save.
Security.....Advanced Internet Firewall..Direction..Both.....Rule...Deny
Service..All....Application...Explorer....local and remote network ..
All...Click Add button...and Save.
App Trust...iexplorer ...ask
Spooler Subsystem app..............................NO
General host process for Win32 Services........NO
Firefox....................................................YES
Windows explorer......................................YES
Security apps...........................................YES or ASK
Upper left corner....Check Show components
Microsoft C++ Runtime library.......................YES....click Save
The save and apply buttons are very important and easy to miss buttons.

 

OOOOPS ....forgot to add, under trusted apps

Services and Controller app.........YES

 

Leaktests et al

I wonder if anyone has done a serious study of the cost to benefit ratio of going from the XP firewall, to a traditional firewall that is not application aware, to a personal firewall with simple application control such as Kerio 2.15, and from there to firewalls with advanced program control such as Tiny 6.5.

Is anyone really better off if they can pass all the leakests? My understanding is that even the ones that have shown up in actual trojans were attacks aimed at a specific person or network. Yet, the amount of work reqquired to get these firewalls goes up with each level of desired protection.

After all, something llike Kerio 2.15 or ZA free will tell you when a new applicationis trying to call out. Is the possibility that a trojan enabled to communicate via a trusted application, that is also zero hour so that it is not detected by an AV, and will not be noticed in any other way (and believe me there a lot of ways to notice something) that great that it is worth putting up with days of responding to alerts that never seem to end.

From my point of view, many of these alerts are no different than AV false alarms. It may be the firewall or something like process guard doing its job, but the effect is the same. Stop everything and decide what to do with the alert.

Have we simply become obsessed with leak testing to the point that the effort required is way beyond the possible threat? And I mean that in an objective way, not just I am afraid of...x.

 

Oh I can't say I'm obsessed with leak tests.....Mainly it just bothers me that
so many get thru so easy....So I like to counter to my best ability to stop them.
I run PG full along with regprot. but when it's slow here at work I like to putz
with different security apps and experiment. Mainly it was the challenge to beat
the leak tests....maybe I do alot of things arse backwards...but that's my way
of learning things... trial and error....trial and error.
I've tried a lot of different FWs and get lost in the zillion trillion terms,
and no matter how closely I try to follow someones rules sets...MY O MY..
how hopelessly I mess up.
Netveda is the first FW I've used that I can translate to my way of thinking,
Believe me when I say I'm very FW challenged, so yes I'm darn proud to be
able in a couple of hours to master the leak tests.
The only time when I get alarms.....is when I test or try something.

 

Obviously some have...

 

Thanks for the advice, I already tried this out but the problem remained, also the fact that the system would reboot frequently added to my woes, never happens with ZA, Kerio, Jetico so I guess their packet driver needs some work.

 

Maybe thats the only way I can learn things
I went thru the same thing when I taught myself DOS
Making my first computor a 386 couple of months after buying an old 286.
Adding more memory as I got the money.....whoo whoo all the way up to 4k Wow then adding a 2X cd rom player, win3.1 and whoa Win95 with 8k
Taught myself microsoft access...Now thats really hard. Sold a few databases
How do to photo restoration....have a couple dozen happy customers..
Also have taught myself other sundry and eclectic things.
I'm 62 years old....and I love to have a challenge and to learn new things
Otherwise one.. mize as well shrivel up and atrophy.
Everyone here talks about layered security.....So what is wrong with having
a leak proof firewall and PG....Seems like a "comfort blankie" to me.

 

Let me make it clear. My comments about leak testing were not directed at any single person, not a personal attack or making fun of anyone. It is just a call for thought.

This evening I saw something on The Register about how many computers have been compromised. It is really chilling.

The real question is: how many things have to go wrong (including incorrect user action) before you machine gets hosed, and a firewall alert tells you what has happened. Then add on to that, what is the possibility that some kind of spphisticated firewall application bypass technique is in use, when there is so much low hanging fruit around, so to speak.

Obviously, any worm that gets in because the infected system had no firewall does not have to be able to get around an application aware firewall. If it does not get in as a worm, then you had to click on something... and so it goes. Dont let me disturb you, just wondering, let me make you think.

 

I'm not upset with you....Just that unneeded "shot" from out of the blue
got me kinda hot.
The reason we all come here is to learn and share experiences.
I was trying to make a guide for ppl new to Netveda to be able to set it up
to be leak proof....Once you are familiar with layout...should only take a
couple minutes. Thats not much time to spend to have a leak proof FW.
It is a free firewall and so is Process Guard demo. thats very important to ppl
on a limited budget. Also a great double layer.
I know if someone wanted in my PC they're in.
Same as with my store....I can put all the locks and bars on the windows
if someone wanted in...THEY WILL GET IN.
All I can do ...is make it a big a pain in the arse as possible.

 

Just Wondering,

Why not use Kerio 2.15 with BZ rules and PG free or Winsonar, this way, you have yourself a good defence system in place, add Avast and two on demand free scanners like BitDefender and Clam AV, do regular scans with them and offline scan with Avast and your way to a relatively safe PC.

 

If my sassy comment bothered anyone then I apologize. It wasn't directed at anyone in particular. Just a general comment regarding the preoccupation some have with leak testing. But I suppose it's a valid concern for some...