new portable firewall

Discussion in 'privacy technology' started by SteveTX, Feb 25, 2008.

Thread Status:
Not open for further replies.
  1. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    So we're designing a new portable opensource firewall for windows. You'll be able to deploy it with other applications to keep them from leaking, as it will be a two-way firewall. I would like to solicit opinions on features. Comments and suggestions are now open.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Take Kerio 2.1.5 as a model
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Absolutely!! I couldn't agree more. Small yet very effective is the way to go.
     
  4. chuckfrasher

    chuckfrasher Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    15
    That sounds awesome!
     
  5. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Great choice!
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Actually, we did pick up Kerio and take a look at it. So far our popups are pretty much the same. It was the best personal firewall I had seen yet. :D
     
  7. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I'm not sure I'd go that far. LnS seems to offer a bit more power as far as capabilities of the ruuleset.

    Also, this is very important to me, but could you make it so that it does not require XP SP2? There is already a product out there, similar to what you are decribing, but it required SP2 and, since I refuse to bloat my system with convoluted code, I cannot use it.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Lets see. I think this one will run on as tiny as Win98. So far it is a kernel level driver injection, using the TDI Filter driver. However, I'm considering what it would take to make it an NDIS level driver, which is pretty much the only way to get any lower. However, I think that may mess with the portability of it. Something to be researched...
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Okay. So we are getting alist of priorities.

    So far you think it should be very small, lightweight in resource consumption. Okay. What do you like and dislike about other firewalls?
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I dislike bloat, useless features (ad/script/cookie blocking, IDS, leak-proofing, eye-catching UI, etc), confusing rule editors, lack of full SPI, hard-coded rules (default rules which can't be modified/deleted), filtering limited mostly to TCP/IP.
    I like the table approach of Jetico (related rules are grouped), the custom addresses of Kerio 2 (useful to limit remote endpoints in POP3/SMTP/IMAP/DNS/HTTPS/DHCP). I like the ability of Online Armor of importing blacklists from a text file. I don't want any HIPS feature in a firewall other than hash checking (Kerio 2) and TDI filtering.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    AFAIK is the very best ever conceived, i tried OA Armor and wouldn;t you know it, went right back to Kerio 2.15 again. It's withstood the test of time on both Windows 98/ME and now XP Pro without so much as a scratch. It is however supported with my HIPS as additional measure of protection as well as auto-restarted if ever forced closed.

    Theres your template!!!
     
  12. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Password the configuration interface.
     
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    So you want it
    1. Lightweight
    2. Somehow do SPI while being lightweight. heh.
    3. Password protected ruleset option
    4. Similar to Kerio in HCI
    5. Rule table display, sort by group/type
    6. Import blacklists option
    7. Non-multifunctional, no IDS, hash checking at most for trusted applications.

    Does anyone here care about NDIS vs. TDI vs. Winsock injection?
     
    Last edited: Feb 26, 2008
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    IIRC, you need both NDIS and TDI drivers. The NDIS driver is necessary to perform filtering of network packets at the lowest level (rightly after the NIC has processed them) and the TDI driver is need to bind packets to applications. Am I correct? I don't know what's winsock injection.
    A good SPI engine shouldn't be that demanding (at least in CPU cycles), see Jetico and CHX-I (lightweight firewalls which are known to perform a deep inspection of packets, specially CHX-I)
    Also, if you put too much HIPS-like features, you will end up with something like CoreForce.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    If you can, keep it light as possible but add suggestions above to strengthen it's capabilities and leave HIPS for HIPS makers, every single firewall and AV maker who adds HIPS only throws their specialty off-balance.

    Keep it a true portable firewall and i like to suggest to add some GUI appearance control such as (if possible) slide out from the top or side of screen prompts.

    Growing weary of same old scenario time and again.

    ALL THE BEST!

    easter
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    why make it like Kerio?? I just don't get why so many people on these forum like Kerio?

    its just a very basic firewall with hardly any features with just a small amount of packet filtering rules nothing more. surley look n stop has to be better than Kerio 2.1 or 2.5 with all its extra Rules.

    can some one please explain why Kerio is so good other than it being light weight??
     
  17. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I realize kerio is not Vista compatible. But will the new firewall be?
     
  18. SirRollsAlot

    SirRollsAlot Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    24
    Would it be possible to make it fit in a Linksys WRT54GL? I don't know what system requirements you're looking at right now. Or is this going to be a software firewall that you stick on a USB drive?
     
  19. firefox2008

    firefox2008 Registered Member

    Joined:
    May 17, 2007
    Posts:
    125
    Don't make it a separate program, have it so it is interegated with the XB browser so it is as automatic as possible for the novice user.
     
  20. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Lots of great suggestions here. Yes, it would have to be Vista compatible, which may or may not be possible (thank you microsoft). I agree that no IDS system really needs to be in place, except for rules that are based on applications/executables instead of traffic. I like the idea of NDIS and TCI levels.

    As for integration, xB is eventually going to be a suite where you can install whatever components you like and they will automatically work with each other. At least, that's how I see it. The real trick is having the programs call each other to work in conjunction, but nothing I don't think we can do. I'll shortly be integrating xB Browser with xB VPN, at the launch of XeroBank 2.0 network this next month.

    Let me ask another question, what if you had to reboot after installing it, is it still portable and with the same functionality? This may be a deal-breaker with NDIS drivers.

    Keep the comments coming.
     
  21. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Hi,

    AFAIK, there are two levels of users, "software does it" all and "I do it all" and the others somewhere in-between. So please provide beginner and expert levels, where beginners and plug and use and experts tweak everything they can.

    Best Wishes
    Avboy
     
  22. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I would like a right click from my mouse over a IP address and get whois info- if that is possible. Thanks.
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    A simple question, maybe I'm missing something here:

    The firewall will require a kernel driver - right? So, you'll implement some sort of service restart mechanism to allow on-the-fly use without rebooting? Is this possible in Windows? Because what do you mean exactly by portable ...

    Mrk
     
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The TCI I don't think we have to restart, but for NDIS I think we do.
     
  25. herbalist

    herbalist Guest

    Make it just a firewall instead of a security suite. No HIPS, NIPS or other trips. Use Kerio 2.1.5 as a model. Keep the ability to specify protocol, local and remote port numbers, IPs, and individual applications. Add IPv6 compatibility. Add filtering of ARP packets. Keep compatible with 9X systems. Add an option to the status screen that will allow individual connections to be closed, such as you can with TCPView. Keep good loopback connection control. On Kerio's rule edit screen, there's an option to specify "Other" in the protocols. Could this be modernized and expanded?
    Kerio 2 has a custom address group. Several such groups would be useful, especially for blocking adservers, etc.
    Most rule based firewalls read the ruleset from the top downwards. How do you plan to make a ruleset sortable by group or type without affecting the order in which they're applied? I may be old fashioned but I prefer the rules displayed in the order they're applied. Makes it much easier to maintain control over loopback traffic.

    This might be too much to ask. Could it include IPv6 to IPv4 conversion to make older operating systems IPv6 compatible? Maybe function like a converter box in this respect?

    Rick
     
Loading...
Thread Status:
Not open for further replies.