online tests and pcinternet patrol?

Discussion in 'other firewalls' started by TC, Oct 30, 2002.

Thread Status:
Not open for further replies.
  1. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    hi

    2 questions, please:

    1/i was quite happy with ZA pro ( and tds3) when i performed online tests ( pcflank for example), but i just tried another online test ( http://www.pcinternetpatrol.com/downloads/audit.php ) which was very bad...( with a report emailed to me)
    i'm lost...which ones are reliable ?

    2/ the free audit is used to promote pcinternet patrol, commercial software (http://www.pcinternetpatrol.com/downloads/pcip.php ), which is expensive but supposed to be the best protection

    i performed here a search about pcinternet patrol, but did not find posts; i'm sure that lots of guys here know the product and i wonder what they think about it...

    thanks for your replies!
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi TC. Please do not be fooled by the blatant trickery involved in such sites as PC Internet Patrol. There are others.
    If I were to say to you, I'm going to send you a program, I want you to download it , install it and then run it, and you did, then I could have had you install a trojan such as backoriface and have your computer to play with.
    To the best of my knowledge, no legitimate company is going to trick people in such a fashion. I get really uptight every time I think about these misleading fear mongers that try to sell their expensive, below par pieces of crap they call security software to people that are just trying to learn about security and make their machines safe.
    PC Flank is an excellent site to test your security. There are others and if you want a list I will provide it.
    If you are happy with ZA Pro and it is setup to show stealth at PC Flank, you're ok.
    OK, my blood pressure's coming down now that I got that off my chest.
    Did I say PC Internet Patrol is a piece of crap?
    :D :D
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    ( Gee root, tell us how you really feel about it. ;) )

    TC - it's good that you caught this and came here to find out the truth about that site and its product. Many people would have just taken its advice and gone along with them.

    Root, I agree with you 100%. That site has a lot of nerve doing what they're doing. The worst of it is them telling people to "deinstall" their firewall software before testing their security. Well, no wonder people then fail the security test. :mad:
    :mad: Nasty site.

    TC, is your ZA Pro back up and running now? Let us know if you have any problems with it.

    Best Wishes,
    LowWaterMark
     
  4. SpaceCowboy

    SpaceCowboy Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    40
    first off i would like to know why TC's ZA PRO did not pass this test?
    and root and lowatermark i dont quite understand why you two think this site is so bad, or what they are doing is somehow fooling people.
    the first link that TC gives is to download their little firewall leak test. it is a program just like too leaky or firehole. with Sygate PRO i pass this test and the program tells me i do.
    the second link that TC gives is to download their 7 day trial for the firewall. that is where they say to uninstall your current firewall so there isnt any conflicts. we all know that we should do that, so how are they being deceitful by telling people to do that??
    now root im not saying that this firewall isnt a piece of crap like you put it, because i have never heard of it either, but i really cant see what this company is doing wrong..

    what am i missing??
     
  5. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    thanks for the replies

    in fact the pcflank tests were ok, but the audit test i was talking is slightly different, just try it if you want but the main points are that it can discover your directories (but i don't know if it means that these folders are accessible, i remember that there's a trick to frighten people but which is harmful, to get a root directory listing) and can "read" a password...

    well what confused me also is that the following test: http///www.tooleaky.zensoft.com
    breached also my firewall...so.....?

    o_O
     
  6. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Well SpaceCowboy, if you can't see the trickery involved, I don't know what I can do to get you to see it.
    Did you read this?
    "Before downloading and installing pcInternet Patrol™, we strongly recommend uninstalling any personal firewall you might have installed on your computer to avoid a possible software conflict."
    They are saying uninstall your firewall, download a trojan like program, install it, run it, and when it reads a file and connects out, they try to tell you you need their program.
    At best, if you left your firewall installed and ran their program, it is the equivalent of a leak test. But they don't tell you that. They try to get you to uninstall your firewall, just incase it does work.
    It is deceitfu, misleading, and the worst kind of business practice.
    Why do you think it is not considered one of the mainstream firewalls?
     
  7. SpaceCowboy

    SpaceCowboy Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    40
    i dont see this message when you are on the download page(TC's first link) to try their leaktest. i only see this message when you are on their download page(TC's second link) to try out their 7 day trial of their firewall.
    i cant see anywhere where they are telling you to uninstall your firewall and try their trojan like test. they only try to get you to uninstall your firewall when you are on the download page for installing the trial version of their firewall as it might cause conflicts. what is wrong with saying that? i am sure you know its not good to have two firewalls installed and running at the same time. i think you are misunderstanding where you are seing this on their website.
     
  8. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    If you want to try a product that uses the tactics used by this company, be my guest.
    I will continue to call it as I see it and recommend people stay away from such sites.
    It will do no good to drag this out any more.
    Have a good one. :)
     
  9. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    There have been topics covering PCAUDIT before.
    It is a valid test.
    However, a simple proxy such as Naviscope will easily defeat it as i managed to do it with no firewall installed (for test purpose only) .

    http://www.wilderssecurity.com/showthread.php?t=2790;start=0

    Having said that, i still agree with root that the purpose of this test is simply scare tactics to get you to buy their product, but also a warning that one should be careful of what gets in your sys as this test is only a simptom of what a malicious download could do once it's in.
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Correcting my mistake...

    SpaceCowboy - You are absolutely correct on this. What I did was I went to the first link provided, read my way down the page, saw a "more" link, click that and continued reading down that page. I thought it was more regarding the test itself, since it starts with "What is pcAudit™?" It is on that second page that it says to uninstall, (quote listed in above posts), and I thought it was still talking about the test, not their firewall product. But, rereading now, I see that 2/3 down that page, it switches to talking about the firewall product itself. My mistake!! Sorry. :oops:

    Best Wishes,
    LowWaterMark
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    TC -
    Tooleaky gets by a lot of software firewalls given the "right" setup (or is it the "wrong" setup? ;) ).

    All tooleaky does is create a new IE browser session (hidden window, thank you Microsoft :( ) and attempt to hit the grc.com site. If it can, you fail the test. Well, most people's firewall rules for IE will allow it out to the web using http without any alerts or warnings, so of course this works on their systems. It's an interesting test concept. (A very simple program - the intelligent part was thinking up the test method in the first place.)

    You can "defeat" tooleaky if you: 1. don't have IE installed or accessible on your system, 2. have your fireall block all IE access by default, if say you use another browser, or 3. have your firewall Ask whenever a new IE session makes its first network connection attempt. This is what I do. I get one alert from ZA+ at the start of a new browser session and no more alerts until I shut it down and restart it or call up a second, unconnected IE program instance.

    There's a lot more to this, but, I'll just link some threads on tooleaky where I've stated much of this before:

    http://www.dslreports.com/forum/remark,4311855~root=security,1~mode=flat

    http://www.dslreports.com/forum/remark,4414758~root=security,1~mode=flat

    Best Wishes,
    LowWaterMark
     
  12. Scotcov

    Scotcov Guest

    Hi LowWaterMark

    "3. have your firewall Ask whenever a new IE session makes its first network connection attempt. This is what I do. I get one alert from ZA+ at the start of a new browser session and no more alerts until I shut it down and restart it or call up a second, unconnected IE program instance."
    I am now trying LooknStop. In order to do what you recommend, should I "allow it once" with an application, rather than just pressing "allow it"?
    Thanks
    Scotcov
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    In Zone Alarm, that is what I am effectively doing. I get the alert as the new IE session connects to the network (resolving the first loopback connection and going out for DNS lookup), and I hit allow without telling ZA to remember the answer next time. From that point forward, that session (and all its sub windows) never again ask for permission.

    If your firewall does that when you use "allow it once" and from that point forward, changing pages, refreshing, etc, does not cause it to ask again, but, when you shutdown IE and start a new session it asks again - then yes, that's the same as what I'm doing.

    The way this protects me (just in my opinion here) is that I know whenever I have started an IE session. If I were to get an unexpected ZA popup asking for IE permission at another time, I would know that session is not one I started and at least I would have a chance to think about it, and make an informed decision. Is there a chance to make a mistake - of course there is - just like any time one of us users is at a keyboard. ;)

    But, it works for me.
     
  14. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    All of you should be uninstalling your current firewall if you want to install another one. That is advice given by all security experts so I don't know what all the fuss is about. You should never have two firewalls running at the same time as it may cause system instability.

    The program pcaudit is very clever and accurate in simulating what a real hacker can see and do on your PC and although it is used to try and sell the product it is a fact.

    One thing I definitely agree with is this. 'Stealthing' your PC is a load of rubbish because you MUST open ports to access the internet, download files, surf and receive emails so big deal about getting a 'stealth' at Gibson's who's all about promoting ZA.

    What is really important is whether or not the program which is accessing the port is legitimate and it's activity is not malicious and ZA isn't that intelligent because although it will check components and changes in them ULTIMATELY it leaves the decision up to YOU as to whether the changed component should run or not and that is where the problem lies.

    How are you going to make an informed decision about a changed component of your OS which seeks to access a port? A wild guess? Just trust it because it says it's from Microsoft? You got anyone you can submit the file to for verification that it's definitely not malicious code?

    That's why people even with these so called 'stealth' firewalls are still getting infected because this stealth crap is just that - crap. ZA can tell a component has changed but then leaves the decision up to YOU which is what hackers rely on - stupid people who haven't got a clue and will say 'yes' and allow their code to run. The majority of people are NOT tech savvy.

    I haven't bought pcInternet Patrol but it makes a whole lot of sense to have 'expert verification' on hand rather than trust a wild guess and it appears common sense here is getting a kick in the butt when it's really a very good idea to consult professionals. It may cost a lot but at least you're not guessing and possibly compromising your system's security. It makes a whole lot of sense to me to have a file checked out instead of just allowing it to run.

    Dave
     
  15. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Thank you WorldCitizen .
    pcInternet Patrol does a good job . I have used it . It does not stealth ports so , you will fail port scan tests . Their method is more of a check and confirm , whether to allow something in or not . It helps against malware of all kinds as well . It is very good , though expensive . To say it is crap is obviously a statement from someone who has yet to test it . If you know what it is for and what the approach is , NO WAY can you say it is bad . Very good program overall . So good , in fact , that I use it alongside Outpost Pro . I test firewalls constantly . pcInternet Patrol is just not a " traditional " firewall . And wait , a whole new look and feel , along with a name change , will be coming in the spring . I am interested in checking it out when it does . I will agree on one point though . The pc audit test is pure rubbish . They DO try to scare you . Even if pcInternet Patrol installed , you will fail their OWN test . Sad . But , again , a good firewall .
     
  16. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    I had a look at all the pros and cons and decided to buy it.

    There's nothing worse as far as I'm concerned than 'dumb' firewalls asking the user (who hasn't got a clue) whether or not to allow or disallow a program, especially a changed one. So far I've never come across anything that offers 'professional expertise' for making such decisions until I came across pcInternet Patrol.

    To me it's worth the money if you really care about getting 'accurate' and 'true' protection and not protection based on wild guesses. I want to be sure that my PC is getting the best protection so I'm happy with this. I have Outpost Pro - and will probably install it but I'm not sure as to how is best to configure it with PIP as there will be some overlapping.

    I really think the firewall industry really has to lift it's game. They go on and on about all this stealth crap and then when a very important decision has to be made it's up to us. What the hell then is the firewall for if WE have to make all the major decisions about what will run when a lot of us haven't got a clue whether the file is authentic, a copy or an injected malicious file. All we see is the allow or deny dialogue and are forced to take a very uneducated guess. Not good enough for my expensive PC I'm afraid.

    Dave
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I've not tried pcInternet patrol, but I have to say that I do think their pricing model is a little out of whack. For comparison, if you look at the structurally similar Cerberian (now Bluecoat) content filtering implimented as an agent on a router, the base commercial level is about the same annual cost, potentially covers a significantly larger number of seats, and clearly places a greater infrastructure demand on the vendor. The pricing models used in this market are probably decent ones to look at since they do seem to be growing. I use the base "commercial" level in my home (since it is based on router platform) spread over 5 PC's and have to say that I thought long and hard at making that committment. I do not have difficulty with expense when I see value. However, as an ongoing subscription cost, pcInternet patrol is well outside what I'd call value for the money. At half the cost they may have a shot, but even that seems a little rich to my blood.

    Blue
     
  18. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Zone Alarm Pro is $49.95 and you have no way of verifying the legitimacy of files that are changed. If a malicious program seeks to connect in the disguise of a legitimate program the decision is left up to the user. There is no way of knowing whether you allowed a Trojan online or a legitimate program and you're paying almost the same but for wishy washy protection which ultimately relies on the decision of the user when it pops up the 'allow' and 'deny' dialogues.

    Verification is a much more common sense and secure way of checking a file than just clicking on the allow button. It may say it's from Microsoft or any other well known program but may be riddled with malicious code waiting for the user to give consent. That's the problem, relying too heavily on the end user for decisions which really require professional verification.

    At $49.95 a pop you're basically given a program that leaves all the really major and hard decisions up to you to decide and if you're not an expert then your basically gambling. The weakest point of current firewalls is the user enabled 'allow' deny' paradigm. It's nonsensical to leave such decisions to end users when they wouldn't even have a clue what they're doing and mostly would click on allow and possibly get infected.

    As long as we all play along with this 'stealthing' bull then that's all we'll get - is firewalls that can 'pass tests' but you have to open ports to surf, download and receive email which is when 'stealth' malware can work undetected especially if you think it's legitimate and give it permission. You should know before-hand if a file is malicious but ZA won't ever tell you that. It will happily grant access to the malware with your permission on all your so called stealthed ports which are basically of no use to you once malicious software is granted rights to use your 'stealthed' ports.

    We've got to be more demanding of our firewall vendors and abandon our childish 'pass this or that stealth test behaviour' because that's what they make firewalls around today. Instead of concentrating on identifying malware and blocking it they leave that decision up to YOU. Can you imagine an AV program asking you permission to run a virus? No, it has to protect you but a firewall is supposed to protect but doesn't protect you because it allows you to open ports to programs you 'think' are safe.

    So if you feel secure 'stealthed' then good luck to you because you'll need it when you 'allow' a malicious program to freely use your 'stealthed' ports. Stealthed ports won't block malware if you've given it permission. I would want to be sure that what is accessing my ports is safe & clean. This is only common sense.

    Dave
     
  19. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Dave .
    May I make a suggestion ? If so , read on . I have Outpost Pro installed . Nothing special needs to be done . Create your rules as you see fit . The nice thing is , Outpost usually kicks in on illegitimate things . Like scans . But , I have seen some that pcInternet Patrol catches first . Interestingly , both will catch the same one if one of the firewalls is disabled . Anyway . pcInternet Patrol does alot more than just sit anb act like a firewall . I am not condoning their pricing structure but , it does alot of the things that PG and Prevx both do . I am looking forward to the new program due out in March or , most probably , April . I did not tell you that though . Hope this helps
     
  20. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hollywood,

    Thanks for the tip.

    I think PIP does a lot more because it actually verifies files which no other software does. It verifies the actual file and not just the name. You can't really beat that anywhere.

    Dave
     
  21. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    In total agreement my friend . Only saying that if you are installing Outpost as well , do not worry about how to set it up . Set it up the way you would as if it were by itself . Will work wonderfully with pcIP . Good Luck
     
  22. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Interesting reading, do I understand the posts to mean that if one purchases PC Internet Patrol that it has to be used in conjunction with another firewall like Outpost as an example?

    What are the shortcomings if one only uses PC Internet Patrol?

    I would appreciate comments as I have tried several Firewalls and I really feel intimidated by the questions asked, as I am a novice and am uncertain 100% of the time as familiarity with these programs for me is grossly lacking even with all the reading in forums and reference books.

    I would appreciate comments.

    Thankyou
     
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    pcInternetPatrol does not have to be used in conjunction with a software fireawall. However, it can be used in this fashon.

    The main shortcoming is that it seems to be a pure application/component control facility. The key question to ask is whether this is a significant shortcoming for most users. You cannot create all sorts of filters, cannot specify ports to be used, and so on. But if you are a casual firewallist (gee, is that a word?) like me, it is effectively equivalent to using a firewall in pure default application mode. The key difference, as mentioned above, is that the program maintains a centralized database of applications/components/signatures and rather than the user making a decision of whether to allow a given program Internet access, a request goes to the centralized database, which is a realtime whitelist. If the program requesting access is listed there, pcInternetPatrol makes the call that all is well and access is allowed. If it is not listed, the default negative decision is given.

    If you are intimidated by firewalls, it should provide a robust user friendly solution. Again, I am not a user of this software, but I do appreciate the structural similarity with content filtering solutions such as Cerberian - which I happen to like a lot. I still think it is a somewhat pricey solution. However, if this is what it takes to get you comfortable, it is not an outrageous sum to pay, think of it as 1.5-2 "typical" security applications per PC (and this is where it would take me aback) if that helps put it into perspective.

    With respect to worldcitizen's comments regarding firewall stealthing and the like, I agree.

    Blue
     
  24. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Thankyou for the comments. I have just downloaded the trial version of this program from Major Geeks and it is a weeks trial.
    i used Zone Alarm Pro 5, the purchase version $49.95 and it tremendously slowed down my system as it was a resource hog with all its bells and whistles like "pop up ad blocking" etc.
    I had to get rid of it and got a refund over the 30 day trial period. And also I was not in my comfort zone when having to grant "permissions" when I am such a novice. BTW the slowdown was at startup. It was ridiculous and so when I uninstalled it and got rid of the remnants with Reg Supreme, my notebook was back to humming along. Much to my satisfaction, but I do know that I need increased arsenal of a good firewall.

    I then tried out the free versions of Outpost and kerio 2.1.5 which were less resource hogs and of course was faced with the " permissions " again which did not make me comfortable again as I am only an owner and user of a computer for the last 2 years.
    Learning on the fly via forums, reference books that I select qualitatively and I must say that I also use other free and purchase security programs that have kept me out of trouble....virus, worm, trojan free and no crashes with my notebook. For a novice I feel very fortunate, I don't wander off into a lot of different sites and have my settings as tight as possible.
    This program so far has alerted me to various intruder IP addresses while I am typing this and I have been able to view the ports and additional info on what is trying to access my notebook.
    what I thought that I should ask is how does this application compare to Cerberian that was mentioned?

    So far I am in my comfort zone with it but will be browisng what the program has as options and see if it affects the start up of the computer as did the ZAP.
    Just a moment ago the program identified an IP intruder stopped address as being from "jeonju university Korea". (Networking)

    i really want to give the program a Go and see if it is something that is going to serve my needs.

    I like the way you can clear the history of intruders names or save them and also access details on the ports and so far there are 3 ports that the intruders are trying to accesss, if that means anything to anyoneo_O?

    i would appreciate comments, being a Newbie I don't feel comfortable giving the "thumbs up " to possible entries that I am bewildered about, however I do want to insure that I am using a program that is secure as a firewall.

    Respectfully,
     
  25. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    firewallist (gee, is that a word?)
    Too funny Blue ! :) Anyway . pcIP is excellent . The nice features include protection against zero day attacks . Meaning worms , trojans , and the like BEFORE they are ever detected . As for hacker protection , just turn it on and let it fly . In tests I have done , it has caught every attempt that Outpost has caught . AND , the biggie . pcIP protects against EVERY leak test avalable . EVERY ONE !! And they did this before Outpost , or anyone else for that matter , fixed their firewalls to protect against MOST . That is something noone seems to mention . To me , that , in itself , is huge . Zero day attacks and all leak tests ? I am happy to have it . I do use it in conjunction with Outpost Pro . If you have the funds , you can ALWAYS use pcIP with most other firewalls . Very friendly . Good luck in your quest
     
Loading...
Thread Status:
Not open for further replies.