Opinion on Outpost firewall

Discussion in 'other firewalls' started by c0ltran3, Nov 8, 2015.

  1. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Hello to all.
    I have an old license for Outpost firewall that does not use more than several years .
    I was thinking to try the product , using it perhaps with Avast , but I wanted to ask you how do you judge Outpost now .
    It ' a product passed ? It ' very heavy and conflicts with other products ?
    Thanks for the answers .
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    It would be a good idea if you tell us what OS you are using.

    I like OPFW on xp pro and win7 home premium.
    Retrieve time of zero ms according to tinyres monitor seems to suggest that it is light.

    There is a bug in 9.1 with the ip blocklist consuming memory.
     
  3. hayc59

    hayc59 Updates Team

    Joined:
    Oct 29, 2008
    Posts:
    2,135
    Location:
    R.I.P. Roger(roddy32)
    Wonderful firewall..the best in my opinion!
    welcome back c0ltran ;)
     
  4. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    I'm using windows 7 ultimate
     
  5. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
    Outpost firewall has a driver, a proactive system, and a NIDS, what antivirus will accept to work well with him ?



    May be Windows Defender ( MSE ), what future ?
     
    Last edited: Nov 9, 2015
  6. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    Well i decided to check on the VM before I went to bed and was surprised to find it had stalled out not that long after my last post on the matter. On this particular Windows XP SP3 VM (32 bit) the system became unresponsive at just under 3.5 Million handles. This may be because there are actual events attached to them unlike the handlelimit exe shown in the MS pages. Could also mean it is a fluke and I should re run the test but I'm not intending to do so atm.

    Unresponsive in this case means, notepad couldn't start. Any new process couldn't start. ACS did not crash and recover. The system just wouldn't do anything specific. I could move and click my mouse (for a while). The start menu 'seemed' to work but nothing ever happened - including a restart... The VM was only using about 10% of its allocated CPU power but it was persistent and nothing happened. I only gave it about ten minutes to recover so it's possible it could have but the only way I saw out was to force it to power down. This is the equivalent of 'pulling the plug' or holding down the power button.

    It'll take a while for the normal user to get to 3Mil even if they don't reboot every month or sooner. The fact that it has this issue and is supposedly used by ISPs and other corporate environments (though I admit it's my own aversion to high handle counts for no reason other than MS said so) is cause for concern and a speedy resolution. ;)

    My theory on why it caused this is that like other programs the service (ACS) is tasked with the rules. When the service can't pass a yes or no to the driver, the driver defaults to no. This would mean that even trusted processes or others with rules that do exist are treated the same and denied any action just because ACS is stuck and can't allocate those handles it's expecting in order to process the file or rules. This in turn results in an unusable/unstable system.

    But hey at least it doesn't cause a security issue ^^
     

    Attached Files:

    Last edited: Nov 9, 2015
  7. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I would have to agree
     
  8. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    It has a good track record and I'd be devastated to have to replace it. I've been using it myself since the late 4.x versions and it's an integral part of my security with its superb firewall and excellent HIPs.

    I'm not particularly happy with the current 9.2 release as you can see from the posts here or on the outpost forum but once the new issues are taken care of I expect I'll keep recommending it to friends and family every chance I get.

    For now, if you do use it, be sure to reboot at least once a month until they update/fix the handle leak! [More often if you run any type of server or environment that constantly starts/stops apps]
     
  9. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    I'm using Outpost with Avast and Malwarebytes Antimalware without any problem.
     
  10. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
    Syrinx ok ! ok ! ...

    But your real problem is XP, nothing else.



    ps : no HIPS in Outpost, Comodo, etc ... in a 64 bits sytem.
     
    Last edited: Nov 9, 2015
  11. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103

    Can you use Google ? ...
     
  12. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    Sorry bob you're wrong on multiple fronts there
    your eyes to read?

    My OS is Win 7 x64 as stated in my signature....besides which others have confirmed the same issue on Win 10 as well... so that only leaves Win 8 (don't recall confirmation there but could have been) but either way I expect it occurs there since it persists across XP-7-10 32 or 64 bit.... ;) XP was just my test platform for the VM because it's rather light on resources.

    Dunno where you got the no hips for 64 bit, sure it's not what it used to be but it does still exist. If nothing else a recent kernel update illustrated to me exactly how much it does exist when it (certain aspects I rely on, eg process injection, network enabled app launches and screenshots) stopped working [without notice, it wasn't until I realized it should have been prompting me for rules that I figured it out] using 9.1 on an up to date Win 7 OS. 9.2 HIPs works as expected but then we are back to the handle issue. Perhaps we just have different definitions of what we expect HIPs to handle? [insert maniacal laugh over the not so clever play of words] (PS it's not the HIPS module with the leak, it's the sand.ofp Proves just how noob I am, can't solve the riddle [so far] without the sourcecode! I should just shut up and....yeah.)

    troll much? btw, it is 50 cent for your next response!
     
    Last edited: Nov 9, 2015
  13. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
  14. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
  15. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Using google I found, for the majority, link old of years that seems to me not say anything definite.But for now I do not have problems.
     
  16. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Im not sure how XP in a vm behaves,but the total handles are supposedly different for XP compared to windows 7.Apparently windows 7 can allocate 16million handles whereas XP can allocate 10,000,although there is a fix that can take this up to 18,000.
    https://support.microsoft.com/en-us/kb/327699
     
  17. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Not true. Where did you get that information from?
     
  18. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
  19. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I was following the posts on it in the Firewall section. Appears the HIPS only works for 32 bit OS's. They never made it x64 compatible.
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Isn't this HIPS ? From my win7-64bit - Outpost screenies:
    [​IMG] [​IMG] [​IMG]
     
    Last edited: Nov 18, 2015
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Yeah, I see the 64bit registry key protection. Does it hook 64 bit processes?
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Using AppInit_DLLs registry for dll injection at boot time is a security risk. One of the oldest methods of malware dll injection is to load its dlls in that registry key. You will receive a warning message in your WIN event log that dlls are being loaded but monitoring which ones are doing so would be abandoned over time since it would be assumed that only Outpost's dlls are loading.

    Question is if Outpost's HIPS monitors AppInit_DLLs registry key to ensure only its dlls are loading?
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I don't believe this is true.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Looks like Outpost is indeed monitoring this key. BTW, which keys should be monitored? I was checking out AutoRuns, but I believe if HIPS monitor all that stuff, it would be overkill.
     
Loading...