PC Tools Firewall?

Discussion in 'other firewalls' started by noway, Jan 8, 2007.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    For passive FTP, you also need to allow outbound connections to remote ports 1024-65535
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem:

    Just removed ZA Pro 7.0.337 so I can trial PC Tools FW. I'm using windows FW and my router to hide behind at the moment.

    I use SS 5.3, and BD 10 so do you or anybody know if these 3 play will play well together. ( maybe I will be the one to report the answer to this)

    What should I do / not do in setting this "free" FW up? Should I wait for a new release or anything obvious?
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Escalader,

    Give it a try, you shouldn`t have any problems. The rules are quite open and could do to be tightened, but that is not a major problem. On my last install, there where a number of rules for IPv6, I presume these where added for Vista, as this OS does connect out via IPv6. I will find time later to re-install the latest version, to see what default rules are now in place.

    As you will see from posts made, the main concern as been the fact that the firewall will not, with default rules, give full stealth. This should be of no concern in your own setup (behind a router) on an home LAN.
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem:

    Thanks! You were right on target! I downloaded it installed it easily and registered it all without issues! What a relief! BD 10 and SS 5.3 seem okay with this FW.

    Now regarding the rules being tightened I looked at the advanced settings for trusted zone and internet zone but most of them are meaningless to me as a typical non network expert.

    Can I assume these 2 zones refer to the IE 6/7? Which I don't use?? Except when forced.

    What can I do to set these things properly? I thought I saw something in the thread re downloading settings from some forum? Is that the way to go?

    Kindly let me know or refer me please to where I can get the info I need?

    Regards
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Escalader,
    I did not expect a report of problems from you, Some questions, yes. We can certainly go through the settings/rules etc.

    I will install now to check on settings/rules.
     
  6. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Great! a few questions for sure, no rush whenever you have the time!:D
     
  8. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Been looking in the PC Tools FW Forum and it seems like all the problems some people were having with losing internet connection may have been solved. Anyone know for sure if this is so?
     
  9. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I have been trialing it for about a week on one of my machines
    connected to a wired router via a Linksys switch, not networked.
    WinXP.

    It auto-updated to v.2.0.0.23 two days ago. Been working as
    advertised since install. Can't speak for anyone else.
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The zones are in place on a "per interface" not for single applications with the current available settings.

    As you mention, there is an "Internet Zone", and a "Trusted Zone", both with full editable rulesets, now, I would of thought that there would of then been access rules "per application", on that applications ability to access those zones, possibly in a similar manner as ZA (allow in/out "Trusted", allow in/out "Internet"), but there are no such options.(maybe this is to be added?)
    The only way I can see to make use of these "Zones" is in the "Settings-> Adapters" where an interface can be changed from "Internet -> Trusted -> allow all trafic". There are some possible uses, such as having a zone for home use, and a zone for when you have, for example, the laptop connected at an internet cafe etc. The other use of this I can see, would be in a setup where the PC is a gateway, with clients attached on a second interface, but I will need to check this further, as most in such a setup would be using windows ICS.

    As for the rules, well, as with most firewalls, rules are put in place in an attempt to cover all possible needs for all users, so trimming/editing these for personal use I believe, should be done(IMHO)
    As far as the IPv6 rules are concerned, as I have mentioned, I have only seen such packet transfer made when I had Vista installed, and the packets where being sent to Microsoft servers during boot, and at regular intervals during up time. There is mention of this in the Vista EULA, and a mention on how to disable these comms.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem:

    A poster in the PC Tools Firewall Laboratory forum posted this:

    http://www.pctools.com/forum/showthread.php?t=46484

    I downloaded his attachment but haven't imported it to replace the default settings.

    I am hoping you can cast your eye over it before a newbie on settings like me blunders in on faith alone?:oops:
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Escalader,

    You would be far better to create your own ruleset, for your own needs. The main aim of that posters ruleset, is to create "Stealth". This is really not necessary, certainly not in your setup behind a router.

    OK, it may take quite a number of posts, over a few days (depending on when we are both online with available time) to sort a ruleset based on your setup/needs, but at the end, you will have a ruleset that wotks correctly for your setup, and you will understand what the rules are, and what they do.

    If you want to follow this direction, then first, post info on your setup (do you use DHCP etc,... what you dont know, we can find)
     
  14. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem:

    I prefer to work with you and follow your directions, I hope you can bear with all my knowledge gaps in this field! They will become readily apparent to all:oops:

    My LAN uses ethernet DHCP with a LinkSYS Cable/DSL router with 4 port switch. There are 2 PC's on it sharing the ISP connection at 100 Mbbs. I also have 2nd H/W Alphashield firewall in front of the router which I use when I want to plug straight into the cable bypassing the router (leaktests etc).

    I don't share resources files or printers on the LAN.

    The ISP here uses POP3 incoming mail server, server port 110, outgoing SMTP email SMTP autorization required port 587.

    newsgroup NNTP sever name nntp.

    My main goal in all this is to control/ block outgoing packets that have no business leaving my PC. Either because the application doesn't NEED access (even though it wants it). or the default rules don't even apply to my set up and should be blocked or deleted...:doubt:

    Stem: I want to thank you for your offer to help me !

    I'm ready (more or less) when you are, please pick something easy to start me off!:oops:
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Escalader,
    Due to your PM`s, and your posts at PCtools forum, I have not made suggestions of changing the default rules.


    Warning

    But, I have started to perform some basic tests on this firewall, and I have a major concern for anyone using the default ruleset, who is connected directly to the internet. I would/should of picked this up earlier, but my spare time as been short, and have not had the time before now to test.

    Explanation:
    As I have mentioned in earlier posts, PCtools firewall does appear to get confused on what is an "allow outbound" or what is an "Allow inbound" rule, due to lack of SPI

    To cut to the problem,...
    with the default rule, "Authorize most common internet services" if an application (any) is listening on the local ports within that rule "1024-5000" then inbound connections will be allowed to that application, on those ports.

    Edit,
    I have posted my concern onto the PCtools forum, and hope a reply is forthcoming.
     
    Last edited: Apr 21, 2007
  16. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem:

    Thanks, as in my last PM my preference now would be to remove their FW until they answer your question and restore ZA pro 7. I know that I am very unlikely to be impacted due to Alphashield and the router walls but why take chances?

    Or am I overreacting?
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Well, yes and no.
    There are possiblities/concerns on this. As in your setup, inbound connections are blocked, due to Alpha-shield, this is regardless of such as uPnP,.. but with a router, then certain possible problems could/can arrise.
    I personally think that, at this time (due to my tests/results), this firewall should not be used with the default ruleset.
     
  18. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Not to be selfish here about mine I have the cable into the alphashield, that is in front of the 4 "port" Ethernet Cable/DSL router so I do have a router but all in and out packets pass through these H/W firewalls.

    It sounds like I either need to replace the default rule set, since that is not happening easily or quickly I will abandon the trial until PC Tools fixes the issues you have raised.

    I appreciate all you have done Stem so far on this I have increased my own knowledge on how F/W's work at a detail by a factor of at least 3 with your help! Mind you I was starting low anyway!

    Let me know when it would be "safe" to try PC Tools F/W + again.
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Replacing the default ruleset can be easily done. There is no need to be so specific in what remote ports are used within the rules, as I have mentioned, ports ranges can be used, but some care needs to be taken.

    The easiest approach is to first change the default rule "Authorize most common internet services". Change this rule by adding remote ports range of 1-1024.

    01.jpg

    This then allows most internet connections (mail/http etc, etc). Yes, the rule is open for outbound similar to before, but this does stop any inbound allowed to listening applications (and will show full "Stealth" at shields up).
    03.jpg
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Stem:

    Thanks, I'll log that rule for future use.

    Are you saying that the whole default set can be replaced and strenghtened by you one range rule? I'm not trying to put words out you don't mean, just a search for clarity!

    But the main concern in my case is packets leaving the PC that shouldn't.

    The H/W FW's have me fully stealthed anyway on incoming packets.
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Escalader:
    No.
    The rule I have posted is only a start, this is a replacement for the "Authorize most common internet services" rule only. Other rules would be needed (or need to be edited or removed within the default ruleset), depending on the setup, and what comms are needed.

    Then you would be better with a rules based firewall, in which rules per application are set. When you use ZA, do you set "Expert rules" or do you just allow/deny in/out full access?
     
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses


    I have not set expert rules in ZA Pro.

    It is more sophisticated than just allowing in/out full access.

    When you install it does an application scan and creates a SmartDefense default set for each PC. This is a good thing. You then run it for a while (days) in learning mode and answer prompts as you go. This adjusts and improves it's knowledge base and tunes to your own PC usage. This also is good.

    They allows program based settings for Access options for trusted and internet, server trusted and internet plus OS component control.

    You can have it ask for permission, permit or block and changes these as you go.

    All this at a program by control level.

    If you have advice Stem on the best way to set all those in ZA please do or point me to a proper source.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Access depends on user settings within each zone and "Expert rules" if set. ZA will simply allow/deny access (in/out) based on these settings from a white/black list of apps. There is nothing "sophisticated" about it.
    ZA forum should have such info. If not, then start a new thread with your questions.
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stem:

    It depends on the definition of sophistication:D What complex for me:oops: is simple for you:thumb: I was not referring to the ZA Pro FW settings as you say they are based on 2 zones trusted and internet.

    The reference I had in mind was to the Program Control section which as you say is the list of programs with internet capability, and the options ZA Pro offers user on a program by program basis.

    So, I will take your advice and start a thread asking questions about how to set optimum settings in ZA Pro.

    PS you are working to hard in the dead of night:eek:
     
  25. Cap'n Kirk

    Cap'n Kirk Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    15
    Location:
    Georgia
    Anyone else having trouble with the latest version hanging at Windows shutdown? I keep getting the End Program popup box showing PCtools not responding.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.