Privatefirewall updated

If it just added back in the Microsoft ones I can understand it doing that.

 

I deleted most of the trusted publishers & did a restart. The untrusted ones were NOT reinstated. However, I didn't untrust the Microsoft stuff, so maybe Scoobs' reply is on-track.

 

I am getting really frustrated right now. I wanted to replace Windows Firewall with some other freeware 64-bit to block some outbound, especially Microsoft's and I just can not find a working firewall. Private has mind on its own, Comodo causes BSOD, Outpost is too limited and PCTools is unable to instal. I am out of luck.

 

I just can't understand the logic of blocking outbound connections by Windows system applications. You trust Microsoft enough to have Windows as you're OS but not enough for it to make outbound connections. Sorry, I just don't get it.

 

It is about prevention, there could be a system vulnerability or a mallware, which could use MS processes to get in/out, so why to allow it, when it is not necessary. Also I like to know, what it is going on, so I can choose to allow/block. Wilders users should be the first to understand with theirs IDS and etc.

 

I respect your view, but I still just don't get it! I really think you're going to struggle to find what you're looking for - I'm not sure it exists. Lots of free firewalls will alert you to non-MS apps connecting out, but most of them will have a default ruleset that address MS connectivity requirements. Perhaps one option is to reduce your reliance on a firewall for outbound connections by adding security elsewhere in you're setup? For example, use Sandboxie to eliminate your risk of get infected through the most common infection vectors. Or use a Limited User Account with Software Restriction Policy?

 

Try Online Armor.

 

Thanks for the tip, I am going to give it a try. By the way, sorry for offtopic folks.

Well, I prefer a minimalistic approach. I am pretty sure, that my PC would be fine even without a firewall, since all ports are closed and I used it like it in a real life for a year even without Windows Updates, but since I do online banking now, I want something just for sure and a firewall seems like the best choise.

 

I think an anti-keylogger program would be a better choice though.

 

Good suggestion! Infection is an inconvenience. A rampant keylogger is DISASTER!

My only two real-time security apps are:

1- Prevx/SOL - antimalware & anti-keylogger

2- Private FW - FW & HIPS & Anomaly-detection

>>>2 apps, feather-light, doing 5 crucial security jobs. Shazam!

 

I usability
II looks

don't get me wrong but this software is an eye-sore

 

You mean Privatefirewall? Well, I myself would rather use an efficient, light and stable eye-sore than have a colorful and shiny eye-candy of a program that's unstable, inefficient and/or uses a lot of resources.

 

Win Antivirus 2010 has a nice GUI - maybe that's an option for you?

 

^

OA free has it all IMHO

 

TOMxEU, I believe what you're looking for may be coming in the next release of PFW, i.e. 'ask' rule for all applications, even those that are signed by a Trusted Publisher.

 

Nah. I wouldn't say so. It does have decent interface and good protection overall but it's not as light as the other firewall+HIPS combos. It's not really a resource hog or anything but it's still the worst in terms of resource usage and performance compared to the rest. It's also a bit buggy. I have a piece of malware that I run once, use OA to block it (without creating rules), and when I run it a second time it just goes through. Sure, it's just one sample but it's basically a proof-of-concept to bypass this firewall. No other firewall/HIPS fails like that. I also cannot run GMER with OA installed. Or was it RkU. Or was it both. Don't recall exactly, but when a program can't get along with other good programs it gets a big frowny face in my book.

I would pick Privatefirewall over OA and Comodo any day.

 

Maybe, so far OA is almost perfect, it autocreates rules itself and then I just delete "bad rules" put one blocking rule for all and it is quiet except for new apps.
All of OA's processes take ~15MB just like PF does, I am not sure about CPU usage, I have to use it a little more. This is without HIPS, antikeylogger and such.

 

If you count the Working Set, the yeah, but the Private Bytes of OA is more like 40-50MB. But let's not deviate from the topic.

 

Hey, if you're happy with OA, then stick with that for sure! I wasn't too sure whether you could do what you wanted in the free version because I run the premium.

 

PFW's system tray icon is Casey the Cop. My granddaughter thinks he's cute.

I was an early beta tester for OA shortly after it first went public. I have liked it ever since, & always own at least one current license. For my old box, I prefer PFW because it is much lighter on CPU & I/O than OA. Also, PFW sometimes catches zero-day stuff that none of my other security apps catch -- because of PFW's weird little Anomaly Detector (unique to PFW).

OTOH, compared with PFW, OA is stronger against keyloggers , & has a much more granular parent-child rule-setter.

IMO, PFW & OA are co-champions. You won't go wrong with either of them. (By the way, I base my assessment of OA based on its premium version. I haven't ever used the freebie.)

 

Aside from PFW being a brilliant firewall, I think the customer service provided by Greg is second to none imho

 

OK, I’ve no idea who Casey the Cop is but I’ve learnt something… “thanks” to your granddaughter!

I used OA free for a while and really liked it, but then it started playing up and I couldn’t find the answer, so I switched to PF. Suits me fine.

Yep. Very impressive, *especially* for a freebie.

 

Does PFW still hangup full-screen applications, specifically games, when it pop-ups alerts on the background?

 

I can't imagine that POS catching anything. It was always the first thing I disabled whenever I installed PF/DSA.

 

In two separate instances during the past several months Anomaly Detector (AD) immediately alerted me to infected/hi-jacked system files based on thread counts that momentarily blipped >50% beyond historical norms. Tiny Watcher would have detected those hi-jackings the next morning (I run TW once daily at start-up) but AD gave me real-time alerts.

The cpu usage & I/O savings by disabling AD are minuscule - undetectably small on my computer. I use AD because -- why not?