Really Really Powerful Inbound Protection

Discussion in 'other firewalls' started by Konata Izumi, Apr 15, 2010.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    You guys might say Windows firewall would suffice for inbound protection but...
    I want the firewall with the most powerful inbound protection :>

    one that logs everything and show me everything it blocks :D
    I don't mind if it has outbound protection or not.



    I want this Really Really Powerful Inbound Protection.... :D
    even if its not really a firewall as long as it blocks malicious inbound traffic/packets. :>
     
    Last edited: Apr 16, 2010
  2. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    try zonealarm. even the free one is extremely powerful. it logs everything, it`s lite on the system.
     
  3. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I'm trying ZA free at the moment... but it blocks 50% less than comodo fw does..
    does ZA Free have ARP protection?

    EDIT: I gave up on ZA Free.
    OnlineArmor FREE doesnt show me detailed logs.
    PCTools is owned by Symatec so no to its FW.
    PrivateFirewall has good logging and blocking but... on the long run it leaves some of my ports open/un-stealthed thus not passing GRC ShieldsUP test
    Outpost FW i dont know.
    Comodo FW... good blocking and logging but their controversies scares me :<
     
    Last edited: Apr 16, 2010
  4. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
    You could try Jetico Personal Firewall.

    Jetico has full TCP stateful inspection along with UDP and ARP packet inspection. Its a highly configurable firewall with a great logging system. Some of the reject rules at the end of the tables don't have a logging event enabled by default so you have to go through and make sure logging is enabled for them if you want to see everything. Jetico also uses very little resources.

    If its the first time your trying Jetico firewall I would recommend bypassing the HIPS function tables until you get the basic network activity rules in place first. This helps from being bombarded with tons of popups. (Click on Optimal Protection table and then click on 'bypass' under:

    *Application filter: Direct Network Access
    *Application filter: Indirect Network Access
    *Process Attack filter

    Application filter: Network Communication should be the only one still in "learning mode'. The only popups now will be from actual network activity. These tables can always be turned back to learning mode later if you want. I personally find HIPS to be annoying and pretty much useless anyways, but thats just my opinion.

    http://www.jetico.com/firewall-jetico-personal-firewall/ (I highly recommend reading the help-file.)
     
  5. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Oh! wow! I'm liking this firewall...
    Thanks Creer~
    I can't buy it though..

    30-day trial... image restore... 30-day trial...

    life is hard for the poor :D
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  8. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Is there not a free version??
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No, there is no free version of LnS.
     
  10. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Read the other day somewhere there was a dumbed down free version but thanks for clearing that up.
     
  11. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    There was some time ago.
    Not too long ago I believe, although not officially supported, it was available at SnapFiles........http://www.snapfiles.com/screenshots/looknstop.htm
    But that version has been removed.
     
  12. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I think Outpost Pro FW has great inbound protection and excellent logging capabilities. The free version is also good but it doesn't support Win7 yet.

    Ice
     
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe

    An hardware firewall. ;)
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I would just get a router, forget about looking at logs, and be done with it.
     
  15. sunoracle

    sunoracle Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    51
    What really matters is whether or not an attacker can exploit a port, not whether or not it is visible.

    I don't see that the GRC Shieldsup test is very worthwhile at this point.

    It was good at one time, when MS left the barn door fully open and most people didn't even know they were exposed. Gibson showed people that there was a problem, in a way that was easy for anyone to understand.

    But now that Windows comes with a firewall enabled by default and has had a lot of things tightened up, I don't think that we need another overly simple "GO/NO GO" test with bright colors and warnings that your a** is hanging out. (Windows itself will complain if it doesn't see a firewall enabled, and that's probably sufficient for this purpose.)

    What we really need are tests of firewall effectiveness, and Shieldsup is definitely not one of those.

    Besides that, attackers at this point are attacking entire address blocks, and will keep on attacking whether your ports are "stealthed" or not. Their software will simply run through its bag of tricks on your IP address, and it doesn't care whether your ports respond or not; it will keep on probing until it's time to move on to the next address. (Or until it is able to exploit something at your address obviously.)

    Besides that, your ports can't be completely invisible or else you'd have no inbound TCP/IP connectivity. You have to open some of them up sometime if you're planning on using the network for things like web browsing or retrieving your e-mail. And when you do, what matters is if your firewall can block exploits.
     
  16. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    why would you want to have a fw w/ the most detailed logging capability? logging everything is needles & useless & waste of system resources (cpu & hdd usage). minimal or at most average level logging will do just fine cuz it'll log and record all you need to know. if it were up to me, i'd say just disable the logging function, btw. as to the strongest inbound protection, u need to know how to fine tune a sw fw. that's the only way to achieve the strongest in/out-bound protection; by manually tweaking every single setting of the fw, such as application control settings, finetuning the ports that are & aren't allowed to be used, etc. but an average user really, i mean really really don't need that, just choose one fw, set it to max and you'll be fine. remember that the first layer of security you got against the internet is your router's fw & its nat restrictions. what your sw fw will have to deal w/ is gonna be what will bypass your router's fw. hope that helps.
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,736
    from my experience - it does not need any strong inbound protection like a software firewall.
    any router with fine firewall/nat will do and the rest is this:
    whats not present cant be (ab)used.

    so the router drops unrequested inbounds - and when it reaches the system
    the concerning service or program is not present or running - and cant be started.
    so windows automatically drops such requests.
    the most common intrusions are:
    browser, javascript, java, flash, pdf, downloaded executables *

    if you control such data paths the system is almost secure.

    note - if some reaches your system* in most times its already too late!

    eliminate intrusions at the first borders you have - not when they are already in.
    a software firewall only prevents outgoing traffic (in case of a router).
     
  18. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
    PC Tools Firewall is great for this. Excellent Inbound/Outbound. Set it to Advanced and it offers stronger protection. It will show you what files it blocks, allows and partially allows.
     
  19. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well... Core Force is really really powerful. However, it's so powerful that it seems the people behind it gave up. :D

    Anyway, if you are crazy enough - have never seen such granular stuff with any other product. Screenshots here. My favourite one is the permissions settings

    Would I suggest you to use it? Well, no, unless you are completely crazy and have couple years to spare configuring it. :D
     
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Konata Izumi

    Havn't tried Comodo but i don't understand your seemingly poor results o_O because i always get 100% stealth passing the GRC ShieldsUP test with no problems, even with a much older version of ZA free, oh and no router :D

    grc.gif

    Maybe you havn't configured it enough ?

    How about

    GhostWall FireWall

    http://www.ghostsecurity.com/ghostwall
     
  21. zip

    zip Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    359
    Location:
    Mars
    Look ‘n’ Stop Lite, the free version of Look n Stop, can be downloaded here.

    It has only inbound protection only.
     
    Last edited: Apr 20, 2010
  22. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Do you not trust Matousec tests?
    Regards,
    Jerry
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    This site is linking to an older Look ‘n’ Stop package, it’s still 30-day Trial, after which it’ll run in limited mode. You should point directly to the official Look ‘n’ Stop product website for the latest download package.


    There is no officially supported “free” non-limiting version of Look ‘n’ Stop, ... there was ‘Look ‘n’ Stop Lite', and the latest version was 1.04, released in May of 2002.

    Anyways, I wouldn’t recommend the use of an non-supported security product, free or otherwise.


    Regards,
    Phant0m``

     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Rule-based software firewalls, you can choose to block “EVERYTHING” coming in at an very early state and long before the possibility of an attack. You can fully control the incoming packets aswell as the outgoing packets.

    Unlike Routers, true-SPI software firewalls can go further than just the header information but also the contents of the packet “up through the application layer” in order to determine more about the packet to better protect against possible attacks.


    Regards,
    Phant0m``

     
  25. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    Kerio 2.15 Pretty easily configured to block and log everything

    Jetico would also be good
     
Thread Status:
Not open for further replies.