Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    Last edited: Jul 18, 2020
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Wrong, Kimosabe! The correct number is 73.6290671034%. One should always carry statistics to at least 10 significant places after the decimal. By the way, I do admire your persistence in feeding the trolls. :p
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Are you giving the new beta 3.2 a trial? I am (via Shadow Defender).
     
    Last edited: Jul 18, 2020
  3. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    Ahh thats true, I need to work on my attention to detail :D

    I've not tried it no.. Any initial thoughts from your trial?
     
  4. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    99%? This bit of information needs correction and fast.
    https://research.metaflows.com/stats/antivirus_vendors/

    As you can see, even the best contenders deliver detection rates below 30%. Your fav, Avira, has 0.6%.

    Even other sources claim at most 70-80%, but they don't explain the testing methods and don't show any data or measurements to back it up.
    Only the (in)famous VirusBulletin tests get to 99-100%, which are exclusively based on known samples - in other words, a joke. I mean, the fact that newcomer basically unknown AV products with 2 developers behind them get practically the same results as multi-million dollar security companies with whole groups of security experts, should already indicate how "serious" the VB100 tests are. Of course, AV companies just looove to use the results of the VB100 tests for advertising.

    To quote myself from my own security tips, "An antivirus is a useful layer in your computer's security, but don't overestimate its value. If you rely solely on an antivirus as your only line of defense, your computer's security is pretty bad".
     
  5. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Hello ultim,

    Assuming that "Developer" means you are somehow involved in firewall development, I would suggest you have enough on your plate already and should leave AV testing to specialized groups.

    AV Test and AV comparatives are the most reputable ones; you can find over there multiple AV's scoring 99% or better.
    I used till last year only MSE on win 7 on 3 computers (myself, daughter, wife) for the last 7-10 years , without getting ONE infection.

    I truly believe that, the chance of getting infected is way overblown these day to determine you to cave in and buy an antivirus.

    Any free antivirus is more than enough and Defender on Win 10 is my recommendation.

    Thank you though for introducing "metaflows", never heard about it so far.
     
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    I didn't make those tests. A specialized group did.
    As for AVcomparatives, you're confusing publicity with reputation. Their test is the same methodology as VirusBulletin's (testing on pre-selected and known malware only), except they have less than a tenth of the sample size (700 instead of about 10.000), so their conclusion is even less significant. Laughable, to be specific. But sure, take their word that the detection rate for their hand-selected 700 malware is a perfect representation of all the malware in the wild. I'm sure if your AV can detect these 700, it can detect *all* malware on the internet. After all, that's what you claim, right? If an AV gets 100% on this test then it has 99-100% detection rate in general.

    As for metaflows, go read how they test to understand why it makes more sense. You will also find on their homepage that they're far from being a nobody. It's not their fault you don't know them. Maybe because they're less concerned about marketing.
     
    Last edited: Jul 20, 2020
  7. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    My dear popescu, you must be some troll, or some Avira advertiser.

    Never heard so much non-sense on a security forum from someone, like the (contradictory) info you are spreading around here.
    Most probable you are not only trolling this thread, dedicated to a specific firewall, but you are also trolling the forum.

    You ve practically spelled the beans all over here and one could see and understand, from your statements, that a user should just sit like a duck on a pond, using some XPSP2 style protection, in 2020, with only windows firewall inbound protection and eventually the great Zavira, because the malware will anyway pass thru the firewall, while the antivirus will catch the malware 99,99% of all times.By the way, I ve seen in the past machines infected like hell, with your favorite antivirus - up and running, an antivirus that always had 99,999999#% detection rate in various tests for years already.
    The blocklists are no good, advanced features for a firewall are no good and mainly outbound control for a firewall is plain stupid in your view, while the mighty antivirus will take care of everything..

    If you want to test your great security approach, then please remove the router, the one that protects your inbound, and disable your software firewall also, leaving ON only your Antivirus, with 99,999% detection rate, then connect the machine to the internet and lets see in how many minutes your machine gets infected with worms, on a fully updated windows machine of course.

    One could run Windows 7 with only a firewall and some sandbox - for the browser mostly, for months.
    You seem to be getting the things backwards in all your statements.

    The firewall is the front line of defense.
    If you don t like or understand the purpose of a firewall, you can simply ignore it all together and buy your favorite antivirus, to feel protected.
     
  8. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    I am a troll.


    Why would I disable the router, which is present in each and every householdo_O? Just to prove the necessity of a software firewallo_O

    Wrong! "The rules of a firewall are the front line of defence"

    A firewall without proper rules, not only ads ZERO VALUE to your defence mechanism but also induces in your mind the false sense of security "I have a firewall"

    This is in fact the situation on "firewalls market" ... everybody develops firewalls but the rules are left to the user , which user does what he/she knows best.
    Is is similar with an antivirus which will ask you to determine if an application is malicious or not, instead of providing signatures updates....
     
    Last edited: Jul 20, 2020
  9. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    Almost all firewalls you find will have a default rule to drop or reject incoming connection requests, or packets not belonging to an established connection. Trust me, this adds value to your security setup. You could allow ALL outgoing traffic and only block incoming and the firewall would still add value. This idea that a firewall holds "ZERO VALUE" unless it can control all outgoing connections under all circumstances is just plain wrong and dangerous.

    As @Sm3K3R alluded to, you wouldn't disable the firewall on your router (which also allows nearly all outgoing by default) because you know it adds value to your security setup. The same is true of a software firewall on your PC in the event you have a compromised router, a compromised device on your LAN or your WiFi is hacked etc.

    Maybe read up on the subject instead of repeating the same absurd statements again and again?
     
    Last edited: Jul 22, 2020
  10. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    This is the default Windows firewall setting , so I do not have to do anything. Any user who installs Windows 10 on a home PC , is unknowingly behind 2 "firewalls": native Windows Firewall and Router, with ALL OUT and NOTHING IN.
    We are not talking about Windows Firewall here, we are talking about the "free firewalls' offered left and right.

    The "free firewalls" are manipulating the native Windows Firewall giving you an opportunity to create rules, for OUT and INN.

    Now, all of a sudden , instead of ALL OUT you have SOME OUT and instead of NOTHING IN you have SOME IN. Basically, the user creates holes in the original firewall.

    Without knowing exactly what are you doing, the user, weakens the original Windows Firewall, trying to allow this and that.
    After so many pop ups, the user is desperate and in the end will click "ALLOW" left and right.

    At this point, the PC is in worse condition, from a security point of view, compared with the initial Windows Firewall.
     
    Last edited: Jul 22, 2020
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    636
    Location:
    Island of Woman
    Yes thats why u have the behavioral blocker, ie eset or spyshelter will tell you something is not right, apps been modified eset will blink, apps is doing weird stuff to the registry, switching on term service or using WMI spy shelter will blink ( I tested it)
    for svchost you can install updates manually, or set the rule that only the apps that are signed and validated can use it, sideloading of updates is a known pentesters' technique, I usually don't see security ppl recommend to allow outboud for svchost.
    Good rules for a firewall are important too, I'd use security products that focus on networking like eset and blackfog (on top of simplewall wpf /spyshelter combo), but use your own drug, I think the default windows security solutions are the playground for hackers and programmers, it is more difficult to stop less known solutions because you have to invest time and time is money
    Layering of security apps is not resource hungry and can be a viable option
     
    Last edited: Jul 22, 2020
  12. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Can be.
    Does not happen in real life though.

    Who has time or knowledge for thato_O?

    A PC is suppose to be a tool to allow you to enjoy the internet, not a full time job , with ESET, blackfog, simplewall and syshelter. Can you hear yourselfo_O??
     
  13. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    This is a contradiction. If both Windows firewall and the users router allow all traffic out, how would a user clicking 'allow' to an outbound connection make the situation worse? At worst the user will be in the same situation as if they hadn't installed the third party software.

    You've just made up an imaginary situation in which a user gets overwhelmed and clicks allow on everything, then applied it to all users who download third party firewalls o_O. Is that really your argument? Is that what you do?
    To the contrary, I'd imagine people who seek out third party firewall managers are more likely to have an interest in security and in theory shouldn't be the type to just allow everything.
     
    Last edited: Jul 22, 2020
  14. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    It is not an imaginary situation.

    How do you think an user would answer to a request from svchost.exe TCP 443, to various IPs every other minute?
     
    Last edited: Jul 24, 2020
  15. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    It depends on the user.. Their experience, patience, willingness to learn and try advice, their end goal (For example only blocking malware vs blocking Windows telemetry) etc. There isn't just one user with one goal.
     
  16. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Again, I am talking about 99% of PC users, not the 1% with "experience, patience, willingness to learn and try advice". The PC is a tool , which a regular user is expected to use. Same like a car; a regular buyer will just drive the car , and the car manufacturer will not ask the user to fine tune the car or transmission.
     
  17. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,676
    Location:
    U.S.A.
    The Topic of This Thread is SimpleWall Firewall. Let's Get Back On Topic, Otherwise Posts Will Be Removed!
     
  18. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    It is true, but the only postings related to SimpleWall are those announcing a new version, nothing else.

    The developer doesn't care to step in and answer various issues, so, we just initiated a conversation firewall related.

    If you want to stick strictly to the topic, than you will have a dead forum
     
  19. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,676
    Location:
    U.S.A.
    The Thread was/is Intended to Announce Any Updates, Changes and Discussions of This Particular Software. Yes, Strictly Sticking to That Topic is What We Want.

    We Don't Want Personal Bashing of Other Members When They State Their SimpleWall Firewall Preferences.

    Perhaps If The Thread Does Not Go Off Topic, the Developer Will Be Willing to Frequent the Thread More. And If The Thread Dies, So Be It.

    Final Discussion of This Subject. Off Topic Posts Will Be Removed!
     
  20. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,258
    Location:
    UK
    Post removed.

    May I suggest @popescu that you heed JRViejo's words above.
    Stick to comments about Simplewall only and especially don't make comments about a moderator's warning to you.

    Consider this a final warning..a totally final warning.
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    The developer of Simplewall (SW) does respond to questions & issues (bug problems) at his site at GitHub. As of this instant, there are 95 open issues and 491 closed issues. It is evident that SW is being actively debugged & updated by its developer, henrypp.

    An example of the developer (henrypp) answering a specific question aboout SW is HERE. You must register HERE in order to post on GitHub -- it's free & simple to do so.

    There are some Wikis HERE that explain some (not all) aspects of how to use SW. The Wikis are somewhat out-of-date but still useful.

    The latest SW is beta 3.2 --- it's now running very very smoothly on my laptop, under Shadow Defender. On the beta 3.2 page, there is a lengthy list of improvements & fixes made to SW by beta 3.2.

    One of the improvements that I really like is the new rules editor. I found it to be quite user-friendly. I didn't write any permanent rules as yet. Instead, I tried out the editor with specimen rules for an hour or so to see how it works. It worked flawlessly and offered helpful suggestions at times. However, I didn't test if the rules worked or not -- I'm not skilled enough to develop meaningful tests. Hopefully, one of you will do a more thorough job than I am capable of doing.
     
    Last edited: Jul 26, 2020
  22. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    I have installed it(the beta) on a Windows 10 Pro X64 (v1511/10586) machine, featuring an AMD AM1 X4CPU/Athlon5350, with 4Gigs of RAM.
    I ve replaced the stable version with this 3.2 beta.
    Before uninstallation of the current 3.1.2 i ve forgot to reallow the loopback though:).This settings was left on even after removal, even if the filter was also removed during uninstallation.The loopback block was reported by the tinywall miniloging feature after removal. Yes, Tinywall 3.0.4 is installed also, for double checking.Nevertheless after the installation of the beta all things went to normal.Previous settings were also imported manually into the beta, but only the custom apps list and the custom user rules (a casual browser rule with allow Out to TCP ports:80,443) were kept.

    Version issues
    1.The UAC skip doesnt seem to be working as the 3.1.2 did, i see the UAC nag screen at PC start/restart
    2.The packet log window is nice, but opposed to the notepad older style, some info is not shown (registry info for the app for example)
    The file path and other details are shown at hover over the log corresponding line
    3.The new ruleset making is a little different.

    Observations that may be of interest, regarding the way it works:
    -if for an app we add a custom rule, intended and called Block All -that includes BLOCK Any Direction and Protocols-, then ALL DNS calls, as well as any other connection, are reported by the log page as Blocked
    -if the app is in the Disabled Apps section, in Apps tab, DNS calls are passed over, via the general DNS rule.TCP connections seem to be blocked though.
    So if you want a specific APP to be fully deprived of internet, a custom BLOCK Any Direction and Protocol could be created and added to the intended app-s.Attention! If no App is added to this ENABLED custom Block user rule, then this rule will apply to all apps, so you will not be able to connect to internet via Firefox for example, even if this one has the proper custom ruleset.If this rule is to be left unused disable it.
    I have observed this behavior with some app exes in my list.One app was Readeonsettings.exe - a "disabled" app, that in the DIsabled Apps section is blocked to connect, by the build in firewall way of working, but allowed to do DNS calls , while simplewall.exe, for which i ve added a Block All custom rule, was not able to do any DNS calls or TCP connections.

    Your app-s will be send to Disabled Apps section, if at a dialog, regarding an app you start or starts, you click on the Block choice.This will send the app to the DIsabled app crowd and notifications for it will also be disabled.

    I have personally added a Custom Block Inbound Any General Rule (that applies to all apps), for no ill effects.Did the same with the 3.1.2.
     
    Last edited: Jul 26, 2020
  23. pinkfufu

    pinkfufu Registered Member

    Joined:
    Oct 22, 2016
    Posts:
    18
    Location:
    withheld
    If I've not misunderstood, you had SW 3.1.2 working on a standard user account without being UAC prompted on logging in. Is that correct? If that's a yes, what were your settings? I've never managed to get any version to run without a UAC prompt and request for the administrator password.
     
  24. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    842
    Location:
    Lunar module
    UAC is enabled. Disable autostart in SW settings. Create an elevated Windows Scheduler task for SW Autostart and there will be no UAC prompt. On the desktop, you can create a Windows Scheduler task shortcut to manually start the SW bypassing the UAC prompt.
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,245
    simplewall v3.2.1 v3.2.2 Released (29 July 2020)
    https://www.henrypp.org/product/simplewall
    Download
    Changelog
    sha256 checksum
    3.2.1
    • added Enable silent-mode when full screen app in foreground option
    • added error message for createprocess failure (issue #720)
    • highlighting valid connections in network tab
    • changed "Disabled apps" group title into "Apps without internet access"
    • skip uac warning does not worked (issue #724)
    • notification window localized in english only
    • revert ip version selection ipv4/ipv6 in rules editor (issue #723)
    • revert expand rules in tooltip (issue #723)
    • revert "recommended" tag (fix #719)
    • fixed bugs
     
    Last edited: Jul 29, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.