Discussion in 'other firewalls' started by co22, Oct 25, 2016.
73.6% of all statistics are made up.
Wrong, Kimosabe! The correct number is 73.6290671034%. One should always carry statistics to at least 10 significant places after the decimal. By the way, I do admire your persistence in feeding the trolls.
Are you giving the new beta 3.2 a trial? I am (via Shadow Defender).
Ahh thats true, I need to work on my attention to detail
I've not tried it no.. Any initial thoughts from your trial?
99%? This bit of information needs correction and fast.
As you can see, even the best contenders deliver detection rates below 30%. Your fav, Avira, has 0.6%.
Even other sources claim at most 70-80%, but they don't explain the testing methods and don't show any data or measurements to back it up.
Only the (in)famous VirusBulletin tests get to 99-100%, which are exclusively based on known samples - in other words, a joke. I mean, the fact that newcomer basically unknown AV products with 2 developers behind them get practically the same results as multi-million dollar security companies with whole groups of security experts, should already indicate how "serious" the VB100 tests are. Of course, AV companies just looove to use the results of the VB100 tests for advertising.
To quote myself from my own security tips, "An antivirus is a useful layer in your computer's security, but don't overestimate its value. If you rely solely on an antivirus as your only line of defense, your computer's security is pretty bad".
Assuming that "Developer" means you are somehow involved in firewall development, I would suggest you have enough on your plate already and should leave AV testing to specialized groups.
AV Test and AV comparatives are the most reputable ones; you can find over there multiple AV's scoring 99% or better.
I used till last year only MSE on win 7 on 3 computers (myself, daughter, wife) for the last 7-10 years , without getting ONE infection.
I truly believe that, the chance of getting infected is way overblown these day to determine you to cave in and buy an antivirus.
Any free antivirus is more than enough and Defender on Win 10 is my recommendation.
Thank you though for introducing "metaflows", never heard about it so far.
I didn't make those tests. A specialized group did.
As for AVcomparatives, you're confusing publicity with reputation. Their test is the same methodology as VirusBulletin's (testing on pre-selected and known malware only), except they have less than a tenth of the sample size (700 instead of about 10.000), so their conclusion is even less significant. Laughable, to be specific. But sure, take their word that the detection rate for their hand-selected 700 malware is a perfect representation of all the malware in the wild. I'm sure if your AV can detect these 700, it can detect *all* malware on the internet. After all, that's what you claim, right? If an AV gets 100% on this test then it has 99-100% detection rate in general.
As for metaflows, go read how they test to understand why it makes more sense. You will also find on their homepage that they're far from being a nobody. It's not their fault you don't know them. Maybe because they're less concerned about marketing.
My dear popescu, you must be some troll, or some Avira advertiser.
Never heard so much non-sense on a security forum from someone, like the (contradictory) info you are spreading around here.
Most probable you are not only trolling this thread, dedicated to a specific firewall, but you are also trolling the forum.
You ve practically spelled the beans all over here and one could see and understand, from your statements, that a user should just sit like a duck on a pond, using some XPSP2 style protection, in 2020, with only windows firewall inbound protection and eventually the great Zavira, because the malware will anyway pass thru the firewall, while the antivirus will catch the malware 99,99% of all times.By the way, I ve seen in the past machines infected like hell, with your favorite antivirus - up and running, an antivirus that always had 99,999999#% detection rate in various tests for years already.
The blocklists are no good, advanced features for a firewall are no good and mainly outbound control for a firewall is plain stupid in your view, while the mighty antivirus will take care of everything..
If you want to test your great security approach, then please remove the router, the one that protects your inbound, and disable your software firewall also, leaving ON only your Antivirus, with 99,999% detection rate, then connect the machine to the internet and lets see in how many minutes your machine gets infected with worms, on a fully updated windows machine of course.
One could run Windows 7 with only a firewall and some sandbox - for the browser mostly, for months.
You seem to be getting the things backwards in all your statements.
The firewall is the front line of defense.
If you don t like or understand the purpose of a firewall, you can simply ignore it all together and buy your favorite antivirus, to feel protected.
I am a troll.
Why would I disable the router, which is present in each and every household? Just to prove the necessity of a software firewall
Wrong! "The rules of a firewall are the front line of defence"
A firewall without proper rules, not only ads ZERO VALUE to your defence mechanism but also induces in your mind the false sense of security "I have a firewall"
This is in fact the situation on "firewalls market" ... everybody develops firewalls but the rules are left to the user , which user does what he/she knows best.
Is is similar with an antivirus which will ask you to determine if an application is malicious or not, instead of providing signatures updates....
Almost all firewalls you find will have a default rule to drop or reject incoming connection requests, or packets not belonging to an established connection. Trust me, this adds value to your security setup. You could allow ALL outgoing traffic and only block incoming and the firewall would still add value. This idea that a firewall holds "ZERO VALUE" unless it can control all outgoing connections under all circumstances is just plain wrong and dangerous.
As @Sm3K3R alluded to, you wouldn't disable the firewall on your router (which also allows nearly all outgoing by default) because you know it adds value to your security setup. The same is true of a software firewall on your PC in the event you have a compromised router, a compromised device on your LAN or your WiFi is hacked etc.
Maybe read up on the subject instead of repeating the same absurd statements again and again?
This is the default Windows firewall setting , so I do not have to do anything. Any user who installs Windows 10 on a home PC , is unknowingly behind 2 "firewalls": native Windows Firewall and Router, with ALL OUT and NOTHING IN.
We are not talking about Windows Firewall here, we are talking about the "free firewalls' offered left and right.
The "free firewalls" are manipulating the native Windows Firewall giving you an opportunity to create rules, for OUT and INN.
Now, all of a sudden , instead of ALL OUT you have SOME OUT and instead of NOTHING IN you have SOME IN. Basically, the user creates holes in the original firewall.
Without knowing exactly what are you doing, the user, weakens the original Windows Firewall, trying to allow this and that.
After so many pop ups, the user is desperate and in the end will click "ALLOW" left and right.
At this point, the PC is in worse condition, from a security point of view, compared with the initial Windows Firewall.
Yes thats why u have the behavioral blocker, ie eset or spyshelter will tell you something is not right, apps been modified eset will blink, apps is doing weird stuff to the registry, switching on term service or using WMI spy shelter will blink ( I tested it)
for svchost you can install updates manually, or set the rule that only the apps that are signed and validated can use it, sideloading of updates is a known pentesters' technique, I usually don't see security ppl recommend to allow outboud for svchost.
Good rules for a firewall are important too, I'd use security products that focus on networking like eset and blackfog (on top of simplewall wpf /spyshelter combo), but use your own drug, I think the default windows security solutions are the playground for hackers and programmers, it is more difficult to stop less known solutions because you have to invest time and time is money
Layering of security apps is not resource hungry and can be a viable option
Does not happen in real life though.
Who has time or knowledge for that?
A PC is suppose to be a tool to allow you to enjoy the internet, not a full time job , with ESET, blackfog, simplewall and syshelter. Can you hear yourself??
This is a contradiction. If both Windows firewall and the users router allow all traffic out, how would a user clicking 'allow' to an outbound connection make the situation worse? At worst the user will be in the same situation as if they hadn't installed the third party software.
You've just made up an imaginary situation in which a user gets overwhelmed and clicks allow on everything, then applied it to all users who download third party firewalls . Is that really your argument? Is that what you do?
To the contrary, I'd imagine people who seek out third party firewall managers are more likely to have an interest in security and in theory shouldn't be the type to just allow everything.
It is not an imaginary situation.
How do you think an user would answer to a request from svchost.exe TCP 443, to various IPs every other minute?
It depends on the user.. Their experience, patience, willingness to learn and try advice, their end goal (For example only blocking malware vs blocking Windows telemetry) etc. There isn't just one user with one goal.
Again, I am talking about 99% of PC users, not the 1% with "experience, patience, willingness to learn and try advice". The PC is a tool , which a regular user is expected to use. Same like a car; a regular buyer will just drive the car , and the car manufacturer will not ask the user to fine tune the car or transmission.
The Topic of This Thread is SimpleWall Firewall. Let's Get Back On Topic, Otherwise Posts Will Be Removed!
It is true, but the only postings related to SimpleWall are those announcing a new version, nothing else.
The developer doesn't care to step in and answer various issues, so, we just initiated a conversation firewall related.
If you want to stick strictly to the topic, than you will have a dead forum
The Thread was/is Intended to Announce Any Updates, Changes and Discussions of This Particular Software. Yes, Strictly Sticking to That Topic is What We Want.
We Don't Want Personal Bashing of Other Members When They State Their SimpleWall Firewall Preferences.
Perhaps If The Thread Does Not Go Off Topic, the Developer Will Be Willing to Frequent the Thread More. And If The Thread Dies, So Be It.
Final Discussion of This Subject. Off Topic Posts Will Be Removed!
May I suggest @popescu that you heed JRViejo's words above.
Stick to comments about Simplewall only and especially don't make comments about a moderator's warning to you.
Consider this a final warning..a totally final warning.
The developer of Simplewall (SW) does respond to questions & issues (bug problems) at his site at GitHub. As of this instant, there are 95 open issues and 491 closed issues. It is evident that SW is being actively debugged & updated by its developer, henrypp.
An example of the developer (henrypp) answering a specific question aboout SW is HERE. You must register HERE in order to post on GitHub -- it's free & simple to do so.
There are some Wikis HERE that explain some (not all) aspects of how to use SW. The Wikis are somewhat out-of-date but still useful.
The latest SW is beta 3.2 --- it's now running very very smoothly on my laptop, under Shadow Defender. On the beta 3.2 page, there is a lengthy list of improvements & fixes made to SW by beta 3.2.
One of the improvements that I really like is the new rules editor. I found it to be quite user-friendly. I didn't write any permanent rules as yet. Instead, I tried out the editor with specimen rules for an hour or so to see how it works. It worked flawlessly and offered helpful suggestions at times. However, I didn't test if the rules worked or not -- I'm not skilled enough to develop meaningful tests. Hopefully, one of you will do a more thorough job than I am capable of doing.
I have installed it(the beta) on a Windows 10 Pro X64 (v1511/10586) machine, featuring an AMD AM1 X4CPU/Athlon5350, with 4Gigs of RAM.
I ve replaced the stable version with this 3.2 beta.
Before uninstallation of the current 3.1.2 i ve forgot to reallow the loopback though.This settings was left on even after removal, even if the filter was also removed during uninstallation.The loopback block was reported by the tinywall miniloging feature after removal. Yes, Tinywall 3.0.4 is installed also, for double checking.Nevertheless after the installation of the beta all things went to normal.Previous settings were also imported manually into the beta, but only the custom apps list and the custom user rules (a casual browser rule with allow Out to TCP ports:80,443) were kept.
1.The UAC skip doesnt seem to be working as the 3.1.2 did, i see the UAC nag screen at PC start/restart
2.The packet log window is nice, but opposed to the notepad older style, some info is not shown (registry info for the app for example)
The file path and other details are shown at hover over the log corresponding line
3.The new ruleset making is a little different.
Observations that may be of interest, regarding the way it works:
-if for an app we add a custom rule, intended and called Block All -that includes BLOCK Any Direction and Protocols-, then ALL DNS calls, as well as any other connection, are reported by the log page as Blocked
-if the app is in the Disabled Apps section, in Apps tab, DNS calls are passed over, via the general DNS rule.TCP connections seem to be blocked though.
So if you want a specific APP to be fully deprived of internet, a custom BLOCK Any Direction and Protocol could be created and added to the intended app-s.Attention! If no App is added to this ENABLED custom Block user rule, then this rule will apply to all apps, so you will not be able to connect to internet via Firefox for example, even if this one has the proper custom ruleset.If this rule is to be left unused disable it.
I have observed this behavior with some app exes in my list.One app was Readeonsettings.exe - a "disabled" app, that in the DIsabled Apps section is blocked to connect, by the build in firewall way of working, but allowed to do DNS calls , while simplewall.exe, for which i ve added a Block All custom rule, was not able to do any DNS calls or TCP connections.
Your app-s will be send to Disabled Apps section, if at a dialog, regarding an app you start or starts, you click on the Block choice.This will send the app to the DIsabled app crowd and notifications for it will also be disabled.
I have personally added a Custom Block Inbound Any General Rule (that applies to all apps), for no ill effects.Did the same with the 3.1.2.
If I've not misunderstood, you had SW 3.1.2 working on a standard user account without being UAC prompted on logging in. Is that correct? If that's a yes, what were your settings? I've never managed to get any version to run without a UAC prompt and request for the administrator password.
UAC is enabled. Disable autostart in SW settings. Create an elevated Windows Scheduler task for SW Autostart and there will be no UAC prompt. On the desktop, you can create a Windows Scheduler task shortcut to manually start the SW bypassing the UAC prompt.
simplewall v3.2.1 v3.2.2 Released (29 July 2020)
Spoiler: Changes v3.2.1
added Enable silent-mode when full screen app in foreground option
added error message for createprocess failure (issue #720)
highlighting valid connections in network tab
changed "Disabled apps" group title into "Apps without internet access"
skip uac warning does not worked (issue #724)
notification window localized in english only
revert ip version selection ipv4/ipv6 in rules editor (issue #723)
revert expand rules in tooltip (issue #723)
revert "recommended" tag (fix #719)
Separate names with a comma.