Sygate + HIPS ??? + ???

Discussion in 'other firewalls' started by trdr, Mar 16, 2008.

Thread Status:
Not open for further replies.
  1. trdr

    trdr Registered Member

    Joined:
    Mar 15, 2008
    Posts:
    32
    Hi: I was surprised to discover there are still Sygate users so decided to stay with SPF
    used v 2808, was able to find both v 5.6.3408 and 5.5 Pro and installed Pro

    using: W2K Sp4 . IE 6 . MailWasher v 2 - free . (FreeRam: http://www.yourwaresolutions.com/)

    more than any other software, the firewall reveals how little I understand about the workings of
    the computer, firewall sw kind of demands one learns what's what or one just has to allow the
    sw to 'do its own thing'. I don't trust fw sw will do things correctly and something Sygate tells
    me other fw sw doesn't is 'do you want to allow . . . to access . . .' or 'xxx is trying to broadcast
    or communicate with . . . ' (can't remember the exact examples); using Sygate, first of all I get a
    notification and second, I can easily block what's being attempted

    found this SPF guide: http://www.kotiposti.net/string/SPF_eng/SPFGuide.html
    I setup Pro according to the guide and since doing it last night haven't had the 'such and such'
    attempts that usually happen immediately after a re-install or hd format — amazing
    (don't understand enough yet to try the 'More about rulemaking' )

    Q: what is the 'Sygate Proxy Server Defect' ?

    now I want to know what to do next

    I've got the free Avira av installed, at present unloaded, but I don't believe it to be 100% reliable,
    same for AVG, they're easily disabled and bypassed, especially by 'exe' type virus/trojans
    (PCTools sw is crap, some cause internet disconnections, bugs in Threatfire etc, etc)

    from other threads I've discovered 'HIPS'; some people are using standalone H programs and
    some are using for eg: Online Armor - HIPS only o_O but the free version of OA doesn't support
    anti-keylogging etc, so is of no use - -
    via tallemu.com: "Q. How strong is OA free's HIPS function? Do I need a second HIPS?
    A. The pure HIPS in OA Free is the same as in OA Full. There is no need for a second HIPS at
    all, and installing one could cause system instability."
    but: http://www.tallemu.com/comparisons.html - - if the Xs are not part of the OA HIPS - -
    Q: doesn't that mean extra protection is required ?

    there's obviously no definitive security solution and everyone makes different choices, but - -
    Q: are Sygate and a HIPS program sufficient protection, or is an antivirus program also needed,
    and which Free-if-possible HIPS program ?


    124 page SPF Pro user guide: http://desktop-sicherheit.de/pspf55_userguide.pdf
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Thats not completely true; OA free can block keyloggers that use hooks.
    Online Armor (paid) has the Mail and Web Shields. Whether you want/need those features is a personal preference.
    You can go without an antivirus but its not for everybody.

    AV or no AV
    Is antivirus really necessary?
    Do you use real-time AV?
    What kind of HIPS do you want? And why do you want HIPS?
     
  3. Dorn

    Dorn Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    34
    which version is newest and most strong firewall, sygate 5.6 or sygate PRO 5.5 ?
    thanks.
     
  4. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Sygate Pro.
     
  5. Dorn

    Dorn Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    34
    Ok Sygate Pro seem to be the best, then which is the latest version of Sygate Pro? and i mean the latest version ok?
    thnx.
     
  6. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    5.6.3408 was probably the last available version. This was a Beta but I believe it might have been about to be released when Sygate sold out to Norton. The Sygate log file was probably its best point. It allowed you to see with great effectiveness who & what were connecting out & in for that matter. I always has the feeling that this firewall was more of a commercial version for small offices than a firewall for individuals. There was great latitude in setting up rules for an application. This was relatively easy to do & users frequently did this. It became greatly popular among peer to peer users since block lists were relatively easy to import . The proxy defect was probably not a defect at all at the time Sygate was in development . But with modern P2P Proxy servers & Antiviruses that use local proxys it became a deal breaker for me. There are ways to control this with rules but it quickly could become a nightmare to do since you had to make sure that any app that ran a server was set to ASK & not Allow. If you did not do this any application that used a local proxy was effectively beyond the control of Sygate since it did not recognize Loopback connections 127.0.0.1 or Local Host. The result was if you gave an application permission to receive & send connections there was always the possib ly that some one would connect in for their own purposes. At the time of development Sygate did not have HIPS not many firewalls did but Sygate had a setting to enable DLL authentication if an application loaded a new dll it would advise you. I suspect that the very last version 5.6.3408 might have been a little better than the previous ones with the local host problem. A free HIPS like online armor might help with Sygate for leak protection but the local host problem is still there. That does not mean you should not use Sygate you decide.. I used Sygate for years & it was there for me many more times than it wasen't. Why not try PC Tools firewall plus & threatfire. I think that would allow great protection. I still think that everyone should have a good AntiVirus. If you don't want to buy one use AVAST.
     
  7. trdr

    trdr Registered Member

    Joined:
    Mar 15, 2008
    Posts:
    32
    WSFuser: "What kind of HIPS do you want? And why do you want HIPS?" - - only because of
    what I've read so far on the site and elsewhere, HIPS appears to be a more effective method of
    stopping virus/trojan/etc from getting on the computer; which HIPS I don't know, then there's
    Sandboxie which other people use . . .

    Woody777, thanks for explaining about the Proxy Server
    the exe virus: after a hd format the problem was still there, I found and installed PCTools av
    and it identified the virus; what I'd done was copied infected files to the new install; format and
    clean install, I tried Spyware Doctor which caused internet disconnections; while the PCT av
    did identify and remove the exe virus - 50 popups if I remember correctly, on the PCT forums
    there's so many problems with all PCT products that while Threatfire appears to be a good
    solution, it also has and creates problems
    I don't believe AVAST would be any better than AVG or AVIRA in that it/they don't stop exe
    and other viruses/trojans from getting on the computer, are disabled by them, hence the idea
    that HIPS is the better methodology to be using - in theory 'it' can't happen
     
  8. Dorn

    Dorn Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    34
    ohh i feel so bad about sygate, why did they sol out to Norton, it was a bad idéa..
    I hope someone will come out with an idéa to make an excellent firewall as sygate, with almost exactly protection and almost same GUI and everything.
     
  9. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    I FULLY agree.:D

    I'm sticking to Sygate, because it has the least problems (with no problems at all with utorrent) and a very understandable logfile. Especially when you use the SPF Log Viewer by SalB. :isay:
     
  10. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    I have been looking for a replacement for Sygate for years. So far nothing I can find exactly replaces it. Online Armor Pay might but it costs 39 dollars US.. Online Armor free might also but has limited port programibility. Comodo is complex in its present form. The last version before the 3.00 releases might actually work pretty well. But, it interferes with my FDISR program ( my own problem) One or the other had to go. LookNStop has no HIPS but otherwise is a great firewall. PCT Firewall worked ok for me but I did not like having to pair with Threatfire which everyone except me likes. ES secure might work for you but there is little support as its Chinese & I had problems uninstalling it (a potential for disaster). Webroot makes a branch of Private firewall available for free but it also has Dynamic security Agent which seemed to be confusing to me . At the present time I finally gave up & decided to put up with ZoneAlarm Pro it works better than any other for me. A lot of people just don't like it however for whatever reasons. Actually AVG free might be OK for Sygate since I don't think it uses a local proxy. The HIPS in online Armor might help a lot also if you uninstall the firewall portion before you install Sygate. Just make sure all P2P applications are always marked ASK. I would then disable with the advanced rules UDP ports 135-139. I would also disable ICMP or part of them with appropriate rules. I think ICMP 8 & 3 for sure. If you have a router that would help tremendously also. I am unsure if Avira free uses a local proxy . I should try Sygate OAL & Avira in a Virtual Machine & find out. I think I will now I have a project to fool around with today. I have found using the free Virtual Box Virtual System isolates your system from many problems but you do need an install disc for XP. Returnil free also would help as you can reboot & all traces of any malware you encountered will disappear. You do need a USB key or another partition to store data on if you want to keep applications. I would not install the virtual partition returnil offers to create as it doesn't always uninstall at least it did not for me.
     
  11. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    Good grief you know how to write ;)

    Yep, got some advanced rules with the one you mentioned. And some advices from Secunia are also in the advanced rules.

    Plus I block all incoming ICMP (advanced rules) tip http://www.optimizingpc.com/howtouse/firewallsygate.html
    and do not let any application use ICMP or act as a server in the application rules. y Except for utorrent.

    Some other advanced rules I make after looking at the traffic and see what is blocked and what should be allowed.

    Do you know if there is a special order in the advanced rules, like, from bottom to top
    or something?

    By the way... I'm trying ProSecurity free as backup.
     
    Last edited: Mar 17, 2008
  12. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    No there should be no priority in the order of the rules. I think they were all equally effective. I think I will make a new Snapshot in FDISR & uninstall ZA Pro & then I will try Sygate & Prosecurity free. I will use my NOD32 AV though which does use a a local proxy just to see if it works well. I absolutely have really missed Sygate lets see if we can cobble somthing together a new solution?
     
  13. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    Ok we''ll see and thanks.

    I have the AVAST 4.8 beta at the moment running nicely, with Webshield, Network Shield, P2P shield, Internet Mail and Standard Shield.

    Not using proxy in Firefox. Gives problems when I have to log in. I've just set ask for webscanner and FF in sygate. And not act as a server.

    Which version of sygate you got? I've the 5.6.3408 pro and working well.

    Edit:
    Avast beta caused a BSOD, dumped it. Now Avira free with write only all
     
    Last edited: Mar 17, 2008
  14. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    I use 5.6.3408. Version. Works well with anything so far. Pro Security does add a lot of security to Sygate. You should know whats going on thats for sure. I use this with NOD32. Sygate has to be just as good as their ESS firewall solution. No spam filter though so I use Thunderbird.
     
  15. trdr

    trdr Registered Member

    Joined:
    Mar 15, 2008
    Posts:
    32
    Woody777:
    what's the difference between 5.6.3408 and the Pro version ?
    what OS are you using ?

    I had a look at the ProSecurity screenshots and feel I need a doctorate in computer science
    in order to understand and use the software
    is there an 'easy' way to setup this sort of sw ? are OA hips and/or Threatfire any easier ?
     
  16. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    The 5.6.3408 that I use is a Beta of Soon to be released new Pro Version. Unfortunately , Sygate effectively went under & sold out to Norton before it ever was released. The free version effectively blocks out a few of the features but I really don't think that in effectiveness there was a great deal of difference. There are a few places you can still get this version but if you don't have Key for the ProVersion you might have some problems. If ProSecurity is a little baffling just start off with WinPatrol that might actually be enough HIPS for most people (I know its more a system monitor than HIPS). I just might get rid of ProSecurity myself if it annoys me too much.
     
  17. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    OK I got ProSecurity Free installed let it scan my entire Program partitiion left it in learning mode rebooted & took it out of learning mode it seems to be a very decent & competant application. I combined it with WinPatrol (supposed to now detect Keyloggers now) Now I feel This old Sygate firewall might have new life. By the way I use Windows XP Home & I love Threatfire but it interfered with my FDISR so it had to go.
     
  18. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    well I'm using EQsecure now.

    Very light. Good developements, like Alcyon's rules.

    Now I only have Sygate Pro 5.6 3408, Avira free (with some suggestions from Kees19580, Sandboxie and Eqsecure.

    And above all I LUA with SuRun.
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    I don't think you need any HIPS with the firewall...
    But that's just me...
    Mrk
     
  20. trdr

    trdr Registered Member

    Joined:
    Mar 15, 2008
    Posts:
    32
    my mistake, I thought it was SPF 5.5 Pro and just SPF 5.6 3408, but there
    doesn't appear to be any features differences between versions

    Woody777, my at-rest FreeRam amount is usually 272 of 392MB Ram available
    and after installing Threatfire it rose to 300 to 294, any ideas why the mem
    would increase ?
     
  21. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    Now I run the new 21112 OA hips only, instead of EQsecure, makes everything quite leakproof!! :thumb:

    EQsecure was a little too much for my taste.
     
  22. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Hey i think you have a clone of my computer.I too use w2000 sp4 with 392ram :p .Im also currently using sygate pro 5.6 .3408.Red jack has an archive site for all versions both free and pro of sygate .
    http://www.savefile.com/projects/1045215
    Personally i just use sygate with avast,and dont bother with hips.Im not sure whether freeramxp is actually of much benefit to you either on a w2k machine or newer machine....great for 98/se but just added baggage on a w2k system imo.
    ellison
     
  23. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    I am presently using Pro Security Free, Reg Mon, WinPatrol, & NOD32 latest release. The above uses about 235 mb ram. When I added SuperAntispyware it rose to 295 MB. I am guessing that whatever Spyware utility someone adds that the Spyware module interacts with the Antivirus & the ram rises upward. I am still not sure that I need SuperAntispyware I suppose I could add BOC & remove the SuperAntispyware.
     
  24. trdr

    trdr Registered Member

    Joined:
    Mar 15, 2008
    Posts:
    32
    hey ellison, don't know if Freeram is baggage but it allows me to see the load
    being drawn using various programs

    I wonder what and where people are surfing to need all the security they're
    using, I'm at the point where I've done so many formats it doesn't really phase
    me if I have to do another, were I to mirror this drive on an external it would
    only take minutes to re-install everything

    the virus I was hit with mentioned in #1 is Win32.Virut.Gen.4 - PCTools or
    W32/Virut.AT - - many variations; as said it blew thru Avira so uninstalled it
    and using PCTools av which coped with it. PCT av seems to use a bit more
    ram but based on its handling of Virut I've more confidence in it than Avira or
    Avast or AVG --- funny how they all begin with A eh ?

    I'm not going to install a hipps, based on what I've experienced security wise
    I don't think it adds any benefit
     
  25. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Well taskmanager does that though i guess its not as convienent as looking at the sys tray icon.When i said baggage i meant if you are actually using it to free up ram.W2000 handles memory much better than pre OS ,and i guess your physical ram would rarely go lower than 150 megs even with quite a few things open.I think im of the same opinion as yourself about hips.Im a safe surfer and think it can cause more problems than the worth of it ,in setting it up to work correctly,actually understanding what your doing with it ,and conflicts with other apps.Just my opinion of course .
    ellison
     
Thread Status:
Not open for further replies.