Sygate Pro 3311 / Ghostwall questions

I am using my PC hardware in a challenging manner and am running it hard (more details on this page: https://www.wilderssecurity.com/showthread.php?t=182518&page=4 )

Thanks to this excellent website (and not to forget the excellent moderators who have made it the succes that it must be) I am now revisiting my security / backup strategies and am attempting to improve my environment.

I started out using ZoneAlarm Pro in the days that NT came on 20 floppies and was running well on a PC with 32 Mb memory (after having moved from OS/2) and that 400Mb hard disks were about the maximum size you could buy. But then I had a software conflict betwen ZA and something else and moved to Sygate Pro. Sygate Pro disappeared when I moved to XP. (not recognised in XP).

Only a few days ago I discovered that there are versions 3311 and 3408. Downloaded both and installed 3311 and used my key to activate it. Works like a charm.

I noticed that when my machine is idle I keep on having this 2 ~ 4 % CPU utilization. With the XP SP2 firewall + Ghostwall it drops to 0% (meaning below 1%).

I consider myself an extreemly carefull internet user (only going to well known websites but even they can get hacked and infected)

I often have to rely on slow dial-up (sometimes not even making 33k) and do continiously CPU intensive calculations with extraordinary amounts of disk access. (Replaced my core duo with a core 2 duo CPU because the latter has a 4Mb L2 cache.)

I am paranoid about information going out without my knowledge (espionage).

Up to a few days I was quite charmed with the Ghostwall / XP SP2 firewall setup but wonder if the Sygate setup is better. It appears to offer all that I want (SIF, logging, one click traffic blocking, application control at the top of the list).

Have also been considering other products (both paid and unpaid) and those that I did look at all had something that did not fit my scheme of things: low internet latency, minimal disk access, low CPU utilisation (some went over the top when there was a constant datastream coming in). Others had conflicts etc.

Perhaps some of the experts under you may advise if I would be more "secure" having a firewall with outbound application control or if it is only a perceived improved security but in reality adding nothing at all?

Second question is: does Sygate present a high load when lots of data goes through? Sofar I have only been experimenting with this for a day but I need to make a new backup image if I decide to go that way (and cannot make changes during the week, no "try it out" here, can cost me dearly).

Third question: do I need to replace my firewall with something like Sygate or are there other solutions that may work better (saw something like Appdefend and Prosecurity but looking at the webs explanation of the latter it looks like it will introduce some latency. Don't know how much though.)

edit: forgot to mention that I am using Sandboxie. Used VMware in the past but the overhead is too high besides being "clunky" when browsing (getting market information).

Many thanks in advance for your input,
Leonardo

 

Sandboxie is good and you are lucky in being able to make your work PC secure.
I myself just run XP firewall behind a router at work.
I of course scanned my PC there with AntiVir, nothing found.

I have been thinking of installing Sandboxie there, but the PC is quite old with a limited resources in memory and old CPU too. So I rather keep it clean with safe usage, I hope. Sandboxie does not take any CPU, but it takes some memory, not much but still.

The programs I installed are TCPView and Process Explorer also to find out what it runs. They keep no CPU usage except when running them. And reveal something I perhaps need to uninstall, like realplayer thing I am considering.
And a lots more unnecessary things I am still not so sure I need to uninstall.
Going from the belief if it is not broken, try not to fix something.
I am not at the moment considering installing a software firewall or any hips software.
SpywareBlaster I installed too.

At home I want to have an outgoing connections controll firewall.
I have used Sygate with good experience for many years. Currently I run kerio 2 that is really light but it is rulebased, so it takes some, not a lot, attention to make the rules. Well I have used kerio 2 also for a few years. Plus it is kind of oldie but still goodie.
And there are other firewalls. Comodo takes about the same CPU as Sygate but a bit more memory so it is not heavy, but I never liked it much.

As for HIPS, I would not recommend you to install one at work and not to get in trouble with your boss, unless you are the one, lol.
At home I run Processguard free that is kind of old since it is not supported anymore, but it is one of the easier ones. Also I have Prevx2 that came to me as an offer reading this site, for a year, for interest to have my curiousity satisfied what is going in my PC.

But for my work puter, the only thing i might consider is Sandboxie.

Jarmo

 

Jarmo, tnx for the reply. Have not worked for a boss for 7 years so no problems with putting software on computer.

I agree on not changing what is not broken but I am slowly getting quite paranoid on information that goes out the computer, e.g. Micro$hit's WGA for XP and Office, running Avast antivirus and then discovering with Sygate that it send some information back to "home" every time I run it etc. I have nothing to fear there but I have other stuff that I developped myself and would loose it's "edge" if someone else got hold of it. Probably cost me over a million USD to develop it. And more and more brokers are using "web based" software which I do not like since I have no control over what the software transmits. May put some packet sniffer in place like wireshark which seems to be held in good esteem.

Since installing Sygate I notice how much the internet access has changed since I last had it installed (2002).

It is quite noisy at this moment when it is still "learning" but hopefully it will settle down soon. Only gripe that I have is that I cannot see in the start menu's "show all connections" the message if something is firewalled or not (like with the built in XP SP2 firewall) But I tested it on dial-up and it works fine.

Last year I had a play with Comodo before I discovered Ghostwall. Comodo and me did not go well together so it became abandonware.

L.

 

Avast uses a local proxy for HTTP scanning