Webroot (spysweeper) firewall now free

It looks like we have another free firewall. IIRC this firewall had some pretty horrid reviews a year or two back. Does anyone know about the present version?

http://www.webroot.com/consumer/pro...nks-DF&WRSID=49eafde8b82369bfb0b7120f063f2da6


features-

http://www.webroot.com/consumer/products/desktopfirewall/features.html

 

It's free and Vista compatible, however, it doesn’t allow you to choose individual port settings.

 

Looks very much like a DSA clone to me, only with more firewall settings available.

 

Its a rebrand of private firewall. If i remember correctly private firewall did quite well in regards to leaktests and stuff. Just trying it out now, currently using about 25mb of ram, it did add a bit of a delay to my system startup but its tolerable.

 

Actually it does allow port selection.You must go to the application tab,click on the process you want,customize and then you can modify the rules:

http://img149.imageshack.us/img149/8853/savewk3.png

One bad thing is that new programs get automatically new rules and incoming connections are automatically allowed unless you go the above screen and deselect it.

I find it extremely confusing in the way it makes the rules.I wish i was asked for each application instead of giving its own rules and me then having to edit them one by one to correct them.

I also feel it a bit sluggish in browsing.The installation was very weird too,i was getting many empty windows with a "!" sign and i couldn't understand what was wrong.Somehow they disappeared later.

 

I decided to uninstall it.After several hours of normal operation,out of the blue i got a BSOD caused by pfwip6.sys or something.It must be the firewall's driver,since the name is similar to DSA's driver.

Overall i 'd take many free firewalls over this one.

 

Hi, good news. The webroot looks like a serious company and your products are great about security with a good support team. Best Regards.

 

Greetings,

Firstly,what a great Forum,nice to read intelligent,expert comments

As regards Webroot,its definitely a modified version of PrivateFirewall,possibly of the current version.
It was double checked against the original and the attarctive GUI ,operations and popups are the basically the same,except for the HIPS popups.

The firewall recorded a perfect ports stealth score,except for the dreaded Gibson ping test.
There are no problems installing or running at all and it did not seem to slow the performance whatsoever.
The memory footprint is around 25000k-but what the heck-2gb of memory is common nowadays surely.
Stateful Packet Insepctions are performed and to my average only level of expertise,it seemed to be quite capable of rule making.

The surprising aspect is the low level of popups,especially as in PrivateFirewall,DSA is continuously triggering them to an annoying level for me.
DSA triggers a false positive virus warning with AVG,but this does not occur with Webroot.

Accordingly,after failing the basic Gibson leaktest,it looks to me as if DSA has been omitted or modified in WebRoot.
However WebRoot works fine with Threatfire which also seems effective against leaks.
It will not work with DA installed alone,some conflict occurs.

In my opinion, this combination of Webroot and TF would make a capable security combination for the intermediate user who like to set and forget.

Definitely worth a try!

 

I wonder if a person could just add DSA?

 

My sentence above is corrected;

"It will not work with DSA installed additionally,some conflict occurs"

edit;

Just carried out the accessible leaktests from http://www.firewallleaktester.com/.

TF and WebRoot with AVG antivirus stopped about 75%.

The memory usage is in fact about 30000k's

 

Well, seeing as DSA is a stripped down version of private firewall there would be no point running it alongside webroot firewall imo.

 

IIRC DSA and PrivateFirewall each have some features not found in the other. I don't believe DSA is a lesser-included of PrivateFirewall.

 

From what i remember i thought DSA was basically private firewall with some advanced options removed. I'll have to search for the old DSA thread to see exactly what the developer said.

 

Which feature are you talking about? there might be one very minor feature that is in DSA not in privatefirewall, but most probably it is there, but i just couldn't find it.

 

I thought that the DSA component was more responsible for System and Email anomaly detection-Process detection settings and Application security settings,whilst the other firewall functions looked after most of the internet side.

My point about Webroot was that even though its obviously a customised Privatefirewall and has a HIPS function,the Webroot HIPS is different to the original DSA ,either as a stand alone or as incorporated in PrivateFirewall.
It seems weaker.

Could just be a modified DSA component resulting in less popups to appeal to a broader market and the less technically minded person.?

I tried running the stand alone DSA in conjunction with Webroot,to overcome this difference,but its not possible.

Thanks to acr1965 for finding this,which is running flawlessly for me, as an intermediate level user.

 

30MB memory usage is too much, it should be below 10mb, 15mb at highest.

 

As far as I can tell, every feature that is in DSA is in Privatefirewall , most of the original DSA functions is controlled at the "process monitor" section. It also has the email annomaly and system annomaly thingie.

There is a slight concession to user friendliness, in that the "process monitor" has 3 settings, high, medium and off.

According to the help file, "medium" only monitors api calls for processes listed in webroot desktop, while "high" monitors everyt process (which is default in DSA i think). While "off" well turns it all off.

I haven't tested this throughly, but I don't see anything different when choosing between "medium" and "high", or I probably don't understand how they are supposed to work.

The defaults for iexplore.exe, explorer.exe etc do seem to be designed to be pretty quiet, but you can set everything back to "Ask" and get the same old noisy DSA that some of us know...

 

Is there any SPI functionality in this one (SPI = Stateful Packet Inspection)?

 

Click the first link in post #1 and then go to Features and Benefits. You'll see that it has SPI under the Advance Packet Filtering feature. hope this helps.

 

DSA does have SPI, according to this post by Privacyware Product Manager here, so, surely this firewall based on PrivateFirewall must have SPI also.

 

The webroot version uses a new version of the PWIPF driver (version 6) while DSA uses version 5. They use different registry keys as well. I guess we can expect a new official version of PF soon, and hopefully DSA as well.

Nice name.

 

Would you mind explaining this-does this mean Webroot contains a revised,improved DSA component or similar,which should be as effective as the previous version

Yes they are my favorite bovine.

 

The driver used by Webroot is version 6 which is updated from the current version 5.x used by PrivateFirewall and DSA. The rep from PWI mentioned in another thread that there will be a new version of PF in a couple weeks.

Webroot firewall doesn't contain the HIPS features of DSA/PF so if that's important stick to DSA.

 

Hairy Coo: maybe this post will help.

 

Thanks,thats what I felt-but it does seem to have a HIPS capability-all very wierd