Webroot (spysweeper) firewall now free

Hello Hairy Coo. Hey 19monty64 I thought you were going to install WDF? LOL. Here's something that may or may not change your mind. www.pcmag.com/article2/0,2704,2214210,00.asp
Not sure how trustworthy this review is though.

 

From that article, "As always, I tested the firewall's ability to hide a computer from attack by hackers. My very first port scan test showed that the critical computer port 135 was wide open, and a couple of less frequently used ports were closed but not stealthed." Doesn't bother me, as I'm behind a stealthed (&config'd) router. But this quote,

appeals to me because of the router controlling the inbound. Two things that bother me, are

which is why I gave the to Comodo 2.4. Second thing might be over-all ram-usage for a mostly outbound firewall. Now with the default settings, DSA is disabled and just how "weak" is it without DSA. I've already dLo'd WDF but I'm hesitating installing it because I was already disappointed once today, by the new alpha-Wubi. What a let-down...

 

Good find Wordward.

The only valid criticism I suppose is the testers problem with port scans and his lack of using any initiative.

Had he experimented a bit-turned on DSA and taken security settings to highest levels,plus disabling training mode,he wouldnt have had a problem.

This I guess is a weakness of WDF,where DSA is disabled by default,unlike Private Firewall.

Also there is no specific mention made in the help file about all this and the Webroot support response seems pretty weak.

I agree about DSA and popups,they can be quite irritating and it's obvious that as a HIPS,its clumsier than a more modern one like Threatfire.

The danger of leaving training mode on was pointed out by Lusher some time ago,its like playing Russian Roulette.

But then if its turned off early,the DSA noise drives you crazy.

What are your port scans indicating and your thoughts,Wordward?

 

I had tested my ports before with my router firewall off and received all stealth scores, but I have always had DSA enabled and both Internet Settings on high. Maybe I'll play around a little with DSA disabled, and then enabled but with the different Internet settings on medium and see. Also I wonder if it may depend on whether WDF is set on Home or Office. This is a little confusing to me because the Home setting stipulates to use it if your on a Home Network without a Firewall. While the Office setting stipulates to use it if your on an Office Network with a Firewall. So does this effect the protection level then?

 

"Home. Use this profile if you are using your computer at home or in a home-networked environment and there is no other firewall protection"

It means without ANOTHER firewall-Home is the way to go!

 

I know HC, but I do have a router firewall. I'm on a wireless PC and have another one that's not. so in theory it's like being in an office environment with a firewall right? Am I making this harder than it is? LOL. I see by your sigs that you're still using Avira. I thought you were going to go back to AVG? I did, but I really liked Avira.

 

You are quite right,Woodward,I forgot about the router Firewall.

Do you think you need a software firewall at all?Probably not!

Maybe just Threatfire,which is the least intrusive of the HIPS.

If you're gonna keep WDF,then as you say go for the office setting-who knows what that setting does,but possibly disables everything except DSA,leaving you with only the hardware firewall active.
Even this doesnt make a lot of sense,as DSA is almost a complete firewall in itself.

Avira atm is behaving,so I'll leave it for a while

 

Good to here from you Hairy Coo. I do know I don't really need a software firewall because of the SPI firewall that my router has. It's just the feeling of "why not" when programs like OA Free and WDF have HIPS and run better than some paid firewalls. (I won't mention them though. LOL. ) That's why I keep considering going back to OA Free. It offers a powerful yet basic firewall, and as unobtrusive as WDF is, it still has pop ups even after it's been running for awhile while OA Free doesn't. All right enough obsessing between the two as I know it drives you crazy. LOL. I may install Avira again though. LOL. See ya HC.

 

Good Buddy-you are making me dizzy with all the changes

 

Office setting is just so you can have multiple configurations, say for a laptop. It was previously stated WDF "could" be used with another firewall, so with a router there is no need to change from home to office setting. Just for clarification, by default DSA is off, because it is the optional HIPS-component of WDF. Not picking on you Hairy Coo, just clarifying. lol Since this is an upgraded version of DSA, I will enable it to see if it still has the "remembering" issues that I had with it before. So far, one reboot and it still remembers to block the Windows.exes that I set it to block, unneeded services-nothing vital. So far, Webby is using more ram (27MB) than I'm used to, but no difference in browsing-speed or opening of apps, and the logging is good too. Left ThreatFire on to see how well it plays with Webby. So far so good!

 

Thanks for the clarification Monty-makes sense.

edit-didnt know WDF could be used with another firewall-useful!

 

Hairy Coo, do you still have ThreatFire installed with WDF Any issues between the two so far

 

None at all,Monty-whilst using it,but have uninstalled it-why have two HIPS?
Always found TF problem free,not intrusive and doesnt slow down the works.

Also your experiences with WDF would be appreciated

 

TF monitors for "malware-like" activities and DSA does the same, except it "learns" what the users does and monitors any changes made. Those changes may not be malicious, but they may be changes made by other users that can be blocked. Very handy for protecting the pc when my teens are on it! Basically, TF protects the pc from malware and DSA protects the pc from the user. lol

 

OK here's a question from a Noob

How does one configure this firewall to ASK when an application wants to connect to internet.

There are some programs which search for updates in the background or check something. It was easy with sygate because it always asked you what to do when an new application (or an application used by another application) tried to connect.

At this moment I have sygate and webroot working side by side with no issues.

It still concerned me that with webroot the ports 1028 and 1029 were closed and not stealthed (speedguide.net). With sygate (or the windows FW) they were stealthed.

I do not have a router, only a modem (chello). Windows XP home.

Regards, Yoda1953

 

If you end training-mode, and remove the firewall-rules for the app. that you want to "ask", when the firewall prompts you about this program, make sure the "Always ask me about this program" checkbox is selected.

 

Thank you, that worked. So I had to look in the DSA section !!

I was looking at the firewall rules and got somewhat discouraged.

Later edit: And what about the closed and not stealthed ports?

 

The advanced rules for this app. are not as apparent as some FW's. I thought the answer was obvious 'til I tried to enable the "ask me" rule for myself. The "stealth-issue" is the next one to figure out....

 

I don't get it. The speedguide test now shows all stealth. I tried grc and it showed all stealth too.

The only thing I did was to startup the windows FW services name Alg (alg.exe) and SharedAccess (an svchost). I had these deactivated with sygate.

Curious.

 

Where is "shared access" Is that setting in the XP-firewall

 

Its the name of the other service to be started for windows FW.

Windows Firewall WF, ICS, SharedAccess is svchost.exe -k netsvcs. It says so in Codestuff Starter in the Services tab. But there are a lot of svchost.exe -k netsvcs 's

Regards,

 

Monty-Are you having stealth issues-I dont think anyone else is if all the settings are correct

From previous post;

"Set Internet, Network security and Process Monitor to High and enable the three settings under File-Advanced settings"

Should do it,plus disable training mode if necessary.

EDIT;

"I had tested my ports before with my router firewall off and received all stealth scores, but I have always had DSA enabled and both Internet Settings on high." (Wordward)

 

Hi Hairy Coo.

Can I ask you a question?

In other post you said:

"All the ones I've tried (NetVeda,ZA,Filesclab,Sygate,Comodo,Webroot ,PC Tools ,OA,Kerio)-didnt have an appreciable performance difference-but then I didnt take out the stopwatch."

Can you tell me how you see Webroot in comparison to ZA (now I am testing this free offer ZA Antispy) and Pc Tools and OA?

I am talking about security level. OA is not working for me, totally useless for p2p, eMule. So it maybe between these 3 - ZA, Pc Tools and WDF.

I did not test Pc Tools but WDF and ZA work very good for me, they have some sort of HIPS (DSA and OS Firewall). PC Tolls maybe with Threatfire will be something similar in some way. But how about real security how good is inbound protection and then how will be outbound as second matter (Pc Tools with Threatfire to make it more even to ZA and WDF)?

Also can you tell me how you feel about Avira I just switch to Avira AV free after many years with NOD32 and I am very please so far, what I will miss to NOD32 if I stay with Avira? (so far I know she is so light and fast and magnificient detection that what I know already, and do not scan mails like NOD but then new NOD test only incoming in my tests so... and 3 times more memory then Avira).

 

Well,if I wasnt using WDF,would definitely use ZA with anti-spy.

Cant really give an objective reply about security levels,except if you read reviews,both score highly.

With ZA,you are getting anti-spyware thrown and I couldnt detect any performance hit at all-its a quality product.

Regarding Avira,its supposed to be one of the best freebies,but I've had some problems-false positives and pausing scans when it comes across some possible malware,instead of just dealing with it,which can be a pain when you come back an hour later and the scan has hardly started.

May revert to AVG.

 

Hey HC, why not give Avast a try? I have it installed now and like it. I only use 4 of the Shields. Web, Standard, IM, and Network, and it runs very well. feniks. I have used WDF with DSA, and am now using ZA Antispyware with Threatfire. I like this combo better personally. Just seems easier to use because of how ZA and TF is layed out. As far as which would be more protective. From what I have read recently I now believe ZA AS with TF may have the edge. Take care all.