What about CoreForce?

Discussion in 'other anti-malware software' started by aigle, Aug 11, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Never read much abut this software here. It seems to be very strong and highly configurable. I wonder if anyone is using it here.

    Thanks
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I tried it a couple of years ago but found it hard to understand, but I guess much has happened since then. If my memory serves me right it reminded me a bit about Jetico firewall, when making rules. I am sure it is really good once you know how to configure it.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Seems it has a ot of configurations to make. Unfortunately it has not many users I think.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I tried it. Works great, but the rulesset is kind of labour intensive to set up. I dropped it in favour of EQSecure, because I am not into software firewalls (being behind a hardware router). Your are deep into EQS. So I do not see a reason for you to try (only for fun).

    Regards Kees
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    A general truth that has only VERY rare exceptions -- *With great power comes great complexity.*

    IMO, CoreForce is potentially THE most powerful HIPS+Firewall combo now available. Unfortunately, it is also very complex, somewhat unstable, & rather questionable in terms of further development (no updates since October 17, 2006).

    If someone truly masters CF, even in its present status, that person is truly a guru among gurus.

    P.S. -- That someone is NOT me.:doubt: o_O :gack: :blink: :doubt:
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I have to agree with Bellgamin for the most part. It's a nice project in theory, but still rough around the edges to some extent from what I hear. I did try it some time ago in earlier versions and it was interesting but unpolished. It reminds me somewhat of what Tiny Firewall was trying to do, seemed like a similar effort perhaps. But anything that complex will no doubt always have it's problems... probably best to move on to something simpler yet equally effective, or more likely, several separate apps to accomplish the same thing.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I agree with u!
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Well said!
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    If the proponents of CoreForce ever do resume active development, I believe that it fully deserves active support & testing by the gurus here at Wilders, of which some of them are active in this topic thread.

    P.S. I am not one of them there gurus. For example -- I replaced the light bulb inside my refrigerator last week. Now, every time I flush the toilet, my refrigerator defrosts. :p
     
  10. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello. :)

    Unfortunately, I have to agree with this. I couldn't browse with Coreforce installed. Neither of my browsers wanted to open o_O No process for browser in Task Manager, no nothing. I tried to reinstall it a few times, but to no avail. A conflict, I presume. However, I managed to create rules for some server applications, so I used Coreforce on my test box with P2P for a while. That worked OK, although occasional CPU spikes occured. But that was in february (when I joined Wilders), so I really don't remember the details. I hesitate to try this version again due to obvious reasons above, but I would certainly give a new one a spin if it ever arises.

    LOL. Maybe you're not, but if I ever need a HIPS advice, I would like to see your reply for sure.

    Cheers.
     
  11. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Bellgamin: Don't you Know that when the Light Bulb wears you need a NEW REEFER. Thanks for telling me about Core Force.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    One of the problems is the policies in use for system, and the browser in use (and the policy in place for the browser.)

    A simple example, installing coreforce onto XP with Firefox. The installation will default to Medium-low security, which is OK for a clean system, but allows far to much freedom for internet access. For firefox, a policy for this can be loaded, but even then (on medium-low security) firefox will be blocked from access to the windows/system32 files for read events, and blocked from some needed write events to registry (so firefox will not connect out). It is quite easy to check on what as been blocked, and rules can be made from the logs to allow this needed access.
    If we look at the launch control for firefox, we see that it is known and the policy is in place:-
    Capture31-08-2006-11.44.1812-08-2007-13.53.35.jpg

    But if we start firefox, no internet connection is allowed, we then need to check the activity monitor and create needed rules:-

    Capture31-08-2006-11.44.1812-08-2007-13.52.05.jpg

    To create a rule, just right click an entry, then set permission.

    Capture31-08-2006-11.44.1812-08-2007-14.14.04.jpg

    There is a "Learning" mode that can be used to create policies. But when I used coreforce, I prefered to create my own policy via popups (a policy can be created so the user is asked for each event), this is time consuming, but I did learn a lot from this (File/registry activity/access by programs)
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Stem, that,s a lot of work. I prefer a pre-coded policy based sandbox( GesWall, DefenceWall) than all this lot of work.

    I think they should have added a default set of policies with a balance of security and usability.
    Comodo version 3 will be a bit similar in features but I expect it to be better and easier to use.
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I can certainly understand that.
    There is a repository of user built policies that can be used (and downloaded when creating a policy for any known application) Samples

    I have not used coreforce for quite a while (since last release), as I have been awaiting a further update, as there are still some outstanding issues.
     
  15. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello Stem,

    when I tried Coreforce, 6 months ago, my knowledge on firewalls was very limited, so I haven't really tried hard enough :doubt: It is a little better now (knowledge), so I think I'll take a closer look in Coreforce. (when I find some time)

    Thanks for the encouragement :)
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Stem, for sharing ur knowledge and the screenshots.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Seer,
    The best direction (IMHO) is to install Coreforce onto a VM (or at the minimal, a PC you do not need for day to day use), so time can be taken to look into how Coreforce works. The problem can be, that Coreforce is not just a firewall, but a full system security application, but, if you take time to look, you will see the approuch is really quite simple, as the protection is based of rules to allow/deny~ Reading/writing, creation/execution etc. of files / registry. But when these rules are in place, they can/do make a powerful sandbox.

    If you do decide to take another look, install onto VM (As I mentioned), I have myself, installed onto Virtualbox (with no apparent conflicts), I will leave this installed, then if I can help, I will.

    I am going to start/create my own policy for firefox (to see if I can fully remember the correct direction I took when making policies the last time I used Coreforce)
     
  18. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello again Stem :)

    That's exactly what I did, I have an old laptop I use for testing, so I installed Coreforce there :) What was strange to me is that torrent clients worked normally, I created the server rules out of logs (just as you suggested), but the browser (IE6) didn't want to open (not the pages, but the process itself was nowhere to be found when I clicked on IE shortcut).

    Anyway, as I said, I will reinstall Coreforce soon. If I have any questions, I'll start a thread here (maybe in the "other firewalls"), as I know I can count on your (and other members') help here.

    Cheers :)
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Seer,
    I have never used IE with Coreforce, so I never looked at the policy for IE within Coreforce. I did allow the loading of the IE policy when I installed Coreforce onto VM,... from my own forced policy (ask), when I did run IE, I was only given a popup for IE to access "Index.dat", then IE attempted outbound connections. So it looks like the IE policy as been updated.

    Post questions to the relavent forum (I am unsure of the correct forum to post, it would depend on the question~ firewall rules?,.. HIPS rules?), Please give me a PM when you do post (any forum) concerning Coreforce, so I do not miss the post/thread.
     
  20. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Will do so Stem. Next weekend perhaps, have a lot of work to do during the next week. BTW, I had some "routing issues" from my ISP to Coreforce site (if you remember the topic here, 6 months ago), and I'm still with the same ISP, so if the forum is on their servers I may even have a hard time accessing it. We'll see...

    Regards :) ,
     
Loading...
Thread Status:
Not open for further replies.