What really looknstop misses is ......

Discussion in 'LnS English Forum' started by valerino, Jan 20, 2005.

Thread Status:
Not open for further replies.
  1. valerino

    valerino Guest

    A little button on the log viewer, to pause logging. In this way you can check which port is blocked, in case an application needs you to open a port. Its a hell to look thru the really fast scrolling log..... a "save log as txt" would be ideal too :) Actually, i need to stop filtering, get back to the log viewer and browse thru the logs......

    For the rest, this fw really rocks!!!!!

    valerio
     
  2. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    It's probably the best software firewall on the market ... but i agree with you on the speedy logviewer.

    It needs to be more user friendly all around in my opinion ... especially on rule configuration. I don't want to become a Network engineer or computer programmer ... i just want to block a port or an IP :D
     
  3. Xyzzy

    Xyzzy Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    67
    Location:
    Poland
    1. You can save log to a file, see Options tab.

    2. An option not to display new log entries would be really nice! (= if you scroll log so that it does not display the newest entry, all displayed log items remain on the screen while new are added. To turn off, just scroll to the newest entry.)

    3. There are a lot of firewalls that can just block a port, and not much more. Some does not even allow that. If LnS is too complicated/advanced for you, you have two ways- learn or switch to another software. Dumbing down features because users lack basic knowledge is nonsense. There are proper products around for such people. LnS does not belong to them.

    X.
     
  4. Valerino

    Valerino Guest

    xyzzy, i agree completely.
    Btw, i meant a "save as txt" rightclick popup directly in the log viewer, i'm aware of the SaveLog in the option menu. I meant a "save on demand" button, to be clear :)

    Valerio
     
  5. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    XYZZY

    "There are a lot of firewalls that can just block a port, and not much more. Some does not even allow that. If LnS is too complicated/advanced for you, you have two ways- learn or switch to another software. Dumbing down features because users lack basic knowledge is nonsense."

    There are proper products around for such people
    Kind of on the rude side ...eh?

    Dumbing down the software? ... who said anything about that? If it's easier to use and keeps the same functionality then it's not dumbing anything down ... now is it XYZZY?
    L&S is only marginally better than Outpost or ZA ... and Outpost and ZA are alot more user friendly ... and they reflect that in sales.
    If L&S is serious about making money (and im sure they are) then they need to reach a more mainstream audience.

    When i said block a port or an IP , i should have clarified, i was referring to the ability to install this firewall on client's computers not my own. Im 37yrs old and work in an IT department at a local ISP and have probably forgotten more about networking than you will ever know ... L&S's configuration is far from the average users basic knowledge ... the average user doesn't hang out at the L&S forum day and night ... so lose the defensive attitude. Nobody is knocking your firewall.
     
    Last edited: Jan 21, 2005
  6. valerino

    valerino Guest

    Well.... my 2 cents in favor of lns, from a developer point of view (i do driver developing for a living). I've tested almost 99% of the firewalls around, included the most famous ZA, NIS, Outpost, Sygate,etc.... I've the bad habit (eheheh) to always check how they're written internally, su usually i disassemble their drivers and check how they're implementsd, which technique they use, etc....
    So..... you don't have the least idea how bad some fw are written, some use heavy undocumented and unstable stuff, like hooking TCP.SYS dispatch table directly without creating a proper filter driver for the TDI part (the application outgoing blocking features common to almost all nowadays personal firewalls), some hook NDIS doing what is known as "NDIS Hook Driver" (a technique highly discouraged by Microsoft, which is prone to break one day or another), some even crash if Driver Verifier is enabled (NIS, for example). LNS code instead seems very clean, and for what i analyzed it does the stuff in the documented good way (plain TDI filter + plain NDIS I/M without exotic hooks/patches/etc...).
    On the other part, it doesnt mean that all the other firewalls are ****. From my analysys, sygate and Tiny offers the most powerful engines speaking about "plain" firewall features, ZA and Outpost are a good balance, NIS is a total ****up, speaking of the most famous.
    But none (maybe Tiny) offer the functionality to completely customize the rules at packet level which LNS offer. Plus, LNS is really lightweigth compared to the others. Look at how slow are the GUI for NIS, or for McAfee, or for Tiny. Only Sygate have a really lightweight GUI, maybe comparable to LNS one.
    And finally, who ever needs all those dumb features like privacy control ? have you ever used it, really ? Believe me, you get better system performance installing a separate fw and av (a lightweigth one like NOD32 for example), than using one of that dumb all-in-one suites which needs a Pentium127321873921 just to run the GUI :)

    btw : i don't work for any of the companies mentioned, included lns .... its just my point of view :)

    valerio
     
  7. Pigitus

    Pigitus Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    97
    Location:
    USA
    Valerino,

    Thanks for your info. I thought Tiny seemed the most powerful in the personal fw category, but I am waiting for it to streamline itself. So for now I am going with LnS.

    But when it comes to those firewalls that JUST do network filtering (and no application filtering), what do you think of 8Signs (or its brother Visnetic) ?

    What do you think of the idea of pairing 8Signs with LnS by setting App filtering ON and Internet filtering OFF in lnS, so that 8Signs takes over the Internet Filtering function ? It looks like 8 Signs is + powerful for strict Internet filtering and offers better and clearer control for setting rules.
     
  8. Xyzzy

    Xyzzy Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    67
    Location:
    Poland
    Sorry, English is not my native language.

    Let's say LnS will be made user friendly= thinking a bit for the user. Then one day it appears it thought wrong- nothing strange, considering gazillion of different network environments. So an user, and then another, gets hacked ot trojaned, and, guess what, the word is spreading aroung that LnS is crap, it let my PC got infected...

    Outpost has not support for Fast User Switching (FUS is on the market for quite a few years) and ZA has 3 or 4 point history of corrupting data. No thanks.
    And sales... you know, it has nothing to do with the product and all to do with marketing... Really...

    Symantec did it. Look at its products... I wish LnS authors the best. And so i wish LnS.

    IMO LnS is not a proper firewall for "clients". I use LnS, but for my family I chosen either Windows firewall or ZoneAlarm. And carefully layered security features (starting from cutting throats of IExplorer and Outlook). Powerful tool in untrained hands is dangerous. You should now it.

    And about knowledge and stuff- really nothing to brag about...

    X.
     
  9. valerino

    valerino Guest

    >Valerino,

    >Thanks for your info. I thought Tiny seemed the most powerful in the >personal fw category, but I am waiting for it to streamline itself. So for now >I am going with LnS.

    >But when it comes to those firewalls that JUST do network filtering (and no >application filtering), what do you think of 8Signs (or its brother Visnetic) ?

    >What do you think of the idea of pairing 8Signs with LnS by setting App >filtering ON and Internet filtering OFF in lnS, so that 8Signs takes over the >Internet Filtering function ? It looks like 8 Signs is + powerful for strict >Internet filtering and offers better and clearer control for setting rules.

    Visnetic = Deerfield Firewall/Conseal, i presume ? U know, i've analyzed most of the current fws/suites on the market, but sometimes i can't remember the names, since many fws have different name but same engine (like sygate=panda, zonealarm=ezarmor,etc....). Anyway, if it's conseal firewall it is ligthweitght, provides NDIS (packet) filtering only, so no TDI layer. And as far as i remember, you can't set very specific packet rules like in LNS. The force of LNS at NDIS level is this, you can set very specific packet rules, like TCP flags and much more. No other commercial fw i know provide this. Conseal fw is a plain packet filter, it's good for protecting for inbound traffic, but for outbound traffic it's much more easy to have a TDI part which let you allow/block on application basis instead of port basis. If you tell me to choose among NIS and Conseal, of course Conseal is the choice... if you know which port to block/allow and you don't care of trusting/untrusting applications, it's a good fw. In the end, all NDIS fw works the same. They just get/send packets from/to the wire, and reject/accept them (pass/do not pass to the upper protocol layer) based on the port specified by the ruleset, so if you're able to make a functional ruleset you're ok. The "plus" feature of TDI part of most common fws is that you can choose which application can access the internet, so you have an immediate view of what happens, unless of course the application do tricky stuff, like talking to TCP driver directly .... but it can be done only via a driver, and i don't know of any spyware/trojan to do this at now. And, even in the latter case, a fw which have an NDIS module will catch the traffic anyway, if configured to block/log the ports it uses. No spywares/trojan i know bypass the NDIS level at now, since it's very complicated to do,even if a funky coder could be able to do it :)
    So well... as i said in my previous post, use a good antivirus (which is effective against spywares and trojans -> outbound traffic,you must run the infected app in some way), and a good firewall (sygate/conseal/lns would be my choices). Just, keep in mind that a firewall can't protect you from spywares and trojan, but only from exploits like sasser,blaster, etc.... On the other side, antivirus protects you from spywares/trojans but not from attacks like sasser,blaster,etc...
    Just, do not trust goodlooking-eyecandyfull suites. Always prefer plain stuff that do just their work and no more, without useless cpu consuming additions. And do not install 2 firewalls together (so no LNS-Conseal pair,ehehheh). They're redundant. I often see my customers installing NIS and ZoneAlarm, or NIS and Sygate, or MCAfee and ZoneAlarm... and they say their pc is running slow :)

    valerio
     
Thread Status:
Not open for further replies.