Which firewall is the best at controlling outbound

Discussion in 'other firewalls' started by fatpizzaman, Apr 15, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Which firewall is the best at controlling outb

    ROFL!   :D
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Re: Which firewall is the best at controlling outb

    Man this guy gets funnier and funnier every day! I spilled my d@mn beer on that one :) I was thinkin along the same lines, but could never have wrapped it up in such a concise manor.

    wordpad he says...~shakes head~...wordpad...
     
  3. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Re: Which firewall is the best at controlling outb

    No, DOS came from Seattle Computing, I believe.

    Peter Norton (the person) may be older than you, but I can't offhand recall any commercial products from him prior to MS-DOS (i.e., CP/M, TRS-DOS days).
     
  4. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Re: Which firewall is the best at controlling outb

    Rent "The Pirates of Silicon Valley"

    great show about a young Billy Gates and Steve Jobs as they feud and get rich.
     
  5. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Re: Which firewall is the best at controlling outb

    Well (biased commentary follows  :D ), as a NIS/NPF user since NIS 1.0, I think we should realize that, to this day, the AtGuard firewall engine remains the basis of the NIS/NPF firewall.  Yes, they made a complete botch of the User Interface; they removed the Dashboard (which is far superior to the NIS Console -- and may reappear, with luck; indeed, it was still possible to activate the Dashboard up through NIS/NPF 2.5 -- pre-leaktest, at least).  NIS 3.0 and 4.0 further screwed things up with the 'improved' Rules Configuration and Editing interface.  (But, again, there's actually a registry hack to restore the old AtGuard Rules Editor -- until you get to NIS 4.5 where the registry has now been encrypted.)  

    There's also a lot of talk about 'bloat', but most of the so-called bloat (as I documented on the old Unofficial AtGuard Users' Forum, regarding NIS 1.0) is actually the provision of functionality that was not in the original product.  There's something like 8 MB of the manual online as a PDF.  There's a set of templates for rules for common applications (which, for the uninitiated, are far better than having to start from scratch, and can still be further customized).  There are OS-customized versions of the firewall for various OSs (which weren't present in AtGuard).  And then, there's something like 10 MBs of Parental Control URLs (user-selectable) to keep your kids from going to where you don't want them to go.  (I don't recall how big the initial load with NIS 1.0 was, but I know that with NIS 3.0, the upgrades now come to something like 10 MB for this function alone!) I also don't remember any sort of update utility in AtGuard, for all of the above, which Symantec provides in LiveUpdate (a shared utility that also handles other Symantec applications that may be installed on the system).  You may not like User Accounts; I do -- and use them, because I now have several people using this box who are all too willing to simply turn off the firewall when it starts screwing with their short-term interests.

    Symantec took the product and tried to make it into a firewall for the novice (which AtGuard never was).  I know that and Symantec will even acknowledge it as having been their marketing strategy.  What I specifically regret was the simultaneous decision to thereby make it a PITA for the advanced users to customize that had always been so loyal to AtGuard.  To my mind, this strategy was completely unnecessary and ultimately self-defeating.  Symantec completely alienated most of the people who would have otherwise traded up to it and effectively had to build a new market from scratch (at which, they apparently have now become quite successful).

    As far as I can tell, there's only one part of AtGuard functionality missing from NIS/NPF -- that's the ability to set timelines on when the rules are active and when they aren't.

    As for your other statements, to me, Stealth remains a solution to a non-existent problem and may well create problems as some cable users found during last year's Code Red and Nimda outbreaks.  I always found the degree of application control and protection available in AtGuard perfectly understandable; indeed, I could never understand how anyone could consider it as being anything other than it actually was -- certainly not an experienced AtGuard user.  If you wanted more, then you either used Albert's NISCRC or NIS File Check (both of which go far beyond the protection provided by any of the MD5 or SHA1-checking firewalls, even to this day.  Incidentally, where's the masquerading exploit that executable file authentication is supposed to be protecting against?  I've been asking for almost two years now, and it seems no one can identify a single exploit that's ever used this 'vulnerability'?  As for 'leak control', there isn't and ain't ever going to be any 'leak control' or protection against DLL insertion on the Win 98/ME operating systems; for the most part, the solution on Win NT/2K/XP systems has been known for years -- it's an operating system issue, not a firewall issue.

    To me, Tiny/Kerio represent the most obvious AtGuard clone so far.  (And they lack some of its functionality also, but extend its coverage in other ways.)  I can't see many AtGuard users opting for Sygate -- to me that's currently more like a next-generation ZA/ZAP product.  I can't really speak to Outpost or Look and Stop and won't pretend that I can.

    My bottom line?  If you've got an authenticated copy of AtGuard 3.22.xx that works on your operating system, well, hell, use it!  Unfortunately, it doesn't work well on Win ME and there's no logging on Win XP (though it appears that it does work); I myself could not use a firewall comfortably with no logging.

    End of rant.  ;) Peace.

    Addendum #1  I forgot to mention that NIS (as opposed to NPF) also included a full-fledged copy of Norton Anti-Virus (NAV).  That contributed significantly to the download, also.  I've made some clean-up in the preceding comments to correct stuff I was writing off the top of me head, also.
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: Which firewall is the best at controlling outb

    I have seen worse rants, Joseph!  ;) IMHO you made some very valid points here.

    regards.

    paul
     
  7. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Re: Which firewall is the best at controlling outb

    Paul,

    Sorry for possibly getting a bit carried away there.  ;)  I really wish that @guard would restore the initial archives of the various parts of the Unofficial AtGuard Users Forum as it migrated from one host to another.  If he'd do that, then I could simply reference my initial posting and let it go at that.  There seems to be a problem with the current host which I suspect is contributing to this problem, but I do really miss not being able to simply hyperlink to previous postings I've made on this subject.
     
  8. FanJ

    FanJ Guest

    Re: Which firewall is the best at controlling outb

    Joseph, thanks very much for your comments !!!

    I know that you know a lot about AtGuard/NIS/NPF.
    And I appreciate it very much that you wrote about it.

    Cheers, Jan (user of NIS1.0 Dutch and the old DashBoard).
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.