Which personal firewalls would you like to see tested ?

That's not because it's not your opinion that it's not logical.
I cease this endless discussion, and let other people to continue.

Have a nice day.

Regards,
gkweb.

 

Ohh... but this isn't only my opinion... this is the opinion of most people

 

gkweb,

did you know if Jetico will remain free?

Thanks

 

No, but they are discussing a lite version. see here below!


https://www.wilderssecurity.com/showthread.php?t=122810

 

Do you know if we can disable the inbound protection on Jetico?

 

Suppossedly if you rename bc_filter.sys in the system32 folder to change the filename(preferably the extension so it doens't load), it disables packet filtering. I had weird results with this though and Jetico wasn't doing anything, Steve Gibson's leaktest even got through? It was on a new install too, so I don't exactly trust this disabling method. There may be a better way, and if there is I am game

Just a warning, the configuration is a little weird at first but you get used to it. Wonder if anyone else has found a better way at disabling the Inbound filtering for us CHX-I users

Alphalutra1

 

Hi gkweb,

I'm not sure this example is pertinent in the case of Kerio, since all code injections blocked by Kerio simply show a popup about the event, without any allow/deny choice ...Then there's no question about the easy nature or not of this user choice : there's simply no choice at all.

That's why I did talk about DLL injection popup vs Kerio's "code injection blocked" popups : other firewalls will prompt the user for a decision (what can be difficult, as you stated), but Kerio only notify about it. The same goes for connection prompts, which can be sometimes hard to deal with.

One more time, I understand why you've made this choice in your testing criterias, if we take ie Jetico, it can let the process run (I mean the process injecting code in another) but can block its connections... when Kerio can't block it once the process is allowed to run (if we disable HIPS). Thus a better note in the tests. I can stand that

However I think the "hard way", which consists in blocking processes before their connections, is finally more safe, or at least the same, for the user, isn't it?

Cheers,
nicM

 

i most certainly doubt that gkweb would use default settings but i cant find any specific details on teh website.

 

Yeah, I believe he got a little sidetracked from my question, due to his ongoing debate with ekerazha....but I PM'd him, and he replied with the following:

"Yes I have tweaked the firewalls to their highest settings, every feature was enabled, everything maxed out. Global filtering rules removed if any, to be sure to be asked about any network activity.

Out of the box settings, generally and depending of the firewall, are weaker. Out of the box settings are generally purposefully not set to high to not ask too much popups to the user."

Thanks for bringing that up, though, Fuser...because others may have wanted to know the answer to that one as well.