Zone Alarm clone?

Discussion in 'other firewalls' started by ccsito, Oct 4, 2006.

Thread Status:
Not open for further replies.
  1. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have not seen this version. I am currently downloading,.. but the feed is very slow (1 kb) so it will be a couple of hours. I will install tomorrow to have a play (if the download completes).

    EDIT:
    After an hour, and just about a 3rd of the download, I am getting errors of file cannot be read at source. I think they may have server problems, as even thier webpage (omniquad.com) is loading very very slowly.
     
    Last edited: Oct 4, 2006
  3. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I also had the same slow download problem on the company website. It seems to be much faster today though. The one odd thing that I did notice is that the program version number on Softpedia.com (2.0.3) seems to be higher than that on Download.com and Omniquad.com (1.4.92)? Some sites still listed the 1.1 version. Not sure if this is similar to the Safezone (Minute Group) version conflicts.

    http://www.omniquad.com/downloads.htm (the version listed is 1.4.92 and the name of the file is TSfirewall.zip)

    http://www.omniquad.com/tsfirewall.htm (no version number listed and the name of the file is tsfirewall.zip) note the lower case letters.

    http://www.simtel.net/product.download.mirrors.php?id=71426 (version 1.1 listed and the name of the file is opfsetup.zip)

    http://www.addict3d.org/index.php?page=downloadfile&ID=68 (version 2.0.3 listed and the name of the file is firewall.zip)

    http://www.softpedia.com/progDownload/Omniquad-Personal-Firewall-Download-5718.html (version 2.0.3 listed and name of the file is firewall.zip)

    Hope this wasn't too confusing. o_O
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Omniquad Total Security:- Version : 2.0.3
    Firewall (Internal version 1.4.92):

    The Firewall.zip from "softpedia" (which links to omni) contains TSFirewall.exe

    I have downloaded, and will install to have a play:
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I installed,.. it is a basic application firewall.

    There are no changes made to the LSP, and no low level system hooks made, so there should be no conflicts as such with AV`s or HIPS programs.
     

    Attached Files:

    • 01.gif
      01.gif
      File size:
      83.3 KB
      Views:
      695
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The firewall settings,..
     

    Attached Files:

    • 03.gif
      03.gif
      File size:
      90.8 KB
      Views:
      691
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Program main settings:-
     

    Attached Files:

    • 02.gif
      02.gif
      File size:
      71.8 KB
      Views:
      690
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Program settings,.. there are the options to "Block", "allow as client(outbound only)" or "allow as server(inbound/outbound)":-
     

    Attached Files:

    • 04.gif
      04.gif
      File size:
      87.6 KB
      Views:
      688
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Logging,...
    You will see from the log,. I ran leakest 1.2, first to check on new program access,.. I then re-named the leaktest to firefox, (to run the test correctly), the firewall did intercept this.
    There is no checksum made on applications, so if the application is changed or replaced, then the firewall will not know this, and still allow access.
     

    Attached Files:

    • 05.gif
      05.gif
      File size:
      94 KB
      Views:
      692
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The firewall did make a global keyboard/mouse hook on my startup of firefox, and this caused a delay of the start of firefox , but I saw no slowdown in "surfing"
    The firewall also attemped an update, but informed me of this (to block or allow), and the popup informed me of where to change the settings to stop this auto updating, once changed, no more attempts where made.

    Edit:
    The "Myprivacy",.. "Antispy",.. "Anonsurf" are addons,.. which need to be downloaded separately,.. this I did not do, as I was just checking out the firewall.

    .
     
    Last edited: Oct 5, 2006
  11. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Thanks for the program review, Stem. :thumb:
    I have several questions. Since the program's authors are based on your "home turf", how authentic is the company claim with regard to the client list on the about page?
    http://www.omniquad.com/about.htm

    I noticed on your first screen shot that a message is showing that the firewall trial period has expired? Did you get any kind of access problem after the message appeared? Not sure if this means that you cannot use it after a certain period? Their own website indicated that there was a free and professional version. Not sure if it was related to the Total Security Suite which has the six separate components?

    Can you determine the resource load of the program (CPU/Memory)?

    Were all the ports stealthed?
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi ccsito,

    The message showing "expired" was there from installation, (this is the first time that this firewall as been installed on this PC/OS), but no access problems. (this must be the free version)

    I myself do not know "omniquad" (well, I dont remember them), I will have a dig for info later,.... and make the other checks you have requested.

    Stem
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I Installed onto XP, with not good results. I had problems with connection speeds,.. and the behaviour of the firewall was somewhat different, as on this install I did notice that OPFSVC.exe was listening on port (TCP) 5578, and TSFrWal.exe was listening for UDP on random ports 1026-1040 and making DNS lookups without permission (TSFrWal.exe was blocked from internet access).
    I did at first think that the firewall was attempting to act as proxy,... but I did not see or need this in my first setup in W2K (I did setup the browser to run local proxy,.. but this did not help with connection speeds).

    Due to connection speed problems, I did not try any port scanning on this setup,.....


    I will need to look further into this, to see what the firewall is doing in XP,...........

    mem usage on XP:-
     

    Attached Files:

    • mem.JPG
      mem.JPG
      File size:
      15.1 KB
      Views:
      525
    Last edited: Oct 6, 2006
  14. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    The resource profile of the program doesn't look too bad. However, if there is an issue with Windows XP that would be a more important factor. The communication attempts by the program also would be a no go if you can isolate it to something that it was doing on its own. :cautious:
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi ccsito,

    I found that I had a conflict with XP ->my network(onboard) sniffers/analyzer ->firewall. This in itself causes no concern, as conflicts can arrise from the low level installation of my sniffers.(this was causing the slow connections)

    So, I installed XP without my sniffers and installed a tracker first (I used OA first, as I know this causes little/no conflict_ just to track/check on all files installed/ reg entries made), but OA flagged TSFrWal.exe as a "keystroke recorder",.. further software then informed me that TScutyNT.exe was injecting "regsvr32.exe" on bootup (I still need more info on this), and TSFrWal.exe was injecting "IdleTrac.dll (Idle time tracker)" into all running processes.
    I cannot see the reason for any of this for an application firewall,.. this along with the firewall listening on UDP and TCP ports, does give me concern.

    So at this point, I am (personally) flagging this firewall as "suspicious" untill I can make much more checks on this. (I do need 2 PC`s to check on this correctly,.. so I will not be able to setup untill probably sunday night)
     
  16. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Thanks for the additional information Stem. I don't see any reason why a firewall program would need to track your idle time with any process (not unless it locks up your PC should you go away for a while). I thought I read somewhere on the website that the program will automatically block any further communications after a specified time period to prevent hackers from accessing your PC when you are busy doing something else and still connected. Those DLL and other items may be an attempt to detect if you are still using the PC? I still think it is better for you to shut down any communications manually rather than allow the program to do it for you.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    A number of firewalls include an Internet lock, or even a timed lock, but timed locks are based on user activity, and are checked by keyboard/mouse hooks, with a timer started from the last keystroke/mouse movement made (similar to screensaver startups).
     
  18. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Good point. Let me know what you find out about it. Thanks.
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have had another play,... I am starting to think that there may be some pre-install/setup for the other modules. So some things can possibly be explained. I will be checking.

    I did run some scans for you, and all ports where stealthed, actually the firewall banned my scanner IP for attempting inbound connections against the firewall, it allowed me 6 attempts, then my scanner IP was placed in the "denied hosts"

    I checked the port (557:cool: that the firewall is listening on, and this was stealthed,.. and guess this may be in place for the installation of the proxy (or a check on firewall functions,.. as the connection was internal only)
    The UDP listening port, looks like a protection for messenger, but I need to check further on this.
    The keystoke recorder, although I am still suspicious, could possibly be for the password protection (part of "my privacy"), but again, I would need to install these modules to fully check.

    I do have a lot of logs to look through, from the firewall installation/activity, and I still need to check (externally) any comms. But at least its not looking as bad as I first suspected.

    Edit/update
    After checking,...... The injection of IdleTrac.dll is in fact only making a global hook of keyboard/mouse
     
    Last edited: Oct 9, 2006
  20. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Thanks for the update Stem. It looks at least for now that there doesn't appear to be anything that could be a serious problem with the firewall. Since the firewall is only one component of the security suite, there might be links to the other components.
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Your welcome
    It is now looking to be O.K.
    There are links built into the "Total security" UI (within the Tabs shown in pic/post 5.) to download the other modules.

    I have been in contact with omniquad support, and have downloaded a full trial version (all modules),.. I have just e-mail again some questions,... really just to see the responce time,... and type of answers given.

    I do have the suite setup, running through a gateway to check on all connections. (but I have not used any of the other modules yet.)

    I will update:
     
Thread Status:
Not open for further replies.