Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Rain on September 27, 2006, 03:36:45 AM
-
Is it good enough?
I used to use Zone Alarm Anti Virus, (it sucketh - imho anyway) so I am used to a more, interactive Firewall... I downloaded a XP Log analyzer from 2brightsparks, and as I ran it, I was not sure if I should scream, or laugh, or? Over 30 000 entries and my head asplode... I know it does not block outbound traffic, but when I tested it on a site that checks for a tight inbound computer, it passed just fine... I have also closed the Plug & Play and turned DCOM off, after I checked its patches...
Anyway, I am wondering, is the combination of avast! Anti-Virus Pro, and XP Firewall, (what is it called again, Internet Connection something or other) good enough? Do I need a firewall, other than XP's own?
I like the look of: SoftPerfect Personal Firewall, which is a rule based firewall... It looks simple enough...but I would like opinions from people who have used avast! longer than I have... (which is a grand total of three or four days)
-
I like the look of: SoftPerfect Personal Firewall, which is a rule based firewall... It looks simple enough...but I would like opinions from people who have used avast! longer than I have... (which is a grand total of three or four days)
I haven't used it or tested it...
Anyway, I always suggest Comodo, Kerio, ZoneAlarm, Sygate... in this order, more or less.
Check these sites before:
http://www.thefreecountry.com/security/firewalls.shtml
http://www.firewallleaktester.com/tests_overview.php
-
I like the look of: SoftPerfect Personal Firewall, which is a rule based firewall... It looks simple enough...but I would like opinions from people who have used avast! longer than I have... (which is a grand total of three or four days)
I haven't used it or tested it...
Anyway, I always suggest Comodo, Kerio, ZoneAlarm, Sygate... in this order, more or less.
Check these sites before:
http://www.thefreecountry.com/security/firewalls.shtml
http://www.firewallleaktester.com/tests_overview.php
Hmmm, well Zone Alarm is out for me, I tried them (both free and pro) for a year, and was deeply disapointed, Comodo, and Sygate are too system hoggish... Maybe Kerio...
However, do I need anything, I mean aside from XP's and the 8 Webshields from avast!, (not talking about anti spyware stuff like ad aware or spybot and stuff like that but the actualy connection to the net part) or is avast! enough? (with the XP firewall)
Thanks!
EDIT: Thanks for the link, I am also liking the look of Ghost Wall... ifI have to pick a firewall aside from XP's, that is...
-
Hello,
I tried them all -I mean all the firewalls- and time after time I back to WinXPsp2 built-in.
Sure I miss the outbound protection... but hey! I know which apps are running in my PC because after all I installed them... yeahh, of course it bothers to me a little that MS Word, for example, "phones home" from time to time, because why in the hell a word processor needs to phone home???
Right now I find avast! Pro with sp2 firewall an excellent combo, they both leave little -very little- system footprint so I'm very happy with them. I haven't had any virus/malware episode from a very very very long time...
I also run background Spybot's TeaTimer which gives me an extra layer protecting Internet Explorer and registry -and also has smaller system load than AdAware's solution.
By the way, rather than IE6sp2 I browse internet with OperaUSB 9 and since few days with Torpark too.
Regards,
Martín
-
Comodo... too system hoggish
Are you sure? Did you test last Comodo version?
However, do I need anything, I mean aside from XP's and the 8 Webshields from avast!, (not talking about anti spyware stuff like ad aware or spybot and stuff like that but the actualy connection to the net part) or is avast! enough? (with the XP firewall)
Well... I think a firewall is necessary (NetShield of avast is not enough).
For me, XP firewall is not enough (maybe if you have a well configurated hardware firewall...).
of course it bothers to me a little that MS Word, for example, "phones home" from time to time, because why in the hell a word processor needs to phone home???
MS Word phone home? Why? Are you sure? ::) ???
-
As you say it passes tests as well as any other firewall. Practically zero overhead and has increased security on internet 1000 times, at least with SP2. Say thanks to Windows Firewall.
You dont absolutely need outbound control. If you use a lot of cracks and warez and cant be bothered to check out "stability" first then may be. If you have some control over input you wont be any safer with outbound control. Which can be hacked anyways. Seeing all those popups and stats might make you feel safer though.
One who seemed like he actually knew a bit about firewalls said that unless user is on top of things and understand rules and such, he/she should use outbound control. Potentially risky and safety is practically zero if you just click around and is annoyed. I think that is very true. You must know firewall like you do notepad.
Some will even say having any software based firewall is false protection - lets just say that picture is not black and white and there is no way you are NOT safe with no outbound control. Many a security guide/freak will say that, Windows Firewall is crap, get Zonealarm or whatever. In many cases those people might as well be talking about a football team or a game - have little to do with real issues.
I would chose Kerio btw, but dont use firewall - only router so hardware based. Got to have inbound control for sure but need for outbound can be questioned. I somehow doubt a software firewall will save computer security if you actually have a real need for outbound 8)
Not enough - then forget about the internets and look closer at system security, browser security perhaps also. Windows Defender keep an eye on system changes and alert you. Much more relevant than outbound control. If whatever hurts computer is clever enough firewall wont even notice, security watching programs might. Stuff like Antihook http://www.infoprocess.com.au/antihook.php there are more like this. Not for everyone. If I were paranoid I would definitely use Antihook type of beast, now I settle for Windows Defender. Runs very smoothly and is free, even more useful for active IE user.
-
I also run background Spybot's TeaTimer which gives me an extra layer protecting Internet Explorer and registry -and also has smaller system load than AdAware's solution.
By the way, rather than IE6sp2 I browse internet with OperaUSB 9 and since few days with Torpark too.
Regards,
Martín
Thanks for the breakdown on the XP Firewall thing...
I use Firefox & Opera, have no use for IE, I only use it when MS pushes an update, and I am impatient to get it... so for automatic updates... otherwise I have it disabled...
I have Prevx Pro as well, it protects my shell/kernel/registry/memory, etc. with an iron rule... and I do have some resident little things just hanging out... Spybot's Imunisations, for example, and Spyware Blaster, they barely raise a KB of a footprint...
As for MS Word, calling home, yeah, also PowerPoint, and Excel, and so on, Frontpage, what is with that anyway? I used to have my Zone Alarm configured to stop them, but Zone Alarm was a failure imho, so...
Thanks for the advice and the feedback!
-
Comodo... too system hoggish
Are you sure? Did you test last Comodo version?
However, do I need anything, I mean aside from XP's and the 8 Webshields from avast!, (not talking about anti spyware stuff like ad aware or spybot and stuff like that but the actualy connection to the net part) or is avast! enough? (with the XP firewall)
Well... I think a firewall is necessary (NetShield of avast is not enough).
For me, XP firewall is not enough (maybe if you have a well configurated hardware firewall...).
Yes, I have tried Comodo, no like... but eh...
I am still pondering the firewall issue...so I do appreaciate the advice very much...
-
As you say it passes tests as well as any other firewall. Practically zero overhead and has increased security on internet 1000 times, at least with SP2. Say thanks to Windows Firewall.
Yes, it seems to be ok, still deciding though.. of course...
You dont absolutely need outbound control. If you use a lot of cracks and warez and cant be bothered to check out "stability" first then may be. If you have some control over input you wont be any safer with outbound control. Which can be hacked anyways. Seeing all those popups and stats might make you feel safer though.
I am terribly boring, I am a writer, so mostly my computer acts as a typewriter for me, which I use to check email with and interact on forums like this... probably a hangover from the good old days, I have beenonline since 1992... the bling of the net is fun, but I never really got into it...
One who seemed like he actually knew a bit about firewalls said that unless user is on top of things and understand rules and such, he/she should use outbound control. Potentially risky and safety is practically zero if you just click around and is annoyed. I think that is very true. You must know firewall like you do notepad.
I like highly user interactive software, I want to know what is going on, and so on... can't use Photoshop to save my life, but I will play in the Windows System File, and do no damage...
Some will even say having any software based firewall is false protection - lets just say that picture is not black and white and there is no way you are NOT safe with no outbound control. Many a security guide/freak will say that, Windows Firewall is crap, get Zonealarm or whatever. In many cases those people might as well be talking about a football team or a game - have little to do with real issues.
Zone Alarm failed me twice.. once, when it was unable to eradicate a Java based piece of garbage, that installed itself into my Java Cache, (yay for Crap Cleaner) and another time, when it allowed a Trojan in, and was unable to remove it.. I only use webmail, do not have MSN Messenger, and I dont do peer 2 peer, games or porn, so... I think the Trojan came during an almost two week period, where Zone Alarm did not update, and many users were left to their own devices...
Another curious thing, Zone Alarm, when it scanned my machine, scanned between 75 000 and 100 000 files, avast! Scanned close to 250 000... I am impressed...
I would chose Kerio btw, but dont use firewall - only router so hardware based. Got to have inbound control for sure but need for outbound can be questioned. I somehow doubt a software firewall will save computer security if you actually have a real need for outbound 8)
Yeah, I prefer to have my fun by trying to keep them out, it is my petite obsession.. and I enjoy it...
Not enough - then forget about the internets and look closer at system security, browser security perhaps also. Windows Defender keep an eye on system changes and alert you. Much more relevant than outbound control. If whatever hurts computer is clever enough firewall wont even notice, security watching programs might. Stuff like Antihook http://www.infoprocess.com.au/antihook.php there are more like this. Not for everyone. If I were paranoid I would definitely use Antihook type of beast, now I settle for Windows Defender. Runs very smoothly and is free, even more useful for active IE user.
I only use Firefox and Opera, though i do have Torpark on a flash stick... as for things to monitor my system, I have something very powerful and grumpy as hell, called Prevx Pro... it maintains an iron rule on my system core/shell/memory/and other critical areas, and any changes that it monitors, have to ask it, and subsequently me, for permission...
SpywareBlaster, offers some resident protection for Firefox, which is why I have it, and Spybot offers some for Opera, which is mainly why I have it...
Of course, I do use Ad Aware, and Crap Cleaner, and read my Hijack This logs like they are fascinating works of fiction... ;)
Thanks for your advice!
-
I dont think there is any chance of you getting infected, outbound control or not 8) Really, security is about your use of computer than how many tools you run. And of course keeping OS updated. Many of those scary stories you hear about are based on user errors, not updated OS or no control at all over P2P inputs, Received files. Even if you install/test shareware it is not that easy to be infected with very harmful malware. Risk is minimal if sources are known.
If you like to play with this why dont you rush out and download at least all freeware firewalls. Ive done that before and couldnt care less for outbound, heh. Some looks cool but are buggy as h..., others are boring and strangely put together but seems 100% stable. Some get support/updates others die slowly. A business with few winners. Eventually only 1 called Microsoft! Note that BSOD can happen, firewall digs deep into OS so if incompatible with whatever computer might just give up. Test carefully.
Well IE user or not you have it on hd. In your Winamp, in your RSS reader and so on it pops up. Malware can still misuse engine so Firefox/Opera browsing is no gurantee of anyting but of course less risk during browsing. I have IE7 RC1, totally different beast. Also a good browser for the less demanding. Good entry level. No need to change if you are not into powerbrowsing so if not spoilt by some extension goodies you could split up with Firefox... Less to worry about.
Windows Defender is probably not meant to be used as tool number 4 or 5 or just coexist with other deep diggers. Conflicting security applications is not good. A very good tool anyone can figure out, like with Windows Firewall general security level will go up, ie. updates comes directly with Windows Update. MS has blown for so long about this I can hardly take them seriously, speed in recognizing and dealing with problems is essential and MS has been zzzzzzz, but Defender is a good free product. Only a beta2 but seems very stable for most. If you have some not so techie friends give them Defender, almost foolproof.
You probably know this place http://www.wilderssecurity.com/ Search for your testing object, might save you some time.
-
I appreciate that if you don't need to set up advanced rules, the Windows firewall is fine, but I still prefer a firewall with outbound control.
Although I've never had a Trojan infection, can I guarantee that I never will in the future? Not 100%, no. Even a knowledgeable user can make a mistake, like this chap:
http://www.pcadvisor.co.uk/blogs/index.cfm?entryid=389&blogid=4
I understand the reasoning that once a Trojan has system access, it can do anything it wants, including terminating any other application, in practice this can be difficult if an application is designed to prevent itself being terminated. We have seen on the forum how difficult it can be to remove malware that doesn't want to go and tries to protect itself. Third party firewalls at least make an effort to protect themselves from deletion, whereas the Windows firewall seems to be easy to bring down.
Here's empirical proof from an anti-virus test: a Trojan on a system with Windows firewall brought it down easily, but a Trojan on a system with a third party firewall resisted being brought down and prevented the Trojan downloading more malware.
It ignored several Trojans, one of which successfully disabled the Windows firewall, allowing potential attackers remote control of the system.
http://www.computershopper.co.uk/labs/220/anti-virus-exposed/products.html
The anti-virus scanner missed four of our Trojans. But when one tried to contact the internet the firewall stopped it.
http://www.computershopper.co.uk/labs/220/anti-virus-exposed/products.html
Will I ever be dumb enough to run a Trojan? I hope not! But I'd want my firewall to put up some kind of resistance if I ever did.
I used to use Kerio (until it mysteriously stopped running on my system). I used to like the fact that it had IDS, even with the free version. I'm not sure how effective it was, as it never seemed to be updated. (With Symantec, the IDS database was updated every week or so- an excellent firewall appart from the huge subscription fee, the huge update fee, and the fact that support is immediately dropped if you don't upgrade.)
Kerio IDS allowed users to protect themselves from the recent VML attack, although only by borrowing a BleedingEdge Snort signature:
http://sunbeltblog.blogspot.com/2006/09/snort-signature-for-vml-exploit-works.html
At the moment I use ZA, which I don't think has IDS, but it does protect itself from attack and it keeps an eye on outbound traffic. It has little impact on my less-than-up-to-the-minute system and it's free.
And you can't argue with that!
EDIT: seems Sunbelt have updated the program to include IDS updates:
Enhanced the update check capabilities to update language files and IDS rules.
http://sunbeltblog.blogspot.com/2006/07/new-versions-of-kerio-sunbelt.html
-
Anyone can get unlucky but this guy.
1. Disabled his Antivirus
2. Went to a site he knew was "bad"
3. Downloaded a brand new, and so impossible to verify, crack
4. Did not test crack but just ran it.
Conclusion is unless you are in control of incomings do run some active shield and if cracks etc. then check with more than 1 AV.
That outbound notifies him about traffic is of course nice but far away from real problem and not a solution. Not like he didnt know at that point. He ended up reinstalling OS. Windows Firewall is also not of much use in this situation, too much to ask. Windows Defender might have helped a lot. More than AV even, hard to say if it would have picked up trojan.
So he is IT professional and Administrator of something, just shows why it is so great Microsoft have picked up interest for security and has made them part of OS, more or less. The geeks will have special tools and advanced setups, the not so geeky often nothing - MS to the rescue with Windows update etc. Go away Symantec and friends... Tons of people turn it off and use SP1 or no SP at all. That is still big problem.
Good of him to write the story. Many more like him but most dont like to speak of own "mistakes" 8) Overconfidence is better word - or too long since in touch with real disaster.
Be careful about stats, of course trojans targets Windows Firewall as first thing. Besides that there are more than a few circulating, some might go after 3rd party firewalls as well. Empirical proof is a big claim with AV, firewalls and such things. There will be a million exceptions and ifs. At the end of the day most is really up to content between right and left ear or good practices. Defining use is good start - this ADM use cracks and go to bad sites - act accordingly and there will be no trouble.
-
About the number of files scanned you should be aware that many files are in fact archvies or compressed so AV must have the ability to look inside. Avast can check 7zip files for example. If Mozilla decided to plant a virus into your next Firefox download Avast might see it, other AV will not - since they use 7zip compressing for their exe-files. Avast is probably lacking in other areas but pretty good with archives. So if you disable real time scanning you better be sure scanner can actually look inside or there could be a surprise when you run ie. a selfextracting exe-file. This is why number of a complete scan will differ, unlikely to exactly match that of other AV.
Some files are encrypted or whatever, no way to check them - more reason to be very careful about what to install and/or run active shield. I dont run active AV-shield, potentially a gigantic mistake - I must always remember and set up ways of dealing with incoming. Can never beat shield though, must not be overconfident/stupid, but not all go to crack sites. My less than clever sister have Avast running with all lights on. Reason is I dont trust her 8)
-
dk70
I dont think there is any chance of you getting infected, outbound control or not 8) Really, security is about your use of computer than how many tools you run. And of course keeping OS updated. Many of those scary stories you hear about are based on user errors, not updated OS or no control at all over P2P inputs, Received files. Even if you install/test shareware it is not that easy to be infected with very harmful malware. Risk is minimal if sources are known.
Yes, and I like computer security, so for me it is interesting to figure it out, and learn how, and protect and so on... Also, I am as I said, boring, it would not occur to me to use P2P, I could care less... So in many ways, I am probably not a high risk user, but my computer is configured like I am expecting an attack... 20 years of martial arts, maybe?
If you like to play with this why dont you rush out and download at least all freeware firewalls. Ive done that before and couldnt care less for outbound, heh. Some looks cool but are buggy as h..., others are boring and strangely put together but seems 100% stable. Some get support/updates others die slowly. A business with few winners. Eventually only 1 called Microsoft! Note that BSOD can happen, firewall digs deep into OS so if incompatible with whatever computer might just give up. Test carefully.
I have tried Zone Alarm, AVG w/Firewall, MacAfee, Symantec, Comodo, Jetico, and GhostWall... Some of these on my own machine, others on machines that I administer... GhostWall was intriguing, but it made no sense, and I am not in the mood to figure it out right now so maybe another day...
Well IE user or not you have it on hd. In your Winamp, in your RSS reader and so on it pops up. Malware can still misuse engine so Firefox/Opera browsing is no gurantee of anyting but of course less risk during browsing. I have IE7 RC1, totally different beast. Also a good browser for the less demanding. Good entry level. No need to change if you are not into powerbrowsing so if not spoilt by some extension goodies you could split up with Firefox... Less to worry about.
Again, I am boring as hell, RSS and Winamp are things I obviously have, but I do not use them... and I always pay attention to what is going on on my computer... I have setup things, that are seperate from the Task Manager, and therefore not potentially corrupted if my OS gets corrupted, with which I can monitor just about everything.. so that is good...
Windows Defender is probably not meant to be used as tool number 4 or 5 or just coexist with other deep diggers. Conflicting security applications is not good. A very good tool anyone can figure out, like with Windows Firewall general security level will go up, ie. updates comes directly with Windows Update. MS has blown for so long about this I can hardly take them seriously, speed in recognizing and dealing with problems is essential and MS has been zzzzzzz, but Defender is a good free product. Only a beta2 but seems very stable for most. If you have some not so techie friends give them Defender, almost foolproof.
I am not impressed by Windows Antispyware/Defender... not at all...
I use Prevx as my primary AntiSpyware, it has already justified its existance, particularly during the Windows image bug earlier in the year, a contaminated image slipped pas Zone Alarm (spit on Zone Alarm) and Prevx bore down on it like a grand piano dropped from a skyscraper... among other things, of course...
From the publisher:
Prevx Pro is new generation, must have intrusion prevention security technology - with no need for signatures.
Only Prevx Pro prevents the execution of zero-day email virus attachments MyDoom, Bagle, SoBig, Netsky and Beagle were all blocked by Prevx technology before they were even recognized by other security vendors.
And Prevx Pro is also proven to stop Internet worms, Trojans and hack attacks. It provides a comprehensive and critical last line of defense; immediately protecting your computer against all of these sophisticated, new attacks attacks that other security measures fail to stop.
It s a fact that firewalls can t block virus infiltration. And anti-virus software is always one step behind the latest threats, leaving PCs open to new, previously unseen attacks. So, with traditional spyware tools failing to prevent the installation of spyware onto PCs, it s no wonder PC users have to regularly scan, detect and clean their computers.
Prevx Pro is easy to use and you ll be protected against malicious intrusions capable of crashing your system, stealing confidential information, tracking your browsing behavior or hijacking your PC and slowing down your Internet connection.
Prevx Pro works by protecting the areas of your computer most likely to be targeted during an attack including your PC s memory, file system, operating system, registry and programs. Prevx Pro stops spyware attacks that change the IE default Home Page and install malicious browser helper objects or toolbars. It also stops the installation and execution of in-memory/buffer overflow attacks; tactics commonly used by Internet worms and for hack attacks.
Potentially harmful behavior is blocked and you are notified via a pop-up alert asking if you want to allow or deny the activity. If you are uncertain what to do, you can Get Advice by accessing our comprehensive online database of threats. Here you will be able to see the percentage of fellow users who ve previously allowed or denied the specific security event you are experiencing. Prevx Pro users can also create, edit and maintain their own black and white application lists; minimizing the number of false-positive alerts. If you should need further help, Prevx Pro users receive free, priority email customer support 24/7 and 365 days a year.
You probably know this place http://www.wilderssecurity.com/ Search for your testing object, might save you some time.
Yes, still need to think about that... I liked it, the Ghost Wall, but I must learn to use it, before I instal it, not after...
-
FreewheelinFrank
I appreciate that if you don't need to set up advanced rules, the Windows firewall is fine, but I still prefer a firewall with outbound control.
I don't mind rules, but I want functionality... so until I find something that fulfils my needs, Windos Firewall coupled with avast!'s shields, it is... (and various anti-spyware stuff)
Although I've never had a Trojan infection, can I guarantee that I never will in the future? Not 100%, no. Even a knowledgeable user can make a mistake, like this chap:
I've dealt with a few, not on my machine, but on the machines of computers I administer... the main reason for infection is the user.. mostly...
I understand the reasoning that once a Trojan has system access, it can do anything it wants, including terminating any other application, in practice this can be difficult if an application is designed to prevent itself being terminated. We have seen on the forum how difficult it can be to remove malware that doesn't want to go and tries to protect itself. Third party firewalls at least make an effort to protect themselves from deletion, whereas the Windows firewall seems to be easy to bring down.
I think it also depends on what sort of other security measures one has, if one simply has nothing, (especially a problem among home users) or one never runs, updates, scans with, or pays any attention to what one has, including windows updates, then it is relativelly easy to infect...
I remember once, I had this nice older lady asking for my help, and after a long time of persuading, I managed to convince her to instal: AVG Free, Zone Alarm Free, Spybot, Ad-Aware & Crap Cleaner... (she had nothing, and her automatic updates were not switched on) Upon scanning with AVG, over twenty Trojans, were discovered, never mind that Ad Aware picked up and so on, and Spybot was very useful for removal, it took me a day to clean out her machine, and then, despite that, it took me a long time to convince her that even using them once a week, and making sure they were updates, was worth her time...
Here's empirical proof from an anti-virus test: a Trojan on a system with Windows firewall brought it down easily, but a Trojan on a system with a third party firewall resisted being brought down and prevented the Trojan downloading more malware.
I can agree, that it might be easier for a Trojan to disable a third party firewall, but nowadays, third party firewalls are also under attack, they are protected with passwords and so on, as a concequence.. and common ones are probably specifically targetted. As quickly as users wisen up, hackers do as well...
It ignored several Trojans, one of which successfully disabled the Windows firewall, allowing potential attackers remote control of the system.
Yes, but sounds to me that the guy was only relying on his firewall, and had nothign else going on... anything can be penerated, but it is what happens after that, that matters more, almost... which is one of the reasons I am in love with avast! as it scans my processes, as well...
At the moment I use ZA, which I don't think has IDS, but it does protect itself from attack and it keeps an eye on outbound traffic. It has little impact on my less-than-up-to-the-minute system and it's free.
Zone Alarm, is something I used for a year, though others have had experience with it that is positive, mine was not... I agree, it is good software, but I found it to be flexible, non-intuitive, and it presumed too much, while failign to protect me... (I had a Pro version)
-
dk70
About the number of files scanned you should be aware that many files are in fact archvies or compressed so AV must have the ability to look inside. Avast can check 7zip files for example. If Mozilla decided to plant a virus into your next Firefox download Avast might see it, other AV will not - since they use 7zip compressing for their exe-files. Avast is probably lacking in other areas but pretty good with archives.
Yes, very interesting, that...
So if you disable real time scanning you better be sure scanner can actually look inside or there could be a surprise when you run ie. a selfextracting exe-file. This is why number of a complete scan will differ, unlikely to exactly match that of other AV.
I disabled the P2P Scanner, I have no use for it... and with the IM scanner, I lowered the protection level, I only use Google Talk, and only sometimes, and never for anythign except for talking...
-
Hey, if it [XP firewall] passes the Shields Up firewall test then why not? Please do not bloat that last sentence with crap about it not checking outgoing traffic. Most hardware firewalls do the same thing. I tried Comodo not too long ago. It works very well on my XP machine. Nevertheless, I went back to Sygate Pro because I like its logging capabilities. Firewalls do not age like AV programs can. Some people are still using very old Kerio and Outpost firewalls and so forth. The main thing is that a firewall creates stealth and blocks unwanted packets. That is about it. The rest is up to the user like a notice that a program is trying to access the Internet "Allow Yes or No". And for every action there is an opposite and equal action. If you have a maliscious program sitting on your computer that can access the Internet then your AV resident shield should pick up on that at least. Not the firewall. BTW, I have never heard of a single person saying "Yes" to a firewall outgoing premission message and getting burned. I also do not know any idiots. Outgoing firewall messages all have idiot buttons.
-
Culpeper
Hey, if it [XP firewall] passes the Shields Up firewall test then why not? Please do not bloat that last sentence with crap about it not checking outgoing traffic. Most hardware firewalls do the same thing. I tried Comodo not too long ago. It works very well on my XP machine. Nevertheless, I went back to Sygate Pro because I like its logging capabilities. Firewalls do not age like AV programs can. Some people are still using very old Kerio and Outpost firewalls and so forth. The main thing is that a firewall creates stealth and blocks unwanted packets. That is about it. The rest is up to the user like a notice that a program is trying to access the Internet "Allow Yes or No". And for every action there is an opposite and equal action. If you have a maliscious program sitting on your computer that can access the Internet then your AV resident shield should pick up on that at least. Not the firewall. BTW, I have never heard of a single person saying "Yes" to a firewall outgoing premission message and getting burned. I also do not know any idiots. Outgoing firewall messages all have idiot buttons.
Mainly I think I want some outgoing control, because things like MS Office like to phone home...or at least when I was using Zone Alarm, they were constantly demanding access to the net...
I had a Pro Zone Alarm, on my machine, and it did not stop a Trojan, despite its supposed Iron Cladness... so...
---
On another note, I just discovered this today:
http://www.hurricane-soft.com/
They have just started to release their firewall as freeware for home users... it is a Slovakian company... I am intrigued... So I will do some investigating, and some testing... and see...
-
I read somewhere that MS thought of putting outbound control into their firewall but usergroup tests showed most get annoyed and shift into autogear, just accepting what is asked. Those people will most likely not spend much time setting it up for optimal security. Must be pretty painless or people find a way to avoid. May be another internet story but make sense.
Just another layer and can be disabled in most firewall so nothing to argue about - but I do think it is false protection to put it high on must-have list. Much is way more important, setting up some healthy practices for control of incoming increase security a lot.
Avast is good but more is better. http://www.virustotal.com/en/indexf.html Test suspects with that or http://virusscan.jotti.org/
True about legitimate software phoning home for updates etc. Rain. As said that is good reason to use outbound, more to see what is going on than to prevent - be sure you dont mess up software. When established what is going on you can always turn it off. Also about cracking, firewall often helps to avoid software from checking serialnumbers and such ;D More than a few use outbound for this.
-
Oh, I absolutely agree with both of your responses. I love the logging capability of Sygate just to see what is going and coming. It let me know I had a bunch of forgotten RSS feeds in my Firefox bookmarks, which was causing a slow Firefox start up. Without the firewall logs I would have completely forgot about those feeds and never figured it out. For the most part though, the average person, not security computer freaks like ourselves, the basic firewall protection I mentioned above should be sufficient for security. In fact, a cheap router with a hardwire fire is more than sufficient. In my opinion. For the most part when I set up a computer for a friend or relative that just got their stuff from Dell et al, I just add on Avast or AVG and turn on the OS firewall, tell them not to mess with the settings, and then go home.
-
dk70
Cracking?
Sounds a little kinky...sort of...
-
Culpeper
Oh, I absolutely agree with both of your responses. I love the logging capability of Sygate just to see what is going and coming. It let me know I had a bunch of forgotten RSS feeds in my Firefox bookmarks, which was causing a slow Firefox start up. Without the firewall logs I would have completely forgot about those feeds and never figured it out.
Yes...though I am enough of a geek that with the XP Log Analyzer I got fro 2brightsparks, and some time, I can see what is where and why and how and so on... but eh.. I am also a lazy bum at times, so I like having something else do the legwork for me...but not always...
For the most part though, the average person, not security computer freaks like ourselves, the basic firewall protection I mentioned above should be sufficient for security.
The hands off nature, and automatic features, mean that unlike before, at least there is some protection... computers are sold with AV installed nowadays, mine for example, came with Norton (ahahaha, what a joke, you can bet I removed that in a hurry, and talk about a pain to uninstal...) so with luck, many simple, and even more complicated things, are avoided, if the user pays attention, and does not insist on clicking on every last thing... (attachments, urls, pop ups)
In fact, a cheap router with a hardwire fire is more than sufficient. In my opinion. For the most part when I set up a computer for a friend or relative that just got their stuff from Dell et al, I just add on Avast or AVG and turn on the OS firewall, tell them not to mess with the settings, and then go home.
When I do support, remtelly, I tend to recoment the: The AVG/ZoneAlarm/Ad-Aware/Spybot/Crap Cleaner/Alternate Browser&Email Program, combo, though if it is an XP computer, then I will leave the resident firewall.. it can be very hard to get beyond most peopels fear of computers, and as someone who used computers in the 1980's, I can't say I blame them... of course, once one goes away, it is up to the end user, and I find it is the Windows Updates, that are hardest to get peopel to take seriously... and of course, results vary... I remember once, I had someone who had a sober worm, and despite my entreaty to install and run Spybot, she refused... as I was far away and how could I diagnose it,and when I got her to fun MacAfee (ah, another joke) it showed up, but MAcAfee was unable to remove it, but stil she did not instal Spybot... so she called her local tech person, who brough a flash stick, and installed Spybot and Ad-Aware, and used them to clean the system...
In retrospect perhaps it was better the tech did it, but still it was an example of the intimidated attituude of most users...
When I actually have access to a system, I add all sorts of things, but I hide them away, so the user does not know about it, that way when I come to check the compters out, I dont have to use a flash stick or anything, I just open a folder and go... Rootkit Revealer, Hijack This, Pocket Kill Box, A Really Small App... mainly, and I close some ports, and so on... it is not ideal, but most people cannot or will not, pay attention to software pop ups or anything that forces them to make a decision....
-
You dont want to know about cracking Rain, keep yourself pure as snow. A cd-crack for a game it ok of course but the rest is not for public consumption 8)
I would be lying if I said I knew about all outgoing traffic on this computer but I dont believe not knowing necessarily is sign of weak security/open doors. Would also be lying if I said I dont care so if I read more of logs I will have to install outgoing control, I like stats... Had almost forgot, heh.
May be start with CurrPorts Rain http://www.nirsoft.net/utils/index.html#network_utils If you jump up and down in chair start hunting for easy to use yet powerful firewall. You want to... Check that forum I linked to earlier - lots of different experiences with each one. Im out of firewall testing but experience tells me you should take it easy during testing. If not that interesting go with the one which seems to be most popular, most compatible. Even more important to research a bit if you want to pay for firewall.
-
dk70
You dont want to know about cracking Rain, keep yourself pure as snow. A cd-crack for a game it ok of course but the rest is not for public consumption 8)
Ah, that would explain why I did not know, (the CD thing, not the not for public consumption thing) I don't play games... and shoudl I ever start, I have a brother who is a very bad boy, who no doubt would have what I needed to get a cd to work...
I would be lying if I said I knew about all outgoing traffic on this computer but I dont believe not knowing necessarily is sign of weak security/open doors. Would also be lying if I said I dont care so if I read more of logs I will have to install outgoing control, I like stats... Had almost forgot, heh.
Yeah, they are oddly fascinating...
Im out of firewall testing but experience tells me you should take it easy during testing. If not that interesting go with the one which seems to be most popular, most compatible. Even more important to research a bit if you want to pay for firewall.
I have paid for firewalls, I can say that paying for anti spyware, or anti virus, is worth it, but firewalls, notso much, and I have tested in various ways a few, be it on my machine, or other machines... but I prefer to research, and then try only sometimes... I am not into messing up my registry and so on, I mean I know how to clean it up, but boring... never mind little widgets of software floating about for all eternity...
I will test this Slovakian firewall, after I read about it a little more... I like the looks of what I have read, it is dead simple, partly point and click, partly rule based, I only need a firewall, I have the other security software...
-
Oh, yeah, Cracking software. The so-called security sites have all the cracks you need for just about any software you want. Just download the application software, find the crack and run it and you have a registered version of the application installed. The astalavista security site is notorious for this. Please don't try this at home. If you do you are not taking advice from me. In fact, I believe Avast! includes certain cracks in their signature files. Cracks is sharewares' and trial versions' worst enemy. They can cost a developer a lot in lost revenues.
-
I get by with the XP firewall just fine as my ISP (Metronet) has firewall options in place too (more ISPs should do this). I don't like Windows Defender, by the way, I prefer WinPatrol Plus to monitor my systems and programs.
-
greenhatch
I get by with the XP firewall just fine as my ISP (Metronet) has firewall options in place too (more ISPs should do this). I don't like Windows Defender, by the way, I prefer WinPatrol Plus to monitor my systems and programs.
Firewall options?
And yeah, I agree, Windows Defender is not...for me...
-
Culpeper
Oh, yeah, Cracking software. The so-called security sites have all the cracks you need for just about any software you want. Just download the application software, find the crack and run it and you have a registered version of the application installed.
Yeah, I have heard of that, (just not as cracking) most things that interest me anyway, are freeware, and because I am a writer, I tend to want to give credit, where credit is due... I also don't play games.. so I have no regular need to buy software or anything...
The astalavista security site is notorious for this. Please don't try this at home. If you do you are not taking advice from me. In fact, I believe Avast! includes certain cracks in their signature files. Cracks is sharewares' and trial versions' worst enemy. They can cost a developer a lot in lost revenues.
I am willing to cut corners upon occasion, but especially with security, I am not...
Still researching this: http://www.hurricane-soft.com/
-
Okay, not sure if this is the right place, but I now have an oppinion to offer about: Hurricanesoft Personal Firewall Free Edition EN 2.4
http://www.download.com/Hurricanesoft-Personal-Firewall-Free-Edition-EN/3000-10435_4-10571878.html?tag=lst-0-6
http://www.hurricane-soft.com/
---
Windows 'Security Center' does not recognise it as a firewall, but that little anoying 'thing' is easy to overcome if you just tweak the settings...
It runs flawlessly alongside the XP Firewall, I always test that... (because I am weird that way)
It is SIMPLE.. I mean, DEAD SIMPLE... which is both a beautiful thing, and for a wrench head like me, a little irritating, but certainly does not detract from its beauty...
It passed the 'Leak Test' from Gibson Research, and the simple of the two Firewall tests at Audic My PC.. I did not check the more complex one, as I do not care to have my Anti Spyware software go absolutelly bananas at this time...
It took only a minute to install, added a registry key to the startup and did not require a restart, and so far I have not noticed it interfearing with avast! though each segment of avast! has to ask permission to access the internet...
It does not seem possible to add programs to it, except by running them, and then asking them to update myself, this causing the program I want added, to attempt to access the internet, and therefore ask the firewall for permission, or if the various subsystem programs and so on, are trying to access the net on the sly...such as a driver update program or whatever... the automatic stuff... it pops up with a very simple program pop up, and it is possible to examine the path of the program and even run along and research it, before saying yes or not... it also monitors connections, and tells you what connections as well...
4 out of 5 stars
the only thing that it does that bothers me, is it does not seem to switch itself off, or power down, when I restart, or turn off my computer, it just seems to hang... but it is not unreasonable to think that one could remember to exit it, before this, and certainly it does not make the computer hang, you can just switch it off if you forget it on, even after you have started the shotdown sequence...
It has almost no system footprint...
-
Does it have any logging?
-
Culpeper
Does it have any logging?
It has some basic information, here are three screenshots of its key areas, (with my stuff blanked out)
No application pop-up, as I have nothing to add to it right now, but they are very simple, and easy to understand, though not really layperson.. they show the program path, and ask simple questions like: allow always, block, allow once, block once... no recomendations, but if you ask it to block always or allow always, it will ask you if you are sure about it...
---
Connection Monitoring & Control:
(http://i96.photobucket.com/albums/l177/soldierofsorrow_rain/fa9292d7.jpg)
Application Control & Rules
(http://i96.photobucket.com/albums/l177/soldierofsorrow_rain/9b0ba33e.jpg)
Settings (pretty damn simple)
(http://i96.photobucket.com/albums/l177/soldierofsorrow_rain/fa9292d7-1.jpg)
This is basically just a firewall, and nothing else...
-
Rather ugly, if you ask me. :-X
The GUI looks like a Symantec rip-off.
More worryingly, the company website does not give an address, or even a country for HurricaneSoft. They also seem to have a website in an eastern European language (Polish maybe?) Nothing wrong with software from eastern Europe of course, I just wonder why they haven't given an address?
There are also no reviews yet.
I don't think I'll be trying it out just yet. ;)
-
Hi FwF,
The firm is either in Praque or Bratislawa for these two languages are also supported next to English.
Alas there is no documentation for the software there or I missed it,
polonus
-
FreewheelinFrank
Rather ugly, if you ask me. :-X
Newp, ain't pretty...
The GUI looks like a Symantec rip-off.
Heh, that too...
More worryingly, the company website does not give an address, or even a country for HurricaneSoft. They also seem to have a website in an eastern European language (Polish maybe?) Nothing wrong with software from eastern Europe of course, I just wonder why they haven't given an address?
They are Slovakian...
http://www.hurricane-soft.com/Contact/
http://www.hurricane-soft.com/Company-Profile/
http://www.hurricane-soft.com/Awards/
There are also no reviews yet.
True, with other things cornering the market, and a tendency to shy away from European things, unless they are Finnish, or British, or German, it is hard for products to become well known... but for me, it is pretty much, viva la difference...
I don't think I'll be trying it out just yet. ;)
Well, I am still testing it, so watch dis space, ju know?
-
polonus
The firm is either in Praque or Bratislawa for these two languages are also supported next to English.
Alas there is no documentation for the software there or I missed it,
Yeah it is a little slim on information, but there are plenty of places mentioning it, so I am readingup what I can find... I have the anti spyware av I need... so I am basically looking fo something light and simple... even if it is ugly... ;)
I will keep this thread informed, about security things, that happen, if my system is attached and so on, how it behaves... so this is just a begining...
-
Hurricane seems to do very little is all I will say. Site and their public face is more or less a big question mark. Try compare with Comodo. Last years Comodo was called Netveda I think http://www.netveda.com/consumer/safetynet.htm - they have gone zzzzz. Not a good sign Hurricane look like they are in that mode already. Buggy software can be fixed and since almost any firewall seems to be in that category support and feedback is important.
Anyway, here are 18 pages of forum chitchat about outbound control/software firewall being important or not IF behind router taking care of inbound http://www.dslreports.com/forum/remark,14627281~days=9999 Im with the guy on page 18 who also think main reason is to keep pirated software private.
Rain, may be you are not attacked so much you can judge Hurricane - not before it is too late. Does it pass some leaktests? http://www.pcflank.com/ there are others. I have tried most of the free firewall, mostly for the extra features (some can even go as adblocker), but eventually Ive uninstalled due to pain the butt factor. Would not mind something simple. Comodo is pretty good though - mainly thanks to supportforum, updates and what seem to be genuine desire to make good product! Yeah, right... They have other goals, products in mind of course. Could be dying already, how it goes with freeware sometimes.
-
dk70
Hurricane seems to do very little is all I will say. Site and their public face is more or less a big question mark. Try compare with Comodo. Not a good sign Hurricane look like they are in that mode already. Buggy software can be fixed and since almost any firewall seems to be in that category support and feedback is important.
Yeah, I am going to test some of their other firewalls, they have more than one version...and moe than one free version, there is also a 'Pro' edition, that seems to have more features...
-
I'm looking for something with the same type of logging that Sygate has/had:
Security Log
Traffic Log
Packet Log
System Log
The Traffic Log is my favorite.
-
Hurricane seems to do very little is all I will say. Site and their public face is more or less a big question mark. Try compare with Comodo. Last years Comodo was called Netveda I think http://www.netveda.com/consumer/safetynet.htm - they have gone zzzzz. Not a good sign Hurricane look like they are in that mode already. Buggy software can be fixed and since almost any firewall seems to be in that category support and feedback is important.
Anyway, here are 18 pages of forum chitchat about outbound control/software firewall being important or not IF behind router taking care of inbound http://www.dslreports.com/forum/remark,14627281~days=9999 Im with the guy on page 18 who also think main reason is to keep pirated software private.
Rain, may be you are not attacked so much you can judge Hurricane - not before it is too late. Does it pass some leaktests? http://www.pcflank.com/ there are others. I have tried most of the free firewall, mostly for the extra features (some can even go as adblocker), but eventually Ive uninstalled due to pain the butt factor. Would not mind something simple. Comodo is pretty good though - mainly thanks to supportforum, updates and what seem to be genuine desire to make good product! Yeah, right... They have other goals, products in mind of course. Could be dying already, how it goes with freeware sometimes.
I don't see a problem with operating behind just a router firewall. However, it is "well advised" that you augment it with a software firewall. But I don't consider it a prerequisite. Nevertheless, in some cases the hardware firewall is so good that installing a software firewall alongside it may cause conflicts. Once again, if what ever you are using is passing the various online firewall tests than what is the big deal? Some people only have locks on their doors and some people take the next step and get an alarm system. Personally, I have a junk yard dog for when I'm not home and a junk yard dog as well as a couple of Ithaca shotguns for when I am home.
Now, because Windows is such a bad neighborhood to begin with I take the extra step and install a software firewall with good logging capabilities along with the router firewall. But on the remote wireless Linux box I don't have a software firewall. I only rely on the router's. Why? Because Linux is already a gated community with its own security guards built in. In fact, on that machine I only have a command line virus scanner that is updated daily merely to scan incoming email. On Linux about the only thing you have to worry about is an inside job. And not even my wife knows my root password. ;D
-
Culpeper
I'm looking for something with the same type of logging that Sygate has/had:
Security Log
Traffic Log
Packet Log
System Log
The Traffic Log is my favorite.
They gace a Pro 'Free Firewall'...
http://www.hurricane-soft.com/Security-Software/Hurricanesoft-Personal-Firewall-Pro-Free-Edition-EN-1.1.0/
You can see the screenshot there if you click on it, (the enlargment)
-
Culpeper
I don't see a problem with operating behind just a router firewall. However, it is "well advised" that you augment it with a software firewall. But I don't consider it a prerequisite. Nevertheless, in some cases the hardware firewall is so good that installing a software firewall alongside it may cause conflicts. Once again, if what ever you are using is passing the various online firewall tests than what is the big deal? Some people only have locks on their doors and some people take the next step and get an alarm system. Personally, I have a junk yard dog for when I'm not home and a junk yard dog as well as a couple of Ithaca shotguns for when I am home.
I consider avast! Pro and Prevx Pro to be my Junk Yard Dogs, though I might be switching from Prevx one of these days, it depends on what happens when it comes time to renew...
So far, aside from the issue of needing to manually switch off the hurricanesoft firewall, I have had no issues with it at all... but I am still playing with it, and probably will end up testing the pro-free version as well...
-
@Rain, can you show some screenshots of leaktests with this firewall?
-
timcan
@Rain, can you show some screenshots of leaktests with this firewall?
Well, I already conducted the leaktest, so my firewall is configured to stop the program from accessing the internet... I do not care to 'undo' the settings, to repeat the test, but I ran the test again, and took a screenshot of the results...
During the innitial test, my firewall came up with a pop-up, (as security software does) and asked me if I wanted to block or allow the program, of course I said no, as instructed, and there were no more pop-ups, so whatever happened next, my firewall was not fooled into thinking a different and/or legitimate program was asking, rather it identified all of the attempts as coming from the same place...
I think only the interface on this firewall is simple, not the actual program itself... (And the Free 'Pro' version is much less simple...)
The 'Leak Test'I used, was this one: http://www.grc.com/lt/leaktest.htm
(http://i86.photobucket.com/albums/k101/rain_soldierofsorrow/54dcf751.jpg)
The other thing I tested was auditmypc's simple firewall test, as the more complex one makes my anti-spyware stuff to go apepoopie...
http://www.auditmypc.com/freescan/scanoptions.asp
I know it is not ideal, but as I said, I do not care to deal with my anti spyware having a hissy fit and locking down my computer...
-
I thought Avast included a firewall in its antivirus. ???
-
Doffy90
I thought Avast included a firewall in its antivirus. ???
Not in the stadard sense of the word, what avast! has is what are called, 'Shields' which scan network/internet/computer activity, and take action if something ontoward happens, or is noticed, or occurs... for some, this is enough protection, and much more than they might already have, especially if coupled with say, the OS Firewall, but for others, well more control is wanted and needed... so sought... control being more inbound and outbound control, and also things like anti spyware software, like AntiHook, or Prevx1, or Process Guard, or whatever things like that...
It all really depends on what you need, what you want, and what your computer can run...