Author Topic: What FW to use now?  (Read 22447 times)

0 Members and 1 Guest are viewing this topic.

Jarmo P

  • Guest
Re: What FW to use now?
« Reply #15 on: December 02, 2005, 08:06:41 AM »
Quote
I can confirm that Comodo would only work with the admin account .
On the system i had it installed on there were 5 users and it would work for the 2 admin accounts but the 3 limited accounts called for the key to be installed on an individual basis for them as well.

What a toy that firewall, way too much talk about it in this forum.  ::)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33935
  • malware fighter
Re: What FW to use now?
« Reply #16 on: December 02, 2005, 08:41:01 AM »
Hi Jarmo P,

Do you or the forum users agree to the thesis that the best solution is a hardware software solution (router/linksys) together with a good software firewall or use an old empty machine as a firewal go between with software like Smoothwall for instance?

greets,

polonus
« Last Edit: December 02, 2005, 08:46:36 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Umath

  • Guest
Re: What FW to use now?
« Reply #17 on: December 02, 2005, 09:17:21 AM »
use an old empty machine as a firewal go between with software like Smoothwall for instance?
I know it's quite popular and traditional Linux users' trick but Windows-only users have to rely on security routers.

neal62

  • Guest
Re: What FW to use now?
« Reply #18 on: December 02, 2005, 11:16:43 AM »
Well, I am using Comodo Free Personal F.W. version 1.1.002 now.
I earlier tonight uninstalled it and went and got Kerio P.F. 4.2.2 free "limited" firewall. I took the GRC "shields up" test with it and it failed with default "limited" settings. Port #113, # 139, #1027 were open. So, I uninstalled Kerio and went back and got Comodo as I listed above. I then took the same GRC test. It passed with "true" stealth with the default settings. Even port #113 which the GRC site said could only be stealthed by Z.A. was also stealthed by Comodo.
  I have read the article where Kerio is to be purchased by another company. For now I will personally stay with Comodo mainly due to the differences I saw with the GRC tests. Just my preference. Port #139 was the "Net Bios" port so I definitely didn't want it open to the Internet. Comodo MAY have issues concerning running between the Administrator account and the Non Administrator with WinXP? It's not an issue for me though as it shows to be running when I log in to my Non Administrator account. After downloading Comodo after testing Kerio, I noticed that the version # was  1.1.002 where it HAD been 1.1.001 earlier.
« Last Edit: December 02, 2005, 11:25:59 AM by neal63 »

timcan

  • Guest
Re: What FW to use now?
« Reply #19 on: December 02, 2005, 12:20:11 PM »
Well, I am using Comodo Free Personal F.W. version 1.1.002 now.
I earlier tonight uninstalled it and went and got Kerio P.F. 4.2.2 free "limited" firewall. I took the GRC "shields up" test with it and it failed with default "limited" settings. Port #113, # 139, #1027 were open. So, I uninstalled Kerio and went back and got Comodo as I listed above. I then took the same GRC test. It passed with "true" stealth with the default settings. Even port #113 which the GRC site said could only be stealthed by Z.A. was also stealthed by Comodo.
  I have read the article where Kerio is to be purchased by another company. For now I will personally stay with Comodo mainly due to the differences I saw with the GRC tests. Just my preference. Port #139 was the "Net Bios" port so I definitely didn't want it open to the Internet. Comodo MAY have issues concerning running between the Administrator account and the Non Administrator with WinXP? It's not an issue for me though as it shows to be running when I log in to my Non Administrator account. After downloading Comodo after testing Kerio, I noticed that the version # was  1.1.002 where it HAD been 1.1.001 earlier.
   
Quote
We have fixed this bug in y'day updated version 1.1.002. So for whole
system license will be valid.
And non-admin users won't be able activate license only admin or power
users can do that.
If a non-admin user tries to activate license he will get following message:
"You do not have administrative privileges which are required to
activate license. Please contact your system administrator."

Regards
Bernard
Technical Support
 

kakapo

  • Guest
Re: What FW to use now?
« Reply #20 on: December 02, 2005, 12:30:14 PM »
I think I'll stick with Kerio:  ;)

http://forum.avast.com/index.php?topic=17812.0

Good news from Spyros for the Kerio/Avast! enthusiasts.

Umath

  • Guest
Re: What FW to use now?
« Reply #21 on: December 02, 2005, 03:43:57 PM »
I earlier tonight uninstalled it and went and got Kerio P.F. 4.2.2 free "limited" firewall. I took the GRC "shields up" test with it and it failed with default "limited" settings. Port #113, # 139, #1027 were open.

Really?  Is the default setting that bad?

So, I uninstalled Kerio and went back and got Comodo as I listed above. I then took the same GRC test. It passed with "true" stealth with the default settings. Even port #113 which the GRC site said could only be stealthed by Z.A. was also stealthed by Comodo.

???  Do you mean this site?  I remember Tech also wrote a similar thing in another thread and read it closely.  However, you must have misunderstood what the author meant.

Quote
Stealthing port 113 on personal firewalls

One of the things that first caught my eye about the Zone Alarm personal firewall (aside from the fact that is was free) was that it has always been very clever about handling IDENT's port 113. I recall being impressed and thinking "these guys really know what they're doing". When Zone Alarm receives an inbound connection request for port 113, it checks to see whether the computer has recently initiated any outbound connections to the remote server sending the IDENT request. If not, the IDENT packet is simply dropped, stealthing the protected machine. But if the user does have an existing "relationship" with the sender of the IDENT request, the IDENT packet is allowed to pass through Zone Alarm's firewall protection so that the user's system can respond normally (which usually means immediately returning a closed status for the port). This means that Zone Alarm is a "stateful packet inspecting personal firewall", not just a simpler static packet filter.

At the time of this writing, Zone Alarm is still the only personal firewall to offer this sort of adaptive dynamic IDENT port handling. I hope that other firewalls will follow suit once the benefits are better understood.

The good news is that since IDENT is almost never used, simple "hard stealthing" of port 113, which is available from all personal firewalls, is probably sufficient. It will allow your system to remain completely invisible on the Internet and will almost certainly never cause any connection trouble

Jarmo P

  • Guest
Re: What FW to use now?
« Reply #22 on: December 02, 2005, 07:37:52 PM »
From Polonus
Quote
Do you or the forum users agree to the thesis that the best solution is a hardware software solution (router/linksys) together with a good software firewall or use an old empty machine as a firewal go between with software like Smoothwall for instance?

Sure I think it is best to have a router or HW firewall added, but I personally have never used any but a software firewall, Sygate. Past 2 months Kerio 4.2.2.

I do have my old win 95 puter in store, but not really upto have time and if I wanted an other layer for my protection, then rather would buy an HW firewall. Not to mention my electricity bills. My posts have been as a regular home user.

From Neal:
Quote
I earlier tonight uninstalled it and went and got Kerio P.F. 4.2.2 free "limited" firewall. I took the GRC "shields up" test with it and it failed with default "limited" settings. Port #113, # 139, #1027 were open.

When I first installed Kerio 4.2.2 and ran with default settings in GRC Shields Up! scan, sure i had to block in packet filter rules a few ports from 'system'  ...  let me see.
I have TCP ports (incoming of course) 1025 and 1030 denied for system. Other than that Kerio was secure to me. No big deal.

Since then I have adjusted BZ packet rules from my Kerio 2.1.5 install. So I feel pretty safe now.

Also mysteriously my problem with getting hangups once/day or so has vanished. Has to do with Avast's new network shield OR I cleaned up my registry :)

Kerio is working very well.

Raye

  • Guest
Re: What FW to use now?
« Reply #23 on: December 03, 2005, 01:43:35 PM »
Why not giving it a go and telling us how it works (since you ask). I'm sure it can help a lot others. I see you asked same question in here:

http://forum.avast.com/index.php?topic=17744.msg151305#msg151305 and it looks like you already use this firewall. Do some online tests like ShieldsUP!! is...

LINK: https://www.grc.com/x/ne.dll?bh0bkyd2 and inform us about the results. Perform all those tests, and it would be great if you can perform some other tests as well... for example, tooleaky test which can be found in here: http://tooleaky.zensoft.com

I like this Firewall and since Sygate is closing down why not? better then many i tried. Works very well with AVAST.

This is from R`s site : http://www.r-firewall.com/

R-Firewall is an effective and easy-to-use solution to secure your on-line activity. It protects a computer connected to a local network and/or to the Internet against any intrusions, attacks, trojans, spyware, and other external and internal threats. R-Firewall also filters out inappropriate Internet pages content and blocks dangerous active components you may get while browsing over the Internet or receiving e-mail massages.

Automatic configuration during setup allows you securely surf the Internet right after the software installation. Mobile users can create multiple and easily switchable configurations for specific network environments (Internet surfing at home, office local networks, or public Wi-Fi spots).

Please note! None of available firewalls can totally protect data or system files on a PC if the PC user mistakenly allows malicious programs to access the PC. To reinforce your file protection, we would recommend you to use R-Guard Data Security utility, a reliable firewall companion that extends your control over access rights to various valuable data files much beyond the standard Windows security services.

    * Monitors network activity at the application and system component levels;
    * Detects and blocks direct network intrusions;
    * Detects and blocks network connections that malicious programs try to establish from within and outside the protected computer;
    * Detects and blocks numerous types of attacks;
    * Detects and blocks various dangerous active content on the Internet, such as JavaScript objects, ActiveX components, etc;
    * Checks e-mail attachments for dangerous content, such as executable programs, JavaScript objects, ActiveX components, etc;
    * Converts the protected computer into a "stealth" machine running invisibly to outside intruders;
    * Provides detailed log information
    * Detects and blocks unwanted information on the Internet, such as commercial banners, pop-up windows, and cookies;
    * Blocks access to undesirable or inappropriate Web pages, specified either directly by their URLs, or by keywords;
    * Automatic configuration during setup. Your computer is ready for surfing the Internet right after the installation;
    * Presets for most Internet applications. No need to manually set ports, protocols, or other technical staff for each installed program;
    * Multiple and easily switchable configurations that you can create for a specific network environment (for your home, for your office local network, or for a public Wi-Fi spot);
    * Two types of interfaces: Simple for inexperienced users and Advanced for fine-tuning;
    * An indefinite number of rules for each application;
    * Low resource requirements

System requirements

An Intel-compatible platform running Windows 98/2000/XP/2003.
Email Recovery     The administrative privileges under Windows 2000/XP/2003
are required during installation to install R-Firewall.

http://www.r-firewall.com/

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What FW to use now?
« Reply #24 on: December 03, 2005, 05:32:46 PM »
I tried R-Firewall. Visiting Shields Up!, my ports were blocked but not stealthed. The program GUI then refused to open, so I couldn't make any changes. I'm afraid I uninstalled it after that. Upon rebooting, MS Security Centre was still reporting R-Firewall as 'on'. After reinstalling Kerio, it reports I have two firewalls installed.

Verdict: Definitely buggy.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: What FW to use now?
« Reply #25 on: December 03, 2005, 05:42:50 PM »
..
..
..
Verdict: Definitely buggy.

Suggestion and advice: People, stay away from it...
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

MFB

  • Guest
Re: What FW to use now?
« Reply #26 on: December 03, 2005, 06:16:13 PM »
I tried R-Firewall. Visiting Shields Up!, my ports were blocked but not stealthed. The program GUI then refused to open, so I couldn't make any changes. I'm afraid I uninstalled it after that. Upon rebooting, MS Security Centre was still reporting R-Firewall as 'on'. After reinstalling Kerio, it reports I have two firewalls installed.

Verdict: Definitely buggy.

I totally agree, my advise is to avoid this firewall if you don't want to have a huge mess once you try to remove it. :-\

Umath

  • Guest
Re: What FW to use now?
« Reply #27 on: December 03, 2005, 06:21:52 PM »
Thanx for the self-sacrifice report, Frank.  ;)

As long as you let Kerio log the connections, make it a rule to see it and gather information on the net occasionally, you will eventually learn what suitable protections in your environment are.  Use the GRC site and try every test till you can get satisfactory results, which shouldn't be so difficult.

Also, since major browsers use PASV FTP, you probably don't have problems even if you deny any incoming connection in the internet area.

I know this is not enough for more skillful users but this will provide reasonable protection, I beleive.

Raye

  • Guest
Re: What FW to use now?
« Reply #28 on: December 04, 2005, 12:06:45 AM »
I tried R-Firewall. Visiting Shields Up!, my ports were blocked but not stealthed. The program GUI then refused to open, so I couldn't make any changes. I'm afraid I uninstalled it after that. Upon rebooting, MS Security Centre was still reporting R-Firewall as 'on'. After reinstalling Kerio, it reports I have two firewalls installed.

Verdict: Definitely buggy.
Well with different config anything can happend !

GRC Port Authority Report created on UTC: 2005-12-03 at 23:08:22

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.
« Last Edit: December 04, 2005, 12:10:06 AM by Raye »

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What FW to use now?
« Reply #29 on: December 04, 2005, 12:08:24 AM »
I resent that remark.

[Edit] Offensive remark deleted by Raye without mention or apology.
« Last Edit: December 04, 2005, 12:25:34 AM by FreewheelinFrank »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog