Author Topic: Firewall  (Read 38008 times)

0 Members and 1 Guest are viewing this topic.

timcan

  • Guest
Re: Firewall
« Reply #15 on: November 01, 2006, 12:18:49 PM »
My friend - a big guru in IPS - says he won't recommend COMODO anymore. :) The reason is as follows (from his words): COMODO doesn't process connections at high-number ports from 65000 to 65535. :)

Hi ,I did a port scan at grc.com on ports 65001-65064 and got stealth results.See screenshot of cpf logs.

saintive

  • Guest
Re: Firewall
« Reply #16 on: November 01, 2006, 01:13:35 PM »
I use Sygate for 5 years with Avast and other anti-virus with Windows XP/SP2

Sygate is a freeware; it's very easy to use and to control

Claude (FR)

Cactusjack

  • Guest
Re: Firewall
« Reply #17 on: November 01, 2006, 01:38:15 PM »
Yes agree Sygate is a good Firewall,but
i have problems whit the use of CPU,this is very high,i think.

Cactusjack

  • Guest
Re: Firewall
« Reply #18 on: November 01, 2006, 02:06:42 PM »
If you look for a free firewall, Kerio will be a good choice. It may defend you from unknown viruses. :) It has deep drivers, it is practically fully functional, etc.
    O.K.Its true the firtst month after install you get the full PRO
programm,but i pay never whit creditcards,so if i not pay is the Kerio Firewall
automaticly Freeware.
And thats means,no virus or Troyan horse and other stuff  are cathing annymore.
Olso a few other things are in the Freeversion not working.
But it is and stay a good and very to understand Firewall.
The fact that Kerio now not running on virus,etc,is for me not bad,becouse
i use Webroot Spysweeper and this programm replace The Kerio Pro,
in combination whit SpywareBlaster and AVAST4Home.(whit the Free Kerio)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Firewall
« Reply #19 on: November 01, 2006, 02:20:31 PM »
Anyone considering Sygate should consider a couple of things, it is no longer in development since it was bought out. It has a localhost loopback weakness, in that it can't tell what programs are using the localhost proxy it only identifies the local host proxy. So it is possible that a malicious program could use the localhost proxy and not be challenged if the proxy is allowed permission to connect to the internet.

avast's Web Shield proxy is one such proxy, however avast's web shield doesn't allow all and sundry to use the web shield proxy only browsers that are known not to cause problems, so this might limit exposure to the Sygate weakness.

To further improve this security, you should disable transparent use of the web shield proxy. How to disable transparent web shield proxy and allow only those browsers you want use it:

In avast! go to Web Shield provider, Customize..., Basic tab, blank the redirected HTTP port field (remove the 80). Now no browser can use web shield unless you manually configure it to use Web Shield.

Example of manual browser set-up:
For IE - broadband users: - Tutorial - Web Shield Proxy Set-up for IE
For IE - dialup users - Tutorial - Web Shield Proxy Set-up for IE (Dial-up)
For Firefox users - Tutorial - Web Shield Proxy Set-up for Firefox
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

NickGolovko

  • Guest
Re: Firewall
« Reply #20 on: November 01, 2006, 03:04:19 PM »
timcan, :D Of course, outbound connections, not inbound! :D

NickGolovko

  • Guest
Re: Firewall
« Reply #21 on: November 01, 2006, 03:35:04 PM »
If you look for a free firewall, Kerio will be a good choice. It may defend you from unknown viruses. :) It has deep drivers, it is practically fully functional, etc.
O.K.Its true the firtst month after install you get the full PRO
programm,but i pay never whit creditcards,so if i not pay is the Kerio Firewall
automaticly Freeware.
And thats means,no virus or Troyan horse and other stuff are cathing annymore.
Olso a few other things are in the Freeversion not working.
But it is and stay a good and very to understand Firewall.
The fact that Kerio now not running on virus,etc,is for me not bad,becouse
i use Webroot Spysweeper and this programm replace The Kerio Pro,
in combination whit SpywareBlaster and AVAST4Home.(whit the Free Kerio)

The only difference between payed and free version is disabling of Web blocking that doesn't work anyway. :) Overall all the functions remain the same. :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Firewall
« Reply #22 on: November 01, 2006, 03:44:40 PM »
My friend - a big guru in IPS - says he won't recommend COMODO anymore. :) The reason is as follows (from his words): COMODO doesn't process connections at high-number ports from 65000 to 65535. :)
Well... can you post a link to this guru's option...
Seems it's not truth... Does this guru works for other firewall manufacturer?  ;D
The best things in life are free.

Cactusjack

  • Guest
Re: Firewall
« Reply #23 on: November 01, 2006, 04:23:44 PM »
 ???I have visit all the websites from almost every Firewall today.
No not that i remove KerioFreeFirewall today or coming weeks, but
i read all the things and setups(if it can) and then i see Outpost Free.
Outpost must be olso good,but the interface is not so easy to understand.
And i look on the Forum off Comodo,and there is a heavy discussion
about COMODO Free? Forget it,or it is true or not, this is nice to follow it.
Comodo said it is not true,but costumers says No its a TRIAL.
And on the homesite i read that there is coming a new version the
6 or7 nov.
If i am completely missing this message,than you reacthing please.
It must be said that i never learn English, but i try it. (TV English)
No i take no lessons, becous i am 60+and i hate schools!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Firewall
« Reply #24 on: November 01, 2006, 04:38:04 PM »
Comodo said it is not true,but costumers says No its a TRIAL.
Trial for what? Right now the application is full free...
The best things in life are free.

NickGolovko

  • Guest
Re: Firewall
« Reply #25 on: November 01, 2006, 06:38:37 PM »
2 Tech: he doesn't work for other firewall vendor.. :D I can't give a link, but I will quote his msgs to me 2morrow. :)

Cactusjack

  • Guest
Re: Firewall
« Reply #26 on: November 01, 2006, 06:40:10 PM »
Like i said,on the ComodoForum can you read the discussion
about ComodoFirewalls.
So there are costumers who said that the first month a trial is.
After registrating going something wrong,becourse the key for activating
is not working.
And it seems it is no incidently, becourse so many users reacthing on it.
No said Comodo The Firewall is Free for livetime.
This is what i read,but yes me English is not so good.  ::)

Offline Bluesman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 926
  • Amiga Power!
Re: Firewall
« Reply #27 on: November 01, 2006, 07:41:48 PM »
No said Comodo The Firewall is Free for livetime.
Then I said it now...Comodo Firewall is free for lifetime!  :)

And if you don't believe me...read it on their homepage:

http://www.personalfirewall.comodo.com/

Comodo Firewall - It's Free. Forever. No Catch. No Kidding

And the big boss at the Comodo company says it's free:

http://forums.comodo.com/index.php/topic,2672.0.html

« Last Edit: November 01, 2006, 07:48:07 PM by Bluesman »
"The blues are the roots, everything else is the fruits" -Willie Dixon

Cactusjack

  • Guest
Re: Firewall
« Reply #28 on: November 01, 2006, 08:25:28 PM »
Yes, BLUESMAN,this is what i mean!
This is the reacting from COMODO,and i believe it.
THX.

NickGolovko

  • Guest
Re: Firewall
« Reply #29 on: November 02, 2006, 04:34:37 AM »
4U, Tech:

that's what he wrote.

Message 1
By the way, I found a VERY interesting leak in COMODO yesterday. I was downloading CureIt! and it needs port 21 (FTP) and a very high port (somewhere around 64.000). I had it set to VERY HIGH security, which means it is supposed to let you know EVERY connection to EVERY remote port. It didn't recognize and/or warn me about the 64.000 range! So, it's either a bug, or COMODO itself is calling home through that range, which wouldn't surprise me. Too much 'snake oil' around this product if you ask me...

Paul

Message 2
Hi, Nick!

I got some BS letter as a reply today from the COMODO dev guys. They are trying to say that this is not a remote address issue. The remote address 'just spawns the ftp' or something. According to them, this is not a remote connection issue. My logs show SYN flags from my computer to the addresses below on high ports, but this is not a remote connection issue... :=)

Here are the addresses that have to be allowed to download Dr.Web's CureIt! Of course port 21 (ftp) but also:
* us.drweb.com (209.160.33.73) port range 64000-65535
* msk+msk2+msk3.drweb.com (81.176.67.170-81.176.67.172) port range 64000-65535
* msk1.drweb.com (192.168.255.255) port range 64000-65535
* msk4.drweb.com (83.102.130.174-83.102.130.178) port range 64000-65535

* If you allow ALL TCP Out to Any address, Any port you can download CureIt, but you won't get an alert about high ports in COMODO.
* If you restrict remote ports (21, 80, 90, 443, 5190) then you cannot download CureIt and you will see an Outbound Policy Violation log. No alerts however.
* If you allow the addresses above, you can download CureIt, but you won't get an alert about high ports in COMODO.

It's very strange also that there are no application logs. Only Netmonitor (packet logs).

I think I've witnessed a very bad case of 'snake oil' here and I will never again recommend COMODO to anyone. And the lesson is clear: packet rules should be VERY rigid, whatever firewall you are using.

Paul