Made the switch to Nod32. Any firewall suggestions

[715]

Originally posted by MrRiplEy[H]
BlackIce leaked stuff out of the box i.e. if a trojan or adware installs to your box, BlackIce couldn't discern its traffic as illegal. At least back then it had no parent application or md5 checks.

The current version flags new executables when they run and then also if they attempt to connect to the internet.  But it is true that if you give a general OK to the program, then it won't flag net connections by that program ever again.  So you can't tell if a program that shouldn't be connecting to the net is doing so.  However, if you want to get specific, you can go into the database and, say, flag a program as OK to run, but not OK to connect to the net.  So it is possible to set up that kind of control if you want to take the extra step.  It doesn't default that way.  However, it is not like a virus or adware/malware program- it doesn't know naughty programs by name or signature.

[MrRiplEy[H]]

The most advanced personal firewalls not only enable you to give programs access permissions, they also have ability to tell when an another program is attempting an illegal connection THROUGH the permitted program or disguised as one.

This is the reason why I like to keep a personal firewall. I download all kinds of freeware kiddie crap for my kids (free games, puzzles, game demos etc.) and I like to have some idea what's going on in the background.

Unbelievably many game demo's call home the first thing they do when they install.

[Vulcan]

For the most part Personal Firewalls are snake oil IMHO. Google firewall leak tests to see what I mean. GOOD AV with things like buffer overflow protection and program execution limits is what you need.

I use McAfee (corporate version NOT the retail product). But NOD32 probably ranks as the best product. McAfee 8.5i has the most comprehensive stuff I've seen for blocking virus vectors, the heuristics are not as good as NOD's though.

If you're really serious and want to throw some money at a solution I use a Sonicwall firewall with gives me gateway Antivirus, Antispyware, IPS, Content Filtering (also blocks any outbound spyware/proxy attempts), and of course logging/reports. Any entry level Sonicwall (TZ150) would do the job for most people.

[MrRiplEy[H]]

Originally posted by Vulcan
For the most part Personal Firewalls are snake oil IMHO. Google firewall leak tests to see what I mean. GOOD AV with things like buffer overflow protection and program execution limits is what you need.

I use McAfee (corporate version NOT the retail product). But NOD32 probably ranks as the best product. McAfee 8.5i has the most comprehensive stuff I've seen for blocking virus vectors, the heuristics are not as good as NOD's though.

If you're really serious and want to throw some money at a solution I use a Sonicwall firewall with gives me gateway Antivirus, Antispyware, IPS, Content Filtering (also blocks any outbound spyware/proxy attempts), and of course logging/reports. Any entry level Sonicwall (TZ150) would do the job for most people.

I googled firewall tests and found that the information was outdated. Comodo for example catches all of the 'leaks' the sites cry about. I tried personally using the exploits on my box and none got through.

Unlike many programs, Comodo gets frequent updates which actually fix stuff.

The fact is that without a personal firewall you have and will not have any control whatsoever about what goes in or out your computer. You could have 10 trojans running without knowing, despite firewalling or virusshielding.

[Vulcan]

Originally posted by MrRiplEy[H]
IThe fact is that without a personal firewall you have and will not have any control whatsoever about what goes in or out your computer. You could have 10 trojans running without knowing, despite firewalling or virusshielding.

The problem is when the firewall coexists on the same machine as the infection you cannot be 100% sure. There are always new ways to beat the firewalls coming out. Personal Firewalls are not new technology and yet they still fail to properly protect.

I could have 10 trojans running but I would know because:
 - my antivirus software prevents software from executing from within common places spyware pop up from (ie temp directories)
 - my antivirus software prevents outbound communications on common spyware reporting vectors (eg port 25, irc etc)
 - my antispyware would report them on its regular scans (and prevent execution on a signature basis)
 - my edge (gateway) firewall prevents inbound spyware (and virus's) via either HTTP, FTP, or Email protocols
 - my edge (gateway) firewall looks for outbound spyware traffic, blocks and reports it
 - my edge (gateway) firewall looks for outbound proxy or http tunneling trafic, blocks and reports it
 - my edge (gateway) firewall sends me weekly report summaries internet usage. Anything that slipped through the above would be picked up as anomolous traffic by either protocol or destination

[MrRiplEy[H]]

Yeah but your box could be leaking your personal information out for a week before you catch it through a log..

A personal firewall is a good, free way to increase your awareness on what goes on inside the computer. Why not use it.

[Boroda]

Check this one: http://www.agnitum.com/

I use Outpost Firewall for several years, in new versions they added spyware protection and other neat stuff.

It needs some configuring, but after spending half an hour I work pretty well and safe in my weird environment with several networks trusted/declined and with a real IP adress. A must have.

[Vulcan]

Originally posted by MrRiplEy[H]
Yeah but your box could be leaking your personal information out for a week before you catch it through a log..

A personal firewall is a good, free way to increase your awareness on what goes on inside the computer. Why not use it.

Because personal firewalls are not guaranteed to catchup stuff and have other issues (such as compatibility and performance). The log's are only my backup, the firewall is doing edge spyware detection at Layer7, as well as  blocking of tunneling attempts, and other 'iffy' protocols (smtp direct, irc), and blocking to known hacking/proxy avoidance/spyware websites.

No personal firewall software does ANY of that (cept block smtp/irc but even then it is not guaranteed).

[MrRiplEy[H]]

Originally posted by Vulcan
Because personal firewalls are not guaranteed to catchup stuff and have other issues (such as compatibility and performance). The log's are only my backup, the firewall is doing edge spyware detection at Layer7, as well as  blocking of tunneling attempts, and other 'iffy' protocols (smtp direct, irc), and blocking to known hacking/proxy avoidance/spyware websites.

No personal firewall software does ANY of that (cept block smtp/irc but even then it is not guaranteed).

Question: How many of the programs you've recently installed have called home from your computer? Don't know?

Even if personal firewalls are not perfect, neither are virus shields. Yet many find using them a good idea. Something is better than nothing right? Comodos patched version caught all of the example exploits that were posted on the 'firewall leak test' site. I'd call that a hell of a lot better than not having protection at all.

As what goes for compatability and performance, I haven't noticed any problems whatsoever on that side. Every online game works a-ok. OTOH I have caught 1 trojan and a couple spywares with the PF. Without it, I'd never know my box was infected in the first place. Well, at least unless something obvious showed up on netstat at which time the information would have leaked a considerable time. I also like to block every piece of software that tries to call home from my computer unless a connection is needed for the operation.

[Vulcan]

Originally posted by MrRiplEy[H]
Question: How many of the programs you've recently installed have called home from your computer? Don't know?

One piece, some Broderbund kids software. I know exactly what goes on.

[MrRiplEy[H]]

Originally posted by Vulcan
One piece, some Broderbund kids software. I know exactly what goes on.

Heh, you don't install much stuff then?

80% of all applications I've installed in the past 4 years have called home in one way or another. Right now I have 21 apps in the control list.

[Brooke]

I use Windows XP's built in firewall.

I'm also behind a Linksys dsl/cablemodem router (so it's a firewall on its own).

I think I'd always want something like a router between my computer an the Internet, regardless of the firewall on my own PC.

[Vulcan]

Originally posted by MrRiplEy[H]
Heh, you don't install much stuff then?

80% of all applications I've installed in the past 4 years have called home in one way or another. Right now I have 21 apps in the control list.

I have plenty of apps. Although no Adobe stuff

Brooke turn off windows xp firewall. It's an absolute waste of CPU resource: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

(notice Windows XP Firewall SP2 fails totally)

[715]

Originally posted by Vulcan
Brooke turn off windows xp firewall. It's an absolute waste of CPU resource: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

(notice Windows XP Firewall SP2 fails totally)

Note: That web page tests for outgoing leaks only, i.e. you already have a Trojan or other nastyware on your machine and it is attempting to surreptitiously connect to the internet.  It wasn't reviewing protection against incoming bad things.

[MrRiplEy[H]]

Originally posted by Vulcan
I have plenty of apps. Although no Adobe stuff

Brooke turn off windows xp firewall. It's an absolute waste of CPU resource: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

(notice Windows XP Firewall SP2 fails totally)

So then with all probability 80% of also your apps have called home - and are calling home with no knowledge from you. It might be as simple as automatic registration or update search, I don't want any of that happening without my approval.