Prev: free.lk all free stuff... is there....just try it...
Next: alt.comp.freeware links at Sun Feb 28 21:20:02 2010
From: AlleyCat on 27 Feb 2010 23:57
In article <ilsjo5htdrk5pmar1e0u2qf502eo1ao31i(a)4ax.com>,
Duddits(a)Dreamcatcher.com says...
> Kerio has many exploits and is old and outdated but it's very
> lightweight YMMV.
>
> I like Agnitum Outpost Free
> http://free.agnitum.com/
> and
> Online Armor Free
> http://www.tallemu.com/products-online-armor-free.php
>
> regards
>
> Dud
>
>
Something about Outpost made me not like it, so I re-ghosted the machine
and put Online Armor in. No complaints so far.

Al
From: VanguardLH on 28 Feb 2010 04:14
Mahatma Kote wrote:

> I've been using Comodo for a couple of months but it is driving me mad
> with its insistance on gaining permission to open every .exe file plus
> its inability to remember all the set rules. Most it does but many it
> doesn't.

I was using Online Armor but its Program Guard was too much interference
with some programs and games (couldn't resolve the issue, even when using
their Learning mode). Some programs unroll more executables and place them
in temp folders with random names (these are known good programs but are
dodging some malware, copy protection, or other interferring schemes) and OA
won't keep a hash of the excluded files to find them wherever they are. As
a consequence, every time I run these programs, it reports on a new version
(actually a new path) for the file and prompt me to Allow/Block. Allowing
only works once since the path will change the next time whereupon I get
another prompt. Some programs run dynamically loaded drivers and even
setting the program to Trust (and configuring its options to allow these
drivers) doesn't get rid of the interference from OA (disabling OA doesn't
help and I have to reboot into Safe Mode). Even with their whitelist of
known good apps, both OA's Program Guard and Comodo Pro Firewall's Defense+
still put up a lot of prompts.

One poster here recommended PC Tools Firewall Plus Free. Matousec
(http://www.matousec.com/projects/proactive-security-challenge/results.php)
rates several firewalls. Usually OA and CPF were in the top 3 in his list
but now PC Tools Firewall is up there. However, it isn't quite as
configurable as OA or CPF but to some folks that's a plus. I was trialing
it when I realized that Threatfire adds to Windows Firewall the features
added by PCTools Firewall. Disabling or enabling Windows Firewall doesn't
change my memory consumption. Threatfire is a lot smaller than PC Tools
Firewall. I can enable the custom rules in Threatfire to alert when a
process wants a network connection (and in the prompt I can elect to allow
or block and remember my choice) so this gives me the apps rules in PCTools
Firewall and other firewalls. There's even a preset custom rule for
detecting when a program wants to launch (although it is configured to look
for program under C:\Program Files, you can change it to look anywhere) if
you wanted the HIPS functionality of other AV and firewall products (i.e.,
their heuristic with Threatfire's heuristics and the app rules in those
other products with the custom rules in Threatfire).

Matousec rates Threatfire very low - as a firewall. In its default
configuration, the custom rule to alert on a process trying to acquire a
network connection is not enabled. It also isn't paired up with the Windows
Firewall. Threatfire + Windows Firewall is pretty much what you get with
other firewall products (that include HIPS, too) ... except I will grant
that the Windows Firewall doesn't protect itself from termination but that
would require that you let in malware that would do that (and Avast and
Threatfire should find that malware, plus I use other anti-malware products,
like MalwareBytes and SuperAntispyware but only as on-demand scanners).

The problem that I had in the past with Avast 4.8 and Threatfire was that
Avast may not initialize (it keeps saying it is initializing when it is
loading). This was reported often in Avast's forums. I believe users found
they had to manually exclude all the Avast files from Threatfire (i.e.,
there was no prompt from Threatfire to allow Avast's processes). I haven't
hit that problem in Threatfire ... however ...

When I installed Avast 5, I did not include all their "shields". The Mail
Shield is superfluous (and trips up users trying to figure out how to get
SSL connects to work in their e-mail clients which requires not using SSL
and instead letting Avast's transparent proxy do the SSL connect). I don't
do instant messengers so I didn't install the IM shield. Most users haven't
a clue of what the Behavior Shield does. It takes info from the File and
Network shields (which I did install) and reports suspicious behavior and
the files involved to Avast but only if you enable the "Community" option.
I'm not interested in "voting" on how I handled an unknown process and
sending that info back to Avast, plus there is indication by several user
reports that Avast's Behavior shield conflicts with Threatfire's intrinsic
behavioral checking. Avast's Behavior shield isn't a shield at all. It
affords no additional protection and is a reporting scheme.

So with Threatfire, I add to the host-facing interface of Windows Firewall
what it has been lacking. Leaving the Windows Firewall enabled doesn't
consume any more memory than having it disabled. I can use the custom rules
in Threatfire one of which lets me create app rules for what can get a
network connection. With zero change in memory to leave the Windows
Firewall enabled, Threatfire adds a meager 7MB to give the other half of
protection that Windows Firewall forgot. I haven't found a firewall program
which is that small. Regardless of which firewall I used, I'd still be
using Avast so that memory footprint is not a consideration for me regarding
which firewall to use.

Avast 5:
- File shield: installed.
- Web shield: installed.
- Network shield: installed.
- Mail shield: not installed (superfluous).
- IM shield: not installed (unimportant to me, do use IM clients).
- P2P shield: not installed (I don't need to steal software).
- Behavior shield: not installed (not needed with Threatfire).
- Scheduled scans: weekly full (Monday), daily quick (Tue-Sun).

Threatfire:
- Notices: all disabled (just nuisance popups to me).
- Custom rule "Process creating network connection": enabled.
- Scheduled scan: not used (just rely on real-time protection).

Windows Firewall: enabled.

Of course, if either Avast or Threatfire detect suspicious behavior for an
unknown process then you get prompted. Just like other firewall+HIPS or
AV+HIPS products, Threatfire has its whitelist, too, that attempts to reduce
how many prompts you get. You could always change the aggressiveness in
Threatfire with its sensitivity slider. I left it at the default middle
position. I've tried upping it one more level (more aggressive) but it does
generate more prompts and you wouldn't like that.
From: Mahatma Kote on 28 Feb 2010 04:49
Thanks for a VERY comprehensive answer! Plenty to think about there.

On Sun, 28 Feb 2010 03:14:00 -0600, VanguardLH <V(a)nguard.LH> wrote:

>Mahatma Kote wrote:
>
>> I've been using Comodo for a couple of months but it is driving me mad
>> with its insistance on gaining permission to open every .exe file plus
>> its inability to remember all the set rules. Most it does but many it
>> doesn't.
>
>I was using Online Armor but its Program Guard was too much interference
>with some programs and games (couldn't resolve the issue, even when using
>their Learning mode). Some programs unroll more executables and place them
>in temp folders with random names (these are known good programs but are
>dodging some malware, copy protection, or other interferring schemes) and OA
>won't keep a hash of the excluded files to find them wherever they are. As
>a consequence, every time I run these programs, it reports on a new version
>(actually a new path) for the file and prompt me to Allow/Block. Allowing
>only works once since the path will change the next time whereupon I get
>another prompt. Some programs run dynamically loaded drivers and even
>setting the program to Trust (and configuring its options to allow these
>drivers) doesn't get rid of the interference from OA (disabling OA doesn't
>help and I have to reboot into Safe Mode). Even with their whitelist of
>known good apps, both OA's Program Guard and Comodo Pro Firewall's Defense+
>still put up a lot of prompts.
>
>One poster here recommended PC Tools Firewall Plus Free. Matousec
>(http://www.matousec.com/projects/proactive-security-challenge/results.php)
>rates several firewalls. Usually OA and CPF were in the top 3 in his list
>but now PC Tools Firewall is up there. However, it isn't quite as
>configurable as OA or CPF but to some folks that's a plus. I was trialing
>it when I realized that Threatfire adds to Windows Firewall the features
>added by PCTools Firewall. Disabling or enabling Windows Firewall doesn't
>change my memory consumption. Threatfire is a lot smaller than PC Tools
>Firewall. I can enable the custom rules in Threatfire to alert when a
>process wants a network connection (and in the prompt I can elect to allow
>or block and remember my choice) so this gives me the apps rules in PCTools
>Firewall and other firewalls. There's even a preset custom rule for
>detecting when a program wants to launch (although it is configured to look
>for program under C:\Program Files, you can change it to look anywhere) if
>you wanted the HIPS functionality of other AV and firewall products (i.e.,
>their heuristic with Threatfire's heuristics and the app rules in those
>other products with the custom rules in Threatfire).
>
>Matousec rates Threatfire very low - as a firewall. In its default
>configuration, the custom rule to alert on a process trying to acquire a
>network connection is not enabled. It also isn't paired up with the Windows
>Firewall. Threatfire + Windows Firewall is pretty much what you get with
>other firewall products (that include HIPS, too) ... except I will grant
>that the Windows Firewall doesn't protect itself from termination but that
>would require that you let in malware that would do that (and Avast and
>Threatfire should find that malware, plus I use other anti-malware products,
>like MalwareBytes and SuperAntispyware but only as on-demand scanners).
>
>The problem that I had in the past with Avast 4.8 and Threatfire was that
>Avast may not initialize (it keeps saying it is initializing when it is
>loading). This was reported often in Avast's forums. I believe users found
>they had to manually exclude all the Avast files from Threatfire (i.e.,
>there was no prompt from Threatfire to allow Avast's processes). I haven't
>hit that problem in Threatfire ... however ...
>
>When I installed Avast 5, I did not include all their "shields". The Mail
>Shield is superfluous (and trips up users trying to figure out how to get
>SSL connects to work in their e-mail clients which requires not using SSL
>and instead letting Avast's transparent proxy do the SSL connect). I don't
>do instant messengers so I didn't install the IM shield. Most users haven't
>a clue of what the Behavior Shield does. It takes info from the File and
>Network shields (which I did install) and reports suspicious behavior and
>the files involved to Avast but only if you enable the "Community" option.
>I'm not interested in "voting" on how I handled an unknown process and
>sending that info back to Avast, plus there is indication by several user
>reports that Avast's Behavior shield conflicts with Threatfire's intrinsic
>behavioral checking. Avast's Behavior shield isn't a shield at all. It
>affords no additional protection and is a reporting scheme.
>
>So with Threatfire, I add to the host-facing interface of Windows Firewall
>what it has been lacking. Leaving the Windows Firewall enabled doesn't
>consume any more memory than having it disabled. I can use the custom rules
>in Threatfire one of which lets me create app rules for what can get a
>network connection. With zero change in memory to leave the Windows
>Firewall enabled, Threatfire adds a meager 7MB to give the other half of
>protection that Windows Firewall forgot. I haven't found a firewall program
>which is that small. Regardless of which firewall I used, I'd still be
>using Avast so that memory footprint is not a consideration for me regarding
>which firewall to use.
>
>Avast 5:
>- File shield: installed.
>- Web shield: installed.
>- Network shield: installed.
>- Mail shield: not installed (superfluous).
>- IM shield: not installed (unimportant to me, do use IM clients).
>- P2P shield: not installed (I don't need to steal software).
>- Behavior shield: not installed (not needed with Threatfire).
>- Scheduled scans: weekly full (Monday), daily quick (Tue-Sun).
>
>Threatfire:
>- Notices: all disabled (just nuisance popups to me).
>- Custom rule "Process creating network connection": enabled.
>- Scheduled scan: not used (just rely on real-time protection).
>
>Windows Firewall: enabled.
>
>Of course, if either Avast or Threatfire detect suspicious behavior for an
>unknown process then you get prompted. Just like other firewall+HIPS or
>AV+HIPS products, Threatfire has its whitelist, too, that attempts to reduce
>how many prompts you get. You could always change the aggressiveness in
>Threatfire with its sensitivity slider. I left it at the default middle
>position. I've tried upping it one more level (more aggressive) but it does
>generate more prompts and you wouldn't like that.

Mahatma Kote

'When your friend's beard catches fire, put water on yours.'
From: baynole2 on 28 Feb 2010 05:05
Thank you for this dissertation (not being sarcastic-i appreciate
it).May even print it out.
From: ♥Ari ♥ on 28 Feb 2010 15:27
On Sun, 28 Feb 2010 20:15:43 GMT, Bear Bottoms wrote:

> =?utf-8?Q?=E2=99=A5Ari_=E2=99=A5?= <AriSilverstein(a)army.com> wrote in
> news:hmeg80$go2$1(a)tornado.tornevall.net:
>
>> Care to have a discussion on cryptology or security software?
>>
>
> Sure...go for it.

No you first

nonny nonny boo-boo
--
Ari's Fun Times!
http://tr.im/hrFG
Motto: Run, rabbit, Run!
 |  Next  |  Last
Pages: 1 2
Prev: free.lk all free stuff... is there....just try it...
Next: alt.comp.freeware links at Sun Feb 28 21:20:02 2010