See how efficient your Firewall is!

[MoHux]

If you don't want to read it all ....... scroll down the page;

HERE

Looks like I shouldn't be relying on Windows Firewall!!   

[Rik]

Comodo has a good rep, Mo, though the latest version seems to have a few problems.

[madasahatter]

that's an interesting read - especially when you look at the poor performance of some of the well known (and really quite expensive) ones such as Norton and McAfee. Interesting also that 2 out of the top 4 are free!!

[Simon]

My BitDefender didn't do too well. 

[somanyholes]

that's an interesting read - especially when you look at the poor performance of some of the well known (and really quite expensive) ones such as Norton and McAfee. Interesting also that 2 out of the top 4 are free!!

even more amusing that sygate which stopped being developed years ago still beats a lot of em like mcaffe. online armour is the best Ive used so far, not a comodo fan...

My BitDefender didn't do too well.

bit defender holds well for av though

security suites = bad  (i will keep saying this lol)

[Sebby]

Wow, that's an enlightening read. Thanks, Mo.

[MoHux]

 

[Inactive]

This would appear to fly in the face of " you get what you pay for ".

[Noreen]

Not sure when those tests were actually done but it's possible that latest versions of some firewalls may produce different results. As Rik implied it doesn't include the latest version of Comodo.

[Inactive]

Not sure when those tests were actually done but it's possible that latest versions of some firewalls may produce different results. As Rik implied it doesn't include the latest version of Comodo.

It doesn't Noreen, but there is some comment from Comodo relating to it on the page.

[Noreen]

I don't think that it's referring to the latest version of Comodo which is 3.0.17.304, In. I get the impression, reading back through those pages that the tests were conducted about three months ago. No doubt many of those firewalls will be unchanged but maybe not all.

[Inactive]

Fair enough Noreen, I only skip read it.

[scook94]

Just wondering, I never re-installed a s/w firewall on my new PC as I wasn't sure if there was any point with a NAT enabled router. Certainly "Shields Up" at grc.com gives me the thumbs up (although I realise it doesn't test with unauthorised access coming from my PC), what would you guys recommend? NAT enabled router and s/w firewall?

[madasahatter]

NAT enabled router and s/w firewall?

Can't hurt I suppose, but at the moment I'm just using the firewall in the router together with an antivirus agent (comodo at the moment - used to use AVG free, but started hogging CPU for some reason), in conjunction with Windows firewall, and I don't seem to have any problems.

Of course, they may well be famous last words...... 

[Simon]

I use both, but it can be a double edged sword if you're trying to get something like Limewire connected, which can be fickle at the best of times.  I do like to see what's going in and out, which a hardware firewall doesn't really inform you of first hand, but sometimes, software firewalls can be difficult to configure.

[scook94]

Well I guess with Comodo being free and with x64 support it can't hurt to give it a whirl!

[Ann]

All this leak testing does, as far as I understand, is test the outward firewall capabilities.  As I don't use any outward firewall I think I'll fail!  However, I don't really see a need to.  I also test with Shields Up and with the 2Wire 2700 got all clear so am satisfied that that's enough for me.. with a good antivirus application as well of course.

[Sebby]

I agree, Ann.

[scook94]

But then there's the argument that not all antivirus s/w are proficient in detecting trojans and other malware...

[Sebby]

That's true, but I feel comfortable that I'm good enough with computers to avoid such things in the first place.

[madasahatter]

But then there's the argument that not all antivirus s/w are proficient in detecting trojans and other malware...

Quite true - but if you keep your eyes on the reports, and if need be/possible change accordingly......

[Simon]

That's true, but I feel comfortable that I'm good enough with computers to avoid such things in the first place.

I think that's half the battle, Seb. 

[talos2]

Been trying the Online Armour, seems OK but it does slow down the system somewhat, anyone else use it ?

[Gary]

I know some people don't like suites, for my needs Kaspersky 7 and the free version of superantispyware works a treat, I don't need spyware blaster as my registry is monitored for changes by my security,we all have our preferences and what works for you is best. I found that having a multitude of spyware applications, a software firewall, and a different AV caused conflicts at some time or another on different systems but having a firewall router does give you a degree of safety but even they can be hacked now, I like to see outbound connections, no AV or spyware app is 100% and if you have a keylogger or other malware that is not found, unusual outbound activity may give you a clue, as Sebby said I like to think I can avoid such things by being competent with computers and avoiding social engineering scams etc, but as the malware authors get more devious I think you need that kind of protection. Once you start feeling safe on the net, that's when something nasty is going happen 

[somanyholes]

Hey

Have been using online armour for a few months, and haven't been affected by slowdown's, I think
it's been using less resources than comodo has. Not sure as to what version you are using of online armour but there may be services running that you don't need.

On the outbound protection front. These are my thoughts which you may disagree with.

Outbound protection is needed less if you have a number of other things protecting you. Such as

1. Use webmail
2. Use firefox with noscript
3. Use a sandbox such as sandboxie
4. Common sense (even then it will only do so much)

Reasons to have outbound protection are

1. Your nat firewall, will not provide any outbound protection except if you set up rules allowing or blocking access, this is not a nice way of controlling outbound access.

2. Your antivirus will not protect you from all threats no matter how good it is. It may not stop spyware, adware, rootkits, wireless attacks  etc. IT WILL NOT STOP EVERYTHING.

3. With no outbound protection, you will not be terminate unwanted connections as easily as if you have.

4. People say, I know what I'm doing i won't get infected because I use my brain. All it takes on this front, is kids, grandchildren, friends, partners etc.

5. The main reason to have it is so less tech savy people, can deal with issues quickly rather than having to ring up their local it bod.

6. It helps you learn what you system is actually doing, in an easy to digest way.

Am sure there are a boatload more reasons which people can think of.

Basically, if you don't know how to use netstat, or have a way on monitoring your connections, get outbound protection. (even then rootkits can still be invisable to you.

[Gary]

I agree with you So, but sandboxie can be a pain for some to deal with, no script is great I agree but once again its not for everyone, using webmail is no guarantee, Gmail recently had vulnerabilitys so even webmail is not impervious, my firewall in Kaspersky has a netmonitor which is very useful, but also having outbound protection just stops you having some programs phoning home when you don't want them to, and to be honest since the likes of Norton and Mcthingy are the prevalent masters of all for the less aware the fact they have bad leak testing capabilities kind of puts shot to all of that, leaving my mother with no way to understand no script, and sandboxie so disabling all flash and javascript is the best option and have no rich content, and then most websites break, the net is a double edged sword with little protection from penetration sometimes

[somanyholes]

Hey

Phoning home is another good reason for sure As people have said, different people have different ways of doing things. I think the main thing comes down to, this question.

if you wanted to see what network activity is happening right now, how would you do it, and would you have the tools/knowledge to be able to do it.

On the usability front, would people rather have to spend some time learning how to secure their systems or spend the time later dealing with infections, loss of business etc ...

[Gary]

The answer to that one is yes I have the tools and some of the knowledge , looking at my net monitor I can see established connections open ports and traffic, I do not fully understand  tcp and udp firewall rules completely but enough to get me by at least and without making problems for myself so far, and learning more as time goes on

[somanyholes]

Hey Kill

Didn't just mean you mate, it's a question I think people should ask themselves, and if they answered no, then do something about it 

[Gary]

I know  but just wanted to answer anyway 

[somanyholes]

maybe of interest to those who don't use outbound protection firewalls

http://en.wikipedia.org/wiki/X_Window_System
http://www.tucows.com/preview/213738
http://www.netlimiter.com/

[jupiter]

I also test with Shields Up and with the 2Wire 2700 got all clear so am satisfied that that's enough for me.. with a good antivirus application as well of course.

You reminded me of Shields Up and I too got an all clear.  One page interested me - the one giving the reverse DNS of my IP address, using the format "custxxx-dslxx.idnet.com".  The commentary said that this address is either permanently allocated by the ISP to one's computer, or changes in different sessions.  What does IDNet do?

Clearly the former is creating a continuous record of one's internet activity which is not anonymised.  Here come all the neuroses again!

[Rik]

IDNet IP addresses are static, Jupiter, so the former applies.

[somanyholes]

eeek, added a wrong link earlier http://en.wikipedia.org/wiki/X_Window_System is not meant to be there,

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx is meant to be there.

[madasahatter]

Tut at poor linkage - hang your head in shame holey 

[Rik]

Where is Shame, remind me. Is it north of Watford?? 

[madasahatter]

Where is Shame, remind me. Is it north of Watford?? 

"There be dragons" 

[Rik]

 

Ah, so west rather than north then...

[Niall]

The trouble with these sort of tests is that most firewall companies have the naughty solution of finding out how the tests work, and blocking what it looks for, in effect giving false readings. Blackice got a slating for that a few years ago.

Oh and Norton is awful. It gives the impression it's doing a lot, but the firewall has a LOT of false positives and the antivirus is just a joke really. Another thing about it is that it hammers your system. Try using windows firewall and AVG, then install Norton and see how fast your PC runs then. It's like being thrown backwards 10 years, the PC runs so slowly.

I used it once for a year when I had it free with a new graphics card (odd thing for it to be bundled with, I know). My system at the time was top end, so the performance dent wasn't an issue, until I bought a few new games towards the end of that year.

[Rik]

Another Norton 'fanatic', eh Niall. Any program that makes it next to impossible to remove it cleanly should not be allowed near a computer, imo. I used to run Norton, but when I switched to NOD it was like upgrading the CPU.

[talos2]

It's a shame really Norton used to be the best in the old DOS and Win 3.1 days, but now it's become more "bloatware".

[Rik]

Back on Compuserve, Norton and McAfee gave all sysops free copies of their AV software. It was on-demand scanning then, of course, and I was a Norton fan. Lately, of course, it's become more bloated and more resource consuming.

[Gary]

The latest Norton versions have tried to make themselves appear less bloated by not installing antispam, ad blocking and pop up blocking and privacy control, ad blocking should make browsing faster but they have dropped that part completely leaving my mother at the mercy of click and corrupt the firewall is awful for leak tests but great as it pre configures itself for almost all available programs on the outgoing side and is quite hard to kill, and its detection ratings are great now sometimes beating Nod32 and kaspersky and Sophos in the VB comparatives test, if only they updated them more than every 10 years, well that's how it feels on her machine, but to be honest with a fast modern machine its the ideal holding hands solution for net users with little understanding of security, its pretty good at spyware detection as well so it can't be knocked to hard as its better than leaving some of these people with a suite they cant understand or a bunch of separate applications they never update which is invariably what happens.

[Rik]

The lesser of the evils, eh Gary?

[Gary]

The lesser of the evils, eh Gary?

Indeed Rik

[somanyholes]

the norton coporate av does work quite well, as all the bloatware has been removed. It's the home/soho users that get the worst products. Marketing is evil if you ask me.

as far as antivirus manufacturers cheating by using definitions, most now provide more than just definition based scanning due to the fact that it became very popular at one point to get a virus, modify the code by adding a few bytes then releasing it into the wild.

[Gary]

the norton coporate av does work quite well, as all the bloatware has been removed. It's the home/soho users that get the worst products. Marketing is evil if you ask me.

as far as antivirus manufacturers cheating by using definitions, most now provide more than just definition based scanning due to the fact that it became very popular at one point to get a virus, modify the code by adding a few bytes then releasing it into the wild.

Signature and heuristics is the way forward indeed 

[talos2]

Been trying the Online Armour, seems OK but it does slow down the system somewhat, anyone else use it ?

Update---
                      Ive took it out, it does slow down the browser. Replaced it with Commodo which seems very good, time will tell.

[Noreen]

Replaced it with Commodo which seems very good, time will tell.

Talos, which version of Comodo?

[talos2]

Hi Noreen
                   Version3
                                       2.4.18.184
                     Seems to do the job, but I've not had a threat to test it against

[Rik]

How about "If you don't behave, I'm going to re-boot you"?

[Noreen]

Hi Noreen
                   Version3
                                       2.4.18.184
                     Seems to do the job, but I've not had a threat to test it against

I'm a bit confused by your answer, talos, 2.4.18.184 is version 2.

[talos2]

I'm sure I'm right, see attached screen shot.

[attachment deleted by admin]

[Rik]

The program is v2, the database it's using is v3, Talos.

[Noreen]

The latest version of Comodo is 3.0.18.309, talos. I and many others are sticking with the version that you have, people are having problems with latest version.

[talos2]

The program is v2, the database it's using is v3, Talos.

                OH!!!

[talos2]

 

The latest version of Comodo is 3.0.18.309, talos. I and many others are sticking with the version that you have, people are having problems with latest version.

                Thats unusual for me, to get it right without trying
            I'll remember not to upgrade till they get it right,  thanks

[krysia]

After reading some of this thread, I tried my first leaktest, at Shields Up.  The only one I failed was the 'solicited TCP packets' one, which I don't quite understand, as it showed all ports either closed or in stealth mode.  Can anyone illuminate?  I'm using my router's firewall, Windows XP firewall, and Windows Defender.  Are there other leaktests people recommend for someone not too savvy about these things?

[Rik]

Not sure why you would get that result, Krysia, though the Windows firewall only blocks incoming, which could explain it.

Try the former Sygate scan at :

http://www.symantec.com/norton/sygate/index.jsp

[krysia]

Thanks a lot, Rik - just tried that one and the results were very reassuring, with virtually all ports in stealth mode and the rest closed.

[Rik]

You should be fine, Krysia, provided you're careful in where you go, and have a malware sweep from time to time. It's easy to be made paranoid by all these sites and reports.

[J!ll]

   Security Status: Status Unknown
     The Scan was unable to determine your vulnerability status.

[Rik]

That proves my point, Jill.

[krysia]

Since reading a very good report about it in Computing Which?, I installed Windows Defender, which does a malware scan every day, so I'm covered there, I think.

[Rik]

Yup. Relax and enjoy your connection.

[J!ll]

Well I'm not impressed with it! it says WARNING! No known virus protection software found 

[Rik]

Odd, what are you using?

[krysia]

Did you use IE, Jill?  It doesn't work with Firefox.  Also, I skipped the antivirus check, as I know I've got good protection with Avast - I just did the firewall check.  The AV check requires you to download ActiveX but Firefox doesn't tell you that - only IE does.

[J!ll]

Yes I did use IE

Please note that the following checks were not able to complete because they require Microsoft Internet Explorer 5.0 or higher with ActiveX and Scripting enabled:             using 7 and yes enabled ActiveX

[J!ll]

Odd, what are you using?

AVG

[Rik]

Maybe it's a comment on AVG then.

[J!ll]

I don't have any probs with it, never let me down, yet  I used to use Norton 

[Inactive]

Maybe it's a comment on AVG then.

Don't start her off on that Rik.. 

[Rik]

Probably wise, In.

Now about NOD, Jill... 

[J!ll]

Don't start her off on that Rik.. 

On what     

[Rik]

In can tell you.

[J!ll]

In, gone 

[Rik]

In will be back. I think he may have been hinting that AVG is not the best AV choice, but then again, he must just having been pulling your pedal extremity.

[J!ll]

      I'll be back 

[Inactive]

In' back.. 

In' meant, when something doesn't function 100% for Jill, Rik usually gets roped in to sort it, nothing wrong with AVG Jill, I use it myself.

[Sebby]

AVG's good (but I prefer Kaspersky now).

[madasahatter]

I used AVG AV until recently, and always rated it until it started hogging CPU for no apparent reason after an update. Changed to Comodo AV, which seems to be working fine.

[J!ll]

I have Avast as well, not running at the same time though 

[J!ll]

In' back.. 

In' meant, when something doesn't function 100% for Jill, Rik usually gets roped in to sort it, nothing wrong with AVG Jill, I use it myself.

Rik will only get roped in if he wants to     

[Inactive]

Gertcha, we all know that you have a certain power over him.....

[Rik]

AKA a lasso.

[J!ll]

Gertcha, we all know that you have a certain power over him.....

I don't see him complaining 

[Rik]

It's the gag, Jill. 

[Inactive]

Would he dare?

[J!ll]

 

[MoHux]

The firewall check told me there there was no AV running, like Jill - Ran the AV check and it told me no threats found!!  I use NOD32. 

[Rik]

Sometimes it's best to rely on what we know than on what a site claims it can detect, eh Mo?

[MoHux]

Well they ARE in the business of selling AV progs!! 

[Rik]

Ah, you noticed that.. 

[Ray]

Well I'm not impressed with it! it says WARNING! No known virus protection software found 

Yes, it's just told me that and I'm using the NOD/Eset Smart Security Suite.   

Obviously it only works if you have Norton installed (spit). 

[Inactive]

The firewall check told me there there was no AV running, like Jill - Ran the AV check and it told me no threats found!!  I use NOD32. 

Same here Mo, I use AVG  ..