simple firewall for windows that doesn"t do invisible stuff

Hi. I am currently using outpost and it pisses me off, it's screwing
up my VPN connection for no apparent reason (no blocking logs are
present but nothing works over VPN unless I disable Outpost), some
invisible rules that cannot be turned off pop up, the experience is
very annoying.

Is there any simple firewall for windows? I don't need ad blocking,
attachment checking, DNS cache and all that, I just need a simple
network forewall that does what I tell it to do and doesn't do what I
DON'T tell it to do and is not pain in the ass to use.

Is there such a firewall?

Re: simple firewall for windows that doesn"t do invisible stuff

Post removed (X-No-Archive: yes)

Re: simple firewall for windows that doesn"t do invisible stuff

Dobry den, Sergei Shelukhin, ty skazal:

> Is there any simple firewall for windows?

Is wipfw that what you want? It comes from BSD.

Nadeyus on pomogaet.
Wolfgang

Re: simple firewall for windows that doesn"t do invisible stuff

Post removed (X-No-Archive: yes)

Re: simple firewall for windows that doesn"t do invisible stuff

Casey wrote:


>> Is there any simple firewall for windows? I don't need ad blocking,
>> attachment checking, DNS cache and all that, I just need a simple
>> network forewall that does what I tell it to do and doesn't do what I
>> DON'T tell it to do and is not pain in the ass to use.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>> Is there such a firewall?
>>
>>
> Try Sygate 5.5 b 2710 for Win98
> or Sygate 5.6 b 2808 for Win98 and XP


Ahem... maybe you should take a look at the requirements again. Sygate shit
surely is PITA, since it allows any random attacker to crash the system run
arbitrary code, escalate privileges etc.

Anyway, I can't see how you could build a firewall with the Sygate HBPF. I'd
say it's impossible.

Re: simple firewall for windows that doesn"t do invisible stuff

Post removed (X-No-Archive: yes)

Re: simple firewall for windows that doesn"t do invisible stuff

"Casey" wrote in message
news:MPG.20ecb4ab4628adc69896c1@news.ont.com...
> My main purpose in running a firewall is to keep malware out of my
> machine.
Why don't you consider a decent AV application?

Re: simple firewall for windows that doesn"t do invisible stuff

Casey wrote:

> My main purpose in running a firewall is to keep malware out of my
> machine. Sygate's ability to do that is dependent on the users
> ability to write Advanced Rules to keep the crap out.


No rule could help if it's trivial to circumvent. Trivial as in
"exploit_of_your_choice | fragrouter -relay $TARGET_IP" to create
overlapping IP fragments, which bypass all of Sygate's rules due to a bad
implementation of IP fragment reassembly.

> If the crap can't get in, it can't do harm.


Sygate is the REASON why crap can get onto the machine in first place. Heck,
just visiting a website is enough to exploit one the many buffer overflows
in the HTTP filtering module.

> My Sygate serves me very well--has for 6-yrs.


Yeah, and we'd surely believe an incompetent fool who isn't even aware of
the well-known vulnerabilities in his crapware (and therefore never bothered
to actually audit it).

Re: simple firewall for windows that doesn"t do invisible stuff

Kayman wrote:

> "Casey" wrote in message
> news:MPG.20ecb4ab4628adc69896c1@news.ont.com...
>> My main purpose in running a firewall is to keep malware out of my
>> machine.
> Why don't you consider a decent AV application?


And how is that supposed to work? Dude, you're even abusing MSOE as a news
reader.

Now consider receiving a mail, encrypted via S/MIME and the key retrieved
via OCSP (just in case you're actually scanning POP3/IMAP connections, as
stupid as this might be). MSOE decodes it in memory, then the exploit is
triggered, and the malware executes in memory. It load arbitrary libraries,
calls all the way to shutdown your AV application, which doesn't even get
the chance to intercept this trivial process.

Re: simple firewall for windows that doesn"t do invisible stuff

Wolfgang Ewert wrote:

> Is wipfw that what you want? It comes from BSD.

q.v. force.coresecurity.com

Re: simple firewall for windows that doesn"t do invisible stuff

>>
> My main purpose in running a firewall is to keep malware out of my
> machine. Sygate's ability to do that is dependent on the users
> ability to write Advanced Rules to keep the crap out. If the crap
> can't get in, it can't do harm.
> My Sygate serves me very well--has for 6-yrs.

When did a personal FW become a malware solution? The PFW/packet filter's
job is to stop traffic/packets. Its job is not to be stopping malware.

Re: simple firewall for windows that doesn"t do invisible stuff

If you don't have SG killfiled, I suggest you just ignore SG. He is about to
have another one of his ridding up on his cockroach and laying down his 10
Commandments from his cockroach episodes if you let him get started.

Re: simple firewall for windows that doesn"t do invisible stuff

Sergei Shelukhin wrote:
> Is there any simple firewall for windows?

Yes, the Windows-Firewall. It comes with your copy of Windows.

Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."

Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"

Re: simple firewall for windows that doesn"t do invisible stuff

"Sebastian G." wrote in message
news:5egga4F37n5smU1@mid.dfncis.de...
> Kayman wrote:
>
>> "Casey" wrote in message
>> news:MPG.20ecb4ab4628adc69896c1@news.ont.com...
>>> My main purpose in running a firewall is to keep malware out of my
>>> machine.
>> Why don't you consider a decent AV application?
>
> And how is that supposed to work?

Because :)

> Dude, you're even abusing MSOE as a news reader.

Darn, should I apologies to MSOE? I really don't have any regrets, though
:)

> Now consider receiving a mail, encrypted via S/MIME and the key retrieved
> via OCSP (just in case you're actually scanning POP3/IMAP connections, as
> stupid as this might be). MSOE decodes it in memory, then the exploit is
> triggered, and the malware executes in memory. It load arbitrary
> libraries,
> calls all the way to shutdown your AV application, which doesn't even get
> the chance to intercept this trivial process.

This really makes sense... unfortunately the uninitiated may not quite
follow you; But this is really an old chapeau :)
Now, keep 'em educational posts coming, won't you!

Re: simple firewall for windows that doesn"t do invisible stuff

"Sebastian G." schrieb

> Now consider receiving a mail, encrypted via S/MIME and the key
> retrieved
> via OCSP (just in case you're actually scanning POP3/IMAP
> connections, as
> stupid as this might be). MSOE decodes it in memory, then the
> exploit is
> triggered, and the malware executes in memory. It load arbitrary
> libraries,
> calls all the way to shutdown your AV application, which doesn't
> even get
> the chance to intercept this trivial process.

Does this also work when using a software such a "mail security" or
"Postpruefer"

http://www.cnet.de/downloads/0,10000011,104r-21483s,00.htm or
http://www.winsoftware.de/postpruefer,95,32290.htm

which allow to check and delete mails and attachments on the server
without using the mail client?

Corinne

Re: simple firewall for windows that doesn"t do invisible stuff

Gary wrote:

> Wolfgang Ewert wrote:
>
>> Is wipfw that what you want? It comes from BSD.
>
> q.v. force.coresecurity.com


1. Wipfw comes from BSD/FreeBSD's 'ipfw' (an ipfw2 port can be found in the
SVN), whereas CoreForce comes from the way more complicated OpenBSD's 'pf'.

2. CoreForce is fucked up by bundling it with "application control" and
other stuff that messes up the system, thus at the current stage is
definitely no option.

Re: simple firewall for windows that doesn"t do invisible stuff

Sebastian G. wrote:

> 1. Wipfw comes from BSD/FreeBSD's 'ipfw'

Yes, ipfirewall was developed for FreeBSD[1].

> whereas CoreForce comes from the way more complicated OpenBSD's 'pf'.

By complicated do you mean "feature rich"? Because their syntax is
unsurprisingly similar. But it hardly matters with CoreForce since there's
a GUI included[2]. Wipfw, on the other hand, is not bundled with a GUI. I
suppose one could use Firewall Builder[3] with it, though.

> 2. CoreForce is fucked up by bundling it with "application control"

It possible to use just the firewall portion. There are several host based
IPSs for Win32[4] but I've not had the time or need to investigate them
all.

-Gary

1. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fi rewalls-ipfw.html
2. http://force.coresecurity.com/themes/forcecommunity/images/p opups/pd-net.png
3. http://www.fwbuilder.org
4. http://wiki.castlecops.com/HIPS/IDP_programs/services

Re: simple firewall for windows that doesn"t do invisible stuff

Post removed (X-No-Archive: yes)

Re: simple firewall for windows that doesn"t do invisible stuff

Gary wrote:

> Sebastian G. wrote:
>
>> 1. Wipfw comes from BSD/FreeBSD's 'ipfw'
>
> Yes, ipfirewall was developed for FreeBSD[1].
>
>> whereas CoreForce comes from the way more complicated OpenBSD's 'pf'.
>
> By complicated do you mean "feature rich"?


Not in this port. Anyway, it's also the architecture that is pretty complicated.

> Because their syntax is
> unsurprisingly similar. But it hardly matters with CoreForce since there's
> a GUI included[2]. Wipfw, on the other hand, is not bundled with a GUI. I
> suppose one could use Firewall Builder[3] with it, though.


There's also a GUI for Wipfw (just look at the SourceForge Project website).
Anyway, you normally want a scriptable command line.

>> 2. CoreForce is fucked up by bundling it with "application control"
>
> It possible to use just the firewall portion.


AFAICS you always install all parts and then you can only disable some
particular modules. "Disable" as in still existing hooks, but allowing
everything through.

Re: simple firewall for windows that doesn"t do invisible stuff

Hallo Casey, you wrote:

> The main purpose of a firewall is to control connections from
> internet into your machine.

ACK.

> To control virus, trojans, etc., use AVG, Adaware, Spybot S&D,
> Spyware Blaster, etc.

To control virus, trojans etc. I use access control (surfing as a
restricted user) and try to use actually patched software not vulnerable
for spyware and other types of malware a.s.o.

Wolfgang

Re: simple firewall for windows that doesn"t do invisible stuff

"Casey" wrote in message
news:MPG.20eda0996f40db649896c2@news.ont.com...
> In article , "Mr.
> Arnold"
> says...
>> >>
>> > My main purpose in running a firewall is to keep malware out of my
>> > machine. Sygate's ability to do that is dependent on the users
>> > ability to write Advanced Rules to keep the crap out. If the crap
>> > can't get in, it can't do harm.
>> > My Sygate serves me very well--has for 6-yrs.
>>
>> When did a personal FW become a malware solution? The PFW/packet filter's
>> job is to stop traffic/packets. Its job is not to be stopping malware.
>>
>>
> Sorry, you misunderstood my post. Once again (simpler):
> The main purpose of a firewall is to control connections from
> internet into your machine.

I'll give you that one. But it's still stopping network packets.

> To control virus, trojans, etc., use AVG, Adaware, Spybot S&D,
> Spyware Blaster, etc.

Other than a good AV, one needs to practice Safe Hex. And if one practices
Safe Hex, then one doesn't need that other stuff. I have not used any of
that other stuff in years or never.

Re: simple firewall for windows that doesn"t do invisible stuff

On 28 Jun 2007, Sebastian G. wrote:

> There's also a GUI for Wipfw (just look at the SourceForge Project website).
> Anyway, you normally want a scriptable command line.

I gave the Win32 port of Qtfw a try the other day. It's useful to learn
rule syntax with but since it appends the ipfw command to the beginning of
each rule in the scripts it generates, I can't find much use for it.
However, it might come in handy for getting a visual look at a more
complex ruleset before deploying it.

Perhaps appending the ipfw command is how it's supposed to work under
FreeBSD but it looks like whoever made the Windows port didn't test it out
with the stable release of wipfw. Either way, it's a non-intuitive
application and I wouldn't recommend it to novice users.

-Gary

Re: simple firewall for windows that doesn"t do invisible stuff

Gary wrote:

> On 28 Jun 2007, Sebastian G. wrote:
>
>> There's also a GUI for Wipfw (just look at the SourceForge Project website).
>> Anyway, you normally want a scriptable command line.
>
> I gave the Win32 port of Qtfw a try the other day. It's useful to learn
> rule syntax with but since it appends the ipfw command to the beginning of
> each rule in the scripts it generates, I can't find much use for it.


Hum? This is how it's supposed to work. Anyway, if you don't like it, you
can remove it in a post-processing step.

At any rate, you should always create your ruleset from a script and a
database, f.e.

| for $i in (iana_reserved.txt);
| echo ipfw add $rulenumber deny ip from any to $i xmit>>ipfw-load.sh;
| echo ipfw add $rulenumber deny ip from $i to any recv>>ipfw-load.sh;
| end;

> However, it might come in handy for getting a visual look at a more
> complex ruleset before deploying it.


Visual look on complex rules? That reminds me of FirewallBuilder and ShoreWall.

> Either way, it's a non-intuitive application and I wouldn't recommend

> it to novice users.

I wouldn't recommend any kind of packet filtering to novice users.