Subscribe to our Best Free Firewall
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
No other freeware product causes as much angst to users, whether in installation or day-to-day use, as a firewall. To find a stable and high quality firewall for windows often involves a process of trial and error. Firewalls should protect while not being too intrusive or too complicated to handle. This article gives you a selection of the best free software firewalls available. If you want to learn more about firewalls, visit this excellent introduction on How Firewalls Work. Be sure to use only one software firewall at a time. But feel free to combine a hardware and a software firewall to improve protection. Additionally, most products highly recommend uninstalling other third-party software firewalls before installation. Firewalls are increasingly useful to help you control the activities of Internet facing applications. It's becoming difficult to tell when applications connect online because they link so many of their features to Internet resources. Few programs stop to ask your permission. Often when you click for "Help," you find your browser launching and connecting to the Internet; sort of like asking your doctor for information and finding a needle in your arm instead of an answer. So, I predict that firewalls will be ever more important for privacy and control and choice. I organized the article into three sections ranging from (I) broad protection and greater user involvement; (II) to basic 'firewall only' configurations and less user involvement; (III) to narrow protection and "set it and forget it" products. |
|
Discussion
|
|
I. Best Software Firewalls for Maximum Protection and Greater User Involvement The following personal firewalls provide excellent network protection. Each firewall comes with default settings and shouldn't require tweaking except for the needs of advanced users. I provide some configuration and usage details since a little extra information may help you better answer popup alerts. I also give a few tips to help minimize alerts without letting malware through. Still, they seem to require a fair amount of time to learn their features and they require more user involvement. But they are not as bad as the User Account Control (UAC) in Vista and they have various features that limit the extent of action required by you. Oh, and I always create a drive image before installing a new firewall since they are known to give your PC serious problems if they conflict with anything. However, I installed and uninstalled each firewall several times during testing and had no problems.
The free version lacks many extras of the pay version, however, such as automatic updates, additional malware protection, anti-spam protection, and web safety features. Though, more annoyingly, the free version lacks helpful features such as breaking active connections you don't want. I also didn't like the automatic Outpost news updates, which place up-to-date advertisements for the Outpost Pro version in the interface. This being so, I see many user reports of satisfaction over Comodo and this is probably because of the extra care taken to reduce user involvement and limit outbound monitoring to a reasonable level. The HIPS component is called "Host Protection" in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default "optimal" setting only monitors "most dangerous activities" instead of all program activities. So the default "optimal" settings lack protection from keyloggers, direct disk accessing, window hooking, DNS API request monitoring, etc. You can check the types of reduced monitoring by clicking the "customize" button in the Host Protection section. I believe the intention of the "optimal" level is to acclimate users to the firewall and provide more outbound protection than the windows firewall. After you get used to the firewall, you can increase its protection. The installation asks users whether they want to train the firewall for a week (using its Auto-Learn mode and Rules Wizard). I'm not a fan of this feature (it's initially unchecked during the installation) and you can easily switch to it at any later point, say for an hour while you start using a new, trusted program. In my testing it greatly reduces protection during the time the firewall trains so (like with the other top firewalls) it's best to only train for short periods of time. One technical advantage over Comodo is that the self-protection component works well in all its levels of protection, whereas self-protection in Comodo depends largely on having Defense+ enabled. Additionally, (along with the firewall from PC Tools) it's alert messages do not depend on the user to set "trusted" rules if they want to permanently automate HIPS alert responses for a program (in its maximum security settings). So it has the advantages of PC Tools firewall in usability and similar proactive security protection to Comodo in its maximum settings. Outpost also has a helpful feature to set rules automatically for known safe applications. Otherwise Outpost's maximum security settings are not much more user friendly than Comodo and Online Armor. It prompts the user with just as many popup alerts. And Outpost lacks some of the techniques used by Comodo and Online Armor to decrease the number of alerts in their maximum security settings, such as the more flexible safe programs list in Comodo or the security wizard in Online Armor. So Comodo and Online Armor have the potential to be less intrusive in their max settings, but the continual work and annoyance in configuring them reduces their advantages in user-friendliness, giving Outpost a considerable edge for many types of users.
During installation, it gives you a choice between three levels of security. The "Firewall Only" mode is discussed in the next section. The intermediate option mainly turns off some protection from Defense+, including some direct access monitoring. The "Proactive Security" configuration uses all Defense+ monitoring and increases in aggressiveness over the "Firewall Security" configuration. I recommend using the "Proactive Security" configuration (check this setting by right-clicking the tray icon and selecting configuration). You can reduce the number of popup messages you get and automate the behavior of Defense+ by (1) using the "Clean PC Mode"; (2) adding files to "My Own Safe Files" for safe mode; (3) treating applications that regularly need more access as trusted or blocked or isolated (etc.) when you get popup alerts about them. Though any of these require much knowledge and work on part of the user, and if the user gets frustrated they may allow malware through. If you are fairly certain your PC is malware free, set Comodo to the "Clean PC Mode." In "Clean PC Mode" it automatically treats all applications on your drive as safe (but if any malware is currently hidden on your drive, it too would be considered "safe" in this mode). The exceptions to this rule are new files and applications. They get sent to a list of files "waiting for your review" in the "Summary" page. Files listed for review will be considered "possibly unclean" while you are in "Clean PC Mode" and will provoke popup messages. If you want to prevent initial alerts about these new files, you can manage the list before you run any programs listed in it -- you could empty it (if you are malware free) or add known safe applications to your safe files list. If you treat them as trusted or blocked (etc.) as you get alerts for them, this also automates the responses of Defense+ (even if you leave them in the list of new files waiting for your review). It also has an alternative "Safe Mode" in which you will get many popup alerts at first. But Comodo limits these alerts by automatically allowing some known safe applications to run (unless you use "Paranoid Mode"). Also, if a safe program needs additional access to run, then Defense+ will alert you and you can decide whether to treat it as a "trusted application" (which, finally, ceases most alerts about it from Defense+ in every mode). If you don't add your everyday programs to your safe files list or treat them as trusted or blocked or isolated (etc.), Defense+ in safe mode seems to alert you constantly.
The installation is lengthy if you go through its "Safety check" wizard, but it will accomplish much of what you have to do manually in Comodo's max security modes: it will search your PC for programs to set as safe and it also uses its own list of safe applications to automatically allow programs to run or access the Internet. You can disable this automatic feature in the settings, but it uses an excellent popup message when it automatically allows a program (it doesn't require user action). It has a short learning phase after installation and you can use its learning mode to create automatic rules at any point later, say, for a trusted online game that gets constantly interrupted by firewall alerts. On my testing, you receive about as many alerts as Comodo's "Safe Mode" (with applications manually added to its safe files list). But I found the installation more straightforward and user-friendly. Additionally, Online Armor was the most resource efficient on memory use. It also allows you to close both its tray tools from its right-click context menu. Both are not needed for the firewall and HIPS components to continue running and protecting, and even with the two tray tools active, it is still the most resource efficient firewall of all top contenders in this article (with PC Tools a close second).
However, one very surprising difference was the ease of installation and configuration. In fact, I didn't have to do anything; no searching for or adding programs -- it just installs and starts protecting your PC. But, of course, this means a few extra popup alerts will appear if you have rare and unknown programs not in its automatic list of safe applications. It seems to download this list with a "PC Tools Plus Service," but if you have a slow Internet connection you may experience an overall lag for any program connecting and using the Internet until the service finishes downloading. Like the other firewalls above, you can disable the automatic allow feature in the settings to take back control. It also has a password feature that prevents users from setting permanent rules. But you can still run any program you want as long as you don't mind clicking "allow" countless times without use of the "remember this setting" feature (so it is not really comparable to the parental controls of Comodo and Online Armor). Though, it does have an interesting "Full Screen" mode or game mode that blocks all alerts while, say, you play a trusted online game. The program looks and feels user-friendly, with a simple setup and simplified alert messages, but still it's not for average users. II. Best 'Firewall Only' Configurations for Basic Protection and Less User Involvement The same three firewalls above have alternate configurations (see below to configure them) that compare favorably to user friendly firewall products. These configurations accommodate the use of your favorite active anti-malware and HIPS programs, and they reduce the burden of answering chains of popup alerts and make them easier to manage for average users. Additionally, some users (of many degrees of experience) prefer to avoid advanced firewalls that employ a constant "security guard" that question them daily when they want to connect to the Internet, install a new program, play online games, or run their programs. The more you install and uninstall programs, the more the fancier firewalls need user involvement and extra work. Outpost Firewall Free comes with reduced monitoring in its default settings. You can check this setting with a right click on the tray tool, click "Settings..." > "Host Protection" > the slider should be set "Optimal". This leads the section and is the best reduced monitoring configuration. It isn't quite a "firewall only" configuration, but it's much more user friendly than its maximum configurations. If you disable behavior monitoring in the following firewalls, then they still provide excellent inbound protection, minimal/marginal outbound filtering, and additional features such as port stealthing. First, of course, you must download and install the following software of your choice, then change their settings to reduce their level of protection/monitoring (in other words, disable their HIPS components). Here are the key settings to adjust:
All three will still ask you whether unknown programs should have access to the Internet, but they will not worry if you start OpenOffice Writer to compose your next poem. They also seem to remember your responses to alerts in a simple, straightforward way. Additionally, all three have a list of programs they automatically allow. For example, I noticed that none of them asked whether Firefox should be allowed to connect online. Though, they did alert me when some of my other lesser known programs tried to go online for updates. So there will still be a learning curve in dealing with popup alerts, but the alerts settle down quickly once the firewall has a good list of rules for your Internet-bound software. Though, these configurations will lose you important protection from malware running on your PC, such as root-kits, keyloggers, Trojans, viruses, or spyware, and dramatically increases the chance such malware will successfully make outbound connections (if you're without other security software). You would need additional security software to supplement these configurations. We have articles on options such as virtualization, HIPS and anti-malware. These are important security layers to help safeguard against malware and prevent it from harming your PC or from making outbound connections to steal your personal information or take control of your PC. For average users who want to try an alternative, simple and lightweight free firewall, Sunbelt-Kerio Personal Firewall causes very little annoyance for the user in its default settings. Yet it also manages excellent inbound protection, with marginal outbound protection. Its 'no popup' configuration disables "Application Behavior Blocking." If you use its feature for advanced users, the behavior blocker, then its protection is better and it superficially operates more like the top three firewalls (except its performance isn't in their league). You would also have many popup alerts to handle at least initially. Some advanced features are automatically turned off after the 30 day trial period and some users experienced system crashes in the past. But I had no problems with it in my recent testing. Other user friendly alternatives include Ashampoo FireWall Free and ZoneAlarm Free Firewall. III. Best Firewall for Novice Users The built-in windows firewall is an excellent choice for novice or impatient users since it avoids the hassle and confusion of incessant alerts while employing excellent inbound protection. This may sound unusual; a Gizmo Freeware article advocating the use of a built-in windows product -- almost seems impossible. Most novice users, however, are simply not prepared to reliably handle the numerous popup alert messages of the best firewalls on the market. Windows firewall is lacking against outbound malware threats, but users who merely click "yes" to each and every alert they encounter will not have the level of protection they think they have (and certainly not if the user gets so frustrated that they uninstall their maximum security personal firewall). Additionally, it does not require installation, so it's the least likely to conflict with other programs or your PC. If you are fairly sure no malware exists on your computer and you have no use for the other features of a personal firewall, then windows firewall is actually a practical and useful solution.
Please help us by rating this review. |
|
Related Products and Links
|
|
Related to Firewalls:
Related to Security:
Related Firewall Testing Sites:
|
|
Have Your Say
|
|
There are four major ways to send feedback: registered users can contact me directly here or in the forum under Contact Info. Registered users may also post in the forum. And anyone can post a comment at the bottom of this page. |
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
6.5 
Unrestricted Freeware 
Windows 2000/XP/Vista, 500 MHz or faster, 30 Mb HardDisk, 256 Mb RAM
This category is maintained by volunteer editor Rizar.
Tags for this page: best free firewall, best free firewall for windows, best free firewall software.
Delicious
Digg
StumbleUpon
Please rate this article
NEW VERSION OF COMODO INTERNET SECURITY 3.10.101801.529 IS OUT.
does anyone know which firewall will pass the pcflank leak test? i've tried comodo,outpost and online armor, they all failed.
You might have accepted the test file and thats why it failed I've messed around with some of those tests and you really needed to watch what you let in and out by your firewall
i guess i did do the test wrong, with all the pop-ups from avira and the firewalls, sometimes it's hard to know when to allow and when to block.
Another Great Firewall Tester...
Proof?
Webpage?
go to pcflank.com! see what results you get. what's the point of your comment anyway? i'm not a "great firewall tester"! never said i was. i was just surprised i failed the test with those 3 firewalls.
Haven't Firewall developers ALREADY tested their firewalls
against this the old pcflank.com?
Do you think that they expect you to test?
You did the test wrong!
That's why these firewalls "failed"!
Edit by JT: I don't think personal insults are warranted
so if done right those all pass the test?
This article explains leak testing in more detail.
http://www.brighthub.com/computing/smb-security/articles/32023.aspx
As in my other post "leaks" are stuff going out of your firewall, not coming in. Incoming protection should obviously be your first consideration because if nothing bad comes in then you don't need to worry about it getting out again.
So, leak tests assess your firewalls ability to withstand an attack from within which normally tries to disable or bypass your firewall service and obtain a connection to the internet. Usually, the purpose of this is to either extract information from your computer or facilitate the download of more malware which can. Another favorite is to set you up as part of a bot network to transmit spam and other rubbish.
No matter which brand or level of personal firewall you install much of the above can be prevented by using a safe browser and a sandbox to isolate your "dealings" with the sites you choose to visit.
http://www.sandboxie.com/
In terms of firewall configuration then your rules policy should be to only allow things to connect to the Internet which cannot possibly work without this ability. Even then they should be restricted to only the port numbers they require for individual functions. Your browser for example will use 80 and 443 and for a mail client 110,25,995 and 587 might also be required. There are also Windows services which ask for connecting permissions when there is no benefit to your system in allowing them. Herin lies the risk when firewalls set automated rules for "anything signed by Microsoft". Any hackers seminar will demonstrate just how easy some of these connections are to exploit.
If all of this is more than you want to be bothered with then I appreciate that people wish to use their computers for entertainment and not a crash course in network dynamics. In this case simply choose a top rated firewall like Outpost or Online Armor Free and try to gain the best knowledge about it's functions that you can.
Optionally, take a few moments to register in the forum and one of us will help you set up your firewall to best suit your needs.
It's important not to over estimate the benefits of leak testing. Although they assess a firewalls ability to monitor outbound connections and other criteria the important process is to protect against inbound traffic and where you choose to connect to yourself. Letting malware into your computer is not advisable even if your firewall is then capable of preventing them connecting out.
In response to your question though I can't answer for the firewalls you quote as I don't know how you configured them and I've never run the PC Flank test through these myself. What I did do though is run it through the one I'm currently using which is Rising Personal Firewall 2009 (free) and it passes without problem.
If you would like to try this firewall there is a direct download link for it on this page at Wilders.
http://www.wilderssecurity.com/showthread.php?s=af45f78cdf1db766022f37e3...
You'll need to be quick if you want to try this because the moderators at Wilders usually remove direct links to .exe files for the same reason that I cannot post it for you here. It is also difficult to find a link for the free version of Rising via Google which doesn't turn into a trial the moment you connect to the net with it. Please check the link with Dr. Web, AVG Linkscanner or similar before you begin the download.
http://online.us.drweb.com/
In my opinion this firewall is hugely under rated for the features it offers and should be more widely known. It doesn't contain a HIPS component which is why it scores low at Matousec but you can easily add a standalone like DSA or even Spyware Terminator to perform this function.
Please understand that no firewall is capable of providing optimum protection without at least some adjustment to it's default settings. If you try Rising and need some help setting it up, register and post in the forum and I'll be happy to assist you individually.
I use Zone Alarm, bit firewalls in general provide a value. Some pertain to inbound traffic, others to outbound traffic. Its important to keep in mind inbound traffic is also scrubbed by your other resident security products (anti virus, spyware monitors), but nothing else is watching and reporting on the outbound traffic.
Equally important is an ability to monitor connections real time. Have you ever noticed your LAN lights blinking for no reason? Ever wonder what going on? What processes are currently connected? Sending data?
If the traffic is OK to particular destinations, you need a firewall that will allow you to enter exclusions (DNS or IP). You also need one that will show connections and traffic.
Analysis of inbound network traffic by some AV's is pretty limited unless something tries to execute but then of course you already have it on your computer. Depending on the program some standalone HIPS also offer network control and will warn you of attempted outbound connections should this feature not be in your chosen firewall. Other than Windows (XP) nearly all the other firewalls available provide outbound as well as inbound protection, a connections monitor and log facility. What some of them don't do is offer individual component control.
All of the firewalls reviewed here in the main section are a complete package. Whichever one you like working with most will ultimately prove your best choice for protection.
The main dialog box for user interaction in outpost firewall free is COMPLETELY AMBIGUOUS. You are presented with several radio buttons, and allow, block, OK. What's the difference between allow and OK? Apparently, the radio buttons are linked to the OK button. Also, the allow and block buttons have dropdowns (allow once and autolearn). But there is no description of the allow button in it's native state (allow once, allow always, etc). This is what happens when you allow the people who write the software to also create the user interface.
If it were me, I would have had all radio buttons (allow once, allow always, autolearn, block once, block always), and a single OK button. KISS.
Hi, I use outpost in one of my system for the past two month or so. Let me help you a bit. This thing caused me the the same confusion. I looked around for info but to no use. Over the period what I have learnt is as follows.
ALLOW itself is ALLOW ONCE only. U can click ALLOW or AllOW ONCE to same effect.
Auto Learn - For example if u execute a file, Outpost flashes the dialog box, u click ALLOW, then next and next dialog box for other actions of the same exe file may appear. Now, instead of doing that u click auto learn for a legitimate application then after the first dialog no other dialog box should follow as the firewall allows all further actions and auto learns to allow. I have used auto learn only on a few occasions and had this reading.
OK - This is the important part. U run a trusted application. Dialog pop up alerts u every time. U dont want that so clicking allow wont help you. You want a rule to be created so that application can run without interuption every time. OK button does that for u. OK has default rules for many known applications and allows you to implement the rules for those applications in your system. For those application it doesnt know, but u trust (thats why u click ok in first place) u r presented with a configuration screen. For a non technical person like me it presents a problem. But over the time I have learnt that for trusted applications that have to be used over and over again I can accept default settings on the configuration screen that follows. That will spare me from clicking ALLOW everytime the application starts. I tried to help , may or may not have been successful. If u have any doubt I will be happy to help with my limited technical ability.
thanks - knowing the ALLOW by itself is ALLOW ONCE is helpful.
I more or less understand the theory. It's just the user interface that's a problem. there were a number of times when I selected one of the radio buttons, then clicked ALLOW (instead of OK), thinking this would lock-in my desired action. it was only after much trial and error that I realized that ALLOW or BLOCK totally overrides the radio buttons.
What happened to Jetico Firewall & Net Vedra Firewall. Als why do you no longer recommend them?
They are R.I.P.!!! (= Rest in Peace).
NetVeda still highly capable until IPV6 becomes the dominant Internet protocol and Jetico V1 too for users with enough network knowledge to set it up.
Everyone has different recommendations to make and if we included them all here then the list would become unmanageable. You could easily add SoftPerfect, Ghostwall and Filseclab into the selection as all have an appeal to different user requirements. If the forthcoming new release of Privatefirewall becomes freeware as hinted this will also force a rethink because not only is this the most stable firewall I've ever used but it's also one of the most competent and includes your favorite HIPS component, DSA
I am just curious as to something I read on here a while back about Privacyware's Private Firewall possibly going free? I was even thinking about purchasing it even if it doesn't. Does it contain the protection of DSA within the firewall program? I have tried running DSA with other firewalls Outpost, Zone Alarm and Online Armor) but when I add it I notice a slow down to my system. I'm hoping that the firewall, if it had DSA as part of it might not make my system take a performance hit. My system is not new by any means but it runs slower as I add each new security layer. Right now I'm running Comodo Memory Firewall, Avira and Outpost Free version in real time with MBAM & SAS on-demand.
If it does and if it were free would you say that it would be a good choice for a personal firewall, paid or free?
Many thanks for your time.
In effect DSA is the HIPS component in Privatefirewall but the component mix is not the same. The drivers for instance are different and you don't get either the sluggishness or the tendency to freeze which DSA is sometimes apt to do if it doesn't like one of your other programs.
I last spoke with the CEO of Privacyware two weeks ago and they were still debating the merits (or not) of releasing the new version of Privatefirewall as freeware. It's currently in beta testing (notice this vendor does not inflict beta security software onto the community to test for them) and I'm expecting an announcement very soon now. The updated firewall will have usability enhancements (i.e. less alerts!)and full compatibility with Vista64 and IPV6. It's always been a great firewall and with the new release can only get better. I've never set too much importance on passing the Matousec leak tests but if this is your belief then at level 10+ and 88% Privatefirewall is already up with the top performers. If it does become freeware it would certainly be my top recommendation providing that the new version doesn't bring with it any of the instabilities plaguing some of the other choices. To date I've used Privatefirewall across several machines on and off for two years and have never had a single issue.
Hello one and all,
I've been trying the Outpost firewall free. It loads and installs ok, but it seem to affect my general broadband download speed. Cutting it from 3.5Mb to 1.7Mb approx.
I've tried the following:
Different sites of 'download speeds'.
Changing the anti-virus program.
Previous HD images (Ghost) right back to XP sp3 update.
All these still end with the same results when installing Outpost
Has anyone else experenced this, and hopefully overcome it?
Thanks
djj01
I had the same problem or even worse, moving from 5mb to about 0,5mb...
No way to solve it, maybe it conflicts with K9 drivers. Uninstalled and replaced by Online Armor Free that works really fine.
Rgds, MT
Thanks MT
I've tried your suggestion of 'Online Armor Free' and It's done the trick.
I've also found that I can now use Avira Anti-vir which I couldn't with 'Outpost' as that combination slowed everything down.
Cheers
djj01
I can't even use firewalls because they render my system unstable, I think its due to the many tweaks I've made to my computer over the two years I've had it. Either that, or its getting old...
Hi,
I have a fairly old computer from 2002 Pentium 4 and I found that either Zone Alarm or Online Armour worked well while keeping my system stable and fast. But then I re-install my OS every 6 months just to keep it running that way and I find it makes a real difference in speed. I tweaked my machine a bit but I don't mess with the software too much.
Very helpful review thank you.
can any one suggest a freeware firewall which is best for torrent clients like bitcomet
Type "Torrents" in the above search box; it returns and brings-together all our site's coverage.
How much illegal stuff do you download? Cuz the California State Prison system uses Sygate Firewall in the section for those criminal caught stealing movies and music illegally. That way you'd be familiar with the firewall, before you get caught and jailed.
Hmm, this is useful info, I must gen up on it...
Zone Alarm Free
Give your BitComet access and server permission to the trusted and internet zone (you should see 4 ticks in the program list beside BitComet).
I suggest if you use Zone Alarm Free that you also download Comodo Memory Firewall for added protection.
http://www.memoryfirewall.comodo.com/download.html
It works for me!
Hi,
I run Zone Alarm Free, version 8 I think. I love it and have used it for years and I find it user-friendly. I followed a link that showed it did not do well in testing. Is there any sotware I can add to Zone Alarm Free to make it more secure? I also use Avast Home 4.8 with it and Spyware Blaster 4.2 and Windows Defender for my security.
I did read in a thread that DSA was good to use. I installed it but Windows Defender said one of the files PFSVC.exe was infected and labelled it as Severe. I thought that DSA might be a program that would help. But after the warning I unistalled it, and thought I would check here with the experts here first before proceeding.
Hey! Your PC security is almost Exactly the same as mine. FORGET DSA.
The person who suggested Comodo Memory Firewall as an add-on was correct.
However, Drive Sentry is a FREE Real-Time + On-Demand Anti-Malware that is even Better than BOClean. It combines AV + Antispyware + HIPS to keep virtually ANYTHING from invading your PC. Well reviewed too. Go to youtube and see for yourself. NOTE: You MUST uninstall that Useless Windows Defender first.
That app was never any good and not something you should put your trust in.
Latest version of Drive Sentry is 3.3.0.4. Best of luck to you.
Hi
The file you describe is the Privatefirewall service component which performs the network monitoring functions in DSA. DSA would indeed be an excellent partner for Zone Alarm free. Unfortunately I have no knowledge of Windows Defender but I would assume there is a facility to allow or ignore the warning raised if you wish to install DSA again. I should add that the file with this name is only guaranteed to be legitimate if it's location path points back to your DSA installation directory. If Windows Defender gives it's location as being anywhere else then in fact it could be malware.
From the circumstances you describe though this is highly unlikely.
DSA is a pain in the a**.
Not recommended for Average Users!
The Allow/Block function of HIPS
is a Nightmare for Average Users!
Why?
Examples?
Evidence?
Alternative recommendations with reasons?
Come on! now.
DSA stinks and you still recommend it!
DSA and Real Defender are DEAD long ago!
Nobody will further develop them!
Move on!
http://www.matousec.com/projects/proactive-security-challenge/reports/PS...
-DSA score - 62%,
-DSA Protection level - Poor,
-DSA Recommendation - Not recommended)
http://www.matousec.com/projects/proactive-security-challenge/results.ph...
-CIS (has been improved greatly in terms of Annoying pop-ups)
-Outpost Free (great overall balanced protection)
-OA Free (friendliest HIPS ever developed!)
Why are you attempting to compare a standalone HIPS program like DSA with two combination firewalls and a full suite?
Also, it's no good keep quoting Matousec at people as if it's some sort of panacea. Whilst I don't doubt the value of some of their testing techniques there is always another side to the debate. Are you familiar for instance with Mihail Fradkov? Well he is one of the rising stars amongst Russian coders striving to write new software capable of matching modern threats.
These are two of his comments:
"Unfortunately, the average user is ready to make efforts in learning the abc of Emule and P2P, but not to learn the abc of the registry and malware's behaviours".
"Just for information: for example, one of the well-known leading security package contain this feature, it automatically allow to start any driver in the system after running one legit, signed application, which drops the driver and start it. It's not required to say, that after this "learning" your system is not protected at all from any type of rootkits. BTW, this security package have a lot of scores at matousec.com (on the top of the list), because of testing technics imperfection. It's marketing "we have a lot of scores and don't annoy users with questions"... but you didn't protect them too, tests are passed only in specified pre-environment."
His last sentence emphasizes the weakness of a lab based testing policy and his first the importance of having a solution which individuals can manage rather than one which may offer more protection but is too complicated to understand.
We welcome and encourage the involvement of everyone here but to keep repeating the same empty comments, some of which are incorrect anyway, contributes nothing. DSA for instance is in full active development with a new release due out shortly.
Same MIDNIGHTCOWBOY...
a) Always Against Matousec.com .
b) Promoting OLD-Ware Nobody uses any longer
(e.g. DSA., Real Defender etc.).
This OLD-Ware is not further Developed/Supported/Updated.
Move on!
a) Untrue statement: e.g: "Whilst I don't doubt the value of some of their testing techniques"
b) Untrue statement: e.g: "DSA for instance is in full active development with a new release due out shortly."
Another question for you:
If Realtime Defender isn't any good why did Comodo take the guy who wrote it to write Defense+ for them? Anyone who has used both programs instead of just commenting about things they know very little about will immediately recognize the similarities. It would also be very helpful if you could explain exactly what needs updating in a HIPS program?
Comodo hired RealTime Defender guy
BUT
HIPS in Comodo have developed Loooong Way.
Initially, Comodo HIPS were very annoying!
They alarmed for every file >even innocent Windows files!
Gradually, Comodo HIPS evolved into User-Friendlier/Smarter versions!
They alarm about Actual Threats! Comodo moved close to Online Armor
which offers the User-Friendliest/Smartest HIPS.
Initially, HIPS were really Stupid, as they Alarmed Users
for every file execution/modification.
That created a LOT of Frustration among Average Users!
Later, HIPS developers realized that HIPS need to
Alarm users only when a -REALLY- Bad Action or
Suspicious Enough action is about to happen!
HIPS became Smarter/User Friendliest.
HIPS will be further developed so that Users will No Longer Suffer
the Allow/Block Nightmare they faced with the Stupid HIPS
that used to fire Pop-up Windows for everything!
AntiVirus software entered the Collective Intelligence Era.
HIPS will move on, too.
The ones who state that HIPS needs NO Updating
have Nothing to do with Security Software Development!
You are right about one thing in that the HIPS vendors all seek to reduce alerts in response to user demand, but ask any industry expert and he will tell you that this is counter productive to achieving high level security.Top level security comes at a price and that is popups. Without them you are relying solely on the integrated automatic control components in HIPS to make a decision for you and all too often these are demonstrated to be wrong. This is no real fault of the software other than there are just too many variables to code for. Consequently the safest approach is to request user input for a decision. If you are uncertain or unwilling to respond to such requests then you don't need the software in the first place.
Also, if you had read the quotes in my other post you would have seen that what tests as being "smartest" in the lab doesn't necessarily perform to the same standards when granny is using it to connect to Facebook.
As a big fan of Comodo you might also want to explain the (still) large numbers of CIS issues in their forums even since 3.9 went to final? It still seems quite happy to devour part of your system files and/or leave others unprotected. I would not really assess this as being "user friendly"
PC security does not begin and end with software firewalls, HIPS and AV's. Routers apart, it begins with your browser, the sites which you visit and how you control this access with something like a sandbox. Accepting that not everyone is disciplined enough to use a sandbox (or willing too - me included) then your best defense is your mouse.
Please explain to all of us how Collective Intelligence in AV's is a step forward for the majority of PC owners with no Internet connection?
The majority of PC owners -if they have No Internet connection-,
then they would NOT be able to even Update a simple AV.
So, what's your point?
I'm an Online Armor Beta Tester.
So, you are wrong about saying that I'm a CIS big fan.
Online Armor has developed the Friendliest/Smartest HIPS!
Users need to be Alarmed -Only- when there is a -Real- Threat!
We have moved long way since the Era of the Dummy
-Not to Stay Stupid- Classic HIPS that Fired Alarms for No Reason.
Users' Frustration and Discomfort taught us that HIPS need to be
Smarter/Friendlier.
I also use Sandboxie and AyRecovery together with my NAT/SPI Router.
Since the majority of of PC owners have no Internet connection
OR
if they have Internet connection, they cannot deal with Creazy HIPS,
like RealTime Defender and DSA,
there is No need to suggest these.
I assumed from what you were saying previously that you must be a CIS user which of course has far less popups than Online Armor.
http://forums.comodo.com/feedbackcommentsannouncementsnews_cis/public_us...
Maybe as a beta tester for Online Armor you could tell us when buffer overflow protection is planned to be included? Also, you have yet to reply to my quoted comment from Mihail Fradkov about the flaws in the automated driver recognition process in Online Armor?
Buffer overflow has always been a major BS/Crap.
You many buffer overflow incidents have you been experienced?
You are stuck in the past >DSA, Realtime Defender
and other old issues like buffer overflow.
Why do I need to reply to any quoted comment from Mihail Fradkov?
Flaws exist in every software.
There is No perfect software.
Is CIS perfect? Is Outpost perfect?
That's why software is -constantly- improved.
What about your RealTime Defender?
Is it Flawless? No way!
And you seem to "forget" something:
RealTime Defender is Dead.
It will never be further Developed/Improved.
So, I don't see where you get it.
Are you a Firewall Developer?
OR
just a Firewall Criticizer?
It amazes me how anyone can profess to be a tester of anything with so little knowledge to back it up.
This is just one small extract from the many reports you will find on the net relating to the scale of buffer overflow vulnerability attacks. This is from one of the world leaders in network security, Cisco
"The report does offer statistics on vulnerabilities. In 2007, the incidence of application vulnerabilities was up 53 percent, and the incidence of buffer overflow was up 23 percent, the company says. In 2008, users should expect growth in attacks on system memory, smartphones, and portable storage devices, the report warns."
The automated driver issue you still haven't replied to because I guess you haven't got an answer, or maybe don't even understand the problem?
Our aim here is to match the best solutions with people's ability to use them and offer choices in the process. This certainly means criticizing software that promotes itself as being a world class solution to all evil when in fact it falls short of this. Of course you are right in that all software contains flaws but when these are contained in a front line security solution they take on a completely different status.
No business can be operated effectively without statistics and like most others I keep mine. I've posted many times that the majority of users I see with infected systems all have top rated security software of one form or another. The fact that they don't understand it (or want to) is the major contributing factor and Online Armor certainly falls into this group along with a lot of others. There is no way that you can tell me that someone with just average abilities can install this and manage it straight off. In firewall terms my own statistics prove that the people I persuaded to use less complicated software such as Ashampoo, NetVeda and Sygate all have far fewer problems in the future. The only major problem here is that these applications will cease to be of any use once IPV6 finally becomes the dominant Internet protocol.
You are also wrong about the reasons why classical HIPS are dying out. Sure users want less things to respond to, we all do, but the birth of suites and other multiple component solutions was driven by a commercial need to sell stuff and nothing else. People use them because they look at websites such as Prevx and believe what they see. This is not to say that everything is misleading but the power of marketing is what drives the demand, not the ability of the product to function as described.
You are also wrong about the status of these programs on Wilders. There are multiple threads for programs like Malware Defender and EQSecure for which some of the guys there have created an industry for rule making since 2007.
"The automated driver issue you still haven't replied to because I guess you haven't got an answer, or maybe don't even understand the problem?"
Keep the irony/sarcasm for yourself!
Since, according to you,
'the automated driver' issue is such a Critical problem,
then,
Why don't you, MIDNIGHTCOWBOY (Mr. Great Firewall Developer)
offer a solution to it?
Your Snobbish and All-knowing attitude made several members to
abandon the Techsupportalert Forum!
What has the Cisco Network Security to do with
Average Users who are behind Routers, dial Up modems and own one PC?
2007 buffer overflow was up 23 percent
So what?
Is it the greatest Threat for an Average User?
Are you crazy?
It is obvious that you know nothing about Programming and Networks!
All you know is to copy outdated info; irrelevant most of the time...
Keep using DSA and RealTime Defender since you are know nothing more!
As Cisco are a major supplier of routers one would assume that they are better placed than myself to assess the threat level posed by code injection malware and buffer overflow attacks.