Battle Best combo of FW, HIPS, SB & BB - Your views

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Hi

I have CFW with EAM in one tablet which covers FW, HIPS, SB and BB

Now, I have a 2nd tablet coming and I would like to try another combo. Below are some combos which need your views

1) Avast Internet Security (FW + BB + SB) + adroxideHIPS (BB + HIPS)

2) Xvirus Personal Firewall Free (FW) + Avast AV (BB) + reHIPS (HIPS + SB)

3) DefenseWall Firewall/HIPS (FW + HIPS + SB) + Avast AV (BB)

Notes :-

a) adroxideHIPS and reHIPS have no stable release yet
b) I believe the new Avast has BB which replaces its HIPS. Needs confirmation.
c) How's DefenseWall's compatibility with Win 10 64-bit?

Thanks
 
Last edited:
5

509322

If you must use Private Firewall, install it and run it through the Matousec tests to see what gets through. Then run the Comodo Leak Test and see where it fails. Where PF fails the tests, boost security with other programs to match what is missing with something. Matousec test suite here (ssts 64 test):

Downloads - www.matousec.com

You don't want to do that. Setting up the system for the Matousec tests is not simple. On top of it, Matousec never disclosed the exact settings that they used for each software. For example, Matousec states they used the "maximum" settings. That is not as clear-cut as it seems. If they used the maximum settings for COMODO HIPS then they set it to Paranoid Mode. In Paranoid Mode CIS makes the system unusable because of the relentless, non-stop HIPS alerts for every single action on the system. PrivateWall at maximum settings to pass the Matousec Challenge suite is one thing, but meaningless in day-to-day use if those settings would generate so many alerts that the system is unusable. In some respects the Matousec Challenge was completely bogus.

When evaluating security softs using various tests you have to keep everything in perspective. It makes no sense if a soft can pass a test with flying colors, but the settings used to pass the test make its usability crap.
 
Last edited by a moderator:

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Just setup a Windows VM and go wild testing out new software.

Honestly you have zero chance against a well funded highly skilled adversary. No amount of security software will save you.

My advice would to be buy a 1 AV/Malware suite with exploit protection. Keep up to date on OS/App patches. Use a vpn. Use Dnscrypt. And don't download from unknown sources and never click on mail links.

Not much more you can do. Just prey to the internet god's and don't piss of a nation state.
Hi

If I want a suite I would have done it without trouble. But I'll miss the chance to experiment with other software. That's why I choose an AV and the others just fill them up with FW, HIPS, SB etc

FYI, I have VPN, Simple DNSCrypt, on-demand scanners etc on my tablet.

As for VM it's more suitable for testing malware/software which I'm not keen at this moment of time.....maybe next time

Thanks
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
If you must use Private Firewall, install it and run it through the Matousec tests to see what gets through. Then run the Comodo Leak Test and see where it fails. Where PF fails the tests, boost security with other programs to match what is missing with something. Matousec test suite here (ssts 64 test):

Downloads - www.matousec.com

Then add somebody's Trust list to a PF export html and reimport the rules. Make it a good list. Follow up with the a-v/BB/SB you want from someplace.

It would be some work to put this together, but it is necessary if you would like to use PF. I'd like to find the time to configure a security setup around PF and then test some malware...just to see if it's possible to combine PF with any other programs, such as maybe NVT ERP, etc., to achieve full Comodo firewall type protection. I hate protection overlap, and that might be a problem.

You could probably work with the program if you can do all the above. Still PF HIPs get no help from the program such as a way to define "protected file", or define "protected COMs", or define "protected registry keys"...no options there at all. All this is in Comodo HIPs. Optionally, you could turn off HIPs and just use the net wall. It will give you pop ups and some logging elements.
Hi

Unlikely to follow your guidelines since it's such a hassle. I might choose one from the other 2 options

Thanks
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
You don't want to do that. Setting up the system for the Matousec tests is not simple. On top of it, Matousec never disclosed the exact settings that they used for each software. For example, Matousec states they used the "maximum" settings. That is not as clear-cut as it seems. If they used the maximum settings for COMODO HIPS then they set it to Paranoid Mode. In Paranoid Mode CIS makes the system unusable because of the relentless, non-stop HIPS alerts for every single action on the system. PrivateWall at maximum settings to pass the Matousec Challenge suite is one thing, but meaningless in day-to-day use if those settings would generate so many alerts that the system is unusable. In some respects the Matousec Challenge was completely bogus.

When evaluating security softs using various tests you have to keep everything in perspective. It makes no sense if a soft can pass a test with flying colors, but the settings used to pass the test make its usability crap.
Agree. I might choose one of the other 2 options

Thanks
 
W

Wave

Hi

If I want a suite I would have done it without trouble. But I'll miss the chance to experiment with other software. That's why I choose an AV and the others just fill them up with FW, HIPS, SB etc

FYI, I have VPN, Simple DNSCrypt, on-demand scanners etc on my tablet.

As for VM it's more suitable for testing malware/software which I'm not keen at this moment of time.....maybe next time

Thanks
As well as this, every suite has it's strengths and weaknesses... Therefore puzzing together a configuration using multiple pieces of software which are compatible with each other to produce custom layered protection can be beneficial to keeping you better protected, where each software is there for a purpose and has a strength at what it's supposed to do.

E.g. Some AVs have good signatures but bad BB/HIPS, some IS suites have a firewall which may not be as good as another vendor's, some AVs have good web protection but bad signatures for samples, etc.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
PrivateWall at maximum settings to pass the Matousec Challenge suite is one thing, but meaningless in day-to-day use if those settings would generate so many alerts that the system is unusable. In some respects the Matousec Challenge was completely bogus.

I agree about the test being useless, but the test scripts are not useless if someone wanted actually go to the lengths required to determine what they would be getting from PF while using their desired settings. It's actually interesting learning and knowledge. If you can find the holes in PF, you have a fairly good handle on the deeper challenges of protecting a PC. Matousec test scripts (actually .exes) can help with this.

This can be said about Private Firewall. Private Firewall at its maximum settings is actually the only choice for using the program to speak of. There aren't very many settings. You can turn HIPs on or off, and you can see the center screen pop ups or work from the system tray ones. Beyond that it's auto block (no pop ups) or choose. Matousec tests didn't raise PFs game with maximum settings.

Honestly, Matousec's test scripts aren't bogus. However, the presentation of the results concerning PF is ludicrous and meaningless, because PF blocks every executable when it first detects it running. Most certainly PF would block everything except script bypasses. And this is exactly where the problem with the program lies. Private Firewall is weak, that's the bottom line. It doesn't adequately protect the registry, dlls, or personal files, and it's way too easy to weaken CMD.exe and other script agents with allows that lead to infection. PF simply is not equipped with adequate submeasures for these issues.

I think it's important to note that the Matousec test scripts are handy to have around for testing. They're safe as far as I can tell, but I would still test with them in a VM.
 
  • Like
Reactions: Deleted member 2913
5

509322

I agree about the test being useless, but the test scripts are not useless if someone wanted actually go to the lengths required to determine what they would be getting from PF while using their desired settings. It's actually interesting learning and knowledge. If you can find the holes in PF, you have a fairly good handle on the deeper challenges of protecting a PC. Matousec test scripts (actually .exes) can help with this.

This can be said about Private Firewall. Private Firewall at its maximum settings is actually the only choice for using the program to speak of. There aren't very many settings. You can turn HIPs on or off, and you can see the center screen pop ups or work from the system tray ones. Beyond that it's auto block (no pop ups) or choose. Matousec tests didn't raise PFs game with maximum settings.

Honestly, Matousec's test scripts aren't bogus. However, the presentation of the results concerning PF is ludicrous and meaningless, because PF blocks every executable when it first detects it running. Most certainly PF would block everything except script bypasses. And this is exactly where the problem with the program lies. Private Firewall is weak, that's the bottom line. It doesn't adequately protect the registry, dlls, or personal files, and it's way too easy to weaken CMD.exe and other script agents with allows that lead to infection. PF simply is not equipped with adequate submeasures for these issues.

I think it's important to note that the Matousec test scripts are handy to have around for testing. They're safe as far as I can tell, but I would still test with them in a VM.

If the tester sets everything up correctly on a W7 64-bit system, then they should get the same identical results as what Matousec reported in their most recent published test. PrivateFirewall has not changed since the last Matousec challenge. Re-testing it using the Security Challenge Suite would be pointless. Also, the suite was designed for Windows 7 64-bit and is likely to have issues with W8+ - so it is pointless to test it on W10.
 
  • Like
Reactions: Deleted member 2913

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
True, and you can find those results if you dig around the site. I do find it's interesting to retrace a test, though. Just something I do from time to time.

I would think that the test for W7/8/10 would be the same, considering that nothing about 8 or 10 changes the functionality of PF. It's still PF irregardless of what security measures have been added to 8 or 10.
 
  • Like
Reactions: Deleted member 2913

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
869
HarborFront if you want to play around with security software for a bit fun/hobby that's cool.

But no matter how many layers you install on your machine it will never be 100% secure. History has taught us that much.

To be secure you need to rip the guts out of Windows to the point where you really can't do much through the OS.

Even gutting windows is not going to save you. You know even air-gaped networks get pwned these days.
 
5

509322

I would think that the test for W7/8/10 would be the same, considering that nothing about 8 or 10 changes the functionality of PF. It's still PF irregardless of what security measures have been added to 8 or 10.

PrivateFirewall can be installed on 8 and 10, but it was designed for 7. There are definite changes from 7 to 8 and 10 that will make a difference.

Same applies to the Security Challenge test suite.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
882
Hi

I have CFW with EAM in one tablet which covers FW, HIPS, SB and BB

Now, I have a 2nd tablet coming and I would like to try another combo. Below are some combos which need your views

1) Avast Internet Security (FW + BB + SB) + adroxideHIPS (BB + HIPS)

2) Xvirus Personal Firewall Free (FW) + Avast AV (BB) + reHIPS (HIPS + SB)

3) DefenseWall Firewall/HIPS (FW + HIPS + SB) + Avast AV (BB)

Notes :-

a) adroxideHIPS and reHIPS have no stable release yet
b) I believe the new Avast has BB which replaces its HIPS. Needs confirmation.
c) How's DefenseWall's compatibility with Windows 10 64-bit?

Thanks

Great rock solid combo CFW + EAM :cool:

Just to let you know that I recently tested Avast free on a very puny notebook(atom processor plus 2 gb ram) and not only did it deal with every thing I threw at it, it didn`t slow the system down at all.(on stock settings,no tweeks)

I would avoid Privatefirewall as already stated here it`s well over the hill. Last time I used it a rogue firewall test ate my Firefox with not a peep from PFW.:(

Ever considered Voodoo Shield to run along with your AV of choice ?

Regards Eck:)
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Great rock solid combo CFW + EAM :cool:

Just to let you know that I recently tested Avast free on a very puny notebook(atom processor plus 2 gb ram) and not only did it deal with every thing I threw at it, it didn`t slow the system down at all.(on stock settings,no tweeks)

I would avoid Privatefirewall as already stated here it`s well over the hill. Last time I used it a rogue firewall test ate my Firefox with not a peep from PFW.:(

Ever considered Voodoo Shield to run along with your AV of choice ?

Regards Eck:)
Hi

I have VS in my system.

Yes, the new Avast (with BB) is another good alternative combo with CFW (CF + SB + HIPS) besides the CFW + EAM combo

Actually, I'm still evaluating my next 2 setups of FW + HIPS + SB + BB for my MS SP3 tablet and probably another laptop (a few months down the road). I'll leave CFW out here. As below

1) Avast IS (FW + BB + SB) + adroxideHIPS (HIPS + BB) - disable BB in adroxideHIPS if incompatible

2) Xvirus Personal Firewall (FW) + BD AV free (BB + SB) + adroxideHIPS (HIPS + BB) - disable BB in adroxideHIPS if incompatible

3) Norton Security Deluxe (FW + BB + SB) + adroxideHIPS (HIPS + BB) - disable BB in adroxideHIPS if incompatible

Oh! Where's that adroxideHIPS?
 
  • Like
Reactions: Behold Eck and Wave

giants8058

Level 4
Verified
Jan 26, 2016
150
I currently have Emsisoft AM, Hitmanpro.alert and SpyShelter firewall (trying to cover all my basis..malware, exploits, loggers) and it's very smooth and I feel offers a high level of protection. But at the same time, I'm always careful what I click on.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top