Help Me Decide Best combo of FW, HIPS, SB & BB - Your views

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,925
12,298
#61
If you must use Private Firewall, install it and run it through the Matousec tests to see what gets through. Then run the Comodo Leak Test and see where it fails. Where PF fails the tests, boost security with other programs to match what is missing with something. Matousec test suite here (ssts 64 test):

Downloads - www.matousec.com
You don't want to do that. Setting up the system for the Matousec tests is not simple. On top of it, Matousec never disclosed the exact settings that they used for each software. For example, Matousec states they used the "maximum" settings. That is not as clear-cut as it seems. If they used the maximum settings for COMODO HIPS then they set it to Paranoid Mode. In Paranoid Mode CIS makes the system unusable because of the relentless, non-stop HIPS alerts for every single action on the system. PrivateWall at maximum settings to pass the Matousec Challenge suite is one thing, but meaningless in day-to-day use if those settings would generate so many alerts that the system is unusable. In some respects the Matousec Challenge was completely bogus.

When evaluating security softs using various tests you have to keep everything in perspective. It makes no sense if a soft can pass a test with flying colors, but the settings used to pass the test make its usability crap.
 
Last edited:

HarborFront

Level 36
Content Creator
Oct 9, 2016
2,557
6,425
#62
Just setup a Windows VM and go wild testing out new software.

Honestly you have zero chance against a well funded highly skilled adversary. No amount of security software will save you.

My advice would to be buy a 1 AV/Malware suite with exploit protection. Keep up to date on OS/App patches. Use a vpn. Use Dnscrypt. And don't download from unknown sources and never click on mail links.

Not much more you can do. Just prey to the internet god's and don't piss of a nation state.
Hi

If I want a suite I would have done it without trouble. But I'll miss the chance to experiment with other software. That's why I choose an AV and the others just fill them up with FW, HIPS, SB etc

FYI, I have VPN, Simple DNSCrypt, on-demand scanners etc on my tablet.

As for VM it's more suitable for testing malware/software which I'm not keen at this moment of time.....maybe next time

Thanks
 

HarborFront

Level 36
Content Creator
Oct 9, 2016
2,557
6,425
#63
If you must use Private Firewall, install it and run it through the Matousec tests to see what gets through. Then run the Comodo Leak Test and see where it fails. Where PF fails the tests, boost security with other programs to match what is missing with something. Matousec test suite here (ssts 64 test):

Downloads - www.matousec.com

Then add somebody's Trust list to a PF export html and reimport the rules. Make it a good list. Follow up with the a-v/BB/SB you want from someplace.

It would be some work to put this together, but it is necessary if you would like to use PF. I'd like to find the time to configure a security setup around PF and then test some malware...just to see if it's possible to combine PF with any other programs, such as maybe NVT ERP, etc., to achieve full Comodo firewall type protection. I hate protection overlap, and that might be a problem.

You could probably work with the program if you can do all the above. Still PF HIPs get no help from the program such as a way to define "protected file", or define "protected COMs", or define "protected registry keys"...no options there at all. All this is in Comodo HIPs. Optionally, you could turn off HIPs and just use the net wall. It will give you pop ups and some logging elements.
Hi

Unlikely to follow your guidelines since it's such a hassle. I might choose one from the other 2 options

Thanks
 

HarborFront

Level 36
Content Creator
Oct 9, 2016
2,557
6,425
#64
You don't want to do that. Setting up the system for the Matousec tests is not simple. On top of it, Matousec never disclosed the exact settings that they used for each software. For example, Matousec states they used the "maximum" settings. That is not as clear-cut as it seems. If they used the maximum settings for COMODO HIPS then they set it to Paranoid Mode. In Paranoid Mode CIS makes the system unusable because of the relentless, non-stop HIPS alerts for every single action on the system. PrivateWall at maximum settings to pass the Matousec Challenge suite is one thing, but meaningless in day-to-day use if those settings would generate so many alerts that the system is unusable. In some respects the Matousec Challenge was completely bogus.

When evaluating security softs using various tests you have to keep everything in perspective. It makes no sense if a soft can pass a test with flying colors, but the settings used to pass the test make its usability crap.
Agree. I might choose one of the other 2 options

Thanks
 
W

Wave

Guest
#65
Hi

If I want a suite I would have done it without trouble. But I'll miss the chance to experiment with other software. That's why I choose an AV and the others just fill them up with FW, HIPS, SB etc

FYI, I have VPN, Simple DNSCrypt, on-demand scanners etc on my tablet.

As for VM it's more suitable for testing malware/software which I'm not keen at this moment of time.....maybe next time

Thanks
As well as this, every suite has it's strengths and weaknesses... Therefore puzzing together a configuration using multiple pieces of software which are compatible with each other to produce custom layered protection can be beneficial to keeping you better protected, where each software is there for a purpose and has a strength at what it's supposed to do.

E.g. Some AVs have good signatures but bad BB/HIPS, some IS suites have a firewall which may not be as good as another vendor's, some AVs have good web protection but bad signatures for samples, etc.
 

AtlBo

Level 24
Dec 29, 2014
1,380
5,413
Installed Antivirus
Qihoo 360
#66
PrivateWall at maximum settings to pass the Matousec Challenge suite is one thing, but meaningless in day-to-day use if those settings would generate so many alerts that the system is unusable. In some respects the Matousec Challenge was completely bogus.
I agree about the test being useless, but the test scripts are not useless if someone wanted actually go to the lengths required to determine what they would be getting from PF while using their desired settings. It's actually interesting learning and knowledge. If you can find the holes in PF, you have a fairly good handle on the deeper challenges of protecting a PC. Matousec test scripts (actually .exes) can help with this.

This can be said about Private Firewall. Private Firewall at its maximum settings is actually the only choice for using the program to speak of. There aren't very many settings. You can turn HIPs on or off, and you can see the center screen pop ups or work from the system tray ones. Beyond that it's auto block (no pop ups) or choose. Matousec tests didn't raise PFs game with maximum settings.

Honestly, Matousec's test scripts aren't bogus. However, the presentation of the results concerning PF is ludicrous and meaningless, because PF blocks every executable when it first detects it running. Most certainly PF would block everything except script bypasses. And this is exactly where the problem with the program lies. Private Firewall is weak, that's the bottom line. It doesn't adequately protect the registry, dlls, or personal files, and it's way too easy to weaken CMD.exe and other script agents with allows that lead to infection. PF simply is not equipped with adequate submeasures for these issues.

I think it's important to note that the Matousec test scripts are handy to have around for testing. They're safe as far as I can tell, but I would still test with them in a VM.
 
Likes: Yash Khan

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,925
12,298
#67
I agree about the test being useless, but the test scripts are not useless if someone wanted actually go to the lengths required to determine what they would be getting from PF while using their desired settings. It's actually interesting learning and knowledge. If you can find the holes in PF, you have a fairly good handle on the deeper challenges of protecting a PC. Matousec test scripts (actually .exes) can help with this.

This can be said about Private Firewall. Private Firewall at its maximum settings is actually the only choice for using the program to speak of. There aren't very many settings. You can turn HIPs on or off, and you can see the center screen pop ups or work from the system tray ones. Beyond that it's auto block (no pop ups) or choose. Matousec tests didn't raise PFs game with maximum settings.

Honestly, Matousec's test scripts aren't bogus. However, the presentation of the results concerning PF is ludicrous and meaningless, because PF blocks every executable when it first detects it running. Most certainly PF would block everything except script bypasses. And this is exactly where the problem with the program lies. Private Firewall is weak, that's the bottom line. It doesn't adequately protect the registry, dlls, or personal files, and it's way too easy to weaken CMD.exe and other script agents with allows that lead to infection. PF simply is not equipped with adequate submeasures for these issues.

I think it's important to note that the Matousec test scripts are handy to have around for testing. They're safe as far as I can tell, but I would still test with them in a VM.
If the tester sets everything up correctly on a W7 64-bit system, then they should get the same identical results as what Matousec reported in their most recent published test. PrivateFirewall has not changed since the last Matousec challenge. Re-testing it using the Security Challenge Suite would be pointless. Also, the suite was designed for Windows 7 64-bit and is likely to have issues with W8+ - so it is pointless to test it on W10.
 
Likes: Yash Khan

AtlBo

Level 24
Dec 29, 2014
1,380
5,413
Installed Antivirus
Qihoo 360
#68
True, and you can find those results if you dig around the site. I do find it's interesting to retrace a test, though. Just something I do from time to time.

I would think that the test for W7/8/10 would be the same, considering that nothing about 8 or 10 changes the functionality of PF. It's still PF irregardless of what security measures have been added to 8 or 10.
 
Likes: Yash Khan
Dec 2, 2016
239
695
#69
HarborFront if you want to play around with security software for a bit fun/hobby that's cool.

But no matter how many layers you install on your machine it will never be 100% secure. History has taught us that much.

To be secure you need to rip the guts out of Windows to the point where you really can't do much through the OS.

Even gutting windows is not going to save you. You know even air-gaped networks get pwned these days.
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,925
12,298
#70
I would think that the test for W7/8/10 would be the same, considering that nothing about 8 or 10 changes the functionality of PF. It's still PF irregardless of what security measures have been added to 8 or 10.
PrivateFirewall can be installed on 8 and 10, but it was designed for 7. There are definite changes from 7 to 8 and 10 that will make a difference.

Same applies to the Security Challenge test suite.
 

AtlBo

Level 24
Dec 29, 2014
1,380
5,413
Installed Antivirus
Qihoo 360
#71
It doesn't change the functionality of PrivateFirewall, but it probably changes the functionality of the Security Challenge test suite.
That could be true, although I would think there would be some notice of this from Windows or Defender. :)
 
Likes: Yash Khan
Jun 22, 2014
448
1,080
#72
Hi

I have CFW with EAM in one tablet which covers FW, HIPS, SB and BB

Now, I have a 2nd tablet coming and I would like to try another combo. Below are some combos which need your views

1) Avast Internet Security (FW + BB + SB) + adroxideHIPS (BB + HIPS)

2) Xvirus Personal Firewall Free (FW) + Avast AV (BB) + reHIPS (HIPS + SB)

3) DefenseWall Firewall/HIPS (FW + HIPS + SB) + Avast AV (BB)

Notes :-

a) adroxideHIPS and reHIPS have no stable release yet
b) I believe the new Avast has BB which replaces its HIPS. Needs confirmation.
c) How's DefenseWall's compatibility with Windows 10 64-bit?

Thanks
Great rock solid combo CFW + EAM :cool:

Just to let you know that I recently tested Avast free on a very puny notebook(atom processor plus 2 gb ram) and not only did it deal with every thing I threw at it, it didn`t slow the system down at all.(on stock settings,no tweeks)

I would avoid Privatefirewall as already stated here it`s well over the hill. Last time I used it a rogue firewall test ate my Firefox with not a peep from PFW.:(

Ever considered Voodoo Shield to run along with your AV of choice ?

Regards Eck:)
 

HarborFront

Level 36
Content Creator
Oct 9, 2016
2,557
6,425
#73
Great rock solid combo CFW + EAM :cool:

Just to let you know that I recently tested Avast free on a very puny notebook(atom processor plus 2 gb ram) and not only did it deal with every thing I threw at it, it didn`t slow the system down at all.(on stock settings,no tweeks)

I would avoid Privatefirewall as already stated here it`s well over the hill. Last time I used it a rogue firewall test ate my Firefox with not a peep from PFW.:(

Ever considered Voodoo Shield to run along with your AV of choice ?

Regards Eck:)
Hi

I have VS in my system.

Yes, the new Avast (with BB) is another good alternative combo with CFW (CF + SB + HIPS) besides the CFW + EAM combo

Actually, I'm still evaluating my next 2 setups of FW + HIPS + SB + BB for my MS SP3 tablet and probably another laptop (a few months down the road). I'll leave CFW out here. As below

1) Avast IS (FW + BB + SB) + adroxideHIPS (HIPS + BB) - disable BB in adroxideHIPS if incompatible

2) Xvirus Personal Firewall (FW) + BD AV free (BB + SB) + adroxideHIPS (HIPS + BB) - disable BB in adroxideHIPS if incompatible

3) Norton Security Deluxe (FW + BB + SB) + adroxideHIPS (HIPS + BB) - disable BB in adroxideHIPS if incompatible

Oh! Where's that adroxideHIPS?
 
Jan 26, 2016
149
220
Operating System
Windows 7
Installed Antivirus
Emsisoft
#75
I currently have Emsisoft AM, Hitmanpro.alert and SpyShelter firewall (trying to cover all my basis..malware, exploits, loggers) and it's very smooth and I feel offers a high level of protection. But at the same time, I'm always careful what I click on.