Status
Not open for further replies.

Slyguy

Level 43
Nice to note that Panda has been doing some hard work on their firewall:)
@Slyguy
Panda and Eset have great firewalls, but do you think they are as good like a product such as ZoneAlarm Pro Firewall? It's a pretty advanced firewall.

ZoneAlarm PRO Firewall - Professional Firewall Protection
Can you screenshot the settings? From the 'public' settings there is nothing remotely impressive in there, but I don't see a screenshot in Google Images for the advanced settings. Usually the IPS is under advanced on most of these firewalls so if you can provide a screenshot of that tab it would help.

Also, just a FYI, Zone Alarm is owned by Israeli Intelligence. Not sure if that matters to everyone, but just for disclosure sake.
 

Azure

Level 25
Verified
Content Creator
Can you screenshot the settings? From the 'public' settings there is nothing remotely impressive in there, but I don't see a screenshot in Google Images for the advanced settings. Usually the IPS is under advanced on most of these firewalls so if you can provide a screenshot of that tab it would help.

Also, just a FYI, Zone Alarm is owned by Israeli Intelligence. Not sure if that matters to everyone, but just for disclosure sake.
Based on the chart featured here it appears ZoneAlarm doesn't have an IPS
Comparison of antivirus software - Wikipedia
 

Faybert

Level 22
Verified
Malware Hunter
Can you screenshot the settings? From the 'public' settings there is nothing remotely impressive in there, but I don't see a screenshot in Google Images for the advanced settings. Usually the IPS is under advanced on most of these firewalls so if you can provide a screenshot of that tab it would help.

Also, just a FYI, Zone Alarm is owned by Israeli Intelligence. Not sure if that matters to everyone, but just for disclosure sake.
Until yesterday I had installed ZoneAlarm, I was testing, if I was still with him I could pass more information, but from what I noticed in the tests, his Firewall is powerful, like the other modules, one of the things I liked about him is Threat Emulation, when running a file it does an emulation along with the cloud and other security modules to detect whether or not there is a threat. But still talking about the ZoneAlarm Firewall, I always wanted to ask you, since you have a great knowledge in this area, about the efficiency of ZoneAlarm Firewall.
 

amico81

Level 19
Verified
Until yesterday I had installed ZoneAlarm, I was testing, if I was still with him I could pass more information, but from what I noticed in the tests, his Firewall is powerful, like the other modules, one of the things I liked about him is Threat Emulation, when running a file it does an emulation along with the cloud and other security modules to detect whether or not there is a threat. But still talking about the ZoneAlarm Firewall, I always wanted to ask you, since you have a great knowledge in this area, about the efficiency of ZoneAlarm Firewall.
The signatures from Kaspersky are just delayed or is it an older engine compared to Kaspersky free?
 

Faybert

Level 22
Verified
Malware Hunter
Sorry for this offtopic...but one last question: can we say that Zonealarm is good as Kaspersky free? OK ZA free doesnt have anti-phishing-protection, but a great firewall
I think so, and the advantage of ZoneAlarm is that it comes with the Firewall, in addition to being lightweight too, maybe I start testing it on the Hub from May, the free version, to see its efficiency throughout the month, to clarify all doubts (y)
 

Deletedmessiah

Level 22
Verified
Content Creator
Thanks Slyguy. It is a great thing if Panda's firewall is on the same league as Eset Firewall. Eset Firewall was the best I have used. I wish there was some standalone Firewall that was as good and stable.
 

Deletedmessiah

Level 22
Verified
Content Creator
If Panda Dome Firewall is as good as everyone seems to make it out to be, would anyone care to venture whether Comodo Firewall is just as capable or has now been superseded by PDF?
Because Comodo's other components like HIPS, Cloud, Sandbox and other components it has makes it quite powerful. And Panda's other components isn't known to be powerful. Firewall can only give certain level of protection.
 

spaceoctopus

Level 15
Verified
Content Creator
Can you screenshot the settings? From the 'public' settings there is nothing remotely impressive in there, but I don't see a screenshot in Google Images for the advanced settings. Usually the IPS is under advanced on most of these firewalls so if you can provide a screenshot of that tab it would help.

Also, just a FYI, Zone Alarm is owned by Israeli Intelligence. Not sure if that matters to everyone, but just for disclosure sake.
Thnx for replying @Slyguy(y) I don't currently use it. I'm basing myself on articles found on the net which seem to say that it's an excellent firewall. They also have some sort of features that closely resemble to some behavioral and zero-protection.

There is a description on their website :

Advanced Firewall
No product is 100% effective against viruses or spyware. ZoneAlarm’s advanced firewall monitors behaviors within your computer to spot and stop even the most sophisticated new attacks that bypass traditional antivirus and security suites.
  • OSFirewall™ Monitors programs for suspicious behavior – spotting and stopping new attacks that bypass traditional anti-virus protection.
  • Advanced-access Protection targets and defeats new, advanced attacks that other firewalls miss, such as raw data access, timing, and SCM and COM attacks.
  • Zero-hour Protection prevents silent outbreaks from gaining system access – before other security programs can even detect the threat.
  • Application Control uniquely shields your operating system during start-up, before most security products have even loaded.
  • Early Boot Protection uniquely shields your operating system during start-up, before most security products have even loaded.
 

uninfected1

Level 10
Verified
So far, Panda Dome has one of the most impressive software firewalls I've seen in an AV suite. I will likely post a test video if I get some time and illustrate the kinds of sophisticated attacks it is capable of blocking. For now, here's a rundown.. I'm not sure if this has been posted anywhere else but I deal with these attacks daily so I will try to summarize them so people can get an idea about how powerful this firewall is, and where other products lack in DANGEROUS areas. They've added granular firewall controls, we'll be focused on the available general options.

First, you can select 'Home, Work, Public' network settings. I recommend ALWAYS selecting public. This activates the following rules by default;

On public, basic block rules are;
IIS
Remote Desktop
DTC Connections
NetBios Incoming
NetBios Lateral
ICMP Protocol

These are basic, but important blocks. An attacker will often utilize ICMP as a stage-one indicator for attack, if your systems don't respond with a valid ICMP then the hacking process becomes a bit harder for them to establish your L-IP.

Next, there are toggles for the following;
IP Explicit Path
Land Attack
SYN flood
TCP Portscan
TCP flag check
IP header length check
UDP flood
UDP portscan
Smart DNS
Smart DHCP
Smart ARP
OS Detection
ICMP Unsolicited Drop Responses
ICMP No Echo Requests
Small PMTU
Smurf
Fragmentation Control

These are basically full intrusion protection system rule sets. I can't go into each one individually and I do not clip and paste other peoples crap because it's often wrong. I'll focus on the most important ones and why NOT having them is a big mistake.

Smart DNS - this is a DNS hijack prevention system. What it does is accept DNS requests from validated forwarders in the time allotted. So let's say your system requests a DNS lookup for "Paypal.com", your forwarder requests this then closes the session. Smart DNS ensures that you are requesting from a valid forwarder AND that no hijacks can followup with a DNS redirection, it closes the session and prohibits any additional DNS requests outside of the 'smart' identified session.

Smart ARP - ARP is how your network equipment (router, switches, etc) knows where to send packets. An attacker can flood a network with ARP requests, confusing equipment, slowing networks, slowing packets enough for intrusion, etc. Without this you are totally vulnerable to this form of attack. Also ARP Cache poisoning is a major problem. What this does is an attacker poisons your arp tables then redirects packets destined for a given Mac Address to another desired Mac Address where they can then rip your data.

Smart DHCP functions in a similar manner prevented unvalidated DHCP requests, DHCP overwrites, DHCP pool redirection and other things. So IF a client inits a DHCP call to the local DHCP server it has a few seconds to respond with a valid DHCP reply. Smart DHCP blocks ALL DHCP traversal that isn't pinned to a client DHCP request. (research DHCP attacks if you wish, it's a deep subject)

Portscans are what they are.. UDP/TCP portscans, which are usually not-nefarious but they CAN BE more often than people realize. Any attack, and a lot of malware attempts to figure your network out with ICMP and Portscans. Blocking them is pretty important and usually doesn't impact any applications especially on workgroups as opposed to domains. With these blocks it's much harder to be attacked across the board and for trojans to move laterally.

TCP validation via flag check, header length, etc are basically a defense against packet modification and malformations, think advanced SPI (Quantum).

Small PMTU is designed to stop packet tracing on your network as a prelude to a network attack.

OS Detection - advanced gateway UTM/NGFW's all detect and identify OS's to validate authenticity and to respond correctly to attacks. The premise behind this is detecting anomalies in an OS is often a precursor to a network attack, and hence, will be blocked if the indicators don't match.

Syn, Land Attack, and others relate to DDOS/DOS and Local Area Denial attacks.. All important.

There are many other things above that protect from THOUSANDS of different attacks. I read an older review of Panda from Neil Rubenking, and it was the first time I realized he was a fool.. He said "I expected the firewall to prevent some trojans from executing'... Apparently he has no understanding of the purpose of IPS/IDS... I see Neil come up often, but I really don't think he is worthy of mention beyond this. He's a decent arm-chair nerd, but digging into network security he should not. (as Yoda would say)
Very useful info slyguy. Would it be possible for you to put together all your recommended settings for the whole Panda Dome Essentials suite which differ from the default settings into one post, either here or in the Panda Dome thread that was started recently? If you could that would be really appreciated.
 

LahiruTarz

Level 3
The only downside for me is that there's no option to alert the user in Firewall program control. It just keeps adding "Allow outgoing" rules automatically.
 

Slyguy

Level 43
The list is a bit outdated. There are Trend Micro Titanium products still present in the list. :)

Outdated but still has some relevant information. But he is correct, Zone Alarm does not have IPS. It's a pretty basic firewall with some good configuration options and hideous UI. I threw it in a VM last night for about an hour or so.

The only downside for me is that there's no option to alert the user in Firewall program control. It just keeps adding "Allow outgoing" rules automatically.
Panda is classified as an auto-rule firewall. From what we can tell it does a signature+cloud+reputation validation of a file requesting outbound access, if the file is legitimate and safe it will apply an auto-generated 'Allow outgoing' rule to the list. At that point you can restrict the item by toggling it to Allow Inbound, Allow Outbound, Allow Both, Deny. Whatever.

Granular control is impressive. For example you can simply set all auto-generated rules to default to BLOCK ALL and manually allow each individual one as needed. You can restrict individual programs, ports, protocols at a pretty nice granular level.

However, where there could be a viewed fault is it DOES NOT NOTIFY. That's where it comes in as a quiet auto-rule generating firewall. No constant nags, and the downside is, there is no way that I can find to turn on constant nagging. Blocked firewall traversal does show up in the reports and firewall activity list, but doesn't 'pop up' alerts. Is that a deal breaker? Not really, since you still have granular control beyond the auto-rule system. I just wish they'd rework it to provide a 'noisy' option.

panda3.png


Panda, currently in testing is the strongest software firewall we've see in terms of actual serious attack level blocking and lateral intrusion into a network OUT OF THE BOX.

With minor tweaks and a couple custom rules it's defeated our pentest tools that are thousands of dollars each and it's done very very well blocking sophisticated lateral attacks and quantum-like packet manipulation attempts. They've really done their homework with this software firewall. It could be the best we've ever seen. (with tweaks)

More soon.
 

Slyguy

Level 43
Is there any way to make the panda firewall ask for a connection request?

I'm trying the dome essential
I'm not very familiar with Panda's offerings. Currently we're testing 'Advanced'. Any idea of the major differences other than the marketing on their website? The nuts and bolts differences.

Advanced has some important security features like Datashield. Datashield is impressive. Granular control over what can and cannot manipulate your chosen extensions in directories you choose to protect. An interesting setting is to untick 'Allow safe applications to access protected data', at that point NOTHING can access your protected data unless you explicitly permit it via rule. I see significant lockdown capabilities with this module.

Application Control does a sig+reputation+cloud validation of applications, if they fail they cannot access any protected areas of the system. By default under APPC you appear not able to change what is protected, rather this seems to focus on critical system areas by default. Granular control would be adding applications and limiting their permissions within the APPC module.

APPC actually does popup a warning (unlike the firewall)

panda4.png
 
Status
Not open for further replies.
Top