Firewalling

Got some questions about firewalling and security in general. I am using Private Firewall, but I just got through with a week long test of Comodo Firewall. I started to like CF, but as I was pulled further into the software, the settings and dialogs seemed all over the place to me. PF is OK, but I would really like to find a way to lock down the PC better.

One thing about CF is that it has overflow protection. It actually monitors the free space in RAM for overflow attempts or at least that's what I thought I understood. There is overflow protection. I think Comodo is onto some other things, too, and the software is generally PC friendly when it comes to resources and all. The problem is that CF has a mind of its own. I use several little tricks, and CF seems to misinterpret things as malicious on a fairly regular basis. Also, the HIPS settings are difficult to get to and then it's not clear to me what exactly is being blocked. In PF, it's easy enough to try a setting and see, and it's easy to simply find and block specific internet connection/access...not the case with CF. If you miss an alert, a setting is going to get changed, and I never was able to determine how to reverse a decision made by Comodo, even through the log. I am sure it's possible, but this combined with difficult to understand internet rules that were difficult to manage for me, and I had to uninstall the program. Wish I had time to dig through Comodo's vast online guide, but I don't think I would understand it very well, either.

I tried a small program that is supposed to be an add on for better management of the Windows firewall, but I didn't think that would serve my purpose. Just not sure.

I want to know when something on the PC connects to the internet, that much I am sure of. The problem is that I can't find anything that can tell me specifically what connections are for, especially for Windows services and .exes like svchost.exe and dllhost.exe. I have even seen Explorer.exe request an internet connection...and, yes, even Calc.exe (calculator)...

I guess I am tired of trusting security program writers. I have always tried to craft security by hand, but now I kind of feel like I am out of options...

Any security geeks feeling this same way, or am I missing something? I just want to know what the settings in security programs do, and I will for sure listen to anyone who knows of crafty or innovative ways to build security from scratch...

Currently using:
A-V 360 Total Security (I am aware of the test scandal)
Firewall Private Firewall
Browser add ons Ghostery/NoScript/BetterPrivacy (plan to look at uBlock)

PC seems clean, but I still feel like a sitting duck

 

Hey Bo, I don't use a third party firewall anymore but I've heard that Zone Alarm Free firewall and TinyWall are both easy to configure. Zone Alarm Firewall being the better of the two. This is only according to my sources, and you know I wouldn't purposely steer you wrong.

 

What test scandal ?

Have you installed the 360 Total Security Active Protection > Browser Support extension ?

A nice article here:
Best Free Firewall
--

 

mjc...

Qihoo was removed from some of the testing groups' testing list (can't remember which ones...I think it was the ones that are the most well known and trusted), because the copy of 360 TS submitted for testing by Qihoo was configured with Bitdefender and Avira already enabled, when they must be enabled by a user after installation to be active normally.

I doubt it was a misunderstanding on Qihoo's part that led to the squabble, but it's such a small thing to enable the features that I thought the ban was too much punishment. Maybe it's news and cause for a warning, but I didn't think worthy of a ban.

Only thing that leaves me to wonder is why they don't enable the defs in the first place on a newly installed version of Total Security. Maybe they pay on an installation basis for them. Only thing I could come up with is that they are proud of their other engines and were trying to appeal to users with a savings on system resources by installing 360 TS without the BD and Avira defs enabled. Then maybe they were thinking that they are just one button from being activated, so let's just send a copy for testing with them activated already.

I really like 360 TS. I thought I liked avast alot, but this is so much lighter on resources, and the extra features actually work...like keyboard monitoring when buying online...

Just Googled. Here is Qihoo's blog about the issue:

http://blog.360totalsecurity.com/en/qihoo-360-statement-regarding-cheating-in-lab-test/

 

Hey Claw (NickT)...

Thanks for the ideas. Took a look at Tiny a long time ago. Might be time for another look. Worried about Zone Alarm. One of the problems I have with Comodo is that the ability to monitor changes made by CF is so difficult to do. Worst part is how much it thinks for itself so to speak. I am worried that Zone Alarm will give me the same headache. I might take a look, though, so thanks. Really appreciate the input...

mjnc...

Thanks for reminding me about the extensions. I haven't added the Firefox ext. yet on this PC, which I got a couple of months ago...

 

AtlBo...

Thanks for the newsy reply. The two antivirus tests the I watch are AVTest and AV-Comparatives.
As you stated, Qihoo is missing from the latest reviews.
I have been using Qihoo 360 for about a year and prior to that, Avast!, which now has a very nice interface.
Both Qihoo 360 and Avira have been outperforming Avast! in both protection and performance tests.

Regarding software firewalls, I have used PrivateFirewall and think it is very good.
I'm not as knowledgeable as you about such and ultimately considered it to be more than necessary.

 

mjnc...

I'm kind of new when it comes to firewalls myself (a couple of years with PF and some experimenting with CF over the years), but I just like the way with a firewall that you can get down inside how programs and processes interact and then what leads to internet connections. I'm really looking forward to the future, because I think we will really have some amazing firewalls to go along with what appear to me to be quickly improving a-vs. I do feel like Comodo is closing fast on a great firewall.

I am with you on avast, although I haven't tried the latest version. I thought I was settled on avast, but Qihoo is so good. It's the right warnings at the right times for the right reasons for me, so I feel comfortable that the system is generally secured.

I hope Qihoo can get back on a good footing with the testing labs. I guess it must be difficult being on the outside looking in like that...

 

I'm curious ... are you using the full version or the "Essential" version of Qihoo?
I started with it before they added the extra goodies and just wanted to stay with that.

Don't think they will make the same mistake again. I can understand why the testers might regard that as cheating.
I use only the Bitdefender engine.

 

mjnc...

I think I am using the full version, because it has the cleaner/speed up options. I don't use them, but there is a shopping mode that blocks key logging that I have enabled. There is also a Windows update checker that I don't use and a sandbox that I haven't used yet.

I might try the sandbox at some point. I don't know how sophisticated sandboxing is or how it exactly works, so I keep envisioning removing a sandboxed app from the sandbox and the app failing, although I haven't seen any complaints about the Qihoo sandbox breaking anything.

I have alot of questions about sandboxing and the various sandbox apps like is the main installation system registry protected and other areas of installed Windows...are they protected from changes made by a program? Maybe it's different from sandboxer to sandboxer...