40 replies to this topic

[demoneye]

i think if you gona add firewall it should stand the standard of all firewalls around like comodo online armor or it will post on hXXp://www.matousec.com/projects/firewall-challenge and show "poor" results according to there tests . like mamutu shown there and its a great product, and DW will get the overturned results as "bad product" ...

or in more a advance step when u fix DW to meet theirs , they want money to retest like they try to play over comdo and didnt succeed

i think u must take this point of view under consideration :)

Edited by demoneye, 14 March 2009 - 08:09 PM.

[Ilya Rabinovich]

Matousec is testing outbound traffic protection I'm going to implement any case. And my results will be excellent. As always.

[dyy]

It is a good idea to explore more oppurtunities such as firewall + HIPS or antivirus OEM. When you look at matousec firewall challenge test regardless of its authenticity, you see the competition is extremely intensive.

1. Online Armor Personal Firewall (has free version)
2. Outpost Security Suite Pro (sometimes has lifetime license promotion)
3. Comodo Internet Security (FREE)
4. Jetico Personal Firewall (has free version)
5. Malware Defender (has lifetime license)
6. PC Tools Firewall Plus (FREE)
7. Online Armor Personal Firewall Free
8. Netchina S3 2008 3.5.5.1 FREE

http://www.matousec....nge/results.php

I think my point is whether you're ready to beat those products by adding a firewall.

Edited by Ilya Rabinovich, 14 March 2009 - 08:50 PM.

[demoneye]

Matousec, is not more a big mislead for new users , who led to this site by well know forums , as a irrefutable evidence for products.

[Ilya Rabinovich]

you see the competition is extremely intensive.

I like intensive competition. It's so exciting!

I think my point is whether you're ready to beat those products by adding a firewall.

I've already made the world-best policy-based sandboxing HIPS, so, do you really believe I can't do the same job with sandboxing-style firewalling?

Any case, by implementing outbound traffic control I'm falling into the Matousec tests. Wherever I call DefenseWall "a firewall" or not. Mamutu is the bright example of it.

[dyy]

you see the competition is extremely intensive.

I like intensive competition. It's so exciting!

I think my point is whether you're ready to beat those products by adding a firewall.

I've already made the world-best policy-based sandboxing HIPS, so, do you really believe I can't do the same job with sandboxing-style firewalling?

Any case, by implementing outbound traffic control I'm falling into the Matousec tests. Wherever I call DefenseWall "a firewall" or not. Mamutu is the bright example of it.

Ilya,

You are a respectable developer, and DefenseWall is one of the best HIPS I have ever seen. So please don't be mad at me. I believe you can achieve the best product with splendid functions and wish you success in the market as well. Matousec tests is somewhat controversial, but I know lots of users refer to their comparison results before they make decisions. I just would like to bring to your attention about the intensive competition already in the limited security market. HIPS no matter classical or smart targets only a small population who know how to and would like to solve problems. Signature detection based antivirus software still holds the majority of the security market. So if you would like to see a big change in the near future, integrating a firewall may not help you that much. As a general customer, you'd like to buy a product that can offer maximal comprehensive protection rather than buying antivirus from this company and HIPS and firewall from another company. To my knowledge, signature detection based antivirus software is still indispensible for most general users. Antivirus OEM might be a good idea to try as Emsisoft's a-square and Mamutu do.

Regards

Edited by dyy, 14 March 2009 - 09:48 PM.

[Ilya Rabinovich]

Yes, I know what you are talking about. I just can't eat an elephant in one piece. I have to... no, even, more stronger here- I must separate this task into many pieces and eat them one by one. There is no other choices for me.

[Mercurybird]

Hello Ilya!

This is a very interesting thread, and a very welcome direction for your product to move in. Personally I think the future will take care of itself. An old adage is appropriate here, "if you build a better mousetrap the world will beat a path to your door."

1. If the inbound or outbound protection blocks a program from connecting, will there be a way to tell it to allow it?

2. How will the port rules for the firewall cooperate or conflict with the untrusted list in the HIPS module?

Worth mentioning for me is, I have Windows' firewall enabled, but I don't run any other software firewall. I run a hardware firewall called Smoothwall that guards the entire network. I would enable your firewall scheme on my system.

[Trespasser]

DefenseWall - Intrusion Security
or
DefenseWall - Intrusion Security Suite

are my suggestions for a name since DefenseWall is a protection against intrusion into your system.

Edited by Trespasser, 15 March 2009 - 01:15 AM.

[Ilya Rabinovich]

1. If the inbound or outbound protection blocks a program from connecting, will there be a way to tell it to allow it?

Inbound- no, outbound- yes.

2. How will the port rules for the firewall cooperate or conflict with the untrusted list in the HIPS module?

It's a separate module, no cooperation.

[Blackcat]

IMHO, Ilya needs to be careful in knowing which users to pitch the new version at.

MOST average users will use the Windows firewall with or without their router's own firewall meaning that this extra protection module will not be a vital addition to their setup. Experienced users will stay with their present firewall setup be it hardware or software.

Therefore, I see the new version adding bloat to the program if not even more CPU time/usage.

My own view is that Ilya should concentrate on his original plan; to produce a lightweight, security program which involves virtually no user intervention.

Not the best comparison, and no advertisement for, but AppGuard is an example of a security product, which has virtually no performance hit and practically no user interaction but appears to do its job well in a very small package.

[Ilya Rabinovich]

MOST average users will use the Windows firewall with or without their router's own firewall meaning that this extra protection module will not be a vital addition to their setup. Experienced users will stay with their present firewall setup be it hardware or software.

No problem, HIPS version will be available.

Therefore, I see the new version adding bloat to the program if not even more CPU time/usage.

Totally wrong statement.

My own view is that Ilya should concentrate on his original plan; to produce a lightweight, security program which involves virtually no user intervention.

It's already here.

Not the best comparison, and no advertisement for, but AppGuard is an example of a security product, which has virtually no performance hit and practically no user interaction but appears to do its job well in a very small package.

Aha, and practically no serious protection. This thing reminds me DefenseWall v1.10-1.20.

[Blackcat]

True it's a baby DefenseWall but one with virtually no effect on CPU time/usage.

My only concern with DW has been its effect on CPU time but I suppose that this is inevitable with its needed protection checks.

[Solaris]

>DefenseWall v3- a few ideas.

- The ability to tag the untrusted applications icons, with a red square or something like that

- The ability to download rules for new applications, from your website.
Today, if I download a PDF Printer from a new company, I will certainly have some problems with Office.
Or perhaps, a ? Learn mode ??

- An auto-rollback for selected applications (for browsers, etc)

[Scoobs]

>DefenseWall v3- a few ideas.

- The ability to tag the untrusted applications icons, with a red square or something like that

This feature I see as 'must-have'. It's something that I've previously suggested and would solve a lot of problems for novice users.

@Blackcat - have you checked out the latest DW build? - CPU time has been sunstantially reduced