Jetico Software Firewall (Freeware)?

Discussion in 'Computer Security' started by galt_57@hotmail.com, Mar 16, 2006.

  1. Guest

    , Mar 16, 2006
    #1
    1. Advertising

  2. optikl Guest

    wrote:
    > I had been using Zonealarm free but I would really like to switch to
    > Jetico. To understand why you might take a look at the report here;
    > (click the view results button);
    >
    > http://www.firewallleaktester.com/tests_overview.php
    >
    > The problem is that the Jetico setup is rather tricky to understand. I
    > found one running discussion here;
    >
    > http://wilderssecurity.com/showthread.php?s=3ac16aa1ec26f9f47a0301ae3...
    >
    > I am still struggling to figure it out. Ugh.
    >


    You could look at other options:

    1. Hardening your operating system so that it's not susceptible to
    intrusions.

    2. Considering an appliance (router, VPN Firewall, etc.)

    3. An other PFW that would be easier to set-up and configure.
    optikl, Mar 17, 2006
    #2
    1. Advertising

  3. Guest

    optikl wrote:
    > wrote:
    > > I had been using Zonealarm free but I would really like to switch to
    > > Jetico. [...]
    > >
    > > http://www.firewallleaktester.com/tests_overview.php
    > > http://wilderssecurity.com/showthread.php?s=3ac16aa1ec26f9f47a0301ae3...
    > >
    > > I am still struggling to figure it out. Ugh.

    >
    > You could look at other options:
    >
    > 1. Hardening your operating system so that it's not susceptible to
    > intrusions.
    >
    > 2. Considering an appliance (router, VPN Firewall, etc.)
    >
    > 3. An other PFW that would be easier to set-up and configure.


    Yes, thank you. Your item #2 is the driving issue. I did add a hardware
    firewall -- and as a result I don't see much need for a software
    firewall anymore unless it is capable of helping to associate running
    processes with outbound traffic (leak detection). With that in mind my
    preliminary investigation seems to indicate that my prior SW firewall
    (ZoneAlarm-free) is nearly worthless at leak detection while Jetico is
    one of the best for this purpose -- thus my interest.
    , Mar 17, 2006
    #3
  4. Kerodo Guest

    In article <>,
    says...
    > optikl wrote:
    > > wrote:
    > > > I had been using Zonealarm free but I would really like to switch to
    > > > Jetico. [...]
    > > >
    > > > http://www.firewallleaktester.com/tests_overview.php
    > > > http://wilderssecurity.com/showthread.php?s=3ac16aa1ec26f9f47a0301ae3...
    > > >
    > > > I am still struggling to figure it out. Ugh.

    > >
    > > You could look at other options:
    > >
    > > 1. Hardening your operating system so that it's not susceptible to
    > > intrusions.
    > >
    > > 2. Considering an appliance (router, VPN Firewall, etc.)
    > >
    > > 3. An other PFW that would be easier to set-up and configure.

    >
    > Yes, thank you. Your item #2 is the driving issue. I did add a hardware
    > firewall -- and as a result I don't see much need for a software
    > firewall anymore unless it is capable of helping to associate running
    > processes with outbound traffic (leak detection). With that in mind my
    > preliminary investigation seems to indicate that my prior SW firewall
    > (ZoneAlarm-free) is nearly worthless at leak detection while Jetico is
    > one of the best for this purpose -- thus my interest.
    >


    There is no doubt about it, Jetico can be difficult and annoying when
    you first set it up and tweak the rules and so on. There are some
    tricks to help with that, for example, making some custom rules to you
    can eliminate that annoying "access to network" permission every time
    anything wants local network access. Probably the best source of help
    is at Wilders, which I think you've already found. There are several
    people there who use Jetico and have worked with it extensively. If you
    have specific issues, start a new thread and ask, someone will respond
    I'm sure. I have found in the past (I don't use it currently) that
    Jetico does settle down once you get it configured for your system and
    needs. It's just the initial work that's a little painful. But as you
    say, it's outbound protection is quite good if you're concerned about
    leak tests and such. And it's very light on resources as well. All in
    all it's a good firewall. I helped them work out many of the bugs in
    the beta stages last year. There is also apparently a version 2
    currently in the works, no committment to a release date yet though.

    --
    Kerodo
    Kerodo, Mar 17, 2006
    #4
  5. optikl Guest

    wrote:
    > optikl wrote:
    >> wrote:
    >>> I had been using Zonealarm free but I would really like to switch to
    >>> Jetico. [...]
    >>>
    >>> http://www.firewallleaktester.com/tests_overview.php
    >>> http://wilderssecurity.com/showthread.php?s=3ac16aa1ec26f9f47a0301ae3...
    >>>
    >>> I am still struggling to figure it out. Ugh.

    >> You could look at other options:
    >>
    >> 1. Hardening your operating system so that it's not susceptible to
    >> intrusions.
    >>
    >> 2. Considering an appliance (router, VPN Firewall, etc.)
    >>
    >> 3. An other PFW that would be easier to set-up and configure.

    >
    > Yes, thank you. Your item #2 is the driving issue. I did add a hardware
    > firewall -- and as a result I don't see much need for a software
    > firewall anymore unless it is capable of helping to associate running
    > processes with outbound traffic (leak detection). With that in mind my
    > preliminary investigation seems to indicate that my prior SW firewall
    > (ZoneAlarm-free) is nearly worthless at leak detection while Jetico is
    > one of the best for this purpose -- thus my interest.
    >


    Leak detection preoccupation fascinates me. Its premise is flawed.
    Anyway, if you're concerned about rogue processes and programs being
    added to your start up folders and creating malicious services, get a
    program like Process Explorer or WinPatrol. They are far more useful
    than most PFW's I've used. The only reason I even have a PFW on my
    company laptop is because it's company policy to have one when I'm on
    the road. At home, none of my equipment has a PFW. I rely on an
    appliance, instead.
    optikl, Mar 17, 2006
    #5
  6. Guest

    optikl wrote:
    > wrote:
    > > optikl wrote:
    > >> 1. Hardening your operating system so that it's not susceptible to
    > >> intrusions.
    > >>
    > >> 2. Considering an appliance (router, VPN Firewall, etc.)
    > >>
    > >> 3. An other PFW that would be easier to set-up and configure.

    > >
    > > Yes, thank you. Your item #2 is the driving issue. I did add a hardware
    > > firewall -- and as a result I don't see much need for a software
    > > firewall anymore unless it is capable of helping to associate running
    > > processes with outbound traffic (leak detection). With that in mind my
    > > preliminary investigation seems to indicate that my prior SW firewall
    > > (ZoneAlarm-free) is nearly worthless at leak detection while Jetico is
    > > one of the best for this purpose -- thus my interest.
    > >

    >
    > Leak detection preoccupation fascinates me. Its premise is flawed.
    > Anyway, if you're concerned about rogue processes and programs being
    > added to your start up folders and creating malicious services, get a
    > program like Process Explorer or WinPatrol. They are far more useful
    > than most PFW's I've used. The only reason I even have a PFW on my
    > company laptop is because it's company policy to have one when I'm on
    > the road. At home, none of my equipment has a PFW. I rely on an
    > appliance, instead.


    I put the blame on Microsoft. Leak detection is like trying to patch a
    sieve and software firewalls are only needed because of endless flaws
    in the OS port services.
    , Mar 18, 2006
    #6
  7. Kerodo Guest

    In article <>, galt_
    says...
    > optikl wrote:
    > > wrote:
    > > > optikl wrote:
    > > >> 1. Hardening your operating system so that it's not susceptible to
    > > >> intrusions.
    > > >>
    > > >> 2. Considering an appliance (router, VPN Firewall, etc.)
    > > >>
    > > >> 3. An other PFW that would be easier to set-up and configure.
    > > >
    > > > Yes, thank you. Your item #2 is the driving issue. I did add a hardware
    > > > firewall -- and as a result I don't see much need for a software
    > > > firewall anymore unless it is capable of helping to associate running
    > > > processes with outbound traffic (leak detection). With that in mind my
    > > > preliminary investigation seems to indicate that my prior SW firewall
    > > > (ZoneAlarm-free) is nearly worthless at leak detection while Jetico is
    > > > one of the best for this purpose -- thus my interest.
    > > >

    > >
    > > Leak detection preoccupation fascinates me. Its premise is flawed.
    > > Anyway, if you're concerned about rogue processes and programs being
    > > added to your start up folders and creating malicious services, get a
    > > program like Process Explorer or WinPatrol. They are far more useful
    > > than most PFW's I've used. The only reason I even have a PFW on my
    > > company laptop is because it's company policy to have one when I'm on
    > > the road. At home, none of my equipment has a PFW. I rely on an
    > > appliance, instead.

    >
    > I put the blame on Microsoft. Leak detection is like trying to patch a
    > sieve and software firewalls are only needed because of endless flaws
    > in the OS port services.


    That doesn't make much sense.. Flaws in the OS's services is the reason
    you need *inbound* protection, not outbound. Your craving for a
    software firewall and outbound protection is an attempt to keep malware
    and ill behaved programs in check. Some people would argue that this is
    an impossible task and all software firewalls can and will be
    circumvented rather easily. Others like to run the firewall anyway,
    hoping that it will catch at least some of the nasties trying to dial
    out. As always, it's mostly up to the user to use his/her machine
    intelligently and if done then the need for software firewalls is
    minimal or non-existent.

    --
    Kerodo
    Kerodo, Mar 18, 2006
    #7
  8. Guest

    Kerodo wrote:
    > In article <>, galt_
    > says...
    > > optikl wrote:
    > > > wrote:
    > > > > optikl wrote:
    > > > >> 1. Hardening your operating system so that it's not susceptible to
    > > > >> intrusions.
    > > > >>
    > > > >> 2. Considering an appliance (router, VPN Firewall, etc.)
    > > > >>
    > > > >> 3. An other PFW that would be easier to set-up and configure.
    > > > >
    > > > > Yes, thank you. Your item #2 is the driving issue. I did add a hardware
    > > > > firewall -- and as a result I don't see much need for a software
    > > > > firewall anymore unless it is capable of helping to associate running
    > > > > processes with outbound traffic (leak detection). With that in mind my
    > > > > preliminary investigation seems to indicate that my prior SW firewall
    > > > > (ZoneAlarm-free) is nearly worthless at leak detection while Jetico is
    > > > > one of the best for this purpose -- thus my interest.
    > > > >
    > > >
    > > > Leak detection preoccupation fascinates me. Its premise is flawed.
    > > > Anyway, if you're concerned about rogue processes and programs being
    > > > added to your start up folders and creating malicious services, get a
    > > > program like Process Explorer or WinPatrol. They are far more useful
    > > > than most PFW's I've used. The only reason I even have a PFW on my
    > > > company laptop is because it's company policy to have one when I'm on
    > > > the road. At home, none of my equipment has a PFW. I rely on an
    > > > appliance, instead.

    > >
    > > I put the blame on Microsoft. Leak detection is like trying to patch a
    > > sieve and software firewalls are only needed because of endless flaws
    > > in the OS port services.

    >
    > That doesn't make much sense. Flaws in the OS's services is the
    > reason you need *inbound* protection, not outbound.


    Yes, I'm talking about two different things, and yet the OS is the
    problem in both cases. Outbound data stream security is crap and
    inbound port security is crap.

    > Your craving for a software firewall and outbound protection is
    > an attempt to keep malware and ill behaved programs in check.
    > Some people would argue that this is an impossible task and
    > all software firewalls can and will be circumvented rather easily.


    Because the OS provides no reliable security for outbound data streams.
    Yet since I have a hardware firewall outbound protection is the only
    functionality I desire from a SFW.

    > Others like to run the firewall anyway, hoping that it will catch
    > at least some of the nasties trying to dial out.


    Yes, that is the hope.
    , Mar 18, 2006
    #8
  9. optikl Guest

    wrote:

    >
    > Because the OS provides no reliable security for outbound data streams.
    > Yet since I have a hardware firewall outbound protection is the only
    > functionality I desire from a SFW.
    >

    Are you absolutely certain you'd want to default security to the OS for
    outbound data stream protection? Doesn't sound wise from a security
    perspective to me. That's why God gave us brains.
    optikl, Mar 18, 2006
    #9
  10. Guest

    optikl wrote:
    > wrote:
    > >
    > > Because the OS provides no reliable security for outbound data streams.
    > > Yet since I have a hardware firewall outbound protection is the only
    > > functionality I desire from a SFW.
    > >

    > Are you absolutely certain you'd want to default security to the OS for
    > outbound data stream protection? Doesn't sound wise from a security
    > perspective to me. That's why God gave us brains.


    If the OS can't maintain security then nothing can. Everything else is
    just layer after layer of pathetic bandaids.
    , Mar 18, 2006
    #10
  11. optikl Guest

    wrote:
    > optikl wrote:
    >> wrote:
    >>> Because the OS provides no reliable security for outbound data streams.
    >>> Yet since I have a hardware firewall outbound protection is the only
    >>> functionality I desire from a SFW.
    >>>

    >> Are you absolutely certain you'd want to default security to the OS for
    >> outbound data stream protection? Doesn't sound wise from a security
    >> perspective to me. That's why God gave us brains.

    >
    > If the OS can't maintain security then nothing can. Everything else is
    > just layer after layer of pathetic bandaids.
    >


    I'm not talking bandaids. As I mentioned previously, there are other
    approaches. I named just a couple. Anyway, it it makes you feel better
    to think Windows makes you a "victim", go ahead. Some see problems,
    others see solutions.
    optikl, Mar 18, 2006
    #11
  12. Guest

    optikl wrote:
    > wrote:
    > > optikl wrote:
    > >> wrote:
    > >>> Because the OS provides no reliable security for outbound data streams.
    > >>> Yet since I have a hardware firewall outbound protection is the only
    > >>> functionality I desire from a SFW.
    > >>>
    > >> Are you absolutely certain you'd want to default security to the OS for
    > >> outbound data stream protection? Doesn't sound wise from a security
    > >> perspective to me. That's why God gave us brains.

    > >
    > > If the OS can't maintain security then nothing can. Everything else is
    > > just layer after layer of pathetic bandaids.
    > >

    >
    > I'm not talking bandaids. As I mentioned previously, there are other
    > approaches. I named just a couple. Anyway, it it makes you feel better
    > to think Windows makes you a "victim", go ahead. Some see problems,
    > others see solutions.


    Do you mean;
    > "1. Hardening your operating system so that it's not susceptible
    > to intrusions."


    I think this means the OS is crap and needs to be
    fixed/repaired/upgraded by adding more software.

    > "2. Considering an appliance (router, VPN Firewall, etc.) "


    I think this means the OS is crap so install a different box to babysit
    the box running the OS. This is not whining, it is the cruel reality of
    the situation.
    , Mar 18, 2006
    #12
  13. galt_57 wrote:


    >> I'm not talking bandaids. As I mentioned previously, there are other
    >> approaches. I named just a couple. Anyway, it it makes you feel better
    >> to think Windows makes you a "victim", go ahead. Some see problems,
    >> others see solutions.

    >
    > Do you mean;
    >> "1. Hardening your operating system so that it's not susceptible to
    >> intrusions."

    >
    > I think this means the OS is crap and needs to be fixed/repaired/upgraded
    > by adding more software.


    In fact it means exactly the opposite. In a large way it means /removing/
    options and even software that you don't need. Options and software the
    the OS vendor assumed most users would want enabled. It's really more of a
    marketing cockup than an OS issue in the first place. If consumer *nix
    distributions were marketed under the same premise they'd be just as
    vulnerable out of the box, and require end users to go through and
    reconfigure them for more secure operation just like Windows does.

    >> "2. Considering an appliance (router, VPN Firewall, etc.) "

    >
    > I think this means the OS is crap so install a different box to babysit
    > the box running the OS. This is not whining, it is the cruel reality of
    > the situation.


    No, that's whining. You're you're even willfully ignoring the inherent
    benefits in a layered approach to security to give yourself the privilege
    of doing it.

    Boundary appliances are /always/ a good idea, even if you believe you have
    your OS locked down tight. Hardware is by definition more "hard" than
    software, so a hardware firewall will generally be more robust. It's also
    generally faster, and exacts no overhead on on user equipment. And all
    that on top of the fact that to even /BEGIN/ attacking the OS you have to
    crack a separate piece of hardware first. Boundary hardware that once
    cracked doesn't give immediate access to an underlying OS and user data.
    George Orwell, Mar 18, 2006
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    519
  2. Sentinel
    Replies:
    7
    Views:
    1,030
    Evan Platt
    May 14, 2005
  3. Sandi
    Replies:
    33
    Views:
    1,444
    Sheila aka Pippie
    Apr 4, 2005
  4. M L

    Value of Sensiveguard freeware firewall ?

    M L, Feb 19, 2006, in forum: Computer Security
    Replies:
    5
    Views:
    1,582
  5. Internet Highway Traveler
    Replies:
    5
    Views:
    1,962
    Internet Highway Traveler
    Nov 14, 2009
Loading...

Share This Page