[SOLVED] A Little Advice Required. :)

Glooby you did understand what i mean. :wink:

Except for your post at the top of this page, where you mis-analyzed what I had posted, I understood what you posted which basically reiterated two personal opinions:

  1. avast! firewall better than OA because itā€™s easier to use.
  2. avast! firewall better than OA because you do not like HIPS.

If you take the time and carefully re-read my posts (unlike yourself) I made no negative remarks, nor disagreed with any of the features you noted about the avast! firewall. The only items I took exception to was your ā€œopinionsā€ on OA, which by your own words ā€œI never liked it and will never try it.ā€ invalidates your opinions on OA.

I agree 100% with GloobyGoobā€™s post which is factual and without personal opinions; and as he noted comes down to oneā€™s personal preference as to which firewall to use. Using a firewall with some form of HIPS requires a little more user input, which I for myself is worth the additional protection.

Besides the fact that you do not like HIPS, the real fact is that firewall with some form of HIPS will provide better protection to some forms exploits, and as time goes on more of the top rated firewalls have been including some form of HIPS/Program Control:
http://www.matousec.com/projects/proactive-security-challenge/results.php

Personally Iā€™ve been using various software and hardware firewalls for over ten years.

That is, if the user chooses the correct choice. If they choose wrong,they could let in a threat, which is worse.

I wouldnā€™t trust Matousecā€™s tests, as they are flawed. :wink: You can find a few threads in this forum (and external sources) discussing this. He considers HIPS a part of firewalls, but he disables avastā€™s other protection modules and tests the firewall alone. The avast! Firewall is closely integrated with other components of the suite and is not meant to be a stand-alone. Furthermore, Matousecā€™s tests are more like HIPS tests than firewall tests. Since the tester knows that every sample will be a threat, they will know to answer ā€œNo/Denyā€ to every popup and score 100%. However, in the real world this is not the case. Fortunately OA tends to be lighter on popups than other similar products.

Iā€™ve used Online Armor and think itā€™s great, but avast Firewall is good too. After all,it got a 4.5/5 rating on PcMag, and Neil J. Rubenking knows what heā€™s doing. :wink: I think that avast! Firewall is underrated by many.

You cant compare a simple firewall without hips and a firewall that got hips.

That what matousec did not understand he should have make a new section where its only for stealth port. So now we can see more what the firewall did stealth and did not in %.

Also Glooby is true in this case. If you choice to hips to allow something that you dont know and its a virus well too bad for you. Im find HIPS very annoying its like ā€œDo you want to allow this???..ā€ alots timesā€¦

Applies for a pop-ups for most security apps.:wink: (i.e.: pop-up due to FPs; awhile back when avast! defs update that deleted system filesā€“Iā€™ve reset avast!'s default settings to always prompt, not to delete). Both OA Help and pop-ups recommends that if in doubt, block. After you verify itā€™s OK you can Allow the blocked item later.

If they choose wrong,they could let in a threat, which is worse.
Why would it be worse? If not using HIPS, there would not have been a pop-up and the threat would be "let in". In either case one would hope that their AV/AS app(s) would detect and stop/block the threat if it had any malicious behavior. If you have use OA, you should know that a program that is "Allowed" does not have the full rights as "Trusted". I have the "[i]Automatically allow Trusted programs to access the internet[/i]" disabled.
I wouldn't trust Matousec's tests, as they are flawed. ;) You can find a few threads in this forum (and external sources) discussing this. He considers HIPS a part of firewalls, ...
First, yes I'm aware of Matousec's tests -- and would assume anyone who's been active with this forum or any other security forums would be also. Second, if you read what I posted before link I was using the Matousec's tests as an [i]example[/i] how many firewalls are at the top now, i.e., using some form of HIPS/Program Control. Was not too long it was mainly Comodo and OA that were at the top. Third, no one should make a decision about how good/bad a app is solely on a single test. Should read several tests, and need to read how the tests were conducted.
I've used Online Armor and think it's great, but avast Firewall is good too. After all,it got a [url=http://www.pcmag.com/article2/0,2817,2358469,00.asp]4.5/5 rating on PcMag[/url], and Neil J. Rubenking knows what he's doing. ;)
I've read/printed that review. Neil also wrote: [i]"... I tested the firewall's ability to detect suspicious activity using a collection of leak-test utilities. These programs demonstrate techniques that actual malware uses to sneak past simple program control-techniques like injecting code into trusted programs, or remotely controlling them. The anti-malware component did block a few of these samples, but all of the rest managed to perform their sneaky tricks without a peep out of the avast! firewall.

My ALWIL contacts explained that since thereā€™s no malicious payload in the leak test programs thereā€™s no reason for avast! to block their behavior. That makes sense. Norton Internet Security 2010 and Panda Internet Security 2010 work in just the same way. ā€¦"[/i]

For myself, the attitude of ā€œsince thereā€™s no malicious payload in the leak test programs thereā€™s no reason to block their behaviorā€ is not entirely a wise one. What if someone did use a method similar to leak tests to plant a zero-day malicious payload that oneā€™s AV/AS defs and behavior shield did not detect? Thus the premise for retrospective/proactive tests, which in the latest AV-Comparatives Retrospective/Proactive Test May 2010 avast!'s ā€œTotalā€ was 29% ā€“ i.e., missed 71%ā€“in this test.

Bottom line is no one/type of security can provide 100% protection. Hence the best one can do is be informed of the risks (e.g., visiting security forums) and use a layered protection. HIPS is just another layer that one can use. If person does not like HIPS fine, donā€™t use it!

Are you just regurgitating what GloobyGoob posted or do you know this for a fact? If so please explain how, and why would not avast! and/or any other AV/AS would not detect the ā€œvirusā€? ???

Im find HIPS very annoying its like "Do you want to allow this????....." alots times...
Yes, I think [u]everyone[/u] knows by now you don't like HIPS. Fine don't use it--just that simple. :P

Now a day there alot threat on the wild. As we say no any anti virus could detect 100 % of the anti virus. But avast! indeed do a great performance over here.

But how come if a little thing did pass and hips come to prompt me that a file is trying to connect to my pc. What would you think that i will act ? Allow or block ? PS : Pretend that i dont know anything about that file and im very novice at computer. I will allow it for sure. As i wouldnt like that if i block that its could destroy my system. Maybe ill try to find the file and scan it with my anti virus. And how come if the anti virus say its clean. Now the virus will be happy and enjoy my password and system.

The Avast Firewall will deny access if it goes against the application rules. If it isnā€™t on the list, then it will closely monitor it and block suspicious behavior/actions. Thatā€™s better than choosing the wrong action to take.

I wasnā€™t referring to OA, I meant firewalls wih HIPS in general; I replied to this: the real fact is that firewall with some form of HIPS will provide better protection to some forms exploits

Well, if you know the test is flawed, why do you use it as a valid example? ??? And, as I have said, the tests that determine the ā€œtop firewallsā€ arenā€™t firewall tests. They test the HIPS/Program Control more than the firewalls themselves. Iā€™d like to see a real firewall test, but itā€™s not so simple testing one.

True, I agree.

Iā€™m not saying that I donā€™t like HIPS, actually I think itā€™s a good layer of protection! :smiley: I have used it for a couple of years, but now I just prefer having programs that decide for me like the avast Firewall. For people that donā€™t like HIPS, then alternatives are behavior blockers, auto-deciding firewalls, etc.

Anyway guy this has been solved for many time and i think its up to the user to choice the best as he want.

So good debate guys/girls.

Thank alot.

Mr.Agent

Just wanted to make several closing replies/comments.

If the firewall itself is using some form of Network type IPS Intrusion Prevention System, then yes the wrong choice ā€œcould let in a threatā€. But so far what Iā€™ve read about the HIPS for personal PCs they appear to be some form of Program Control-HIPS that will alert you of a app/process that trying to run and not in itā€™s Program Control-HIPS settings.

Have only used OA. As to OA (back to the OPā€™s inquiry) the Program Control/HIPS has itā€™s own pop-ups, and the OA firewall has itā€™s own separate pop-ups. If one gets a Program Control pop-up and should click ā€œAllowā€ to run, if the process tries to access the internet to download (let-in) a payload it will by blocked by the firewall with the firewall pop-up.

I have tighten up the OAā€™s Program Control Settings and Firewall Settings, and the only times I get Program Control pop-ups is after I install a new app or update an existing app.

If you read all that I posted was it was only example of showing how many (i.e., the number of firewalls) that are now using some form of HIPS, whereas not too long there was mainly just Comodo and OA. Would assume these firewall vendors have added some form of HIPS because they see a valid reason to do so, and not just so they could do well in the Matousecā€™s tests. :wink:

Guess I read too many reviews/tests, security articles :slight_smile: ā€“ but at this time I have not come across any one security app/suite I would trust enough to allow it to automatically make all the decisions. Iā€™m in the firm belief that no one security app can catch everything, and using a layered approach overall the best security solution. Hence Iā€™m among those who never been fond of using a ā€œsecurity suiteā€ā€“having all eggs in one basket.

If you know what a zero-day vulnerability is, then youā€™ll know that thereā€™s a risk that any AV/AS may not be able to detect; e.g., AV-Comparatives and others Retrospective/Proactive type tests.

Cheers,
Jon

Ah. I get what youā€™re saying now, that more firewalls are incororating HIPS. Sorry, my bad. :wink:

Yeah, I wasnā€™t fond of suites either. I tried various combinations of antivirusā€™s and firewalls (I used PC Tools, Online Armor, Comodo, Zonealarm, etc) for several years now. But I tried the avast Suite and was impressed. :slight_smile: (I donā€™t use just avast, I use Malwarebytes, Super Antispyware, and Hitman Pro.)

Yes, I am well aware. :wink: Thatā€™s why I donā€™t just rely on my Antivirus/Antispyware, I always use the use the avast sandbox to virtualize my browser and test all downloads in it, use a limited user account, etc. (And of course, common sense ^-^) My comp has never been infected once over the last several years. :slight_smile:

Well I really donā€™t want to debate over this anymore (the Thread Starterā€™s problem has been resolved a long time ago, and this is not directly related to the question) at least not here anyway. It is pointless to keep reviving an old solved thread, soā€¦ we must let it die. Best regards, Jon_T! :smiley:

GloobyGoob