Sygate personal firewall

**gesc** · January 16th, 2006, 07:26 AM

Hi guys,

Can anyone provide me a link or alternatively info on how to configure this firewall? I am using the 5.6 version and running it on Win XP SP2. I am having a hard time trying to set it up. I am not very knowledgeable in this area. :icon_shak

Thanks in advance,

G.

**uselesscrap** · January 16th, 2006, 10:10 AM

Try this: http://www.sygate.ca/support/apprules/apprule.htm

**gesc** · January 17th, 2006, 03:38 AM

Hey, thnx 4 that. G.

**kokanezub** · January 17th, 2006, 12:23 PM

there shouldnt be any config required it tells u allow "app" u say yes or no its a pop up messege

**KoolDrew** · January 17th, 2006, 07:18 PM

and running it on Win XP SP2.

I am not very knowledgeable in this area.

Just run the native SP2 firewall. Outbound filtering at the host-level doesn't provide any security benefits anyway.

**Malakai1911** · January 17th, 2006, 08:00 PM

Originally Posted by KoolDrew

Just run the native SP2 firewall. Outbound filtering at the host-level doesn't provide any security benefits anyway.

Huh? I can name three reason outbound filtering on the desktop makes sense.
- Rootkits
- Trojans
- Spyware

**gesc** · January 18th, 2006, 02:08 AM

Originally Posted by KoolDrew

Just run the native SP2 firewall. Outbound filtering at the host-level doesn't provide any security benefits anyway.

Hell no!

Hi, why do you think I have installed Sygate in my PC. Simply because (and honestly let me say: I don't know how) a trojan got into my boat, destroyed all my mp3 collection and erased Win media player and Shareaza (I guess kind of a warning thing). This damn thing didn't know that I keep backup files of everything I have so nothing happened. Just the nuisance of formating C: and reinstalling Windows. That trojan is history but it did a lot of damage.

Now, should I still keep Windows Firewall?

BTW someone told me that Microsoft is going to get rid of the firewall and implement a security suite for next year (Windows Vista). This is going to be a serious product. So I guess the firewall days will be soon history.

Cheers,

G.

**KoolDrew** · January 18th, 2006, 05:25 AM

Immutable Law of Security #1: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore"

Once malware is already on the system, security has been compromised. The possibility exists for that code to whatever it wants, with or without your knowledge. This is why the most critical thing is to prevent that code from ever getting on to your system in the first place. The outbound filtering firewall could even be disabled by some sort of malware. The simple fact is that, once your system has been compromised, you cannot trust what your outbound filtering firewall is telling you is accurate. How do you know whether your software has successfully called home or not? How do you know its not rolled back to a remoted IE process when its preferred method has failed? How do you know it hasnt added itself to the "Allowed" list? If you're running software that really wants to send something out theres absolutely nothing you can do to stop it. Outbound filtering at the border of your network is a good thing. Host-based, on the other hand, is nothing more than marketing hype and a false sense of security.

Compare outbound protection to a pair of forcepts to remove the bullet from your flesh. The damage has already been done. There are TONS of malware out there that first and foremost disable software protection. It doesn't require a "clever" attack to do either.

Also, not to mention that every host-based outbound filtering firewall is really annoying. They are actually so annoying that it promotes insecure behavior, since most non-computer savvy users (which the OP claims himself to be) will just click on whatever it taked to make it go away, which is usually something along the lines of "allow this" or even worse "allow all traffic."

If you want to talk about host-based firewalls being too complicated for the average user, look no further than one that does outbound filtering. A firewall that only filters inbound is far simpler, since most people only need to allow a few listening ports if any (file sharing being the most common probably). Compare that with every type of traffic that needs to get out of an average user's machine.

gesc, look for other ways to increase your systems security posture. An outbound filtering firewall at the host-level isn't the way to do it. The most important thing to do is run under a limited user account for day-to-day use. A user under a limited account cannot install software (including malware), cannot disable the Windows firewall, cannot remove software (including anti-virus), cannot stop the anti-virus's services and cannot write to the C:\Windows directory or modify its contents (including the HOSTS file). This helps security a ton. If you were running under a limited user account when you got the trojan you wouldn't of had to reinstall Windows.

**gesc** · January 18th, 2006, 08:04 AM

Originally Posted by KoolDrew

Immutable Law of Security #1: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore"

I see your point.

**gesc** · January 18th, 2006, 08:05 AM

Originally Posted by KoolDrew

Immutable Law of Security #1: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore"

Once malware is already on the system, security has been compromised. The possibility exists for that code to whatever it wants, with or without your knowledge. This is why the most critical thing is to prevent that code from ever getting on to your system in the first place. The outbound filtering firewall could even be disabled by some sort of malware. The simple fact is that, once your system has been compromised, you cannot trust what your outbound filtering firewall is telling you is accurate. How do you know whether your software has successfully called home or not? How do you know its not rolled back to a remoted IE process when its preferred method has failed? How do you know it hasnt added itself to the "Allowed" list? If you're running software that really wants to send something out theres absolutely nothing you can do to stop it. Outbound filtering at the border of your network is a good thing. Host-based, on the other hand, is nothing more than marketing hype and a false sense of security.

Compare outbound protection to a pair of forcepts to remove the bullet from your flesh. The damage has already been done. There are TONS of malware out there that first and foremost disable software protection. It doesn't require a "clever" attack to do either.

Also, not to mention that every host-based outbound filtering firewall is really annoying. They are actually so annoying that it promotes insecure behavior, since most non-computer savvy users (which the OP claims himself to be) will just click on whatever it taked to make it go away, which is usually something along the lines of "allow this" or even worse "allow all traffic."

If you want to talk about host-based firewalls being too complicated for the average user, look no further than one that does outbound filtering. A firewall that only filters inbound is far simpler, since most people only need to allow a few listening ports if any (file sharing being the most common probably). Compare that with every type of traffic that needs to get out of an average user's machine.

gesc, look for other ways to increase your systems security posture. An outbound filtering firewall at the host-level isn't the way to do it. The most important thing to do is run under a limited user account for day-to-day use. A user under a limited account cannot install software (including malware), cannot disable the Windows firewall, cannot remove software (including anti-virus), cannot stop the anti-virus's services and cannot write to the C:\Windows directory or modify its contents (including the HOSTS file). This helps security a ton. If you were running under a limited user account when you got the trojan you wouldn't of had to reinstall Windows.

I see your point. But I realise now I made the typical newbie's mistake:

Dowloading mp3s without checking if they were .exe. That's how I got the trojan. Now I have unckecked the Win option "hide extensions for known file types" under "tools-folder options-view".

Humans always learn through mistakes.

Now I am going to reinforce my castle and install extra protection: Protowall, PeerGuardian 2 and a BlockList Manager. We all know that the two most problematic areas which cause 99% of malware issues for non-commercial users in the Internet environment are:

1. Porn

2. P2P (This is the area that concerns me)

Now, how do I run a limited account in my PC without having two computer administrators in my PC? It's impossible to change from admin to limited.

Thnx,

G.

**KoolDrew** · January 18th, 2006, 01:11 PM

Now, how do I run a limited account in my PC without having two computer administrators in my PC? It's impossible to change from admin to limited.

Just make a new account and make it limited. Try to use it as much as possible. Only log into admin when you realy need to. It may be annoying at first, but you will get used to it and it is the best thing you can do to help your systems security posture.

**gesc** · January 19th, 2006, 05:28 AM

Hi K.,

Yes I figured that out. I was a bit absent-minded when I launched my question. Problem is that limited won;t let you run many programs.

How do I bypass this?

Cheers,

G.