When Windows XP came out in 2001, it came with something new—a built-in firewall. In Windows Vista and later, the firewall evolved into something even better, but the XP version handled basic tasks well. Ashampoo FireWall FREE, compatible only with XP and Windows 2000, goes beyond that basic firewall, adding program control and a few bonus features, but it seems stuck in the past.
During installation, Ashampoo Firewall leads you through a few initial configuration steps. It offers a choice of Easy mode or Expert mode (more about those later). You can choose to monitor connections within your LAN (enabled by default) or connections local to your computer (disabled by default). And you'll get a chance to select predefined permissions for a handful of very common programs.
The program's flashy orange-themed main window displays firewall statistics and offers quick access to configuration options, logs, and bonus tools. You can review and change any of the settings you made during the install process, and more settings as well. By default the program protects its process against termination. You can take a step further and have it hide its process, so it doesn't even appear in Task Manager. Note, though, that doing so may look "suspicious" to other security programs.
Basic Firewall Tasks
As expected, Ashampoo Firewall stealths all of your PC's ports, so they're not even visible to an outside attacker. In testing, it shrugged off all of my port scans and other Web-based attack tests. This success is strictly a baseline, since Windows Firewall alone can handle that level of protection.
I verified that the firewall process resists termination. Trying to end the process using Task Manager, I just got "Access Denied." I also verified that the firewall can successfully hide its process, causing it to vanish from Task Manager.
The firewall doesn't store its enabled/disabled status in the Registry, so I couldn't turn it off using a Registry tweak. My next step usually involves an attack on the firewall's Windows service, but Ashampoo Firewall doesn't use a service. Instead, it achieves SPI (Stateful Packet Inspection) using a driver. In short, I couldn't disable protection using various techniques that might be employed by a malware coder.
Rudimentary Program Control
At installation, Ashampoo Firewall starts off in Learning Mode, but that phrase doesn't have the same meaning it does for other products. Learning Mode in Outpost Firewall Pro 8 means that every connection is allowed, and the firewall creates a rule to continue allowing each connection it detects. Autolearn mode for TinyWall 2.1 is similar.
Learning Mode for Ashampoo Firewall refers to the fact that it asks you, the user, how to handle unknown programs, and learns from your decisions. Since it only pre-configures permissions for a very few common programs, you'll be answering a lot of popup queries for the first while after installing this product. If you turn off Learning Mode, the firewall will simply block any unknown program, the way TinyWall does by default.
Each popup query reports the IP address and port to which the program is attempting a connection. In Expert mode you can choose whether to allow or block connection with the specified port or with all ports. In Easy mode, choosing to allow the connection always allows all ports. In either case, if you don't check the "Create rule" box you'll be asked the same question next time that program tries to connect.
ZoneAlarm Free Firewall 2013 gets around the problem of popup overload using an immense online database called SmartDefense Advisor. It only queries the user for programs not found in the database, and when it does, there's probably malware involved. TinyWall silently blocks every connection for which no rule exists, but offers several ways you can add an exception for a particular program.
No comments:
Post a Comment