Outpost Personal Firewall Pro

[Arena2045]

Greetings:With the recent suggestion from Microsoft that users purchase a 3rd party firewall because the one bundled with XP "doesn't block or filter IPv6 traffic"… I thought I would post some recent news:The “Outpost Personal Firewall Pro†software firewall has been updated to version 2.0.SIDE NOTE:Now I do not personally use Outpost, but it is a viable option along with various other brands, like ZoneAlarm (I use ZoneAlarm Pro as well as a hardware firewall)…URLs :Outpost Personal Firewall Pro | Product PageAgnitum.com | Main Page

Agnitum, a publisher of Windows security applications, has released Outpost Personal Firewall Pro 2.0, a powerful, full-featured firewall for Windows that hides your computer from hackers, detects and blocks intrusions, and quarantines Internet worms and viruses that enter your computer.New features in version 2.0 include the program's ability to auto-configure the correct values for 95 percent of your computer's applications, system, and LAN settings; an intuitive graphical interface that makes it easy to fine-tune Outpost's settings; and Windows Start-Up processing that ensures that Outpost is running and protecting your system before any malicious program can be loaded. -- Source : Agnitum.com > News

[Marsden11]

The IPv6 protocol in XPPro SP1 and Win 2003 Server is not installed by default. If it is not installed where is the risk? It has to be installed and then configured.You can implement IPv6 routers by using a variety of hardware and software products, including a computer running a member of the Windows Server 2003 family with the IPv6 protocol. Routers that are dedicated hardware devices running specialized software are common. Regardless of the type of IPv6 routers that you use, all IPv6 routing relies on a routing table to communicate between network segments. If you don't have an IPv6 routing table on your machine... nothing is going to happen.IPv6 hosts use a routing table to maintain information about other IPv6 networks and IPv6 hosts. Network segments are identified by using an IPv6 network prefix and prefix length. In addition, routing tables provide important information for each local host regarding how to communicate with remote networks and hosts.For each computer on an IPv6 network, you can maintain a routing table with an entry for every other computer or network that communicates with that local computer. In general, this is not practical, and a default router is used instead.The IPv6 protocol for Windows XP was provided as a developer preview. The IPv6 protocol for Windows XP with SP1 is a supported protocol. The IPv6 protocol for Windows XP and Windows XP with SP1 does not include IPv6 support for file and print sharing, DNS messages over IPv6, or IPv6 support for the WinInet, IPHelper, and DCOM APIs.The IPv6 protocol for Windows XP and Windows XP with SP1 installed include the following tools that are not provided for the Windows Server 2003 family:Ipv6.exe: Used for configuring the IPv6 protocol. The recommended method to configure IPv6 is the commands in the netsh interface ipv6 context. Ping6.exe: The recommended tool to use is the IPv6-enabled version of the Ping.exe tool. Tracert6.exe: The recommended tool to use is the IPv6-enabled version of the Tracert.exe tool. Just read the following and you will quickly see that this new protocol will take some time to actually be used... Q. What is my IPv6 address? A. By default, IPv6 configures link–local IPv6 addresses for each interface that corresponds to an installed Ethernet network adapter. Link–local addresses have the prefix FE80::/64. You can see your link local addresses by typing the ipv6 if command and looking for an interface with a link–level address of the form aa–bb–cc–dd–ee–ff. The preferred address is the link–local address for the interface.Here is an example:Interface 4: Ethernet: Local Area Connectionuses Neighbor Discoverylink–layer address: 00-b0-d0-23-47-33preferred link–local fe80::2b0:d0ff:fe23:4733, life infinitemulticast interface–local ff01::1, 1 refs, not reportablemulticast link–local ff02::1, 1 refs, not reportablemulticast link–local ff02::1:ff23:4733, 1 refs, last reporter, 6seconds until reportlink MTU 1500 (true link MTU 1500)current hop limit 128reachable time 36500ms (base 30000ms)retransmission interval 1000msDAD transmits 1Interface 3: 6to4 Tunneling Pseudo–Interfacedoes not use Neighbor Discoverypreferred global 2002:9d3c:89d9::9d3c:89d9, life infinitelink MTU 1280 (true link MTU 65515)current hop limit 128reachable time 0ms (base 0ms)retransmission interval 0msDAD transmits 0Interface 2: Automatic Tunneling Pseudo–Interfacedoes not use Neighbor Discoverypreferred link–local fe80::200:5efe:157.60.137.217, life infinitepreferred global ::157.60.137.217, life infinitelink MTU 1280 (true link MTU 65515)current hop limit 128reachable time 0ms (base 0ms)retransmission interval 0msDAD transmits 0Interface 1: Loopback Pseudo–Interfacedoes not use Neighbor Discoverylink–layer address:preferred link–local ::1, life infinitepreferred link–local fe80::1, life infinitelink MTU 1500 (true link MTU 1500)current hop limit 128reachable time 40500ms (base 30000ms)retransmission interval 1000msDAD transmits 1I can just imagine Help Desk support for this...Q. How do I enable IPv6 routing? A. To enable IPv6 routing, you must use the ipv6 ifc command to enable forwarding and advertising on the appropriate interfaces, and then use the ipv6 rtu command to configure subnet prefixes to publish. Q. How do I ping? A. The IPv6 Protocol for Windows XP includes the Ping6.exe tool, an equivalent to the Ping.exe tool supplied with TCP/IP in Windows XP. Ping6.exe sends ICMPv6 Echo Request messages to the specified destination and displays round–trip time statistics on the corresponding Echo Reply messages. Here is the Ping6.exe syntax:ping6 [-t] [-a] [-n count] [-l size] [-w timeout] [-s srcaddr] -r {name| dest[%scopeID]}The -t option pings the specified host until interrupted.The -a option resolves addresses to host names.The -n count option specifies the number of echo requests to send.The -l size option specifies the send buffer size.The -w timeout option specifies the time–out, in milliseconds, to wait for each reply.The -s srcaddr option specifies the source address for the Echo Requests. The -s option can be used for pinging a multicast address.The -r option specifies that a routing header be used to test the reverse route.The name option specifies the destination name.The dest option specifies the destination address.The scopeID option specifies the scope or zone of the destination for Echo Request messages.For link–local addresses, the scope identifier (ID) is equal to the interface index, as displayed in the output of the ipv6 if command. For site–local addresses, the scope ID is equal to the site number, as displayed in the output of the ipv6 if command. If multiple sites are not being used, a scope ID for site–local addresses is not required. The scope ID is not required when the destination is a global address.For example, to send Echo Request messages to the link–local address fe80::260:97ff:fe02:6ea5 using scope ID 4 (the interface index of an installed Ethernet adapter), use the following command: ping6 fe80::260:97ff:fe02:6ea5%4 Q. What can I do with the IPv6 Protocol for Windows XP besides ping? A. Windows XP contains an updated version of the Internet extensions dynamic–link library (DLL), Wininet.dll, to enable your Web browser to view IPv6–enabled Web sites. Windows XP also contains updated versions of the Telnet client (Telnet.exe) and the File Transfer Protocol (FTP) client (Ftp.exe) that allow IPv6–based connections. Additionally, the Remote Procedure Call (RPC) components of Windows XP are IPv6–enabled, and the versions of Network Monitor provided with both Windows 2000 and Systems Management Server (SMS) version 2.0 support the parsing of IPv6 headers. You can also write IPv6 applications or port your IPv6 applications to support IPv6 as described in RFC 2553, “Basic Socket Interface Extensions for IPv6.â€Q. How can I force IPv6 connections using my Web browser? A. The new Internet extensions DLL, Wininet.dll, enables Web browsers to access IPv6–enabled Web servers. For example, Wininet.dll is used by Microsoft Internet Explorer to make connections with a Web server to view Web pages. Internet Explorer uses IPv6 to download Web pages when the Domain Name System (DNS) query (or hosts file) for the name of the Web server in the URL returns an IPv6 address. You can then connect to names that resolve only to IPv6. To verify that the DNS query returns IPv6 addresses, try to ping the Web server domain name using the Ping6.exe tool. For applications other than Internet Explorer: Connect using a literal IPv6 address. URLs that use the format for literal IPv6 addresses described in RFC 2732, “Format for Literal IPv6 Addresses in URLs,†are not supported by the version of Internet Explorer provided with Windows XP.Note: Internet Explorer cannot browse IPv6 Web sites if it is configured to use a proxy server. When Internet Explorer is configured to use a proxy server, all name resolution requests for Web sites are forwarded to the proxy server. Until the proxy server is IPv6–enabled, proxy–based requests for local or remote IPv6 Web pages are unsuccessful. For information about how to configure Internet Explorer to operate without the use of a proxy server, see Internet Explorer Help. Having read all that... don't you just want to jump right in?

[Guest LilBambi]

Thanks Arena2045 for the information on the new version of the Outpost Firewall software. It has been a very solid program in the past and we have no reason to doubt that the new version will be any different (maybe even better), but like you, I use ZoneAlarm.Titan, you are right and Microsoft's firewall only works for incoming traffic anyway. As I am sure you know, programs can and often do try to 'get out' (outbound traffic) and there is always the potential for anyone to be hit with a trojan horse, etc. And your first indication may just be your firewall's complaint about some program. So outbound traffic can be just as important as inbound traffic.It is always good to have solid alternative to a 'basic' function supplied by Microsoft's firewall.The IPv6 issue is only one problem with Microsoft's firewall.---Use of an alternative firewall can be likened to another scenario. Just because Microsoft Paint is a halfway decent program (hey, just using it as an example here ) and is included with Microsoft Windows, it doesn't mean we need or should necessarily use it in lieu of Photoshop or another superior alternative.It's all about choice and making use of the best tool for the job.

[zox]

I guess it all depends on someones need and setup.I have a hardware NAT based router/Firewall that prevents all intruders from the outside.What I need is not protection from the outside since I am already protected but from inside.Just one e-mail with trojan or worm is enough to take down your fortress and call it's creator or/and sent sensible documents and data through.Software firewall will prevent it, any software firewall except Microsoft's native one unfortunately.Microsoft likes to licence third party technologies and bundles them with Windows but it always leaves room for other players that they licensed technologies from.That is the case with "Native CD burning" in WinXP.While you can burn basic CD with it, there is tons of stuff that you can't do with CD and that is possible only if you purchase full blown CD burning package such as Roxio and Nero.Mind you it is informative post Marsden11.

[oblivion]

I've been using Outpost v1 for some months now (the pro version) and have a free upgrade to v2, so I'll probably upgrade sometime in the next few days...Question is: is anyone here using v2 already? My home box is pretty underpowered (AMD K6-2-500 that's recently developed a tendency to overheat before Rain loads in startup, dammit) and if v2 is significantly heavier on processor power than v1, it's gonna cause me headaches.So: if you've tried it, how did you get on? Any concerns (security, stability, functionality) I should be aware of?Or am I going to be the guinea pig?

[Borst]

I have been using v1 since last September and have been very happy with it. I have not yet upgraded but intend to do so. Oblivion, You could post to the Outpost Forum if you have questions. I'm sure someone there has installed v2 .