iWarren

Member
  • Content Count

    138
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by iWarren

  1. Of course a hardware firewall is always best, but routers/modems each have their own vulnerabilities of their own to be exploited, and i think a good portion of router companies, rather than keep patching firmware for aging technology, focus their efforts on software for more modernized microchips and components. my past couple modems/routers, it seems like when it comes to port forwarding, there is always some sort of glitch.. or some little quirk. so I sometimes have to allow a few more ports, which is why a software firewall becomes much more important to me. as a second line of defense. to this, you might say, that I just need to get a better router/modem, and that is one solution, but there are many people with old tech, who just want to find a way to make it work for them. be it through software firewall, or otherwise. although a software firewall might be a "niche" product, the people who do use it, often are quite fond of it. this is a perfect example of how a "pay as you go" service fails you... because it might be only a matter of time, before your favorite program is changed to something undesirable. Instead of just purchasing a stand-alone programs, that won't force you to change... I can for-see Microsoft will probably alienate people much the same way..... eventually adding/subtracting features from the system, just because they deem it useful, or non-useful. If we have learned anything from Windows 10 vs Windows 7, it is that people don't like change forced upon them, and that they must embrace that change on their own.
  2. If it is coded correctly, software 'is' like a house, that you build it once and then don't need to touch it for ages. Maybe if you're coding for multiple operating systems.... it might be cumbersome, keeping up with Microsofts re-gearing of architecture. but once you have the foundation laid down... it becomes a matter of bug fixes, while some can be time consuming... eventually as it becomes refined, you have less and less problems.... Now consider.... that even more time will need to be taken, removing all of the code associated with the firewall, reworking the GUI, and then... refocusing efforts on "protecting" the Windows firewall, add to that... the time explaining to users what happened to their features... and on top of that, the finances, of potential loss of customers, and extending licenses. All of this time could have just been spent 'maintaining' the existing infrastructure... which already had a decent foundation laid already. As a developer myself, I'd rather fix a few bugs, and deal with a few intermittent support requests, than to take a step backwards. Security is like a chain, any weakness in any one of the links, results in the compromised integrity of the chain. I've taken a look at the Windows Firewall. I'm not a networking expert by far, but I have used computers for the better part of my life, and I found so many foreign settings in Windows Firewall, if I ever did use it... i will literally have to school myself in Google to find out what all of the settings even mean. If someone who is familiar with computers doesn't know what half of these settings are..... you can be certain that your clientele who has been spoiled with over-simplification will have no idea what these settings do. and its just common sense, that an Improperly configured setup, can be linked back to security vulnerabilities.
  3. I don't want to change anyones mind, or persuade anyone to make a decision they don't truly believe in. but when I consider Emsisoft, and its functionality.... well, lol to be honest, i thought v9 was perfect regarding functionality.... maybe the window load time was a bit long, due to the application rules screen refreshing. but that sort of thing is understandable. i truly consider Emsisoft Internet Suite, to be a perfect setup... which why this news has come to me... it is not perceived well. i respect the developers of this program 1000%, and everyone here, would rather have this program existing and working.... than to have it not about... honestly, i would tell everyone in the world about emsisoft, lol and to use this specific product, but the problem is.... you tell someone what security software works... and people start attacking it. so i kind of liked its anononymity.... lol i was always told that security in obscurity is not security... but i still kind of took to it. lol anyways, you have already made your terms clear, and what is done is done... however, there is a new way out... call it a new program.... Emsisoft Firewall.... profit is profit.... you don't have to go the extra mile, because what exists is already there... and you have at least one supporter (me). as long as profit is rolling in, even if its on older software... that is money in the bank. perhaps not your style... but we want, what we want... and we need... what we need. and if there is a real issue, you would be alerted, to our needs.
  4. The test of a good salesman, is to turn a disadvantage, into an advantage.... Instead of cutting the firewall out, put it at a higher price.... so that the ones of us, who truly love this service.... can enjoy the quality of it. Thank you.
  5. If the developer needs to take a vacation.... any one of us, would wait a month, for your return.... and deal with any security issue that arrises amidst.... meanwhile, let the work... that stands, stand for its-self.
  6. I think, if everyone gives a little.... nobody needs to give a lot. and we would never need any security at all.
  7. I mentioned my neural project, because.... if i have to stop, and work on my security.... possibly, maybe my work might not be completed.
  8. I currently took a huge loss, on some neural products, because i sincerely believe i have the capability to make something of it.... lol I'm already taking a loss in another manner... but that does not matter to me, I just want to say that... your current firewall solution is in so many ways right. I critique it hard, and give troubleshoot... not because i don't like it, but because i want to help "improve" it. Emsisoft, is an amazing company.... but i feel, its because of its diversity... that makes it even better still... I develop software... i know exactly how hard it is, and it is 100x harder to create, than it is to destroy. If you fold now.... on the firewall end of things, you are saying, you give in to Malware.... and, Emisoft, gives in, to nobody. You can take a break.... but you can never give in. If I had more money, i'd invest in you, but I am but a simple man. lol so all I can do, is say nice words. and in another world, nice words.... mean much more than profit.
  9. Here is a consideration.... you said less people are interested in the firewall to make it worth your while. There are still people here who consider it valuable, so instead of taking a loss.... take a profit. You want to make your time worth your while.... we sincerely want to pay you what you are worth. Offer the EIS product at a higher price... you might not have to focus on it entirely, many of us, would rather keep a half maintained product, than a product that does not exist. Meet us half way. means, you would not be on the losing end, and giving away product at 50%, but keeping the people who adore your current product.... and want to keep what we have alive. If the firewall software is removed, my current project might not come to fruition, because i will be focused on learning new security.
  10. people don't mind change, when its "good" change. like changing from Online Armor to v10, that was a change... but we all stuck around, because it was still going in a good direction. i sincerely feel this decision makes absolutely no sense... the firewall is already in place, and working.... and the problems associated with it, at its current stage of development, are a lot fewer than when it first started. I talk to people all of the time about Windows 10, and one of the most frequent things I hear about why they don't upgrade to it, is because they do not trust Microsoft, due its embedded spyware. So why then should any of us feel inclined to 'trust' Windows firewall... especially when its default setup, allows some undesirable connection preferences. We might have to use Microsoft's infrastructure, but at least with Emsisoft, we had the choice to circumvent the Windows firewall. This whole arrangement just seems like a bizarre step backwards, considering it seemed like it was working quite successfully. Its almost like it worked "too well", that someone out there.... maybe just doesn't want us to have decent security. I don't want an extention.... I want the "already created and completed" firewall that currently exists. just stop updating/supporting, it if you have to... but don't remove it.
  11. I am most displeased with this evolution of events. I really feel a bit short-changed, because only a couple weeks ago I purchased 2 years with EIS, because it has been improving so well, and has FINALLY reached a state, where I can call it a stable build. I think its really quite unfair to make such a decision like this, without even consulting this community, you had to of known there would be a backlash from this decision. You might "consider" yourself only in the anti-malware business, but I think most people are less interested in the malware protection, half as much as the features this software offers. people don't just want malware protection, they like EIS because it is the "whole" package. I have you know, I've never trusted the Windows firewall, I find it cumbersome, and like all Windows default settings allows just about everything under the sun. I don't care if Windows Firewall is the last program in existance... i will _never_ use it. One reason why I left Emsisoft Internet Security for a brief period, was because I felt I was wasting too much of my own personal time, giving bug fixes, and was just spending too much time in general trying to resolve the stability of the product.... and apart from all of the great features EIS offers, another main reason why I purchased 2 more years protection, was because I was no longer using up my large portions of my free time. and the time I was giving, i felt happy to, because EIS has reached a state I am content with. This decision you have made, completely reverses my state of contentment with this product. For the past week i've been bleeding my heart and brains out, saying i want MORE features, and MORE control... and now you want to rip out a core feature that I use "daily". by removing EIS, in so many words you are saying that my time is not valuable, because that is what I will be losing over this.
  12. The original issue here, is applications being set to "All Allowed" when addressing the firewall alerts. It means that if a program connects first. BEFORE it initiates any program behavior, a rule will be created, setting the custom behavior as 'All Allowed' ... Also, if you also 'expect' someone to change the custom behavior to "Custom Monitoring", could you not then... put it in "Custom Monitoring" and then 'expect' them to change it to "All Allowed" ? I mean, by your logic, we should be configuring our application rules as well, so its just as easy setting it to "Custom Monitoring" by default, as it would be to put it into "All Allowed", as it is currently. You said yourself, that there is confusion between Firewall and Application rules. And.... by your own statement, you are trying to simplify EIS for 'average' users. So by recognizing that, you would also want to 'separate' the distinction between Firewall Rules vs Application Rules. Have Firewall Alerts, address "only" firewall settings. (No adjustments to application rules can be made from here) Have Application Alerts, address "only" application settings (No adjustments to firewall rules can be made from here) Because when I am prompted with firewall alerts... 'average' users, would not go about changing application rules.... That would be something, someone who has the time and know-how, would fiddle with.... which you would have to classify as an 'advanced' user behavior. All I really want GT500, is for the developers to really consider adding this as a feature. lol and maybe have them weigh in too, on the rammifications. Advanced Firewall Rules, has this "Ask" feature.... and it doesn't have any issue. What would it harm to setup an "Ask" feature for the application rules as well? Thank you for your time.
  13. Well, if a user cancels the rule editing.... they still have the option of going back to the Alerts window, and "Allow once" or "Block once" etc. I haven't tried with behavior block alerts, because I can't get my applications into a Custom Mode "before" they run (didn't some user mention that recently?) also your bb_Test for elevations, did not trigger the behavior blocker for me, and it did ask (and got) permissions. Also..... I've been noticing, there hasn't been a "Create Custom Rule" on some of the alerts.... even when the application has no rules created for it either.
  14. I realize this probably best of all. As when I first used this feature, I ended up blocking every vital Windows program. I ended up, having to restart in safe mode, disable emsisoft, restart, fix the settings, restart again. So I, more than anyone probably understand what kind of issues this creates. The goal was, to find what was the absolute minimum required to run windows. The feature in question, I remember now, in EIS v9, it was called "Paranoid Mode", and when it was activated, it would put everything in this custom detection, and give you all of the alerts.... which in my eyes, is still useful. Much of the "major issues" you speak of, could easily just be worked around by warning a user, not to block specific things. There are plenty of people who don't see the difference, and/or don't understand it. I think in this case, you are really over-simplifying the user here. there are distinctly different Tabs. marked "Application Rules" and "Firewall" and then in the application rule, its-self there are 2 distinct tabs for Applications, and Firewall... However, if you insist on going the route of what might confuse a person, I think the "Behavior Blocker" and "Application Rules" tabs, seem more confusing. Behavior Blocker tab, serving as a sort of task manager. Every program that is running should already have an application rule... and you really only need to have the 1 tab listing all of the running tasks, and then split up and grayed out showing tasks that are not running, but still have rules. then just click on one to modify an application rule. and having a Firewall tab, with "general firewall rules", is more confusing, because the applications have their own set of firewall rules, which are found in the application rules. So initially, there are a few things that could be confusing, and its just a matter of becoming familiar with the application. i think, what is more of a crime, is thinking you are protected in a certain way, and discovering you might not be, all because someone thought that "you wouldn't understand" If they want things to be as simple as possible, they still have that option.... no one is forcing them to change their "advanced" settings. The same theory applies to the firewall rules, for "Automatic rule settings", no one "has" to change those settings, but when they do.... the behavior will change, and if they don't like it... they can change it back. Same applied to every time in EIS v9, that i clicked the "Paranoid mode", and i had to reboot and change my settings every time i "screwed up", it was my choice... and I must have found something of value, to try to get it to return. I've seen that remark about catering to the average person, and it doesn't cut it. you want a product that is easy to use, so do i. lol but bottom line is..... EIS is here for one thing, and one thing only. Security. It is a "perfect" example of the security pyramid, compromising Security, for ease of use. "Security" - "Functionality" - "Ease of use" any time you compromise one of the 3 sides of this triangle, the other 2 suffer. In this case, you are willing to compromise the most important.... to satisfy Ease of Use, and that is not good. Functionality also suffers here too.
  15. EIS 2017.7.0.7838 Windows 7 32-bit Try opening a program with no firewall rules, trigger the firewall. (Tested with svchost) Click "Create Custom Rule" click "Add new Rule" then press the Enter key. The focus seems to toggle back to the original Alert, but locks you out from doing anything, press Enter again, to get the focus back to the rule creation dialog.
  16. When I am alerted to a firewall conflict, I have almost never or rarely set the application rules for a program, because the Alert, is to address a specific firewall issue, of whether this port should be allowed or blocked. granted, that might come down to my specific habits, but i don't think i'm alone, in that when you are questioned about a firewall issue, I'd guess most other people probably address the issue confronted with, and don't go poking around the applications behavior blocker. its like, if your boat springs a leak, you plug the leak... you generally don't stop there, and decide there are other maintenance issues that need fixing. (even though its probably a good idea). if the user is allowed to address one little issue at a time through these custom alerts... they typically won't have to do them all at once.... and then, providing they made the right choices, their system will be more secure overall. as far as the confusion over the application alerts vs the firewall alerts... i personally have never found any confusion there... the firewall alerts, and the application alerts are dinstinctly different... Surely even novice users would know there is a difference between internet activity, and application activity. If the Firewall has the "Advanced Settings" to (Ask) a user for permission, why wouldn't the Application Rules have it as well?
  17. I realize v10 has always worked like this, but i do believe that it shouldn't be like this. setting a firewall port, should not affect the monitoring condition of the application rules. as they're separate entities. (under the same roof) If no port activity was detected, everything is simply allowed, until it either does something critical or an application rule is created. i really think setting everything to all allowed, is a mistake. that is one of the features i loved in v9, was that you could have it question every custom behavior. you would get a handful of alerts at first, but after a bit of computer usage, alerts became minimal. I've seen other firewalls do similar things, with an "All Allowed" arrangement by default, and in my eyes, that isn't really protecting you, if its not making you aware of all that is going on. By setting utorrent to monitor custom events, the following were observed: These behaviors, in my eyes, seem pretty serious... with the "All Allowed" setting, I would not know these events are taking place. sure I might get a few more alerts, and EIS might not be as "seamless" in the background as you might like, but I think everyone here would rather take 10 more alerts, than not knowing that something questionable was taking place in the background. Its the Alerts, that are letting us know we are protected... Not the text in the right corner of the screen that says "Your computer is protected!"
  18. Judging by the logic of the firewall settings, that you are being asked to confirm the allowance of a port, it doesn't quite make sense to ignore the programs activity, or at least keep quiet about activity that is surely questionable. It would be like telling your kids, okay.. you can only make certain phone calls to certain people, but feel free to do whatever you like, so long as it doesn't affect the rest of the house. that is why i strongly feel we need an Automatic Application Setting, which does the same as the firewall, so that it is by default going into custom detection mode. People with this setting enabled, would at least know they are going to be addressing more alerts. Plus... these types of alerts, you generally only have to deal with once... and then its smooth sailing.
  19. Keep in mind, this is also with "Look up reputation of programs" turned off. If the utorrent.exe rule is not yet created... and in Firewall Settings, I have all of the automatic rule settings set to "Allow" When I open utorrent.exe i am not prompted with any of these alerts, and it is being allowed to run without any of the mentioned alerts, because there is not yet a rule for it, and it is being treated as "All Allowed" It is only when I specifically set it to (Custom) is it warning me about these potential problems. I think no matter whether you have a rule for it, you might need to have an option to treat all programs as if they are being Custom monitored, otherwise, everything will be allowed. The firewall doesn't seem to have this issue... because of the advanced firewall setting to (Ask)
  20. If I set utorrent.exe to (Custom) before I run it, I get the following Alerts: Program is attempting to modify your documents in a suspicious manner. Program is behaving in a similar manner to a Backdoor. Program is attempting to download data invisibly from the internet. Program is attempting to modify an autorun entry. Where as, if is being set "All Allowed" by default, it runs smoothly, without alerting. I think this could be fixed, by setting the application behavior to (Custom), whenever a new a2rules entry is added, and the firewall rule is being modified.
  21. Emsisoft Internet Security Version: 2017.6.0.7838 (Beta) Windows 7 (32-bit) Service Pack 1 (No other known conflicting software installed) I think I have discovered a problem that could be a serious security risk. If you have in your "Automatic rule settings", all of your entries set to "Ask" (for Advanced Firewall Settings) Then you Allow/Disallow a firewall rule, an application rule entry is created. The firewall settings are being set, but the application rule is by default set to (All Allowed) I think at very least, there should be an option in Application Rules to (Ask), just like in Firewall rules. or that if Applications Firewall settings are being set to custom.... then so should the Behavior Blocker. Here is why this is an issue... when I open utorerent.exe I first get a connection attempt, and when the rule is created, the Custom Behavior is set to "All Allowed". If i create a rule for utorrent.exe and set the Custom Behaviors to "Custom", I get about 5 different Custom Behaviors that should have been given warning, but is being bypassed because it has by default been set to "All Allowed" the behaviors were: modify auto-run entries, backdoor activity, etc. Basically, the rule creation for firewall settings, is affecting the security of application behaviors being detected.
  22. To give some feedback about the Forensics Logs. I actually didn't think I'd ever be using this feature, but since the update, I have unconsciously used it twice and found it useful. First, was when I accidentally clicked through allowing a port... using Forensics log, i was able to go back and see what it was i had allowed. good work.
  23. Glad I found this thread... I had all of these things on my mind when I first tried it out. I was honestly, just more happy that it was blocked correctly, I didn't really mind how I was notified. When I blocked a program that came from the Explorer taskbar, it told me the link had been removed and asked me if I wanted to delete the item. Which is fine... its just detecting that the program is no longer available as it once was. In Windows 7 (32-bit) when I block mspaint.exe like stapp did, I do get a different Windows error message. Mine is.... C:\Windows\System32\mspaint.exe The parameter is incorrect Which I still think is fine. If we start adding EIS Alerts to everything that was blocked, it might start to become intrusive. I will admit, in the past, I've probably set a block and forgotten about it, but I eventually remembered i'd set it and remembered this type of behavior.
  24. You said that a2service.exe won't block a program if it starts before the a2service. Out of curiosity, do you happen to know how Windows decides what program is to run first? ie. which executable takes precedence.... is it alphabetical order? Which might make sense, considering the starting characters "a2", or is it perhaps by order of added entry?