Back in the day, every self-respecting computer geek installed a personal firewall for protection against attack by hackers. These days Windows itself includes an effective firewall, and many users get their firewall protection as part of a security suite, or as a bonus feature in an antivirus. As a standalone personal firewall embellished with numerous tools for über-geeks, Outpost Firewall Pro 8 ($29.95 direct; $39.95 for three licenses) seems a bit retro.
Outpost Firewall Pro bears a very strong resemblance to Outpost Antivirus Pro 8, and in fact quite a few features overlap. Both offer self-protection, Auto-Learn mode, and an Entertainment mode that kicks in to avoid interrupting full-screen programs. Both rely on a number of proactive protection technologies to prevent potentially dangerous activities. Both include an option to prevent transmission of user-defined personal data.
Of course, Outpost Firewall omits antivirus scanning and adds firewall protection. In addition, its Web Control feature lets you block Flash, Java, and other types of active content. You can set it to block online advertisements, and you can lock down specific files and folders to prevent all access.
Protection Against Hack Attack
Outpost properly stealthed all of the test system’s ports, making it invisible to outside attackers. It resisted all the port scans and other Web-based attacks I threw at it; in several cases it specifically identified the attack and blocked all access by the attacking site for five minutes. That’s better than Windows Firewall, which can manage stealthing the ports but doesn’t take specific action against port scans.
The firewall component in top suites like Norton Internet Security (2013), Kaspersky Internet Security (2013), and Bitdefender Internet Security 2013 will block attacks that attempt to exploit vulnerabilities in Windows, the browser, or other sensitive applications. When I attacked these firewalls using thirty-odd exploits generated by the Core IMPACT penetration tool, they detected and blocked nearly all of them.
Standalone firewalls don’t do as well in this test. Like Comodo Firewall 5 and ZoneAlarm Free Firewall 2012, Outpost Firewall didn’t detect any of the exploits. None of the attacks managed to breach security, because the test system is fully patched. However, a zero-day exploit would have slipped right past the firewall.
Your firewall can’t protect your PC if it doesn’t protect itself from attack by malware. A malicious program might try to terminate Outpost’s processes or disable its essential features; it wouldn’t succeed. I couldn’t terminate the single Outpost process visible in Task Manager, and when I tried to stop or disable its services it required user confirmation, something malware couldn’t give. That’s a good start.
Outpost’s self-protection feature prevents modification of its files, so I couldn’t disable features by setting them to FALSE in the program’s configuration files. I did manage to tweak those files by rebooting into Safe Mode, but that’s not something a malicious program could do.
Chatty Program Control
The other half of a personal firewall’s job is program control—determining which programs are allowed to make Internet and network connections. Early personal firewalls earned the ire of users because they popped up a ton of confusing security queries.
Outpost avoids this plethora of popups with what it calls Auto-Learn mode. In this mode, it assumes that every program requesting an inbound or outbound connection has a perfect right to make that connection. It not only allows the online activity, it creates a rule to allow it in the future, even when Auto-Learn mode is turned off. If a spyware program manages to phone home when Auto-Learn is on, it will always be allowed to make that connection.
By default, Auto-Learn is turned on permanently until you actively turn it off. When you do, you’ll find yourself inundated by popups, not only from the firewall but from the behavior-based proactive protection features that are also found in Outpost’s antivirus.
Leak test programs try to fool program control into allowing their Internet connections by devious techniques like piggybacking on a trusted program’s connection or injecting code into a trusted program. While the leak test programs aren’t malicious, the same techniques are used by malicious programs.
Naturally I had to turn off Auto-Learn before checking Outpost’s handling of leak tests. In every case, proactive protection reported that the leak test was attempting to modify another program’s memory, or attempting to modify a critical system area. When offered the choice to allow or block these attempts, I always chose block. Despite this, a couple of the leak tests managed a connection, but Outpost did manage to alert the user.
The problem is, Outpost displays the same kind of messages for perfectly valid programs, so it’s hard to know what you should block. When I installed twenty old PCMag utilities, Outpost popped up queries for all but two, averaging more than three popups apiece. In every case, I clicked Allow for green popups, Block for red ones. And in each case, when I blocked the activity reported in a red popup the utility failed to function.
I can’t see any reason for a firewall to report that a simple, standard program installer is modifying another program’s memory or modifying a critical object. Outpost should fine-tune this feature to report only on significant activities. On the other hand, maybe it already does. While the Anti-Leak feature can track 14 behaviors, it allows all but three to proceed without a popup. Imagine if you enabled the rest! This just isn’t appropriate behavior for a modern firewall.
The best firewalls don’t foist important security decisions off on the user. Instead, they handle everything internally. Norton users a huge database of known programs, configuring permissions for known good programs, terminating known bad programs, and putting unknowns under heightened behavioral monitoring. ZoneAlarm’s SmartDefense Advisor manages thousands of known programs, ensuring that if you do see a popup it’s probably significant. Kaspersky assigns each program a trust level, with more and more limits on activity for lower levels.
One proactive component, the File & Folder Lock feature, isn’t shared with Outpost Antivirus. This feature will completely prevent access to any file or folder. Just trying to view a protected folder’s contents will get “Access denied.” You have to turn off this feature to access protected items yourself; you’ll want to password-protect Outpost’s settings so nobody else can turn it off. You can cause serious problems by using this feature inappropriately. For example, I protected the Windows folder and found that the Start Menu and Windows Explorer didn’t display correctly.
Java, Flash, ActiveX, and other types of active content make Web pages more interesting and interactive. They can also provide entrée for various malware attacks. Using Outpost’s Web Control feature you can fine-tune permissions for a dozen types of active content. You can totally block a content type, totally allow it, or set Outpost to prompt you with a popup when a Web page requires that content type.
Note, though, that certain websites simply won’t work if you block such building blocks as Flash, Java, and ActiveX. And if you set Outpost to prompt rather than block, you’re going to get a lot of popups. Most users will install an antivirus to fend off attacks rather than rely on technology that blocks good and bad websites alike.
Outpost also includes a feature to strip online ads from the websites you view. It can block ads that come from a built-in list of known advertising URLs, block all images that match a number of standard ad sizes, or block based on keywords you supply. You can set it to replace removed ads with the text “[AD]” or with a blank image.
If you use Internet Explorer as your browser, you can access the web control features directly through a sidebar add-on called Quick Tune. The sidebar also reports statistics on blocked items. When you see an ad that got past the ad blocker, you can drag it into a Trashcan panel the sidebar to block it in the future.
In testing, I found that a lot of ads got past Outpost, even when I dragged them to the Trashcan. Replacing ads with “[AD]” messed up the layout of some websites. For myself, I’d just as soon “block” the ads by ignoring them.
Like Outpost Antivirus, Outpost Firewall can prevent user-specified sensitive information from leaving your computer, with an option lift the restriction for specified URLs. You can choose to totally block network packets containing the sensitive information or just replace the data with asterisks.
You could add your online banking password to the list and then exclude your bank’s website, to make sure you don’t inadvertently enter that password at a phishing site. Of course, an effective antiphishing component would handle all fraudulent sites, not just the ones you protect manually. Outpost nominally includes phishing protection, but in testing with hundreds of very new phishing sites I didn’t see it block a single one.
Outpost Firewall’s Tools panel includes a collection of tools to warm a techno-geek’s heart. You can watch exactly what’s going in and out of the system’s ports, view a detailed analysis of all running processes, log all file and Registry activity, and more.
The only time an average user might conceivably invoke these tools would be on the advice of tech support, to gather information for solving a problem. Otherwise, those without technical training should leave these tools alone.
Outpost Firewall Pro 8 is definitely feature-rich and full of activity. The problem is, it’s not the kind of activity users want or need. It warns about many kinds of activity that might be malicious, unless you leave its warnings turned off. And believe me, once you’ve experienced that flood of popups you will want to turn them off. For most users, the advanced tools and features just aren’t necessary.
You don’t see many standalone firewalls anymore, because a firewall without antivirus doesn’t offer complete protection. If you insist on picking your security components individually, rather than as a suite, you want a firewall that’s designed to rely on help from the antivirus.
More Firewall reviews:
|Tech Support||Email, knowledge base, and forum.|
|OS Compatibility||Windows Vista, Windows XP, Windows 7|
|Type||Business, Personal, Professional|
Copyright © 2012 Ziff Davis, Inc