Personal Firewall Test: Privacyware Privatefirewall 2.0

By Seán Boran

March 16, 2001 - This article is a part of a series of tests on Personal Firewalls/Intrusion Detection Systems. Refer to [1] for an introduction to Personal Firewalls, risks, tips on "hardening" your Windows even without a firewall, a feature comparison and a summary of analyses.

This report focuses on the Privatefirewall 2.0 by Privacyware.


Security Effectiveness Tests

Key criteria in choosing a Personal Firewall are:

How did we test attack defense effectiveness?

  1. Ping and accessing shares to and from the test host.
  2. A powerful, well known "remote control" Trojan (Netbus Pro v2.1) 3 was installed on the system on a nonstandard port (to make detection more difficult), the Netbus server started and attempts made to connect from a remote system.
  3. The telnet server was enabled on the Win2K test PC. It was then attempted to connect to this service remotely. It is not recommended that you enable telnet; we do this purely for testing purposes.
  4. An nmap 2 scan was run, to check that incoming ports were effectively blocked. With no firewall installed, the test PC (Win2K sp1) presented nmap the following (nmap -v -sT -P0 -O IP_ADDR).

Port State Protocol Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
17/tcp open qotd
19/tcp open chargen
23/tcp open telnet
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen
No OS matches for host



Overview

Privatefirewall 2.0 by Privacyware [4] is a relatively small and simple firewall:

Privatefirewall continuously checks and changes settings that allow unauthorized users access to information stored on a Windows or NT-based PC. Privatefirewall also constantly monitors other sensitive areas of a PC where intrusion can occur and reports on their status so that users can make regular decisions about these areas and make changes as necessary.

V2.0 build 1.12.16 was tested on Windows 2000 SP1.

To get a feel for the GUI, check out the "test drive": http://www.privacyware.com/pf_testdrive2.html.



Features



Security Effectiveness

Effectiveness tests:

1. Ping & shares tests

Incoming ping and access to shares is blocked.

2. The Netbus server

3. Telnet

The firewall did not complain when the Telnet server was started. Incoming telnet was stopped though.

4. An nmap scan

All ports are filtered; the operating system version was not detected. The logs are filled with alerts, one for each port scanned.

5. Other tests:



Advantages

  1. Small, simple but quite powerful.
  2. Installation and deinstallation were painless.
  3. Interesting security model.
  4. Cheap, and a working version can be downloaded to test.
  5. Works on Windows 2000.
  6. Separate policies for Home, "On the Road" and Office use.
  7. Prevention: the PC is examined for weaknesses and the user informed on how to improve security. For example, the user is encouraged to disable file sharing.



Disadvantages

  1. All outgoing traffic is passed. It should be possible to define rules that block specific traffic, but I was unsuccessful in my attempts to block outgoing SSH, for example.
  2. Understanding where and how to edit rules is not easy.
  3. Documentation is poor. I could find no detailed information of what the product does on the website. There is online help, but it is limited.
  4. User interface:
  5. Intrusion detection:
  6. Reaction
  7. No corporate features.



Summary

User interface: for some home users, the default configuration is ideal and will work fine, out of the box. If the filter rules need changing, the user will need time to master the tool to configure it correctly. The user might inadvertently open the firewall entirely, as the GUI can be misinterpreted.

Laptop users will appreciate the security policy flexibility.

Security effectiveness: incoming ports are well protected but outgoing ports are allowed, which is not optimal.
Effectiveness of intrusion detection: alert and logging needs improvement.
Effectiveness of reaction: discovering the identity of attackers and blocking attacks is not easy.

Privatefirewall 2 is an interesting product at a good price, but improvement in several areas would be welcome.



References

  1. Personal Firewalls/Intrusion Detection Systems (the base reference for this article).
    pf_main20001023.html
  2. Nmap
    http://www.insecure.org/nmap

  3. Netbus Pro: Remote-control program often used as an attack tool to control remote PCs.
    http://netbus.nu/

  4. Privatefirewall 2.0 by Privacyware
    http://www.privacyware.com/downloadspecial.html

About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

Changes to this article

16.Mar.01 sb First Publication 

© Copyright 2000, Seán Boran, All Rights Reserved     Last Update: 10 octobre, 2001