4. Windows: Lauscher, Wächter, Firewalls
Geradezu aus dem Nichts taucht plötzlich eine offensichtlich ganz brauchbare Firewall auf: The PC Viper Personal Firewall für Windows 95/98/ME/NT/2K. In der shieldsup-Newsgroup entbrannte nach der Entdeckung der gefährlichen Otter Anfang August 2000 sofort eine heftige Diskussion; nicht einmal Steve Gibson hat jemals etwas von PC Viper gehört. Die Web-Seite wurde genau unter die Lupe genommen, sie stammt offenbar aus dem gleichen Host-Bereich wie Edge Technologies, Inc. (siehe auch ganz unten) – ein Hinweis auf den Hersteller? Das von dort downloadbare File wurde mit allen möglichen Antiviren-Scannern und auf Trojaner-Aktivitäten hin geprüft – alles soweit in Ordnung damit.
Auf der Web-Seite ist keinerlei Information zu finden, ob das Produkt Shareware ist, oder was es kostet. Nach der Installation ist in der Datei license.txt zu lesen: »This is not free software. Subject to the terms below, you are hereby licensed to use this software for evaluation purposes without charge for a period of 21 days. If you use this software after the 21 day evaluation period a registration fee of $40 is required.« Das Feld mit der Seriennummer kann leer gelassen werden. Einigen mißfällt, daß vor dem Download ziemlich viele persönliche Daten abgefragt werden (die aber nicht stimmen müssen). Wenn eine gültige eMail-Adresse angegeben wird, erhält man eine funktionierende Seriennummer. Die Software scheint nicht »nach Hause telefonieren« zu wollen.
Einige User berichten, sie seien beeindruckt, PC Viper habe eine Reihe interessanter Features, Security-Online-Scans (ShieldsUp...) zeigten den PC als »all stealth« an, die Software scheine einwandfrei zu arbeiten, Verbindungsversuche würden angezeigt.
Die Registerkarte "Traffic" besteht aus einer animierten Grafik, die den hereinkommenden und hinausfließenden Datenverkehr darstellt. Allen schreibt: »PC Viper can be setup to work at Maximum Security Setting over a home LAN using Win98 ICS! And it asks for authority for programs to access the internet - has a packet capture feature and more! So YES - PC Viper is a worthy contender in the low cost firewall market. Most of the info on the website dates to 1999.«
Weitere Recherchen ergaben, daß PC Viper offenbar 1998 entwickelt wurde, das letzte, nirgendwo dokumentierte Update (Version 2.4) fand irgendwann nach März 2000 statt. Das Produkt wurde offenbar niemals beworben oder angekündigt.
Allen berichtet weiter: »The Edge-Technologies site seems to be promoting a line of ›admin tools‹ for corporate networks. Perhaps PC Viper is part of the development toward that effort and has just been ›left behind‹. It seems to work quite fine – what more could they have done with it? What’s worse is that it seems to deliver what it promises. It has the features of a personal firewall ›of your dreams [perhaps]‹ – inbound/outbound monitoring – user intervention required to authorize local programs first access to the net – log capture – user configurable trusted zones – works with Win98/ICS (I had to add the ›local LAN IPs‹ [and calls] to the trusted hosts list). From my standpoint – it’s not ›glitchy‹ on displays or operation. Actually – it looks like a fine example of programming. It’s had over two days here to do whatever it was going to do – and it hasn’t done anything but work like a charm. Even fully released fully purchased programs don’t have such a good history!«
Auf der PC-Viper-Website gibt es ein paar nette Bildschirmfotos und etwas versteckt auch eine mustergültige Online-Hilfe, in der die Version 2.3 erschöpfend beschrieben ist. Wir haben dieses mysteriöse Programm jedenfalls sogleich vertrauensvoll dem
anheimgestellt. Trotzdem hier noch die Warnung; ein Programm, von dem man so wenig weiß, sollte nur von Profis getestet werden, deren Computer-System für solche Fälle eingerichtet ist.
Update: Inzwischen konnte der Entwickler von PC Viper »ausgeforscht« werden. Watchman schreibt: »I have exchanged several e-mails with a PC Viper representative by the name of Bryan Baisden (Product Line Manager - PC Viper Edge Technologies, Inc.). He is aware that this firewall is getting lots of attention here and promises to make an appearance here shortly to answer questions and solicit feedback. I am assured this is a legitimate company with some incredibly poor marketing representatives. I reminded him of the recent sale of ConSeal Private Desktop to McAfee and AtGuard to Norton for who knows how much money. Anyway... I got a very quick response for a Sunday and this gentleman seemed interested with what i had to say about his product. His development team will be glad to finally get some feedback. Hard to imagine this product has been around since 1998 without any advertising. Talk about an orphan. Well perhaps that will change now. I certainly am impressed PC Viper and i'm having a lot of fun with it.«
Die Seriennummer, die immer gleich ist, lautet AF3E-47D9. Die Software scheint nach Ablauf der Evaluierungszeit weiter zu funktionieren.
Urgje schreibt: »Still searching for a process viewer that really shows them all, certainly since I found out that PCViper keeps an elementary driver running even if it’s supposed not to have started at all, and I could not see it anywhere.«
Die Registerkarte "History" besteht aus einer Liste, die alle IP-Adressen und Host-Namen anführt, mit denen Verlauf der Sitzung Kontakt aufgenommen wurde. Mehrere Abonnenten der Shieldsup-Newsgroup haben die PC Viper Beta Version 3.0b (funktioniert laut EULA 21 Tage) heruntergeladen und pflegen Erfahrungs- und Meinungsaustausch darüber.
Bryan Baisden, PC Viper Product Director, Edge Technologies Inc., schreibt am 26.8.2000:
»Due to overwhelming response we have posted the 3.0 Beta version of PC Viper on our website (www.pcviper.com). This version is currently available for free for evaluation feedback and feature suggestions. This is your chance to get what you want in a personal firewall.
The official 3.0 release will include several more features as well as support for NT and 2000. We expect for the official release to hit the streets about mid September costing $19.95.
The new Beta has the following features:
- Alert Log Roll up.
- Alert Log maximum size configuration.
- Packet Log maximum size configuration.
- Icon flashing disable option.
The 3.0 version's official release will support 2000, NT, Millennium, 98, and 95 Operating Systems. The official 3.0 release will also include the following new features:
- Server Protocols - Disables stealth mode on a particular protocoland allows the machine to act as a server on that protocol.
- Blocked Hosts - Blocks specific hosts.
- Blocked Protocols - Blocks specific protocols.
- Automatic Upgrade Capability. PC Viper can be configured to checkfor new upgrades and automatically upgrade itself when new are present.
The 3.0 version also fixes some bugs. There is a bug in Trusted Hosts when you specify a range of IP's it sometimes opens up PC Viper to more IP's than specified. That problem is fixed in the new Beta. The new Beta also fixes some problems with multiple NIC cards and modem gateways. There are some other minor bug fixes as well. Let me know if you have any problems or feature suggestions.«
Die Registerkarte "Network Statistics" besteht aus einer grafischen Anzeige der durchgekommenen und blockierten Datenpakete.
Allen schreibt: »PCViper Test Beta [Initial Report]: The EULA has been checked and it seems to be OK to distribute this beta test file. There is a link where it can be downloaded. I did just that.
Initially - I'm reporting that this version installs nicely on Win 98 - [I did uninstall the previous version first]. Once installed - you will be asked for a Code or Serial Number ... just enter anything - it will proceed to load. Once loaded - you will notice that it looks just like Version 2 - but the About will confirm that you are running Version 3.0b . At first - it just sits there - but when you open your first program that requires the internet - you will be asked to confirm acceptance that this program can access the internet. And so on. Once you are online - Viper is already working. It is defaulted to indicate alerts - and perhaps you will begin to see a few. I caused a few by going to 'Shields Up' for a complete test - passed everything with "Stealth".
Now, ... here's where I started finding a few bugs ... once again with the logs and recorders. The purpose of this post is to assure others that the core of this program seems to be stable and should not cause any serious problems if anyone else wants to try it.«
Walter: »PC Viper passed a vital test for me this past weekend. My cable ISP changed my IP on Friday. Suddenly, I was getting over 6000 (not a mis-type) hits looking for Port 21. The hits were coming from Yugoslavia, Bosnia, Germany, and Australia; most of them from Yugoslavia. PC Viper stopped them all. I have never had an FTP server running, nor have I ever used such stuff as Napster. I checked Cookies, ran Ad-Aware, searched the Registry, etc. Nothing on my machine was related. I have dual boot setup, so I booted to the Win98SE partition instead of the WinMe partition, with the same results. So, at least for me, PCViper did its job on both Me and SE. With the new beta, I was able to set my log to record 7000 alerts. The new logging is also nice because it doesn't repeat each IP alert, but gives a total of attempts by each in the left hand column.«
Allan weiter: »I am both 'impressed and depressed' with the current PC Viper program. I'm using Ver 3.0b at the moment - and as a firewall it works great on my Win98 / ICS setup. It went right in and began to give alerts. I was able to see local applications requesting access to the internet and similar initial 'alerts' coming in from my other local network activity. Straight forward config settings are required to get it working in individual setups - but the changes are minimal and explained. I can get a 'Stealth" at any test site tried thus far.
I'm depressed because several internal features are not working right. My first complaint has to be with the Alert Display and Logging. PC Viper does stop attack probes from say GRC - but when you go back to look at the Tabbed Alert Screen ... all you see is Steve's IP number and DNS lookup and a total number of attacks - all on one line. IF you save this log - you get just one line. However, as the alerts are coming in ... you get a flag for each event showing time, IP, port number and protocol. This data is not going onto the Tabbed Screen - and cannot be saved into a text log file. The only time that you have this data is while the Alert Flag is active.
I'm depressed because the Packet Recording Feature suffers from a similar fault. PC Viper is the only firewall that I know of that features a 'real-time' Packet Capture Module that would let us see and ultimately record packet events - in a similar form to that which Steve used to make his case with Real. The actual Packet Data is captured on individual lines started with Send or Receive - and this data is viewable under the Tabbed Packet Window - however, when saved to a log file - the data is reduced to basic info - and the packet content is lost.
Personally - I'm looking forward to the next beta - hopefully these problems can be resolved.
Also: Forwarded to The Janitor!«
Jemand fragte Allen, ob The Janitor denn auf seine Berichte reagiere. Allen erwiderte: »Absolutely! Within about an hour. Explaining that he was very busy and didn't really have time to keep up with all of the messages on all of the GRC newsgroups ... I accepted that, as an understatement to say the least. I too, have been forced to scan the threads for subjects of greatest interest. At the moment - there are about 1800 new posts here that I haven't really had a good chance to scan.
Bryan says that the release version will have the roll-up Alert feature [same IP counted on one line] - but it will be 'user optional'. He also says that the logging problem will be fixed on Alerts and Packets. I have always tried to impress on him - how unique the Packet Recorder is to his product. Honestly - I've enjoyed looking at a few events to see exactly what is 'actually' sent and received - at the packet level. I really want to have usable logs too.
I think our concerns mean quite a bit to the Viper product development team. All replies have included those magic words --- Thank You for...«Inzwischen ist die Finalversion 3.1 (Presseaussendung) von PC Viper zum Preis von zwanzig U.S.-Dollar (nach einer Evaluierungszeit) erschienen. Hier die Lizenz-Bestimmungen.
Bryan Baisden am 28. 12. 2000: »We have just released the 3.1.6 version of PC Viper which prevents all phases (1, 2, and 3) of Steve Gibson’s excellent Leak Test.«
Bryan Baisden am 19. 3. 2001: »PC Viper is no longer part of Edge Technologies, but rather now owned by a company called Source Velocity. Also we have just released the 3.1.8 version of PC Viper as well.«
Ein Leser unserer Web-Seiten schreibt uns am 31. August 2001:
»I have since purchased PC Viper 3.1.8, and to say that I am impressed with it is an understatement. It has gone a long way since version 3.1.6 was reviewed (and heavily criticized) by Steve Gibson.
PC Viper provides full stealth out of the box. The only settings a user needs to make is specifying trusted/untrusted hosts and applications allowed/not allowed on the net. The ruleset itself seems to be hard-wired.
PC Viper 3.1.8 is the only PC firewall to provide packet logging.
I only have a few minor gripes about it:
- once an alert is acknowledged (OK/OK to all), all fine-grained knowledge about it is discarded, leaving only the IP and the date of the attack in the log
- hosts can only be entered in quad IP notation, even if the alert knows the host name
- packet logging is assigned a fixed amount of memory, and it stops when this is exhausted; a circular buffer (of a size I set) should be used
- and a few other minor things.
All in all, the best firewall I have seen, and the easiest to use. No TCP/IP knowledge is expected from the user.«
elektronischen Privatsphäre im Breitband-Internet
Diese Seite wurde zuletzt am Donnerstag, dem 07. März MMII, aktualisiert
Redaktion: ms
URL: http://www.home.pages.at/heaven/sec.htm