Nvidia hardware firewall

[moosey]

With the firewall built into the nforce4 boards, is it still necessary, or better, to use a software firewall like kerio? Or does it work best when one or the other is used?
Also, is the nforce firewall worth using?

 

[fORM]

The firewall works fine. I dumped XP firewall and turned on the NV one.
It pops up with permission tabs from time to time and keeps any mystery programs from connecting.

Great for blocking silly programs like Quicktime, Real player and other useless media players.

 

[davvv]

Don't use it in tandem with any other firewall (dual firewalls can cause very weird connection problems).

 

[PascalT]

ihad big issues when i installed it. First when I booted up it asked for some kind of network login thingie, so i had to boot fromCD (ForceWare). then since I had sp2/windows firewall, my internet wouldn't work anymore, and the only way to fix it was to uninstall sp2.

 

[babyjocko]

NVIDIA Firewall is a joke.

 

[Glpster]

So far, I've been fairly impressed with the nVidia Firewall, despite a few minor problems, that will hopefully be fixed soon in future revisions.

The fact that it (along with ActiveArmor) is hardware based, and is protecting your PC essentially from the moment the power is turned on is, in a word, awesome!

And knowing all those bad and unwanted packets flying up against its brute hardware power and being pounded down before they can ever bother your CPU is SWEET!

Yes, it does have some room for improvment, but I suspect they are working on it, because it's an absolutely great idea.

 

[Glpster]

:Q :brokenheart:

I'm sorry to have to take back my previous "praise".

As much as I appreciate those other aspects of the nVidia Firewall, I JUST discovered a SERIOUS flaw!

I had the Firewall set to "High" protection mode (which is just below LOCKDOWN). I downloaded LeakTest from grc.com and ran it. The nvFirewall notification came up and I was able to deny access to Leaktest (thereby passing the test). Yay!!!!

HOWEVER, I then closed down Leaktest, and renamed it to iexplore.exe (The executable name for Internet Explorer). I re-ran Leaktest, and IMMEDIATELY the test failed, as an nvFirewall notification came up and said *ding* 'Hello, I recognize this program iexplore.exe and am therefore automatically creating a rule to allow it to access the internet whenever it darn well pleases. No action is required by you. Have a good day.' (in not so many words). And then promptly disappeared.

:Q :Q :Q

I could not believe it would allow that (something I know Zone Alarm alerts you to). What if a malicious program (renamed as an allowable program) launched when I wasn't around to see the notification. I'd have no idea it was accessing the internet at will.

Oh well, I guess I'll have to switch to Zone Alarm, and lose all that hardware offloading goodness.

Of course, I have no idea how to E-mail nVidia to alert them to problems, or suggest improvements for any of their products. I could not find any E-mail address for them on their web site. I looked in all the standard places you'd find one. Unless I missed it. Anyone know their E-mail address?

Grrrrrr..... :|

 

[Glpster]

Well, I just finished reading the ICSA Labs Certification Report for the Nvidia Firewall. After some requirec fixes, the Nvidia Firewall was given a passing grade by them.

Unfortunately this ICSA Lab certification is pretty crappy, if they could allow a glaring vulnerability like the one mentioned above get past them.

In fact, the stupid report they created is more concerned with and has more to say about the Logging ability of the firewall software than it is with the Firewall's enforcement of security policy without being circumvented.

Oye! I think I'm going to contact this ICSA Labs and see just what they have to say about certification of products that have serious vulnerabilities like simple renaming of a malicious program to an allowed program, or Leaktest's mysterious Stealth mode, to get past the firewall.

 

[Heinrich]

Interesting finds...most of the other posts around here say "it sucks" and "it's great" - thanks for your thorough contribution!

 

[TheNiceGuy]

I had all kinds of issues which seemed to be either NVF or driver related.
1) I tried to install ZoneAlarm initialy (with NVF disabled), but my PC locked up really badly.
2) I kept getting errors trying to install Kaspersky AV, and later even the bundled Norton AV.
3) None of my bittorrent programs would work properly, despite clearing ports, etc. I ended up switching to Windows FW.

Everyone I talked to said these were NVFW or driver related . I really like the idea of it, but can't use it.

 

[T3mplar]

The NV Firewall will access the CPU like every second and this is supposed to offload the CPU. My CPU got like spikes every second to about 15-20%, uninstall the Firewall and BINGO, no more spikes. Great offloading eh.

Both the NV RAID and Firewall functions on this board are VERY bugged and after a whole month of agony trying to get my NON OCed system to be stable under all circumstances I ended up using the Silicon Image RAID contrller and the Marvel LAN LOL.. all the hyped NForce4 features just wont give you that stability.. bummer!

Simon

 

[bradley]

On paper, it sounds like a great feature, just not so sure about the actual implementation. Biggest problem with Nvidia's firewall seems to be a lack of adequate documentation, and an unreceptive, almost cavalier attitude to questions or suggestions.

Firewalls are a serious matter, and I'm not about to trust my security to just anyone. Although, I wonder if ATI already has a hardware firewall in the works.

 

[Metaphis]

also the nvfirewall can cause many BSOD.... Seems like this was just a marketing spree and it can't really be used.

 

[BuckNaked]

I was running the firewall on a newly built system, and was playing some steam based games... I had a lot of hestiations and play was jerky and couldn't figure out was was going on... Finally uninstalled the Nvidia Firewall, and the now plays smooth as butter. I couldn't believe the firewall was having that serious an impact on the game, but it sure appears that it did.

Dave

 

[GadgetBuilder]

The nVidia driver set (6.53 presently) works well for many NF4 owners. A minority of NF3/NF4 owners experience a variety of problems/symptoms, as reported in the nVidia mobo forum. So concentrate on threads with over 100 views:
http://forums.nvidia.com/index.php?s=f3...ead353326152f9b12af806c46&showforum=34

Below I have briefly categorized the NAM symptoms reported in the nVidia mobo forum; hard to say how good individual owners are at properly determining the underlying cause but in most cases there seems to be a consensus. ( Buck_Naked and Metaphis should note that their problems are also experienced by other NAM users.)

-----------------------------------------------------------------
NAM (firewall) complaints: BSOD; P2P (bittorrent, emule) crash/ disconnect/slow; can't connect to certain sites (each user reports different problem sites); ftp blocked (sometimes works for a while); IE favicons don't work (recover if NAM disabled); excessive disk access

The frustrating thing is that the problems seem random, both in what happens and who is affected. Sometimes a system will work perfectly with NAM but after some event (like reloading XP and the drivers) will experience serious problems.

This leads to wildly conflicting opinions on the nVidia firewall's capability, functionality, and usefulness.

For example, many owners like the reduction in processor load when the co-processor in the NF4 handles firewall processing.
Then, you read this (follow the link at the bottom of the page; note the date on the review and on the problem description):
http://www.neoseeker.com/Articles/Hardware/Reviews/vnf4ultra/8.html

And you wonder if the firewall load reduction is real or just a marketing theory...

Given the number of issues raised in the nVidia mobo forum, I find it surprising that more reviewers of NF3 and NF4 boards don't encounter problems, especially with NAM. NAM draws the most complaints in the nVidia forum but each of the other drivers in the set has a similar laundry list of complaints.

nVidia ignores their forums and never responds or participates. Nor is there any way to contact nVidia concerning problems with their drivers -- "contact your mobo vendor". Updates to the mobo driver set are becoming less frequent - 6.53 was released March 17 and the fix for the problem noted in the neoseeker review (discovered in early February) was not included.