Outpost 3.5 - What to expect

[Paranoid2000]

Outpost 3.5 has now been released with the following features (please see Outpost 3.0 - what to expect for details on previous versions):

Please Note: If you have followed the setup instructions in A Guide to Producing a Secure Configuration for Outpost for Application DNS, then this will not be practical under 3.5 since it has removed support for user-created or modified preset rules. While existing configurations will work, users with this setup should consider remaining with their current version of Outpost and contacting Agnitum to request this feature be reinstated.

What's New:

1. Ability to disable logging for individual rules (check the "Do not log" option in the Action section).
2. Anti-spyware plugin scans applications and components when a Rules Wizard/Component Control popup is triggered.
3. Ability to auto-create rules for known applications when they attempt to connect (Outpost will provide an alert when this happens). This will also affect global rules so those running a "tight" configuration should consider disabling this option (Options/Policy/Automatic Rules Creation/Do not create rules automatically). Outpost will download new presets from Agnitum as part of its update if this option is enabled (and will display an alert of the form "Outpost knows about X applications"). Note: 3.5 builds prior to 641/458 did not perform adequate checks on applications prior to making rules which could result in malware being granted access. Those using 3.5 should ensure they are running build 641/458 or later which fixes this problem.
4. Option to set rules policy when Outpost starts (the default is Block Most). Setting this to Stop All should remove the existing window of vulnerability on Windows startup but may also cause problems with obtaining an IP address - if you encounter problems, try opening a Command Prompt Window and typing ipconfig /renew (Windows 9x/ME users, open a DOS box and type ipconfig /renew_all).
5. Agnitum ImproveNet option allows Outpost to send details of your rules to Agnitum for them to make available as presets for other users (subject to review). The data collected should have no personal information included.
6. Lower CPU utilisation for logging.

What's Fixed:

1. Outpost no longer has the shutdown vulnerability mentioned in this Security Advisory, but still has one on startup unless "Stop All" is selected in Options/Policy/Advanced/Firewall Policy - however doing this may cause problems with obtaining an IP address on startup, see above.

(note: these lists are not complete but try to highlight the most significant issues reported - please check the Outpost History of Changes on Agnitum's website for more details).

Upgrading:

Via Agnitum Update
This is the easiest option, but updates are restricted in number to avoid server overload and are not typically made available immediately. If you receive a message that you already have the latest version (and your version number as supplied in Help/About Outpost Firewall... is earlier than that shown in the Current Build in the top-right) then either retry later or download a copy of Outpost 3.5 from the Agnitum website.

By Direct Download
Outpost 3.5 is available from Agnitum's website (there may be a delay before resellers have it on their sites also - if in doubt use the main Agnitum site). To use your existing configuration, take the following steps:

1. Make a backup copy of the configuration .conf and .cfg files first (to another folder, to be safe). If you have customised other files (like the preset.lst rules preset file), then take a copy of those too;
2. Disconnect from the Internet;
3. Uninstall your existing copy of Outpost and any third-party plugins using Add/Remove Programs in the Control Panel (remove the plugins first);
4. Reboot your system when prompted;
5. Pre-Install Preparation: To minimise the chances of problems arising from an Outpost installation, check that your system is clear of malware (see either the CastleCops Malware Removal and Prevention pages or the AumHa Parasite Fight! page for instructions and links), close all running programs and disable any background virus scanners. If you are running any software that restricts application activity, software installation or registry modification (e.g. Process Guard, Abtrusion Protector, System Safety Monitor, RegDefend) please note that the Outpost install will add a service and make numerous registry changes - ensure either that these actions are permitted for the Outpost installation or that the security software is disabled during the install;
6. Install the downloaded copy of Outpost. Outpost 3.5 will prompt you to do a full system spyware scan at the end of its install - it is suggested that you do not do a scan until (a) you have been able to update the plugin's signature database and (b) you have excluded the Hosts file if you are already using one for ad/spyware blocking;
7. Copy your saved configuration files into the Outpost program folder and load them using the File/Load Configuration option;
8. Check your configuration to ensure that everything appears normal;
9. Reconnect to the Internet.

Known Issues:

1. The preset.lst has been replaced by a preset.conf which has presets in encrypted form. This means that users can no longer modify or create new presets (which in turn makes implementing the Application-specific DNS option from the Secure Configuration Guide impractical). Those using this option should contact Agnitum (Agnitum Online Support Form) to request reinstatement of this feature.
2. Long hosts lists in rules cannot be edited (the port number, if present, appears superimposed over the list).
3. The "Do not log" option does not seem to work completely with some entries still being logged.
4. Third-party plugins do not currently work with 3.5. Please check the appropriate forums (e.g. the Blockpost Forum) for updates. Plugin authors will have to wait for Agnitum to release an updated Software Development Kit in order to make their plugins compatible with 3.5.
5. Rules created automatically cannot be deleted (they will be re-created when Outpost is restarted if this is tried) but only disabled.
6. Leaktest performance on 3.5 builds prior to 641/458 was lacking due to Component Control issues - this has now been rectified.