Outpost 4.0 - What to Expect

[Paranoid2000]

Outpost 4.0 has now been released with the following features (please see Outpost 3.5 - what to expect for details on previous versions):

Windows 9x/ME users please review the changes carefully - 3 of 4.0's key features (Anti-Leak, Self-Protection and Game Mode) only work with Windows 2000/XP onwards, even though they appear to be present on Win9x/ME installations. While the more advanced leaktests (e.g. Thermite, CopyCat) will not run on Win9x/ME, Outpost 4.0 has been reported as failing Wallbreaker (test 4) so is likely to provide poorer leaktest performance than 3.5 on these versions of Windows.

What's New:

1. Windows x64 support (the x64 version is a separate download).
2. Anti-Leak (replaces Hidden Process and Process Memory Control) - Covers a range of program actions, allowing 4.0 to block all known leaktests. Note that this will also alert on similar actions from legitimate software; (does not function on Win9x/ME)
3. Self-Protection - When enabled (via Tools/Enable Self Protection), Outpost will block any attempts to alter its files, processes or registry settings. This is a significant security feature since previous Outpost versions could be effectively disabled by altering certain registry keys; (does not function on Win9x/ME)
4. "Game Mode" - Outpost's Entertainment Mode provides the option of disabling Anti-Leak/Component Control and switching policy (to Block Most by default) when a full-screen application (including games and DVD players) is running, ensuring that no prompts appear until the application is finished (the application itself is made a Trusted Application, allowing it to send any traffic). Outpost will prompt for this when an application goes full screen but it can also be set via Options/Application/Edit.
   
   Switching off Anti-Leak/Component Control will disable Outpost's ability to block malware sending data out using leaktest techniques so it does reduce security but it is a better option than shutting down Outpost entirely, which many on-line gamers were doing to avoid any interruption; (does not function on Win9x/ME)
5. Component Control - Now includes a Low setting which will only alert if the application requesting network access changes (ignoring DLLs entirely);
6. "Macro" Addresses - Rules can now include labels such as DNS_SERVERS or LOCAL_NETWORK) as Local/Remote Hosts which are dynamically updated, making it possible to create specific but flexible rules (in particular, users following the Secure Configuration's Guide to limit DNS access can now create rules that do not require updating if their DNS server changes, removing a key objection to Outpost 3.5's removal of custom presets);
7. Improvements to the Anti-Spyware plugin to allow it to detect and remove a greater range of spyware (resulting in larger databases for 4.0);
8. Auto-rules/ImproveNet now uses SHA-256 fingerprints to identify applications, a far more secure method than the CRC32 checksums which were used previously (Component Control still uses MD5 fingerprinting for performance reasons).

What's Fixed:

1. (Via Self-Protection) Several potential security vulnerabilities where installed malware could disable Outpost;
2. CPU utilisation lowered with some traffic-intensive applications.
3. File/New Configuration keeps existing rules active until the configuration is created. Previous versions would allow everything (effectively disabling filtering) while the New Configuration Wizard was running.

(note: these lists are not complete but try to highlight the most significant issues reported - please check the Outpost History of Changes on Agnitum's website for more details).

Upgrading:

Via Agnitum Update
This is the easiest option, but updates are restricted in number to avoid server overload and are not typically made available immediately. If you receive a message that you already have the latest version (and your version number as supplied in Help/About Outpost Firewall... is earlier than that shown in the Current Build in the top-right) then either retry later or download a copy of Outpost 4.0 from the Agnitum website.

By Direct Download
Outpost 4.0 is available from Agnitum's website (there may be a delay before resellers have it on their sites also - if in doubt use the main Agnitum site). To use your existing configuration, take the following steps:

1. Make a backup copy of the configuration .conf and .cfg files first (to another folder, to be safe). If you have customised other files, then take a copy of those too;
2. Disconnect from the Internet;
3. Uninstall your existing copy of Outpost and any third-party plugins using Add/Remove Programs in the Control Panel (remove the plugins first);
4. Reboot your system when prompted;
5. Pre-Install Preparation: To minimise the chances of problems arising from an Outpost installation, check that your system is clear of malware (see either the CastleCops Malware Removal and Prevention pages or the AumHa Parasite Fight! page for instructions and links), close all running programs and disable any background virus scanners. If you are running any software that restricts application activity, software installation or registry modification (e.g. Process Guard, Abtrusion Protector, System Safety Monitor, RegDefend) please note that the Outpost install will add a service and make numerous registry changes - ensure either that these actions are permitted for the Outpost installation or that the security software is disabled during the install;
6. Install the downloaded copy of Outpost. Outpost 4.0 will prompt you to do a full system spyware scan at the end of its install - it is suggested that you do not do a scan until (a) you have been able to update the plugin's signature database and (b) you have excluded the Hosts file if you are already using one for ad/spyware blocking;
7. Copy your saved configuration files into the Outpost program folder (with 4.0 you may need to disable Self Protection temporarily via Tools/Enable Self Protection) and load them using the File/Load Configuration option;
8. Check your configuration to ensure that everything appears normal;
9. Reconnect to the Internet.

Known Issues:

1. Outpost's Self-Protection will block any action with the potential to affect Outpost, including copying files into the Outpost program folder or relocating files (including disk defragmenters and registry/file cleanup utilities). There is currently no way to specify exceptions for trusted programs but Self-Protection can be disabled temporarily to allow a specific action. Users running other security software that controls file/registry access may prefer to configure this to cover Outpost's configuration instead.
   
   Self Protection will also need to be disabled when installing Outpost plugins or overwriting their configuration (e.g. using Windows Explorer to replace Blockpost's blocklist.txt file rather than using its Import function).
2. On some systems, Anti-Leak may block access to certain "non standard" desktop items or entries in Windows Explorer. There have also been isolated reports of some applications starting with no window - in such cases, there are 3 possible workarounds:
   • disabling Anti-Leak in Options/Application/Anti-Leak (this will obviously eliminate Outpost's ability to block leaktests and malware using similar techniques);
   • creating a wl_hook_data.cfg file in the Outpost program folder listing the problem programs - these will be exempted from Anti-Leak. In addition, program checksums will no longer be checked by Outpost so programs included could be replaced or altered without triggering an alert - however this is safer than disabling Anti-Leak completely;
   • renaming the wl_hook.dll file in the Outpost program folder (shutting down Outpost first) - this option will also disable Anti-Leak.
3. Third-party plugins will require an update for 4.0. Please check the appropriate forums (e.g. the Blockpost Forum) for updates (a 4.0-compatible version of Blockpost has been released by Fazion).
4. With auto-rules enabled, rules created automatically (which will include several global rules, shown in blue) are re-created if deleted (when the configuration is reloaded) - if you wish to remove a particular rule without disabling auto-rules then just disable it.
5. Avast: Standard Shield may cause system freezes if set to High, set it to Normal instead.
6. Process Guard: Secure Message Handling may not work by default with Outpost 4.0 since window closure is done differently (enabling SMH results in File/Exit and system tray Exit options doing nothing). If so, switching to custom SMH (enabling SMH then holding down the Insert key while selecting File/Exit or Exit, see Process Guard's helpfile for more details on custom SMH) should work.
7. Sandboxie: Outpost 4.0 includes new drivers, one of which is called sandbox.sys. This confuses the Sandboxie installer into believing its software is already present - if using Sandboxie, install it before Outpost to avoid this issue. This also means if uninstalling Sandboxie, Outpost will need to be uninstalled first.