Agnitum Outpost 3.5 review
Hot on the heels of Outpost 3 with its Anti-Spam module, comes yet another release of this popular personal firewall application. The big change is the introduction of the ImproveNet ‘security community network’, bringing automatic sharing of application security rules between the end user and Agnitum engineers. This enables firewall rules to be created, maintained and updated automatically, with configuration handled remotely from Agnitum HQ.
ImproveNet sets out to make creating application rulesets easier, by moving some of that responsibility away from the end user and giving it, ultimately, to everyone else. It’s a typical community pool concept: you give permission for your configuration files to be uploaded to Agnitum engineers who check their validity before seeding the community pool with them. The Agnitum Update tool then distributes these rules to all other users, in much the same way that community databases have driven anti-spam filtering.
In theory, the creation and processing of these rules on a daily basis should ensure even the newest application upgrades get configured correctly quickly and seamlessly. This will mean fewer prompts during learning mode and malicious configuration files being filtered out before they reach the seed pool. What’s more, rules specifically denying configuration changes based on that malicious attempt can be added, so as to protect users from the threat in the future. In theory, this should provide the most stable application presets, while at the same time removing configuration errors from weakening your defences.
However, it’s far too early to say if this works in practice or not. It doesn’t help that the first release build of version 3.5 didn’t perform adequate checks on applications prior to making preset rules. This left it vulnerable to malware being granted access simply by having the same filename and remote ports as the original application. That same release build also left Outpost vulnerable to the most basic leaktest failures. Although a more robust patched build was rolled out five days after release, that’s a long time in Internet security. User trust definitely takes longer to heal than patches take to release.
Without doubt, Outpost 3.5 is certainly a little lighter on system resource usage than its predecessor, courtesy of an improved logging system. You can now create custom logging exclusions for peer-to-peer and NetBIOS communications, significantly reducing the number of records returned and again easing the resource load. The anti-spyware module that was introduced with version 3 has also been tweaked to provide customisable logging and a ‘smart sensor’ that scans applications when they request network access for the first time. This is supposed to keep system resource usage lower than an always-on real-time scanner, but it did little to improve the headline protection rating when we ran Outpost 3.5 through our spyware test regime. In fact, overall performance has dropped from 68.6 per cent to 66.4 per cent. This is most likely due the changing threat profile of our constantly updated test database. However, the immaturity of ImproveNet, the question of beta-testing thoroughness, and the lack of any tangible improvement in system security leave us less than enthralled by Outpost 3.5. If you don’t own a standalone firewall, this offers better security than the default Windows version, but if you own Outpost 3 we advise waiting until 3.5 has passed the same test of time.