32 total posts
(Page 1 of 2)
someone may know
the ins & outs of which one is best but ive used zonealarm for ages & i really like it. Once configured (which is easy) it can run in whatever mode you prefer ie notifying you of all access attempts both inward & outward. I like the fact that it allows me to monitor what has access. I also like the stealth mode which hides the computer from hackers. I cant comment on the xp firewall because i havent tried it. But ive done plenty of online testing of the zonealarm firewall & all the tests have come back saying that all ports are hidden & any ping requests were totally ignored,so i really like it.
What version of ZA are you referring to .? . .
sorry about the delay
I was refering to the zonealarm free firewall.
Thanks....appreciate the clarification.
Just a little fact. . .
XP firewall only monitors what comes in. ZA monitors incoming and outgoing requests. You can see what program is trying to "Phone Home".
Zonealarm is way better.
Windows XP firewall only stops incoming connections like the poster above me said. This means that if you manage to get a trojan downloader on your system (not uncommon, I've had loads) Windows XP firewall doesn't stop it acceassing the internet to dowload whatever nastiness it likes onto your PC. You'd be much safer with Zonealarm.
Re: Win XP SP2 firewall or ZoneAlarm?
I have used Zonealarm for years, although I did use the Windows firewall for a while, a very short while, I soon disabled it. I don't think it is as easy to control as Zonealarm. (I use the free version) As a prior poster said, once you get Zonealarm set up it is simple to use.
I have heard of others who have had issues with the Windows firewall, although I was not one of them.
I recommend Zonealarm strongly-it is a wonderful product!
Zone Alarm for sure...
I agree with all. XP's firewall is very basic whereas ZoneAlarm monitors most activity such as unauthorised calls to the internet and applications executing in the background. It prompts or warns on most potentially damaging events yet the prompts are not annoying as you can set them to automatically allow access for known safe applications. If you are willing to pay for ZoneAlarm as I was, the extra features such as SpyWare checks are useful. ZoneAlarm also allows you to set the levels of security based on your needs. It's one of the few programs I had no qualms paying for.
Spend 40 bucks and get a router. Hardware firewall > Software firewall
To prove this, I had a server that ran BlackICE Enterprise, and it never EVER goes off telling me about rouge inbound/outbound requests.
With the new botnet programs out there, neither ZoneAlarm nor Windows Firewall can protect you. ZoneAlarm does a decent job of hiding your computer, but the minute you open any online application, you are exposed and vulnerable. Even ZoneAlarm Pro can be penetrated if it is visible.
Get an SPI (Stateful Packet Inspection) firewall. ISS BlackICE is one of them. If you decide to get a router or something, make sure it has an SPI firewall as opposed to a NAT (Network Address Translation) firewall, which does nothing but try to hide your IP address.
Wireless Ruckess Netgear router
...I have one and it says on the box that it DOES have SPI in the firewall.
in that case...
You're in good shape. Make sure SPI is enabled, and you can focus on you other security applications. I recommend an antivirus and at least one antispyware with real-time monitoring, as well as a good HIPS (Host-based Intrusion Prevention Systems) product. One of the best non-sandbox HIPS products is Novatix Cyberhawk. It's free, and it's usually quiet unless you really are being attacked. Hope this helps!
A late reply, how about Comodo?
Comodo firewall is full version and free. I have been using it for over a half a year now, no problems, the forums are great help, etc...You register for your code, done. It's free for life. It will pass about any leak tests, etc...There were some issues prior but it's getting better and a newer version will be out as well. Look on many sites and it's either number 1 or rising. Of course with anything good, there are critics etc...so I would simply use it and judge for yourself. They have other free security as well and free backup, etc...I personally won't go back to any other firewall, SPECIFICALLY Zone Alarm, which I dub the Norton of firewalls now. Used it for years but tired of all it's short comings. Just another option for you.
Comodo isn't an SPI firewall
Variants of SQL Slammer and Stack Bot came out near the end of September or early October, carrying IRC Flood and other trojans. In the past three months, I've cleaned out machines with four different brands of simple firewalls: ZoneAlarm, Comodo, Sygate, and two different versions of McAfee (AOL S&SC and MSC). All four of them had IRC Flood.
The worst thing about this is, you can get infected by worms without even surfing. If your computer is on, and your ethernet connected, you are a sitting duck when you use a simple firewall.
Stateful Inspection works in a completely different way, and it's the same technology used in industrial hardware firewalls. What most people don't know however, is that if you use an SPI software firewall on a newer NT-based operating system (i.e. W2K, WXP), allowing it to control the network layer like it's intended to do, it works just as well as a hardware SPI firewall will. Check out this link to learn more: http://www.ciol.com/content/flavour/netsec/101041101.asp
Very interresting for sure...
However, I don't know when you last even looked at an updated Comodo firewall, it has SPI and many other protections and is currently being unmatched by many. Let's not forget to put some wieght on the head of our antivirus here, if a firewall did it all, we wouldn't have anti-virus. That said, I think you should read the guide files for Comodo, read many reviews on known sites. Here is a piece right from the help file...
[[[ ***Comodo Firewall, although designed for personal use, includes an industrial strength stateful inspection firewall, acting at OSI Layers 2, 3 and 4 to filter incoming and outgoing network traffic. Such an advanced filter keeps track of each and every packet sent/received and performs intelligent analysis on critical protocols such as TCP, UDP, FTP etc.
Comodo Personal Firewall also detects and prevents DOS/DDOS attacks including:
TCP/UDP Port Scans,****]]]
This is only the tip of the ice berg here for Comodo firewall as it has much more to it but just for the sake of argument I thought i'd post this.
Is that true? I didn't know they have it now. I'll have to have another look. Thanx for that.
If this is indeed the case, Comodo could clean house. Their claim to fame is that they're passing ALL the leaktests. If they've added SPI, I might just have to take another look at it myself.
Yes it's true..
I began using it after dumping Snooze, I mean Zone alarm and loved it. It's amazing I don't need to do errands before my pc boots any more without ZA. I don't claim something is good unless I can use it without much hassle or proof it's doing it's job for at least 5-6 months depending on the program. If you do look at the anti-virus they have as well, it was in beta last and of course BETA is BETA so it's UAYOR but no doubt it will make some leaps and bounds as well. It may be a final version now, not sure.
I haven't tried their antivirus, but their list of features really was impressive. How is it working for you?
BTW, I'm not 100% sure about that link you gave me. On the vendor's site, I only see Protocol Analysis and Packet Checksum Verification; still nothing about Stateful Packet Inspection, Deep Packet Inspection, or Dynamic Packet Filtering. I also didn't see any mention of its position in the OSI model.
In addition, this new version came out in September. The SQL Slammer and Stack Bot worms that were carrying IRC Flood came out in either the end of September or the beginning of October (the news report I saw was on October 9, in the evening). I don't know exactly when my friend was infected, but she was infected with IRC Flood, and the extent of damage was similar to that of the other botnet victims I've been disinfecting.
Santucci, Please Read More About IRC Flood
The term refers to at least two different types of events.. One is a true IRC "flood" which is much like a Denial of Service Attack. The other is a trojan which is transmitted to computers in a number of different ways. Unfortunately, your recent preaching leads users to think that an SPI firewall is the cure to all evils. It is not. And of course, despite your statement to the contrary, a software firewall is NOT as good as a remote hardware firewall.. Believe me..we test them all the time..
In regards to the IRC Flood trojan, (which all your recent posts about your grandmother's computer use as the primary reason to use an SPI software firewall), there are a LOT of variants of this particular version of malware.. Most importantly, it's a "Low" rated hazard primarily because it's fairly easy to prevent from attacking computers.. Almost all infections are transferred within networks after a single computer has become infected from e-mail or incorrect usage of instant messaging programs (IRC). Generally, a stand-alone computer (not on a network) can create a complex "administrator" login password, disable "File and Printer" sharing and use any firewall at all, including the Windows Firewall.. They shouldn't get infected from outside sources as long as the computer is configured corrrectly..
On networked computers, one of the primary method of spread of this particular malware group is through incorrectly passworded "administrator" logons.. (I'm not speaking of logins with admin rights.. I mean the actually "administrator" login which in XP HOME is hidden.. Users should create a complex password to help prevent this and other "network aware" worms/trojans, etc.) In our domain of a few hundred machines (I'm a system admin in only one domain in a huge WAN of 8-10,000 computers which we take care of), last year, we had a few machines infected with the "IRC Flood" trojan and they continued to be reinfected over the network until we created a complex password for the "Administrator". In fact, most of those machines were Win2000 computers and had NO FIREWALL at all. Our other Win2000 machines weren't infected because they didn't "share" any files and couldn't be "seen" on the network. No XP machines were affected because they were using the simple Windows Firewall...Changing File and Printer Sharing options and creating the complex password fixed the issue on the Win 2000 comps as well as preventing other similar worms from creaping in..
Please read the link below for some information from Microsoft about one particular type of IRC Flood problem..
And despite there being a large number of variants of IRC Flood, please read McAfee's description about one of those variants.. Note the method of transfer and the variety of "Administrator" passwords it uses to find a "hole" to it's victim.
And read Symantec's recommendations on preventing this particular problem. Click on the link, then click on the "Technical Details" tab, then read the "Recommendations" tab.. Although it's not a bad idea, a Firewall isn't even listed.... :
Hope this helps.
thanx for the links
Yes, I know that IRC Flood is rated low-risk, and also that a decent HIPS may prevent it from attacking other machines. However, while it could theoretically be left alone without actually damaging files the way a virus would, it still drains system resources, steals personal information, and potentially exposes the system to further attacks.
Please show me where I said SPI is the cure to all evils. I did not. But again, the main topic was "is it true ZA is no good?," and that was the topic I was referencing to. I also recommended a basic Internet security solution. What more do you want?
Given, if a system is unstable, which is not uncommon, a software SPI firewall installed on that system most likely will not work as well as a hardware SPI firewall. That being the case, I could correct myself and let everyone know that a hardware SPI firewall is less likely to be affected by user error. However, the systems I work on are QUITE stable, and can be left on for weeks at a time without sustaining an attack from these botnet worms.
Once more, an SPI firewall by itself is not a foolproof solution. You still need up-to-date AV and AS scanners will real-time monitoring, and I also recommend a dedicated HIPS product such as Cyberhawk, which is the one I use. Add McAfee SiteAdvisor, and try to observe some discretion on the Internet, and you'll be alright. But ultimately, I still hold that an SPI firewall is much more likely than a "simple" application firewall to protect you from intruders. That's its job, point-blank.
Still Too Many Words.. Read About SPI Below...
...at the link I provided.. A
And if you'll read the original topic in THIS THREAD, it was actually:
Win XP SP2 firewall or ZoneAlarm?
Only two options were requested.. both which could be fine, depending on the circumstances, and YES, even the Windows XP SP2 firewall has at it's core, a stateful packet filter.
It was the OTHER thread in Virus And Security alerts which referred to "Is it true Zonealarm firewall is not effective?? ". Different, although similar issues.
Hope this helps.
The topic of this thread is "Windows Firewall or ZoneAlarm." Please excuse me. As far as that goes, I would say ZoneAlarm, of course.
If it fails you, I suggest you try my advice. You might be glad you did.
I Already Have Tried Your Advice... That's The Point...
As a system admin in a corporate situation, we try them all to see which is best.. More experience leads to more awareness of what's available. Good advice for all users.
Hope this helps.
And 'Stateful Packet Inspection' Is A Little More..
..complicated than you make out... Please read the article at the link below, particularly the "How Stateful Inspection Is Implemented in Personal Firewalls" section and below, which discusses some of the nuances of various firewalls. The article is a little old but it still has some appropriate information:
Choosing a Personal Firewall
Hope this helps.
Thank you, but SA warned me that the site you linked to has a yellow rating. It says it contains adware or other potentially unwanted programs. I'd rather leave it alone. Thank you though. At any rate, I will tell you this. When I saw that new report on October 9, I immediately replaced my grandma's McAfee firewall with Safety.Net. Since then, her machine hasn't been touched. Imagine that.
Different Firewalls...And Different Configurations...
Just like McAfee's SA, which you apparently use, McAfee's corporate vs retail firewalls are quite different.. No comparison really. I don't use the retail McAfee firewall either.. A real pain.'
By the way, although Site Advisor is OK, if you don't already use one, try a good HOSTS file, it will help SA approve some of those problem sites.. A good HOSTS file actually blocks "bad" sites from activating and I've now found it unnecessary to use a program such as SA. (Just my personal preference though.):
How To Use A HOSTS Files
Hope this helps.
Yes, I know about the suped up hosts file. Personally, I just stick with my SB backup, Sys Restore, and Acronis; in case my scanners fail me.
And they haven't failed me yet! But part of that has to do with my "excessive" caution. While I know more than one way (including IE settings) to block adware and other baddies from loading, I tend to completely dismiss any site that engages in these kinds of practices.
Thank you though. And I hope we can be friends after all this. Nothing personal, you know.
No Problem... That's Why Discussion Forums Work Well...
Different opinions with responsible debate improves everyone's knowledge.
Hope this helps.
Not to get off topic Grif...
but have you tried Hostman? If so what do you think of it? It's free, works good in my book but haven't really compared it to others though.
Paul, Do You Mean 'HOSTSMan''
...like the link below. (You typed "Hostman" which is a different product for web hosting)
Sorry, I've not used it..as I prefer to simply use Notepad to edit my HOSTS files.. But if it works for you, great..