Norton vs Zone Alarm firewalls - Firewalls

This is a discussion on Norton vs Zone Alarm firewalls - Firewalls ; ChronJob wrote: > "Luis Ortega" wrote in > news:rKX1j.43682$T8.871@newsfe5-win.ntli.net: > >> Thanks. My understanding of router firewalls is that they only block >> incoming traffic and if there is some malware on the system then >> outgoing stuff is not ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 51

Thread: Norton vs Zone Alarm firewalls

  1. Re: Norton vs Zone Alarm firewalls

    ChronJob wrote:
    > "Luis Ortega" wrote in
    > news:rKX1j.43682$T8.871@newsfe5-win.ntli.net:
    >
    >> Thanks. My understanding of router firewalls is that they only block
    >> incoming traffic and if there is some malware on the system then
    >> outgoing stuff is not blocked. Is that correct?
    >>
    >>

    >
    > If you've got malware on your system you're already done, cooked,
    > finished, hacked, and compomised. The ONLY serious remedy at that
    > point is to flatten your system and rebuild it.


    There are very few good reasons to "rebuild" a system. Much better to start
    with AV and an arsenal of spyware tools to clean things up as much as
    possible. Results might be faster obtained, too.
    OTOH it's not "wrong" to rebuild/reinstall, just very seldom necessary.
    The best solution is to be prepared with images of the system stored away
    and updated automatically. Then it's a minor detail to put the system back
    to pre-malware state with a few key clicks.



    >
    > Software firewalls are garbage, pure and simple. If it makes you feel
    > better though, use Windows native free firewall.
    >
    > Do use a NAT router and hardware firewall. You can get these for
    > $100.00 or so.
    >
    > See:
    > http://www.microsoft.com/technet/com...mt/sm0504.mspx
    >
    > and http://samspade.org/d/firewalls.html
    >
    > Good luck!
    >
    >
    > ChronJob
    > _____________________________________
    > "-When you have to shoot, shoot, don't talk."





  2. Re: Norton vs Zone Alarm firewalls

    In comp.security.firewalls Poprivet` wrote:
    > ChronJob wrote:
    >> "Luis Ortega" wrote:
    >>> Thanks. My understanding of router firewalls is that they only block
    >>> incoming traffic and if there is some malware on the system then
    >>> outgoing stuff is not blocked. Is that correct?

    >>
    >> If you've got malware on your system you're already done, cooked,
    >> finished, hacked, and compomised. The ONLY serious remedy at that
    >> point is to flatten your system and rebuild it.

    >
    > There are very few good reasons to "rebuild" a system. Much better to
    > start with AV and an arsenal of spyware tools to clean things up as
    > much as possible. Results might be faster obtained, too.


    Nonsense. Once a system got compromised there are virtually no reasons
    *not* to flatten and rebuild the system.

    http://www.microsoft.com/technet/arc.../10imlaws.mspx
    http://www.microsoft.com/technet/com...mt/sm0504.mspx

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: Norton vs Zone Alarm firewalls

    Hello Ansgar,

    > Nonsense. Once a system got compromised there are virtually no reasons
    > *not* to flatten and rebuild the system.


    I totally agree. You don't know what else have hitted your system. Do not
    trust A/V to find everytings.

    I had a case about a year ago with Trend OfficeScan - it did not detect a
    worm that had compromised a system. When we asked support the reply was that
    OfficeScan only detects viruses, not worms...

    Doh
    ---
    Helge Olav Helgesen
    http://www.helge.net



  4. Re: Norton vs Zone Alarm firewalls

    Poprivet` wrote:
    > ChronJob wrote:
    >> "Luis Ortega" wrote in
    >> news:rKX1j.43682$T8.871@newsfe5-win.ntli.net:
    >>
    >>> Thanks. My understanding of router firewalls is that they only block
    >>> incoming traffic and if there is some malware on the system then
    >>> outgoing stuff is not blocked. Is that correct?
    >>>
    >>>

    >> If you've got malware on your system you're already done, cooked,
    >> finished, hacked, and compomised. The ONLY serious remedy at that
    >> point is to flatten your system and rebuild it.

    >
    > There are very few good reasons to "rebuild" a system. Much better to start
    > with AV and an arsenal of spyware tools to clean things up as much as
    > possible. Results might be faster obtained, too.


    I would not want to run a computer cleaned up "as much as possible"
    leaving some malware undetected behind because that malware so well
    hidden is the really dangerous one. A trojan, key logger, similar.

    If you use the computer to send a single password, credit card number,
    or any thing else personal I would never use a computer which is cleaned
    up "as much as possible".

    Either reinstall the computer or restore a 100% sure clean system image.
    IMHO anything else is bad advice.

    Gerald

  5. Re: Norton vs Zone Alarm firewalls

    > There are very few good reasons to "rebuild" a system. Much better to start

    Haven't rebuild my system since I installed Win98se.
    When I upgraded to XP I cloned the Win98se partition.
    Still stable as ****. OK, I do some reg cleaning, but.
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605
    WinXP, Asus P4PE, 2.53GHz, 1GB, MSI 7600GS, SB-Live

  6. Re: Norton vs Zone Alarm firewalls

    Gerald Vogt added these comments in the current discussion du
    jour ...

    >>> If you've got malware on your system you're already done,
    >>> cooked, finished, hacked, and compomised. The ONLY serious
    >>> remedy at that point is to flatten your system and rebuild
    >>> it.

    >>
    >> There are very few good reasons to "rebuild" a system. Much
    >> better to start with AV and an arsenal of spyware tools to
    >> clean things up as much as possible. Results might be faster
    >> obtained, too.

    >
    > I would not want to run a computer cleaned up "as much as
    > possible" leaving some malware undetected behind because that
    > malware so well hidden is the really dangerous one. A trojan,
    > key logger, similar.
    >
    > If you use the computer to send a single password, credit card
    > number, or any thing else personal I would never use a
    > computer which is cleaned up "as much as possible".
    >
    > Either reinstall the computer or restore a 100% sure clean
    > system image. IMHO anything else is bad advice.
    >

    Nice name, Gerald, same as mine! I completely agree with you
    here. Before I run a periodic image backup with Acronis True
    Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
    malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
    Patrol, and NAV 2006 (in addition to the latter 2 running all the
    time) because it makes no sense to image an infected HD. Still, I
    am never completely sure it is clean, probably I never will be
    but at least I don't notice any obvious or even subtle signs of
    an infection.

    --
    HP, aka Jerry

    "Never complain, never explain" - Henry Ford II

  7. Re: Norton vs Zone Alarm firewalls

    On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:

    > Nice name, Gerald, same as mine! I completely agree with you
    > here. Before I run a periodic image backup with Acronis True
    > Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
    > malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
    > Patrol, and NAV 2006 (in addition to the latter 2 running all the
    > time)...


    Is security software becoming a security risk?

    http://www.infoworld.com/article/07/...ty-risk_1.html

    "People think that putting one AV engine after another is somehow defense
    in depth. They think that if one engine doesn't catch the worm, the other
    will catch it," he said. "You haven't decreased your attack surface; you've
    increased it because every AV engine has bugs"

    Although attackers have exploited parsing bugs in browsers for years now
    with some success, Zoller believes that because antivirus software runs
    everywhere and often with greater administrative rights than the browser,
    these flaws could lead to even greater problems in the future.

    The bottom line, he says, is that antivirus software is broken. "One e-mail
    and boom, you're gone," he said.

    Zoller says he has been criticized by his peers in the security industry
    for "questioning the very glue that holds IT security all together," but he
    believes that by bringing this issue to the forefront, the industry will be
    forced to address a very real security problem.
    ---
    Interesting report:
    (Though Russ Cooper, a senior scientist with Verizon Business, had some
    criticism for the work of n.runs)

    The Death of Anti-Virus Defense.

    http://www.nruns.com/ps/The_Death_of...s_Software.pdf
    --
    Security is a process not a product.
    (Bruce Schneier)

  8. Re: Norton vs Zone Alarm firewalls

    Kayman added these comments in the current discussion du jour
    ....

    > On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:
    >
    >> Nice name, Gerald, same as mine! I completely agree with you
    >> here. Before I run a periodic image backup with Acronis True
    >> Image 9.0, about once every 6-8 weeks, I first do as
    >> exhaustive a malware scan as I can including Ad-Aware, Spy
    >> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the
    >> latter 2 running all the time)...

    >
    > Is security software becoming a security risk?
    >
    > http://www.infoworld.com/article/07/...rity-software-
    > becoming-a-security-risk_1.html
    >
    > "People think that putting one AV engine after another is
    > somehow defense in depth. They think that if one engine
    > doesn't catch the worm, the other will catch it," he said.
    > "You haven't decreased your attack surface; you've increased
    > it because every AV engine has bugs"


    I don't think anyone thinks that having more than one true AV
    utility running at a time is a good idea. But, what I listed
    running all the time, eTrust Pest Patrol, commercial Zone Alarm,
    and NAV 2006 are all intended to do different things in different
    ways. And, running Ad-Aware and Spy Bot Search & Destroy as
    separate utilities periodically do yet another security-related
    purpose. So, I see no conflicts here.

    Now, as to one malware scanner finding things another misses, I
    don't think this is uncommon or unexpected behavior as the
    creation of definitions to detect new threats is not done in
    tandem with other developers and different specific utilities
    perform in entirely different ways.

    > Although attackers have exploited parsing bugs in browsers for
    > years now with some success, Zoller believes that because
    > antivirus software runs everywhere and often with greater
    > administrative rights than the browser, these flaws could lead
    > to even greater problems in the future.
    >
    > The bottom line, he says, is that antivirus software is
    > broken. "One e-mail and boom, you're gone," he said.
    >
    > Zoller says he has been criticized by his peers in the
    > security industry for "questioning the very glue that holds IT
    > security all together," but he believes that by bringing this
    > issue to the forefront, the industry will be forced to address
    > a very real security problem. ---
    > Interesting report:
    > (Though Russ Cooper, a senior scientist with Verizon Business,
    > had some criticism for the work of n.runs)
    >
    > The Death of Anti-Virus Defense.
    >
    > http://www.nruns.com/ps/The_Death_of...n_Depth-Revisi
    > ting_Anti-Virus_Software.pdf


    Interesting. What there's a "death" of, IMO, is people who're
    aware enough to pay attention to safe computing and have at least
    a modicum of defenses against the bad guys. The popular malware
    utilities will catch the vast majority of common threats but if
    one's PC is attacked by a sophisticated enough hacker or
    whatever, it is doubtful that any software will catch it.

    --
    HP, aka Jerry

    "Never complain, never explain" - Henry Ford II

  9. Re: Norton vs Zone Alarm firewalls

    On Nov 27, 3:43 pm, "HEMI-Powered" wrote:
    > I don't think anyone thinks that having more than one true AV
    > utility running at a time is a good idea. But, what I listed
    > running all the time, eTrust Pest Patrol, commercial Zone Alarm,
    > and NAV 2006 are all intended to do different things in different
    > ways. And, running Ad-Aware and Spy Bot Search & Destroy as
    > separate utilities periodically do yet another security-related
    > purpose. So, I see no conflicts here.


    The problem is only that you are running the security software on the
    infected machine. If you have got malware which runs with
    Administrator privileges you cannot rely on anything in your system
    anymore. It may have installed a good root kit which goes undetected.
    It may patch the signatures of your security software to go
    undetected. It can effectively disable your firewall even though the
    firewall and Windows still think it is running

    Thus, if you have an infected machine you simply cannot tell how bad
    it is. Once you have a trojan on your computer which allows remote
    access to your computer you are well off the standard malware which
    you'll find in the wild and which security software may detect. And as
    some people are more then happy to clean the computer "as good as
    possible" (or until none of the security software finds more) you can
    never tell what goes undetected on a computer if you check it on the
    same system. You should never trust a security check which is running
    on the infected system. If you want to scan you should use a clean
    boot disk and scan the file system from there or run a full comparison
    of the compromised file system with a clean backup to see what has
    been modified. That would give you more trustworthy results although
    even then I would rather recommend to restore a clean system image.

    > Now, as to one malware scanner finding things another misses, I
    > don't think this is uncommon or unexpected behavior as the
    > creation of definitions to detect new threats is not done in
    > tandem with other developers and different specific utilities
    > perform in entirely different ways.


    There is a lot out there which no malware scanner finds or will ever
    find. They find what you can find very often. A malware which only
    appears a few hundred or thousand times, for instance for a little bot
    net, is unlikely to be found ever. And even if eventually the code is
    sent to a security company for analysis and is added to their
    signatures, you can as well just recompile the malware with some code
    obfuscation and it goes undetected again.

    > Interesting. What there's a "death" of, IMO, is people who're
    > aware enough to pay attention to safe computing and have at least
    > a modicum of defenses against the bad guys. The popular malware
    > utilities will catch the vast majority of common threats but if
    > one's PC is attacked by a sophisticated enough hacker or
    > whatever, it is doubtful that any software will catch it.


    Exactly that's why you cannot trust a infected system with whatever
    security scanner you may scan it. I will never understand why some
    people still use the same computer with the same system after 20
    different scanners found a dozen different trojans, worms, viruses,
    etc. They use various removal tools and continue to use the computer
    after the next scan does not report anything anymore...

    But that is what people do when they think a malware infection is
    simply inevitable eventually if you connect your computer to the
    internet.

    Gerald

  10. Re: Norton vs Zone Alarm firewalls

    On Nov 24, 9:50 am, "Poprivet" wrote:
    > Hi Luis,


    > The XP firewall is "decent" but only checks incoming traffic, not outgoing,
    > so if you had something that was calling home with your account passwords,
    > it would miss it. It's real use is so that you CAN have a firewall when you
    > first hit the internet and until you get all of your updates and other
    > protection apps into place and updated. I seldom have to rebuild my system
    > so I've only used it once or twice, but it does give basic protection but
    > that's about all.
    >


    I keep hearing this 'fact' about outgoing messages having to be
    checked by a firewall, but, though I see the logic behind it, I'm not
    entirely convinced. After all, if a virus is smart enough to
    penetrate the incoming firewall, don't you think it will be smart
    enough to penetrate the outgoing firewall? Say by pretending it is a
    legitimate windows process (like MSFT Update) and then tricking the
    user into approving of it? I think so.


    > You're also correct in that having two software firewalls working at the
    > same time is a no-no. They will step on each other's resources even if they
    > seem to work together. Many firewalls won't even install until you disable
    > any other one you have working. Some even make you actually Remove the
    > other firewall before they'll install and XP also has a firewall monitor
    > that'll complain to you.


    Two software firewalls may be a no-no, but I have three antivirus and
    spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
    and they all happily play nicely together, with the most obnoxious of
    the three programs being Kaspersky (the "heuristics" is a pain),
    followed by Webroot (has given false positives in the past, though the
    company is good at correcting these mistakes) and AVG (works so nice,
    with no problems, that I sometimes wonder if it's doing anything at
    all, since I've seen ads saying that of all the vendors AVG products
    miss the most viruses, but when scanning your system AVG finds
    tracking cookies that the other two programs miss). Also Blacklight's
    free online Windows Explorer ActiveX product has found tracking
    cookies that all three of the above programs have missed.

    RL

  11. Re: Norton vs Zone Alarm firewalls

    On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:

    > Kayman added these comments in the current discussion du jour
    > ...
    >
    >> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:
    >>
    >>> Nice name, Gerald, same as mine! I completely agree with you
    >>> here. Before I run a periodic image backup with Acronis True
    >>> Image 9.0, about once every 6-8 weeks, I first do as
    >>> exhaustive a malware scan as I can including Ad-Aware, Spy
    >>> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the
    >>> latter 2 running all the time)...

    >>
    >> Is security software becoming a security risk?
    >>
    >> http://www.infoworld.com/article/07/...rity-software-
    >> becoming-a-security-risk_1.html
    >>
    >> "People think that putting one AV engine after another is
    >> somehow defense in depth. They think that if one engine
    >> doesn't catch the worm, the other will catch it," he said.
    >> "You haven't decreased your attack surface; you've increased
    >> it because every AV engine has bugs"

    >
    > I don't think anyone thinks that having more than one true AV
    > utility running at a time is a good idea. But, what I listed
    > running all the time, eTrust Pest Patrol, commercial Zone Alarm,
    > and NAV 2006 are all intended to do different things in different
    > ways. And, running Ad-Aware and Spy Bot Search & Destroy as
    > separate utilities periodically do yet another security-related
    > purpose. So, I see no conflicts here.


    Conflict(s) is/are not the issue; The OS may appear working smoothly. But
    installing anti-whatever applications has made your OS more vulnerable to
    attacks.

    > Now, as to one malware scanner finding things another misses, I
    > don't think this is uncommon or unexpected behavior as the
    > creation of definitions to detect new threats is not done in
    > tandem with other developers and different specific utilities
    > perform in entirely different ways.
    >
    >> Although attackers have exploited parsing bugs in browsers for
    >> years now with some success, Zoller believes that because
    >> antivirus software runs everywhere and often with greater
    >> administrative rights than the browser, these flaws could lead
    >> to even greater problems in the future.
    >>
    >> The bottom line, he says, is that antivirus software is
    >> broken. "One e-mail and boom, you're gone," he said.
    >>
    >> Zoller says he has been criticized by his peers in the
    >> security industry for "questioning the very glue that holds IT
    >> security all together," but he believes that by bringing this
    >> issue to the forefront, the industry will be forced to address
    >> a very real security problem. ---
    >> Interesting report:
    >> (Though Russ Cooper, a senior scientist with Verizon Business,
    >> had some criticism for the work of n.runs)
    >>
    >> The Death of Anti-Virus Defense.
    >>
    >> http://www.nruns.com/ps/The_Death_of...n_Depth-Revisi
    >> ting_Anti-Virus_Software.pdf

    >
    > Interesting. What there's a "death" of, IMO, is people who're
    > aware enough to pay attention to safe computing and have at least
    > a modicum of defenses against the bad guys.


    It is important that administrators follow the rule of least privilege.
    This means that users should operate their computer with only the minimum
    set of privileges that they need to do their job

    The best denfenses are:
    1. Do not work as administrator, use limtited user account (LUA) for
    day-to-day work.
    2. Keep your system (and all software on it) patched.
    3. Review usage of IE and OE; Look for good alternatives.
    4. Don't expose services to public networks.
    5. Routinely practice safe-hex.
    6. Backup, backup, backup.

    > The popular malware utilities will catch the vast majority of common
    > threats but if one's PC is attacked by a sophisticated enough hacker or
    > whatever, it is doubtful that any software will catch it.


    The least preferred defenses are:
    Most popular anti-whatever applications.
    --
    Security is a process not a product.
    (Bruce Schneier)

  12. Re: Norton vs Zone Alarm firewalls

    On Nov 24, 3:31 am, "Luis Ortega" wrote:
    > My Zone Alarm Pro firewall subscription expires in a few days and I recently
    > bought a Norton Internet Security 2008 package that contains a firewall.
    > I currently have the Norton firewall turned off and just use the Zone Alarm
    > Pro firewall.
    > I don't use the Win XP firewall because I heard that it's not a good idea to
    > have several firewall on at the same time.
    > We get internet through a Belkin pre-N wireless router that is supposed to
    > have some sort of firewall built in and that one is turned on.
    > My computer connects to the router with an ethernet cable and my son's
    > computer uses a Belkin N usb wireless adapter. They both have the same
    > current setup I describe regarding firewalls.
    > Can anyone please advise on whether the Zone Alarm Pro firewall is any
    > better than the Norton firewall in my situation?
    > Should I renew the Zone Alarm Pro subscription or uninstall it when it
    > expires and turn on the Norton firewall?
    > Thanks for any advice.


    I use to have Norton anti-virus and firewall and it caused nothing but
    problems and is a resource hog. I eventually removed it, and glad I
    did. I now use AVG for my anti-virus along with A-Squared and Spybot
    for malware removable, and Comodo for my firewall, all of which are
    free and I haven't had a problem since.


    Robert

  13. Re: Norton vs Zone Alarm firewalls

    On Nov 24, 3:31 am, "Luis Ortega" wrote:
    > My Zone Alarm Pro firewall subscription expires in a few days and I recently
    > bought a Norton Internet Security 2008 package that contains a firewall.
    > I currently have the Norton firewall turned off and just use the Zone Alarm
    > Pro firewall.
    > I don't use the Win XP firewall because I heard that it's not a good idea to
    > have several firewall on at the same time.
    > We get internet through a Belkin pre-N wireless router that is supposed to
    > have some sort of firewall built in and that one is turned on.
    > My computer connects to the router with an ethernet cable and my son's
    > computer uses a Belkin N usb wireless adapter. They both have the same
    > current setup I describe regarding firewalls.
    > Can anyone please advise on whether the Zone Alarm Pro firewall is any
    > better than the Norton firewall in my situation?
    > Should I renew the Zone Alarm Pro subscription or uninstall it when it
    > expires and turn on the Norton firewall?
    > Thanks for any advice.


    I forgot to mention that if you decide to remove Norton remember to
    uninstall Live Update and you also need to go to Norton's site
    (Symantec) for their removal utility. Your computer should run alot
    faster without it.


    Robert

  14. Re: Norton vs Zone Alarm firewalls

    In comp.security.firewalls Kayman wrote:
    > On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:
    >> Kayman added these comments in the current discussion du jour
    >>> "People think that putting one AV engine after another is somehow
    >>> defense in depth. They think that if one engine doesn't catch the
    >>> worm, the other will catch it," he said. "You haven't decreased your
    >>> attack surface; you've increased it because every AV engine has
    >>> bugs"

    >>
    >> I don't think anyone thinks that having more than one true AV utility
    >> running at a time is a good idea. But, what I listed running all the
    >> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all
    >> intended to do different things in different ways. And, running
    >> Ad-Aware and Spy Bot Search & Destroy as separate utilities
    >> periodically do yet another security-related purpose. So, I see no
    >> conflicts here.

    >
    > Conflict(s) is/are not the issue; The OS may appear working smoothly.
    > But installing anti-whatever applications has made your OS more
    > vulnerable to attacks.


    Not true. Conflicts between two on-access scanners are a very real issue
    and are indeed the main argument against installing concurring scanners.
    Also, installing applications does not necessarily make an OS more
    vulnerable. The OS only becomes more vulnerable if some application has
    an exploitable bug. Of course installing additional software does
    increase the chance of that happening, but it doesn't automagically make
    the OS (more) vulnerable.

    For example: you can easily run two or more on-demand virus scanners
    without a single problem, because they're running as simple userspace
    applications (and thus won't affect each other), and only run with the
    privileges of the user initiating the scan.

    However, that doesn't mean that it'd be okay to install arbitrary AV
    software, because several of them have issues aside from what I
    mentioned above.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  15. Re: Norton vs Zone Alarm firewalls

    It doesn't need to be a virus. I did encounter that one time when accessing
    a web page unexpectedly triggered OE and the firewall blocked it. A
    firewall may have the ability to block -any- application from sending email
    without explicit approval. Monitoring outbound traffic also entails
    differentiating the legitimate processes from suspicious ones or spoofs. All
    firewalls are not equal, but if the firewall is doing the job well it's not
    enough for a process to pretend to be "iexplore.exe" in order to pass the
    firewall, it has to be c:\program files\internet explorer\iexplore.exe, with
    additional identifying information, be it a specific version number, CRC
    etc. etc..

    Viruses aren't smart, they're all constrained to operating within specific
    program parameters. Some are more cleverly written than others but the vast
    majority have already been beaten.

    Anyway this thread seems to be missing the point. It's analagous to saying
    that we shouldn't bother using crosswalks or crossing at the lights because
    it is always possible that some idiot driver might ignore the signals and
    run us down anyway. One side (anti-security) says avoid the problem by never
    crossing a street, the other side (pro-security) says use due caution and
    cross with the lights. I use a firewall mainly to keep unauthorised -people-
    out of my PC, AV and AS software to keep out or kill malicious software.


    "raylopez99" wrote in message
    news:fe3efb02-7235-4ff3-a386-229c92b53787@e23g2000prf.googlegroups.com...
    > On Nov 24, 9:50 am, "Poprivet" wrote:
    >> Hi Luis,

    >
    >> The XP firewall is "decent" but only checks incoming traffic, not
    >> outgoing,
    >> so if you had something that was calling home with your account
    >> passwords,
    >> it would miss it. It's real use is so that you CAN have a firewall when
    >> you
    >> first hit the internet and until you get all of your updates and other
    >> protection apps into place and updated. I seldom have to rebuild my
    >> system
    >> so I've only used it once or twice, but it does give basic protection but
    >> that's about all.
    >>

    >
    > I keep hearing this 'fact' about outgoing messages having to be
    > checked by a firewall, but, though I see the logic behind it, I'm not
    > entirely convinced. After all, if a virus is smart enough to
    > penetrate the incoming firewall, don't you think it will be smart
    > enough to penetrate the outgoing firewall? Say by pretending it is a
    > legitimate windows process (like MSFT Update) and then tricking the
    > user into approving of it? I think so.
    >
    >
    >> You're also correct in that having two software firewalls working at the
    >> same time is a no-no. They will step on each other's resources even if
    >> they
    >> seem to work together. Many firewalls won't even install until you
    >> disable
    >> any other one you have working. Some even make you actually Remove the
    >> other firewall before they'll install and XP also has a firewall monitor
    >> that'll complain to you.

    >
    > Two software firewalls may be a no-no, but I have three antivirus and
    > spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
    > and they all happily play nicely together, with the most obnoxious of
    > the three programs being Kaspersky (the "heuristics" is a pain),
    > followed by Webroot (has given false positives in the past, though the
    > company is good at correcting these mistakes) and AVG (works so nice,
    > with no problems, that I sometimes wonder if it's doing anything at
    > all, since I've seen ads saying that of all the vendors AVG products
    > miss the most viruses, but when scanning your system AVG finds
    > tracking cookies that the other two programs miss). Also Blacklight's
    > free online Windows Explorer ActiveX product has found tracking
    > cookies that all three of the above programs have missed.
    >
    > RL




  16. Re: Norton vs Zone Alarm firewalls

    I use absolutely no virus programs whatsoever, have never had a virus or
    malware. Can you tell me why?
    "Ansgar -59cobalt- Wiechers" wrote in message
    news:fih5q5UogeL1@news.in-ulm.de...
    > In comp.security.firewalls Kayman wrote:
    >> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:
    >>> Kayman added these comments in the current discussion du jour
    >>>> "People think that putting one AV engine after another is somehow
    >>>> defense in depth. They think that if one engine doesn't catch the
    >>>> worm, the other will catch it," he said. "You haven't decreased your
    >>>> attack surface; you've increased it because every AV engine has
    >>>> bugs"
    >>>
    >>> I don't think anyone thinks that having more than one true AV utility
    >>> running at a time is a good idea. But, what I listed running all the
    >>> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all
    >>> intended to do different things in different ways. And, running
    >>> Ad-Aware and Spy Bot Search & Destroy as separate utilities
    >>> periodically do yet another security-related purpose. So, I see no
    >>> conflicts here.

    >>
    >> Conflict(s) is/are not the issue; The OS may appear working smoothly.
    >> But installing anti-whatever applications has made your OS more
    >> vulnerable to attacks.

    >
    > Not true. Conflicts between two on-access scanners are a very real issue
    > and are indeed the main argument against installing concurring scanners.
    > Also, installing applications does not necessarily make an OS more
    > vulnerable. The OS only becomes more vulnerable if some application has
    > an exploitable bug. Of course installing additional software does
    > increase the chance of that happening, but it doesn't automagically make
    > the OS (more) vulnerable.
    >
    > For example: you can easily run two or more on-demand virus scanners
    > without a single problem, because they're running as simple userspace
    > applications (and thus won't affect each other), and only run with the
    > privileges of the user initiating the scan.
    >
    > However, that doesn't mean that it'd be okay to install arbitrary AV
    > software, because several of them have issues aside from what I
    > mentioned above.
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich




  17. Re: Norton vs Zone Alarm firewalls

    The interesting thing is that you probably wouldn't have any problems even
    without
    AVG, A-Squared, Spybot and Comodo.
    "Robert" wrote in message
    news:a30359fc-3992-4d7f-869f-58bf965f10b7@s12g2000prg.googlegroups.com...
    > On Nov 24, 3:31 am, "Luis Ortega" wrote:
    >> My Zone Alarm Pro firewall subscription expires in a few days and I
    >> recently
    >> bought a Norton Internet Security 2008 package that contains a firewall.
    >> I currently have the Norton firewall turned off and just use the Zone
    >> Alarm
    >> Pro firewall.
    >> I don't use the Win XP firewall because I heard that it's not a good idea
    >> to
    >> have several firewall on at the same time.
    >> We get internet through a Belkin pre-N wireless router that is supposed
    >> to
    >> have some sort of firewall built in and that one is turned on.
    >> My computer connects to the router with an ethernet cable and my son's
    >> computer uses a Belkin N usb wireless adapter. They both have the same
    >> current setup I describe regarding firewalls.
    >> Can anyone please advise on whether the Zone Alarm Pro firewall is any
    >> better than the Norton firewall in my situation?
    >> Should I renew the Zone Alarm Pro subscription or uninstall it when it
    >> expires and turn on the Norton firewall?
    >> Thanks for any advice.

    >
    > I use to have Norton anti-virus and firewall and it caused nothing but
    > problems and is a resource hog. I eventually removed it, and glad I
    > did. I now use AVG for my anti-virus along with A-Squared and Spybot
    > for malware removable, and Comodo for my firewall, all of which are
    > free and I haven't had a problem since.
    >
    >
    > Robert




  18. Re: Norton vs Zone Alarm firewalls

    HEMI-Powered wrote:
    > Kayman added these comments in the current discussion du jour
    > ...
    >
    >> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:

    ....
    >
    > Interesting. What there's a "death" of, IMO, is people who're
    > aware enough to pay attention to safe computing and have at least
    > a modicum of defenses against the bad guys. The popular malware
    > utilities will catch the vast majority of common threats but if
    > one's PC is attacked by a sophisticated enough hacker or
    > whatever, it is doubtful that any software will catch it.


    Actually I think it's more akin to birth than death. The major problems are
    most always for the newbies who haven't yet been educated, have been
    mis-educated, or simply kept in the background by people purposely talking
    over their heads when they do try to learn.

    Pop`



  19. Re: Norton vs Zone Alarm firewalls

    raylopez99 wrote:
    > On Nov 24, 9:50 am, "Poprivet" wrote:
    >> Hi Luis,

    ....
    >
    > I keep hearing this 'fact' about outgoing messages having to be
    > checked by a firewall, but, though I see the logic behind it, I'm not
    > entirely convinced. After all, if a virus is smart enough to
    > penetrate the incoming firewall, don't you think it will be smart
    > enough to penetrate the outgoing firewall? Say by pretending it is a
    > legitimate windows process (like MSFT Update) and then tricking the
    > user into approving of it? I think so.


    An entirely possible set of events, yes. But there are other avenues onto a
    system than always in-bound and alone through the 'net ports.
    One example is being invited in: there's a program or 5 out there that
    will let you use smilies wherever you want to use them; Word, IE, Wordpad,
    most any application. Yahoo carries it as a link. Lots of newbies think
    Yahoo is pretty danged neat and go ahead and download it. I forget what
    it's called and it is pretty neat at first, but then the machine starts to
    slow down and you keep noticing lots of downloads coming into your machine.
    If the firewall see is, they allow it because it's a familiar name and has
    to do with the app they just downloaded, claiming to be its updates. Only
    the "updates" never stop. It's the GAIN spyware though it goes by several
    different names. It's a PIA to remove and even their remove instructions,
    of course, don't fully work.
    I found it on the client's machine quickly with a malware scan.

    Another possibility is a disk from a friend or acquaintance. It may or
    may not get scanned by a newbie. If it's only spyware it covertly contains,
    AV won't catch a problem. Not all spyware detectors will find it right away
    so if all you use is say Windows Defender, there's a good chance you're not
    going to catch it, if you did bother to scan it. So, it starts calling home
    and guess what? You have spyware being downloaded into your machine, small
    pieces at at time until ... .

    There's another side of this discussion too I'd like to mention. It
    seems a lot of the posts have begun to concentrate on the really miserable
    malware out there that's actually seldom seen by the normal user. Rather
    than discuss the generally relevant information in addition to the tough
    ones, they are contentrating on the tough ones as though they are all that
    exist. It appears to me to be more an attempt to display inflated egos than
    to impart any useful information to the masses and is dangerously close to
    being trolling in more than one of the posters; the others are just being
    sucked into endless discussions, the signature responses trolls hope for.
    >
    >
    >> You're also correct in that having two software firewalls working at
    >> the same time is a no-no. They will step on each other's resources
    >> even if they seem to work together. Many firewalls won't even
    >> install until you disable any other one you have working. Some even
    >> make you actually Remove the other firewall before they'll install
    >> and XP also has a firewall monitor that'll complain to you.

    >
    > Two software firewalls may be a no-no, but I have three antivirus and
    > spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
    > and they all happily play nicely together, with the most obnoxious of
    > the three programs being Kaspersky (the "heuristics" is a pain),
    > followed by Webroot (has given false positives in the past, though the
    > company is good at correcting these mistakes) and AVG (works so nice,
    > with no problems, that I sometimes wonder if it's doing anything at
    > all, since I've seen ads saying that of all the vendors AVG products
    > miss the most viruses, but when scanning your system AVG finds
    > tracking cookies that the other two programs miss). Also Blacklight's
    > free online Windows Explorer ActiveX product has found tracking
    > cookies that all three of the above programs have missed.


    That's a reasonable arsenal you have, IMO with the exception of possibly
    Webroot, which I've only read about but don't have any actual experience
    with. Heuristics, for what it's worth, IS good, but by its nature very
    prone to false positives; better a false positive than a false negative.
    The user should be fairly savvy and understand what is causing the hits with
    heuristics or it can create a sense of worry that's totally unnecessary.
    Heuristics is simply watching for virus-like activity, unable to know
    whether it's legitimate accesses due to a user's programs or viral activity,
    so it notifies the user each time.
    Cookies, IMO I don't worry too much about. I only keep a few of them
    on my machine that I need for certain web site password, fast signongs etc
    and delete everything else. I use WinPatrol for that but for a lot of other
    things unrelated, too.

    REgards,

    Pop`


    >
    > RL





  20. Re: Norton vs Zone Alarm firewalls

    RalfG wrote:
    > It doesn't need to be a virus. I did encounter that one time when accessing
    > a web page unexpectedly triggered OE and the firewall blocked it. A


    Which means again you went to that web page to start with. It was your
    action which brought you there.

    > firewall may have the ability to block -any- application from sending email
    > without explicit approval. Monitoring outbound traffic also entails


    Still, any application can send email without explicit approval if it
    really wants to. That's the point which is usually not mentioned.

    > differentiating the legitimate processes from suspicious ones or spoofs. All
    > firewalls are not equal, but if the firewall is doing the job well it's not
    > enough for a process to pretend to be "iexplore.exe" in order to pass the
    > firewall, it has to be c:\program files\internet explorer\iexplore.exe, with
    > additional identifying information, be it a specific version number, CRC
    > etc. etc..


    An what keeps the malware from using the original IE to send out its data?

    > Viruses aren't smart, they're all constrained to operating within specific
    > program parameters. Some are more cleverly written than others but the vast
    > majority have already been beaten.


    Yes. But that's all. A single little bit cleverer malware sends out your
    credit card number through DNS. Your firewall does not help. It does not
    recognize it. You still need more effective means to protect your data
    which no security suite can provide.

    > Anyway this thread seems to be missing the point. It's analagous to saying
    > that we shouldn't bother using crosswalks or crossing at the lights because
    > it is always possible that some idiot driver might ignore the signals and
    > run us down anyway. One side (anti-security) says avoid the problem by never
    > crossing a street, the other side (pro-security) says use due caution and


    No. That is the wrong analogy. Noone ever said you can never cross the
    street.

    You say you have to install security firewall, i.e. you have to cross
    the street with the security installed, i.e. at the lights. You must not
    cross the street at any other place (i.e. without security) because you
    will be killed, i.e. it is impossible to cross the street at any other
    place except at the lights.

    Others say, this is not true. You don't need the security software. You
    can cross the street wherever you want. The traffic lights won't prevent
    you from being killed if all you do is to cross the street at the lights
    and never looking to the right or left. If you just start to walk when
    it's green you'll be eventually killed. There are a lot of nice drivers
    who stop at their red light but eventually you'll meet the one who does not.

    The alternative is not to rely on the lights. Don't trust the lights.
    The effective security is to switch on your brain and protect yourself
    looking to the left and right and making sure yourself it is safe to
    cross the street at this time and at this place. This effectively
    protects you far better than relying on some software which tries to
    make the decision for you when it is safe to cross and when not.

    And once you have learned how to cross the streets safely at any place
    you'll figure that you don't really need the lights as they only slow
    down your computer. Then you'll see that there is no MUST to use a
    security software as there are other far more efficient means to protect
    you. Then you'll see that all those people you think they MUST cross at
    the lights tend to turn off their brains because everybody else does the
    same and they'll never think about what they could do to protect
    themselves as it is "too complicated" or because everybody says "it is
    not possible otherwise".

    That's the correct analogy if you want to use the "lights". Noone ever
    said you cannot cross the street. On the contrary. (I already know how
    you will now adjust your analogy but...)

    > cross with the lights. I use a firewall mainly to keep unauthorised -people-
    > out of my PC, AV and AS software to keep out or kill malicious software.


    Anything that comes on to your computer first of all got there because
    of your action, i.e. your "invitation". But none of the security suites
    really deals with this fact nor

    Gerald

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast