firewalls

Hi all, just wanted some opinons on which firewall to use, zonealarm or sygate. I heard these ones were very good and just wondering which is better.

 

Outpost Pro and Tiny Firewall are excellent, I'm not aware of anyone breaching either of these yet. Zonealarm is right up there with using Norton, you will be breached due to slopy design and strong popularity.

 

Perhaps you'd care to elaborate. ZA is a top rated firewall by the ISCA, and the only issue anyone seems to have with Norton's firewall is it's tendency to be a resource hog. I was unaware that either firewall had these problems. Where did you get your information? I don't use either but I'm sure that those who do so would like to know any dangers they might face.

 

Huh, ZoneAarm and Norton can be breached due to sloppy design and popularity? Where you get your information from? ZoneAlarm is one of the best software firewalls in existence, I ran it for several years and not once has any of my systems been breached because the firewall wasn't up to the task, same with Norton.

@ BERG Both ZoneAlarm and Sygate Personal Firewall are very good software firewalls. I switched from ZoneAlarm to Sygate earlier this year. Sygate is a little easier on the system then ZoneAlarm; but which ever one you choose will get the job done.

 

Whatever firewall you choose, go to Shields Up from Gibson Research Associates to see how good your firewall is stealthing you. Leaktest is a little application to see how good your firewall is at blocking unauthorized outgoing connections, like trojans and viruses.

 

I would choose Zone Alarm since its a more simplier firewall for novices, but also provides good protection. But on the other hand Sygate is also a good but not quite a novice firewall. But either one is a good choice.

controlmind

 

One of the best features of sygate, is that it gives you tons of information on what is actually trying to access the net, while zone alarm, gives you useless information, even if you were to click the "click for more information" Their website info on a particular program is horrible, IMHO.

But, yes, ZA is quite a pretty product to use. I prefer sygate.

Though, at work on our "gaming computer" it uses NFORCE 4 chipset, which has a firewall built into the chipset. So far, this firewall blows away both sygate and ZA.

When I buy a new mobo, I'll be getting that, just waiting on the NFORCE 4 X16 SLI chipset.

 

Seems like there are alot of people bias towards ZA.
First off, because you haven't been breached or didn't realize it, doens't mean it is not possible.
For the majority of people a firewall is useless, due to the basic fact, no one is interested on what is on your pc.
Far as sources of my claims, do you really think most reviews posted in magaizes and on the net really go beyond a casual scan of the ports of the pc.
Further more, I'm sure you've heard news reports about a coporate web server being hacked, like running ZA would had stopped it from happening, that said, look at the big picture.
If you ever happen to know real hackers and not the 90% who are kiddie scripters and claim to be hackers, you may be enlightened to much information that you won't find on the net or in a review.

Enjoy ZA or Norton or any firewall you choose, cause the odds are no one wants to hack your pc anyway.

 

The odds are a hacker does want your PC, because the average home PC packs more power than the average business PC; and the more PC's a hacker uses for their nefarious activities the more difficult it becomes to track them. I said DIFFICULT not IMPOSSIBLE.

Don't give unsubstantiated opinion but instead cite fact and point those of us who give your claims little credence to actual source information.

 

I am sure the individuals I referenced would highly enjoy creating a lengthy list of “actual source information” for the FBI to find, what a great idea. Maybe they should put up a web came and we can watch them performing “nefarious activities”.

This is really quite amusing. I figured I’d share some restricted information to this thread to spread awareness, but with such a resistance to thinking outside the box, I’ll let you enjoy thinking you are hacker-proof behind your firewall.

 

Restricted information, then you just broke the law by sharing it. You have no idea who I am, what I know, and what I used to do for a living. What, you think the core members of this forum are just a group of home users who form their opinions by reading PC magazines. Several of us are IT professionals, some even specialize in Information Security.

Computer security is not some 'silver bullet' solution but a process, and running a firewall is but one piece of that process. The vast majority of computer break ins were accomplished by exploiting an unpatched system, or from bad user habits. The IT department didn't configure the firewall correctly, and I could continue. It is far easier to compromise a home system, and then the user takes the Trojan to work, installs it on a business PC which then infects the network, and opens a port for communication to the 'Hacker'. This is why many corporations are now site licensing AV/Firewall software for home use by their employees. Take your FUD and go somewhere else.

 

Is the box you refer to reality and truth? You have shared nothing but unsubstantiated claims. If you wish to be taken seriously, provide a concrete example.

 

The best thing you could ever really do is to secure your system from square 1 and being smart about things , Doing Your Updates Turnign off services you dont need or can be easily exploited. When Installing new software think about the out come of things and thake the appropriate course of action to secure it. Port Explorer is one of the best programs Ive seen unlike a firewall it doesnt limit your activity nor close anything, but it fully allows you too see everything that is connected to the internet ports process UID etc.. another thing Ive found useful is changing the root of c$ and d$ ect to an empty directory and kill admin$, so if anyone does get your well thought of blank password the files get routed to that directory could still be executed, but if left behind you have fair enough warning there..(That is if you need shares or even creating your own personal shares) Personally from all the winsock2 errors left behind from every Windows based Firewall mentioned here Id suggest using common sence and think about whats happening, Firewalls can / will limit what you do and can be a huge pain in the ass in the end. Check out Port Explorer just google it youll get a nice trial. The best firewall for windows i have seen is Tiny. It lets you make very specific rules.
Tho I dont have windows, so I just use freebsd's own firewall and no AV. I dont really download much from untrusted sites, and as long as my firewall stays in tip top shape, noone can upload virus' to me.Stay away from zonealarm, as this is most likely the biggest piece of bloatware around. Also, ZA is a nice dos amplifier, as it will eat so much resources when someone sends you lots of packets that your pc will stop responding to everything (well, maybe, that's their way of "protection - dead pc -> no way to attack it further).According to the posting to the BugTraq mailing list, the vulnerability involves the Windows shell32.dll file, which can invoke the ShellExecute function. When one of the parameters of ShellExecute is set to a Web address, the web browser is prompted to access the web site in question -- and, under most ZoneAlarm configurations, is allowed to freely access web sites without the express permission of the user.
That browser could quickly access a malicious web site, funnel a short string of confidential information (such as a username and password) and quickly redirect itself to an innocuous and trusted web site.
Although not stated expressly, the vulnerability appears to first require a Trojan to be loaded onto the user's machine via an email virus or some other means. However, concluded that the vulnerability is common to all of the freeware versions of ZoneAlarm. Executives at Zone Labs, however, said that the free version of ZoneAlarm provides adequate protection. OMG..spelling!

Ä# zone alarm dose not protect you computer on a kernal level!
Ä# tiny and outpost protect you computer on a kernal level!
Ä# vexira and nod32 are the best antivirus!
Ä# go ahead and flame me! tell me that im wronge! i need a good lol
Ä# windows built/in firewall is license's from tiny firewall for a good reason!
Ä# so where the feck do you get you get you info?¿? top ten firewall review?

btw...stop the flaming, its very childish of you, opinions are like Ä/hole's everyone has one! I was the one who told ruebarb whats up with firewalls and no im not a IT tech , im a unix programmer...so whats the diff...¿
You are the 1st security expert to say zone alarm is safe....try again!
I dont have much time explaining that ZONE ALARM is the worst application firewall and TINY is #1. (b/c go0gle told m3 diss)

thankx....your posts where very helpfull and i can see that windows is doing very well with the help from IT techs like yourself.

 

ZA used to be a good firewall for the novice user. I've been trying out Version 6 of it lately and some of the stuff it reports is absolutely confusing to me, and I'd like to think I have a pretty good grasp of computers. For example, on the rare occasion that I open Internet Explorer and go to click on Tools (to go to windows update), ZA gives me the alert that "Internet Explorer is trying to monitor your mouse movements and keyboard strokes." I'm still not sure of what to make of this warning. Unfortunately, ZA is starting to become a bit too bulky for its own good. I've been thinking about switching to something else as well....

 

I'm going to snip significant portions of your post. Why, they just aren't pertinent to the issue at hand.

I totally agree with that statement. However the average Windows user has no idea how to harden their system and very rarely applies system updates.

Port Explorer is a very useful app, but it is not something the average Windows user would know how to use; as they know nothing about ports, packets and protocols.

Bad habit period, Windows, BSD, Unix, Solaris, Linux, OSX

Only if you let it.

ZA Plus and Pro, maybe, ZA Free not so.

You described a vulnerability in Windows not ZoneAlarm. Again this requires the USER to do or fail to do certain things. First the user must receive an email with the Trojan included. The user is either not running an Antivirus program or they are running one but have failed to configure the email scanner. The user is also most likely using Outlook Express, with preview pane enabled, they have an unpatched Windows Operating System. The Trojan would have to be installed without the AV scanner detecting it. Then given permission, by the user, to access the Internet; which would then open a port for the Hacker to send malicious code to exploit the vulnerability in shell32.dll.

<SNIP>

Matter of personal opinion

I don't make it a habit to flame people. I may get somewhat direct in some of my responses; but I don't flame.

Microsoft may have licensed the Tiny Firewall technology; as with everything else they crippled it. The Windows Firewall is not a true firewall, it only blocks incoming traffic, not outgoing.

<SNIP>

It's only as safe as the user.

Once again, Personal opinon.

The average Windows user, knows nothing about computer security. I am constantly looking for a no/low cost, and as a BSD user you can appreciate the no/low cost aspect, effective Anitivirius/Firewall combination that provides adequate protection. At 30-40 dollars for Anti-virus software; another 30-40 dollars for a software firewall, then add annual subscription fees to keep your AV/Firewall up2date. Your average Windows user isn't going to spend that kind of money.

The computer is only as secure as the users computing habits, no amount of protection will prevent system infection, from a user who just doesn't have a 'Clue'.

 

I've got one of those, and I've never gotten it to work. It uses a web-based admin console, and as near I can tell the default configuration for the firewall is to block everything from everywhere including their own web console.

GOOD JOB NVIDIA!

There's a command line program to change the default allow/deny lists as an alternative to the web console, but I don't have time to bother with learning the cryptic syntax and figuring out how the silly thing works just to get basic access to the web.

 

Symantec purchasing Sygate
http://www.symantec.com/press/2005/n050816a.html

Arrrr, this is another good outfit swallowed by a megalith. Can only *hope* that Sygate's pfw stays lean and mean.

right.

I bought NSW for several years and still like it's utilities, but don't like to see Sygate bought out.

 

oops,

ZA free, Kerio pfw, Sygate have been very good firewalls for me, never any intrusions.

 

It is a PITA, but it is possible to get it to work. I really like the interface.

But, on a side note, what is truly safe? No internet connection.

What could be easier to protect your machine? Nothing really, if someone really wanted into you system, it is nearly impossible to block them

I also, used to work in Naval Intelliengence field, also part of a Joint Intel command /w Nato. Anyone giving out restricted information, was not canned, they were jailed for life.

 

I'm still waiting for Ruebarb, or anyone else with the same opinion to post relevant, factual links instead of unsubstantiated and incorrect blanket statements.

Steve Gibson, of Gibson's Research, is one of the most highly respected security experts, and his site rates ZoneAlarm as his personal favourite and has done so for years.

I've never heard, nor experienced a breach of ZoneAlarm, however, I'm open-minded and more than happy to study any factual links or documents that anyone can provide to the contrary.

Berg, to answer your post, both are excellent firewalls, as is Agnitum Outpost. (freeware)

It's really all down to user preference, as they all offer excellent protection.

I prefer ZoneAlarm, but only because I'm comfortable with it, and has better outgoing program information.

 

Do you know of any good sites or tutorials?

 

Hello, Insomniac; g'day mate http://forums.majorgeeks.com/images/smilies/wink.gif. Since noone, will step forward and cite facts to support their argument against ZoneAlarm, I thought I would post some relevent information from an actual source, www.securityfocus.com, and used (kinda) by jguitar.

http://www.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=ZoneAlarm&x=0&y=0 (search citeria zonealarm)
http://www.securityfocus.com/bid/12531 (latest security bulletin of ZA DOS vulnerability)
http://www.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=shell32.dll&x=0&y=0 (search citeria shell32.dll) The actual article I won't link to, since it contains an example script.

Again, as I stated on many occassions, if Windows is up2date, ZoneAlarm is up2date, and your AV software has the latest definitons this is a non-issue.

I like Steve Gibson's site also.http://forums.majorgeeks.com/images/smilies/smile.gif

 

Unfortunately, no, I figured it all out on my own. Though, I'd download the latest NFORCE drivers from nvidia, which I believe I did.

 

Just one question, if I may. Do any of the free firewalls have the ability to block the sending of web browser info such as all the previous websites you've visited, or is this privacy feature exclusive to the paid firewalls?

(If this question was already answered before, sorry ahead of time if I didn't find it)

 

I've never heard of this, and that's not what a firewall does.

Privacy is basically Ad-Blocking and Cookie Control. ZoneAlarm (Free) has that, or at least used to.

 

Norton Firewall 2005 has a "Privacy" tab with "advanced options" that lets you block information about websites visited, as well as blocking information about your web browser. I was just wondering if any free firewalls have that, or is it only available from Norton? OR, can you somehow block that info anyway regardless of whether or not you have a firewall?

 

You will find that most firewalls have that, however, the privacy tab doesn't filter your browser's history.

What they do is monitor and control certain sites, cookies and ads.

And as I said previously, ZoneAlarms free version has or used to have that.

What info do you want to block exactly?

 

If you go here http://www.pcflank.com/browser_test3.htm they are testing for something called the "referer" which, if I'm not mistaken, is revealing your browser history and can leak all kinds of other information. That's what I'd like to block. When I had ZoneAlarm installed it never passed that test and I didn't know how to configure it to block the referer, if it could.

 

All that site does is check if you have various cookies enabled.

A lot of sites use certain cookies, like this place. It's generally benign in nature and nothing to worry about.

You can disable certain cookies, but it will also make your browsing less streamlined.

It can also be done via your browser, usually third-party cookies.

ZoneAlarm can block cookies, as would most firewalls I assume, but it will make surfing a chore, and you won't be able to access some sites.

You can test your ports at GIBSONS RESEARCH. (Sheilds Up test)

 

Insomniac I think they are testing for more than just cookies. They have a test for cookies and they also have a separate test for the referrer. If I use Norton PF and check off the option to block information about visited sites, then I pass the referrer test. If I don't check that option then I don't pass it, and it has absolutely nothing to do with the cookie test. Also, if you go to the website "privacy.net" and click on the bottom "Network-Tools.com/analyze" they also test for browser info such as last visited websites. It has nothing to do with cookies. I'ts kind of creepy, really, to think someone would be able to get that kind of info, especially if the last visited website was your bank account.

 

No, the Referer test as they call it, checks for tracking cookies.

How else do they know your browsing habits or history?

If you block cookies, you will pass!

I just tried it with ZoneAlarm without Cookie Control, and didn't "pass", then tried it with ZoneAlarm Cookie Control on High and I passed, so it's based on whether or not you accept a tracking cookie.

 

Maybe if you're using ZA PRO, which has a referrer blocker in it, that will work, but not the free ZA. Anyways, I found relevant info about this issue here: http://www.stardrifter.org/refcontrol/

and here: http://www.wilderssecurity.com/showthread.php?t=95910

if anyone's interested.

 

The free ZoneAlarm has it, or at least used to.

Anyway, you can do it via your Browser or any application that manages cookies.

If you block cookies, you will pass.

They might call it a fancy name like "Referer", but it's cookies.

 

If y'all don't mind I'll stick to the recommendations of this board and hope for the best. In several cases I have been advised by members of this board and the outcome was great. Keep it up guys.

Jack

 

What on earth does that have to do with anything we are discussing?

 

I am currently using Zone Alarm free edition. Looking at the Sygate page it looks quite interesting. Can I load that as well as ZA and compare or do I have to disable ZA?

 

Better to disable it, however it's "True Vector" module will still be running.

If you are using XP, temporarily disable it in services.