Avast or Zone Alarm using proxy server?

[ROBERT S AMP BA Drake]

I do a lot of security work and have never found ZoneAlarm to be the
problem. Gurus, when consulted by the consumer, always blurt out "firewall"
before they have a clue.

 

[ROBERT S AMP BA Drake]

I'll add that a firewall doesn't totally protect you - raises the bar a
little higher and makes it harder for the perpetrator.

 

[ROBERT S AMP BA Drake]

ZoneAlarm has asked permission to go out on two occasions for me that were
unknown programs. Symantec research identified them as viruses and I was
able to kill them off. They both came through the browser. That alone
gives ZA an advantage over MS FW - IMO

 

[Lars-Erik Østerud]

ROBERT S AMP BA Drake skrev:

I'll add that a firewall doesn't totally protect you - raises the bar a
little higher and makes it harder for the perpetrator.

Of course not. But if you are awake you CAN do without anything. I
have never gotten any virus on my computer because I never run risky
programs. The alerts I get are from the e-mail virus scanner, but
those messages would never have been opened by me anyway

But with a router/firewall, ZoneAlarm, avast! anti-virus, and regular
scan with AdAware and Spybot S&D the system should be fairly clean

 

[Roger Wilco]

aftermarket

Sorry I don't follow. "XP's firewall and another" with another = "XP's
firewall"?

Sorry - XP's firewall and "another" PFW.

It's not preferable to a HW FW. But it is magnitude better than a
standard commercial PFW that does protect the user against everything
and anything including himself. From the software design point of view
the XP SP2 FW is much more likely to do what it is supposed to to and
less vulnerable than a PFW.

How is it "less vulnerable" to have a PFW bundled with an OS as popular
as XP? Wouldn't a certain anount of diversity be better? Aside from the
integration with the OS being better, what else is there about the XP
firewall that makes it better?

Yes, but these features only work in limited scenarios and are never
100% secure. The problem is, people rely on things like application
control and are extremely surprised when you demonstrate how easy it is
for an application to send data out although the PFW is running. The PFW
does nice things but you have to know what is actually does and can
accomplish. The marketing people of PFWs won't tell you that...

That is what I meant - these "value-added" featues aren't really what
firewalls are all about, and what firewalls are all about isn't covered
by having PFW software running on the machine you hope to protect. How
is XP's any better in this respect than any "other" PFW?

 

[Roger Wilco]

ROBERT S AMP BA Drake skrev:


Of course not. But if you are awake you CAN do without anything. I
have never gotten any virus on my computer because I never run risky
programs.

[snip]

The thing about viruses is that they can make any program "risky".

Not running "risky" programs will help you to avoid trojans and some
worms that arrive as programs, and scanning these program files will
usually identify them if known to the scanner. A virus can be inside a
program (or document) that you have trusted for years.

 

[Gerald Vogt]

Roger, could you please update your OE, I think you are not running the
lastest version and you may be vulnerable to known security exploits.
Second please try to get QuoteFix or something similiar. Your OE does
wrap quoted text...

How is it "less vulnerable" to have a PFW bundled with an OS as popular
as XP? Wouldn't a certain anount of diversity be better? Aside from the
integration with the OS being better, what else is there about the XP
firewall that makes it better?

The better integration and less functionality aka less lines of codes.
The PFW does, well, everything what you could imagine. The XP SP2 FW
does packet filtering. Nothing more.

That is what I meant - these "value-added" featues aren't really what
firewalls are all about, and what firewalls are all about isn't covered
by having PFW software running on the machine you hope to protect. How
is XP's any better in this respect than any "other" PFW?

Well, these "value-added" features are integrated with the PFW. They
combine into a large complex product. These different features have
dependencies and interactions. Higher complexity is more difficult to
manage and more vulnerable to bugs. A proper design should not mix
security related functionality like the firewall protection with
anything else. A bug in some pop-up blocker of your PFW may cause to
instability of the PFW including your firewall. The IE pop-up blocker -
if you use IE - is not linked in any way with the XP SP2 FW.

It seems so nice to have a "security suite" which provides you with any
imaginable security gadget. It is useless in absolutely contradictory to
good security design which limits itself to what is actually necessary
and makes sure that this is working properly and securely...

Gerald

 

[James Egan]

Anybody serious about security will have a
dedicated firewall device not some software running on the machine that
hopes to be protected. He is absolutely correct about not battling
security with complexity.

Nope. You must be wrong 'cos it says so on the zonelabs website.
http://download.zonelabs.com/bin/promotions/btyahoo/index.html

"Hacking is on the rise. And not just in the business sector. It¹s
relatively easy for online interlopers to hop the standard router
firewall and gain access to your financial information, your personal
identification numbers, your passwords and more."

Perhaps one of the many zonealarm promoting posters can explain how
this router firewall hopping is so easily accomplished.

Or maybe the zonelabs website is as full of shit as their firewall.


Jim.

 

[Gerald Vogt]

ZoneAlarm has asked permission to go out on two occasions for me that were
unknown programs. Symantec research identified them as viruses and I was
able to kill them off. They both came through the browser. That alone
gives ZA an advantage over MS FW - IMO

First: you had the virus already. Why do you run viruses in the first
place. A virus running on your computer can do whatever you can do on
the computer. Including reconfiguring ZoneAlarm.

Second: you do not know that ZoneAlarm "killed them off". You know maybe
the some communication attempt was blocked. You do not know what other
attempts have been made as well which ZoneAlarm did not detect. How do
you know that this was not a probe message for you to catch so that you
think "ZA protected me. I am safe".

Third: This killing off only leads you to the conclusion that you are
safe and protected for now. This is wrong. A compromised computer is a
compromised computer. If you already had two viruses and will expect
more to come soon. And I would not wonder that this may be due to some
backdoor or similiar that goes undetected in ZoneAlarm.

Fourth: I know the truth is hard to grasp and you won't like it, surry,
but: It is most likely your fault of lacking precautions on your actions
that you got that virus. Either you run it or installed it with some
dubious software or you got it because you did not keep your system
up-to-date. The occasions where an unknown/not-yet-patched security
vulnerablity are not impossible but yet pretty rare.

Gerald

 

[Gerald Vogt]

But with a router/firewall, ZoneAlarm, avast! anti-virus, and regular
scan with AdAware and Spybot S&D the system should be fairly clean

This is exactly the sentence that people want to believe so that they do
not have to worry about security. If you computer is clean or not
depends on what the user does...

Gerald

 

[Gerald Vogt]

"Hacking is on the rise. And not just in the business sector. It¹s
relatively easy for online interlopers to hop the standard router
firewall and gain access to your financial information, your personal
identification numbers, your passwords and more."

Perhaps one of the many zonealarm promoting posters can explain how
this router firewall hopping is so easily accomplished.

Or maybe the zonelabs website is as full of shit as their firewall.

Well, I don't know if ZA does have a privacy protection function, but
Symantec Norton Internet Security has. You can enter all your sensitve
data like credit card numbers etc. there and NIS blocks attempts to send
this data out. NIS has been vulnerable to hacking and has been exploited
in the past. With all these personal data collected in one place (our
PFW) it is really easy to "gain access"...

Gerald

 

[Roger Wilco]

Roger, could you please update your OE, I think you are not running the
lastest version and you may be vulnerable to known security exploits.

My OE is just fine, thanks for your concern.

Second please try to get QuoteFix or something similiar. Your OE does
wrap quoted text...

I'll look into that, someone else suggested that I wrap at 72 and so I
do. Looks okay from here.

The better integration and less functionality aka less lines of codes.
The PFW does, well, everything what you could imagine. The XP SP2 FW
does packet filtering. Nothing more.

What it gains in lack of complexity - it loses as bundled software.

[snip]

It seems so nice to have a "security suite" which provides you with any
imaginable security gadget. It is useless in absolutely contradictory to
good security design which limits itself to what is actually necessary
and makes sure that this is working properly and securely...

<sarcasm>
....and Microsoft has such a good reputation for achieving this.
</sarcasm>

 

[Gerald Vogt]

I'll look into that, someone else suggested that I wrap at 72 and so I
do. Looks okay from here.

Here a original quote from your posting:
------------------ quote ------------------------------------- quote end -------------------

you see the "popular", "the" and "XP. OE does the wrapping when you
send. You won't see it on your screen while typing, I think. Just look
at a couple of your postings...

What it gains in lack of complexity - it loses as bundled software.

That does not change anything about the XP SP2 FW efficiency.

<sarcasm>
...and Microsoft has such a good reputation for achieving this.
</sarcasm>

If you don't believe that Microsoft does anything right, then do not use
their software...

Gerald

 

[Lars-Erik Østerud]

Gerald Vogt skrev:

This is exactly the sentence that people want to believe so that they do
not have to worry about security. If you computer is clean or not
depends on what the user does...

You still have to worry about security (not running every program you
find or click every attachement you get) BUT your are better protected
than with nothing (someone else COULD click an attachment, or is there
no one else other than yourself using your computer). Alternatives?

 

[ROBERT S AMP BA Drake]

First - Why run viruses? Because you catch them as you do a cold.

Second - ZA did not kill them off, it simply alerted me that an unknown
program was trying to get out. I had to get the fix from Symantec to kill
them off.

Third - there are ways to vaildate your security

Fourth - I don't agree that you rarely that you get a virus, worm, spyware,
or other demon that has not been identified and put into the vendor
signature files. Do you remember the I Love You virus that nearly put down
the world? Virus protection is only as good as the signature file - if it
is not updated before the virus is in the wild, you have a problem. You are
never totally protected.

On this computer I look for trouble and do not practice safe hex. The the
computer is locked down as tight as I can get it and I work on getting it
tighter all the time.

I think you may be over simplifying the issues a little, hey but what do I
know.

 

[Gerald Vogt]

First - Why run viruses? Because you catch them as you do a cold.

Strange. Strange. Maybe I am of particular good health...

Second - ZA did not kill them off, it simply alerted me that an unknown
program was trying to get out. I had to get the fix from Symantec to kill
them off.

Again: you killed something. You don't know if it was "everything"...

Third - there are ways to vaildate your security

Elaborate please. How do you validate "your security" of a compromised
system?

Fourth - I don't agree that you rarely that you get a virus, worm, spyware,
or other demon that has not been identified and put into the vendor
signature files.

I don't. How often do you install new software? Every day?

Do you remember the I Love You virus that nearly put down
the world?

Yes, I do remember. Classic example for my point: you receive a VBS
script as attachment to your e-mail. Nobody forces me to open an
attachment to an e-mail I never asked for from an unknown source with a
weird contents and strange attachment. The user has to open the attachment.

Virus protection is only as good as the signature file - if it
is not updated before the virus is in the wild, you have a problem. You are
never totally protected.

No. You are not. But you do not understand what a virus scanner does. A
virus scanner is not the mean to free you from the decision whether or
not to open a particular attachment. It may or may not intervene. But
the basic decision is yours. If you just open attachments and think, the
virus scanner will prevent it if is a virus, it is still all your own
fault. So, if I don't have a virus scanner I still don't have a problem
that you claim I would have. It is still the users you has to open the
attachment.

The only malware that you are totally unprotected against is malware
that exploits a security vulnerablity which has not been fixed, yet.
(O.K., Internet Explorer always falls into this category because it has
unfixed vulnerablities for years now) If you keep your system updated
with current security updates pretty much most of the known
exploit-viruses & worms won't work. Most of the last epedemics where due
to unpatched computers which haven't been updated for months or years.
These could have been easily prevented (O.K., I see the impacts of
certain updates for businesses which let's them hesitate to run the
updates...). The other epedemics where those attachment etc. worms which
were due to the user.

On this computer I look for trouble and do not practice safe hex. The the
computer is locked down as tight as I can get it and I work on getting it
tighter all the time.

Well, if you look for trouble you certainly get it. If you even know
that you are doing that, then it is IMHO irresponsible behaviour because
some of that "trouble" will most likely affect other people as well.

I think you may be over simplifying the issues a little, hey but what do I
know.

To me it seems you are simplifying the issue if you don't even care
about what you do...

Gerald

 

[ROBERT S AMP BA Drake]

I work security. You have to get in their world to build defense
mechanisms.

 

[Gerald Vogt]

I work security. You have to get in their world to build defense
mechanisms.

You claim ZA "kill them off". I wrote that you don't know that for sure.
You don't give any hints how you want to verify that ZA got everything.

And even if you verify it, let's say, by comparison with a mirror if you
work security you should know that there is no security-by-example. One
prevented attack does not tell anything about the quality of your security.

Gerald

 

[ROBERT S AMP BA Drake]

You're not reading my response nor understanding. ZA kills nothing - it
detects.

 

[Gerald Vogt]

You're not reading my response nor understanding. ZA kills nothing - it
detects.

O.K. You don't read mine either. But anyway, how do you know for sure,
in general, that ZA does detect all and you was able to kill everything
off? What is it worth to have some insight in two occasions? What are
the implications of these two occasions for the general security on a
compromised machine? What are the implications for general security?
What are the implications of these "detection" messages to users and
users' behaviour?

Gerald