I miss Zone Alarm

[Walter_Slipperman]

I am running Vista Home Premium 64 and there is no 64 bit version of Zone
Alarm so I am depending upon the Windows Firewall instead. It may be a
safer product than Zone Alarm. I have no way to know. But I miss Zone Alarm
because I could always see when something was initially trying to send data
out of my computer. With Zone Alarm during or directly after installing an
app I would get a pop up message from ZA asking me if I wanted to let a
specific app go out through the fire wall. Maybe I have something set up
wrong with the Windows Firewall but I don't recollect that I have seen this
with the WF. When I go to the WF window it says that it is turned on.

Plus I am confused how to understand the Exceptions list. I don't see all
the applications that I have installed on my computer that I would normally
see in ZA. In fact I don't see most of the apps, including some that I know
go out to do autochecking for updates.

Plus when I look in the exceptions list I see that Skype is unchecked but
Skype does work. So what does the check mean?

Walter

 

[Straight Talk]

I am running Vista Home Premium 64 and there is no 64 bit version of Zone
Alarm so I am depending upon the Windows Firewall instead.

Why would anyone want to put crap like ZA on a 64-bit machine?

It may be a safer product than Zone Alarm. I have no way to know.

Well, if you don't know, then why even consider installing ZA in the
first place?

But I miss Zone Alarm because I could always see when something was
initially trying to send data out of my computer.

Ahhh.. you miss that good nice feeling of being in control...

With Zone Alarm during or directly after installing an
app I would get a pop up message from ZA asking me if I wanted to let a
specific app go out through the fire wall.

Yes, it would. Now, please explain how this is in any way security
related?

Maybe I have something set up wrong with the Windows Firewall but I don't
recollect that I have seen this with the WF. When I go to the WF window it
says that it is turned on.

The Vista firewall wisely doesn't try to copy the stupid behavior of
3rd party firewalls.

Plus I am confused how to understand the Exceptions list. I don't see all
the applications that I have installed on my computer that I would normally
see in ZA. In fact I don't see most of the apps, including some that I know
go out to do autochecking for updates.

That's because you don't understand what exceptions mean. Your brain
has been badly influenced by the so called "outbound control" feature
of ZA.

Plus when I look in the exceptions list I see that Skype is unchecked but
Skype does work.

Of course.

So what does the check mean?

It means that Skype is not allowed to receive incoming connections.
That doesn't prevent Skype from working in any way.

Now, how can you expect to gain any security from installing a crappy
packet filter like ZA when you don't understand networking in the
first place?

 

[C.B.]

I am running Vista Home Premium 64 and there is no 64 bit version of Zone
Alarm so I am depending upon the Windows Firewall instead. It may be a
safer product than Zone Alarm. I have no way to know. But I miss Zone
Alarm because I could always see when something was initially trying to
send data out of my computer. With Zone Alarm during or directly after
installing an app I would get a pop up message from ZA asking me if I
wanted to let a specific app go out through the fire wall. Maybe I have
something set up wrong with the Windows Firewall but I don't recollect
that I have seen this with the WF. When I go to the WF window it says
that it is turned on.

Plus I am confused how to understand the Exceptions list. I don't see all
the applications that I have installed on my computer that I would
normally see in ZA. In fact I don't see most of the apps, including some
that I know go out to do autochecking for updates.

Plus when I look in the exceptions list I see that Skype is unchecked but
Skype does work. So what does the check mean?

Walter

Walter,

Try Comodo. It's free.

C.B.

 

[Kayman]

I am running Vista Home Premium 64 and there is no 64 bit version of Zone
Alarm so I am depending upon the Windows Firewall instead. It may be a
safer product than Zone Alarm. I have no way to know. But I miss Zone Alarm
because I could always see when something was initially trying to send data
out of my computer. With Zone Alarm during or directly after installing an
app I would get a pop up message from ZA asking me if I wanted to let a
specific app go out through the fire wall. Maybe I have something set up
wrong with the Windows Firewall but I don't recollect that I have seen this
with the WF. When I go to the WF window it says that it is turned on.

Plus I am confused how to understand the Exceptions list. I don't see all
the applications that I have installed on my computer that I would normally
see in ZA. In fact I don't see most of the apps, including some that I know
go out to do autochecking for updates.

Plus when I look in the exceptions list I see that Skype is unchecked but
Skype does work. So what does the check mean?

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

"Personal Firewalls" are mostly snake-oil.
http://www.samspade.org/d/firewalls.html

Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."

Vista Firewall Control.
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/

 

[Kayman]

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

"Personal Firewalls" are mostly snake-oil.
http://www.samspade.org/d/firewalls.html

Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."

Vista Firewall Control.
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/

And since you're so concerned about outbound traffic, this may assist also:

Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html

"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound,
with the ability to customize rules to fit your precise needs."

 

[Straight Talk]

Try Comodo.

Sure. Replace one broken concept with another.

It's free.

Most crap is.

 

[Kayman]

On Sat, 9 Feb 2008 16:49:35 -0600, Brink wrote:

'Leak-tests results - matousec.com'
(http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php)

Firewall LeakTesting.
Leo: So the leaktest is kind of pointless.
Steve: Well, yes, that's the problem is...
Steve: Well, it's why I have not taken the trouble to update mine, because
you...
Leo: You just can't test enough.
Steve: Well, yeah...
Read the entire conversation and be "astonished" and "educated"
http://www.grc.com/sn/SN-105.htm

 

[Walter_Slipperman]

COMODO Firewall is a great free program. You might give it a go and
see how you like it.

I'm downloading it and installing it now. Should I eventually go into
Vista's Windows Firewall and turn it off?

- Walter

 

[Walter_Slipperman]

On Sat, 9 Feb 2008 16:49:35 -0600, Brink wrote:


Firewall LeakTesting.
Leo: So the leaktest is kind of pointless.
Steve: Well, yes, that's the problem is...
Steve: Well, it's why I have not taken the trouble to update mine, because
you...
Leo: You just can't test enough.
Steve: Well, yeah...
Read the entire conversation and be "astonished" and "educated"
http://www.grc.com/sn/SN-105.htm

coincidentally I recently listened to that podcast. I've probably heard
about 25% of the shows that Leo and Steve Gibson have done since they
started doing them and that was one of them. I don't kow what to make of
the leaktest stuff. From another posting I see that the Comodo firewall
appears to do the best job but I take from the podcast that the exploits
could be configurable so just because Comodo can block an exploit it doesn't
mean that it would catch it if the exploit was slightly tweaked, which it
would be. But I'll still install it and give it a try, knowing that it
might not make my machine any more secure.

BTW, I just listened to the latest Security Now #130 and heard about the
"banking trojans". Wow.

 

[Paul Smith]

coincidentally I recently listened to that podcast. I've probably heard
about 25% of the shows that Leo and Steve Gibson have done since they
started doing them and that was one of them. I don't kow what to make of
the leaktest stuff. From another posting I see that the Comodo firewall
appears to do the best job but I take from the podcast that the exploits
could be configurable so just because Comodo can block an exploit it
doesn't mean that it would catch it if the exploit was slightly tweaked,
which it would be. But I'll still install it and give it a try, knowing
that it might not make my machine any more secure.

BTW, I just listened to the latest Security Now #130 and heard about the
"banking trojans". Wow.

For everyone's benefit....

Take everything Steve Gibson says with a pinch of salt, above all else he's
a journalist and not a "researcher". Anybody who has predicted the death of
the internet so many times, and been wrong doesn't have all screws fully
tightened.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

 

[Kayman]

On Sun, 10 Feb 2008 23:39:24 -0000, Paul Smith wrote:

For everyone's benefit....

Take everything Steve Gibson says with a pinch of salt, above all else he's
a journalist and not a "researcher". Anybody who has predicted the death of
the internet so many times, and been wrong doesn't have all screws fully
tightened.

Quite right! It must have caused him (Steve) some 'agony' basically
admitting that outbound traffic features in fw are next to useless. Pity
that others (inexperienced users) are still blinded by all the marketing
hype, oh well. At least the makers of Kerio fw have admitted that the
feature is not worth having.

 

[Ray]

Quite right! It must have caused him (Steve) some 'agony'
basically admitting that outbound traffic features in fw are next
to useless. Pity that others (inexperienced users) are still
blinded by all the marketing hype, oh well. At least the makers of
Kerio fw have admitted that the feature is not worth having.

From what I read of his podcast transcription, his point seems to be
that there are so many ways around an outbound traffic filter that it's
not worth bothering. Is that the general idea?