D
Dan
What proof do the web-links that you posted offer?Paul said:
[Dshield] "Personal Firewalls" are mostly snake-oil"
ddrass ddrass at brtrc.com
Mon Jul 22 18:58:01 GMT 2002
* Previous message: [Dshield] "Personal Firewalls" are mostly
snake-oil"
* Next message: [Dshield] Ullrich in Sysadmin Mag.
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anyone in need of a good log analyzer for Zone Alarm needs to go to:
http://zonelog.co.uk/ . The logs will make more sense if you install
this product.
If you're looking for better protection, look for a hardware solution
that offers "stateful packet inspection". A cheap but decent product
is SonicWall. I use the XPRS2. Cheap but good.
-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On
Behalf Of
Russell Washington
Sent: Monday, July 22, 2002 11:01 AM
To: 'list at dshield.org'
Subject: RE: [Dshield] "Personal Firewalls" are mostly snake-oil"
I'll keep this in mind the next time one of my "expert home users" who takes
his "expertise" into the office tells me that his company doesn't need an
expensive firewall, because all they have to do is put Zone Alarm on one of
their servers and they'll be ok (heard this one too many times to count).
Yeesh. Nothing personal Richard, not flaming. Just pointing out that no,
these products are *not* on par with anything else out there legitimately
labeled as a "firewall" on the market-- Check Point, NetScreen, Cisco, etc.
Not even close; and anyone who thinks they are is beyond "ill-informed."
They are downright blind to their own lack of expertise.
Is Zone Alarm than nothing? Sure, so long as the user remembers that what
they have is a tricycle, not an SUV, and the moment they get broadsided by a
Lincoln Town Car they're going to suffer just like someone who had no
vehicle at all.
As far as the logs, well, they weren't much use to the last guy who came at
me with this. He didn't know how to read them. But he insisted that they
held the answer to his security worries. Funny that he was steadfast that
the answer to his security questions was sitting in the middle of something
whose contents he didn't have the expertise to interpret (and no, what he
was looking for was not in there).
Just my two bits
-----Original Message-----
From: Richard Stead [mailto:richard.stead at bigpond.com]
Sent: Sunday, July 21, 2002 2:02 AM
To: list at dshield.org
Subject: Re: [Dshield] "Personal Firewalls" are mostly snake-oil"
As rightly stated by Jens Knoell,
Firewalls are simply one layer of a defence against unwanted
intrusions.
The initial statement that "most Firewalls are mostly snake-oil" is
relatively ill-informed and simply not true. For those home users of
ZoneAlarm/Tiny Personal Firewall etc.... I would strongly recommend that you
stick to your guns and ignore such statements. Not only do they provide some
protection but they also provide their logs for our defence and early
warning.
Richard
----- Original Message -----
From: "Keith G" <keith.gainford at which.net>
To: "Dshield" <list at dshield.org>
Sent: Sunday, July 21, 2002 6:21 AM
Subject: [Dshield] "Personal Firewalls" are mostly snake-oil"
http://www.dshield.org/mailman/listinfo/list
_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
* Previous message: [Dshield] "Personal Firewalls" are mostly
snake-oil"
* Next message: [Dshield] Ullrich in Sysadmin Mag.
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the list mailing list
---------------- 1st link and part of 2nd web-link below
Uhm, no. I know a whole bunch of network security and abuse staff. The
response to any complaint with ZoneAlarm, BlackIce etc logfiles in it is
to close the ticket, usually with an annotation like 'GWF' (Goober with
Firewall). 99% of those reports are frivolous, about normal network
traffic. In the remainder of cases there's nowhere near enough data in
the logfiles to provide any idea of why the end user is upset. If you
send frivolous complaints that just wastes the time of the staff
receiving them and prevents them from handling real security issues. How
do you tell if a complaint is frivolous? If the sender doesn't
understand basic networking, it's almost certainly frivolous. If the
sender is complaining based on 'personal firewall' logs, it's definitely
frivolous.
------------
I disagree 99% of the reports that ZoneAlarm reports are not frivolous.
I don't see any serious research from these two web-links and I need a
better answer as to why you feel ZA is so poor. I actually use a NAT
router and Zone Alarm Pro. currently and I am happy with that setup
along with anti-spyware programs and an antivirus program. What kind of
security are you talking about Paul and I wonder if you ever visit the
homeusers newsgroup you will see lots of posts about how the Windows
Firewall has been disabled but I have yet to see one about how Zone
Alarm Professional was disabled. Therefore, I conclude that since the
Windows Firewall is there by default this would provide the most
convient and an easy attack point for crackers. I will concede that to
you. <grin>