XP2 Firewall

[doc]

Hi,

I have Zone Alarm firewall, and now the WIN XP2 firewall. I know that the
XP2 fire wall does not block outbound stuff while Zone Alarm does. My
question is: If the inbound wall does its job, and I also have Antivirus
(Norton), and I do not open attachments from no one, why do I need outbound
protection ? I do not share files and I am the only one who uses this
computer. I am tired of Zone Alarm Pro asking me if I want to allow this or
that, all the time. Some has the “remember my answer” most do not. One
irritating is that every time I turn the computer on I get the following “Do
you want to allow the Application Layer Gateway Service to act as a Server/”
I click details to find out what this is and get “Unknown”

Thanks for any info.

Doc

 

[Bruce Chambers]

Hi,

I have Zone Alarm firewall, and now the WIN XP2 firewall. I know
that the XP2 fire wall does not block outbound stuff while Zone
Alarm does. My question is: If the inbound wall does its job, and I
also have Antivirus (Norton), and I do not open attachments from no
one, why do I need outbound protection ? I do not share files and I
am the only one who uses this computer. I am tired of Zone Alarm
Pro asking me if I want to allow this or that, all the time. Some
has the "remember my answer" most do not. One irritating is that
every time I turn the computer on I get the following "Do you want
to allow the Application Layer Gateway Service to act as a Server/"
I click details to find out what this is and get "Unknown"
Thanks for any info.

Doc

Yes, you still need a firewall that monitors outbound traffic.
Most antivirus applications do not even scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right? Your own post confirms this. If
ZoneAlarm is "...asking me if I want to allow this or that, all the
time," then you most likely have quite a few intruders installed.
There should only be a very few applications that need outbound
access, and even fewer should be acting as a server. Instead of
complaining that ZoneAlarm is doing what it's designed to do, why
don't you remove the malware that're causing the alerts?

The Windows Firewall doesn't monitor out-going traffic at all,
other than to check for IP-spoofing, much less block (or at even ask
you about) the bad or the questionable out-going signals. It assumes
that any application you have on your hard drive is there because you
want it there, and therefore has your "permission" to access the
Internet. Further, because the Windows Firewall is a "stateful"
firewall, it will also assume that any incoming traffic that's a
direct response to a Trojan's or spyware's out-going signal is also
authorized.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Unknown]

Very inteligent question. You'll get a lot of emotional gibberish on this. Too
many paranoric users. I did read on one of these newsgroups that SP-2 does
indeed block outgoing. I cannot verify however. I do not use ANY antivirus
programs and have no problems. If you are not paranoid, uninstall Zone Alarm
and Norton and run your computer. You'll be amazed. I keep my system updated
and have NEVER had a virus. Incidently none of my circle of friends and
relatives (and there are many) use any virus programs either.

 

[Jupiter Jones [MVP]]

Doc;
Do not confuse "paranoid" with security.
You do not lock the door of your home because you are "paranoid", you
lock the door for the security it affords.
This is not "emotional gibberish", this is a fact necessary if you
wish to remain secure.

As you stated, the windows XP ICF does not control outbound traffic.
If you see someone post that it does, post back and ask for an
authoritative reference.
Or even wait for those with the facts to set the ignorant poster
straight.

In theory you do not need to watch for outgoing traffic.
If you computer is secure and clean, there is nothing getting out you
do not want out.
However if something sneaks in because you or someone accidentally let
it in (can easily happen) you would be glad for that feature in the
firewall now stopping your personal data from leaving your computer.
Disable Windows ICF and keep Zone alarm.

 

[Jupiter Jones [MVP]]

Your own "emotional gibberish" is noted and quickly discarded as the
waste that it is.

Perhaps what you said applies to you and your circle, but it is no
good for the masses.
Most are not blind and would rather see and deal with the issues
instead of bury their heads in the sand.

 

[doc]

Thanks for the info.
As I said , I am the one only that uses this computer.
Could you tell me how I could accidentally let something in? I honestly do
not know. Could you give me an example, or two. I would appreciate.
Thank you in advance
Doc

 

[Jupiter Jones [MVP]]

One of the most common ways is during the installation of software,
usually but not always free from the internet.
The spyware is piggy backed with the software.
It is usually buried deep within the EULA where few read.
So in actuality, many agree to and accept the installation of spyware
upon installing this software.
This can get past most protections you set.

Some use more devious approaches such as simply hovering over an icon
on the page.
The latter is usually from sites best skipped in the first place.

Then the firewall outbound catches it doing what it does and you now
know you have a problem.
If the firewall is any good at all, you get enough information to
quickly remove the problem.

 

[doc]

Jupiter,
thank you .
I think I am safe. The only thing I down load and install from the internet
are the updates from Windows, Norton A/V and AdAware.
Doc