Ok guys good feedback thanks. I will try to summarise all these
feedback into items to see if I have covered everything. Pls help
expand/modify/add to each
1)Option to switch off the CLP
2) Win 98 compatibility
I feel that there are many Win98 machines still in operation which
could benefit from a slim, good, easy to use firewall. It would only
assist your company's reputation.
3) It does not need to inspect every program, e-mail or document file
on or off the computer (David, this was your suggestion and I will need
more explanation pls on this actually items 4&5 of your posting as this
would be changing the way the firewall would be working drastically and
won't protect your fully as far as I can see)
Kerio V4, as far as I could tell, inspected every program and, unless
I gave permission, would not let any program, batch file or link
operate. Its control was absolute. It would not even let the computer
be shutdown from the keyboard. It lasted less than an hour on my
machine.
ZoneAlarm, on the other hand, has^Whad a rather easy interface until
they started getting into virus-checking, spyware-checking, e-mail-
supervision and other areas which are really not the concern of a
firewall in my opinion. Their mail check interfered with the ability
of my mail programs to do their job.
So I am stating that the _only_ business of a firewall is to sit
between the computer and the Internet and monitor that interface. It
does need to check on outgoing traffic as well as incoming.
I have an anti-virus program running constantly. I frequently run
Adaware and Spybot Search and Destroy. Spyware Blaster performs its
function well. I do not need the firewall to perform these functions
as well as attempting to monitor communications. It could miss
something.
Incoming traffic, obviously, should be limited to requested data.
Incoming firewalls are available in routers, modems and other hardware
forms so this is not a vital function for me but I consider that it
should be there as part of a personal firewall. At the moment I sit
behind an ADSL modem with a firewall, a Smoothwall firewall box and
ZoneAlarm V2.5.
Outgoing traffic is more important in this day and age and should
should be monitored as to its source. Has the requesting program been
authorised to contact the outside world? Allied to that is the
question as to whether an authorised program has been changed? e.g. By
updating or a virus.
If so authorisation needs to be reconfirmed preferably from keyboard
or mouse and not from automation. The window that informs the user of
available options needs to be always on top, appear immediately and
grab focus. Access should never be allowed until permission is
granted. Sound should be an option that can be turned on but defaults
to off. Keyboard and mouse buffers need to be emptied completely. The
default answer should be to disallow access for safety. Keyboard
operation of all functions is vital. I dislike taking my hand off the
keyboard to use the mouse if it can be avoided.
I tried one firewall where the option window took nearly a minute to
come up, often disappeared without waiting for any input and did not
prevent the unauthorised program from accessing the net during the
interval. Once I installed AdAware, told it to update its database and
the update process had actually completed before the firewall realised
what had happened and asked about permission for the program.
ZoneAlarm performs well in the outgoing control department. It
maintains a list of programs that have requested permission to access
the net. Each program has three possibilities in two categories.
Connection can be allowed, disallowed or ask-every-time. The same
options are available for Server rights.
The firewall function may extend to LAN connections. Once again these
should be of the set-and-forget variety unless drastic changes occur.
The operation of M$ Intenet Connection Sharing should not affect the
operation of the firewall. In the free version of ZoneAlarm it does.
4) Remove license checking program
5) Total cleaning after uninstall
Anything I missed?
There should also be an easily accessible STOP mechanism which allows
the user (not administrator) to immediately stop all communication to
any place outside the computer. Resetting the STOP mechanism may need
Admin access or a password if desired although I do not think it is
really needed as the user should be allowed to control the traffic.
Stopping the communication may often be shutting the stable door after
the horse has bolted but it can sometimes limit damage and allow the
user to reverse a previous decision on access before opening the
machine up again.
I hope this helps as this is what I want from a firewall. I don't want
helper add-ons just a straight firewall that works.