Norton vs Zone Alarm firewalls

[Gerry]

Ken

Are you using System Restore? Have you ever noticed any outbound traffic
being stopped by Zone Alarm? Does Zone alarm stop malware phoning home?


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Ken Blake, MVP]

Ken

Are you using System Restore?

It's on. I've restored from it a couple of times, on my XP machines,
where ZA is running.. I've never had a problem or conflict between it
and ZA.

Have you ever noticed any outbound traffic
being stopped by Zone Alarm?

Not that I remember.

Does Zone alarm stop malware phoning home?

That's the theory. Some dispute it. I can't say from my own
experience, since I've never had any malware installed here.

 

[John]

My Zone Alarm Pro firewall subscription expires in a few days and I recently
bought a Norton Internet Security 2008 package that contains a firewall.
I currently have the Norton firewall turned off and just use the Zone Alarm
Pro firewall.
I don't use the Win XP firewall because I heard that it's not a good idea to
have several firewall on at the same time.
We get internet through a Belkin pre-N wireless router that is supposed to
have some sort of firewall built in and that one is turned on.
My computer connects to the router with an ethernet cable and my son's
computer uses a Belkin N usb wireless adapter. They both have the same
current setup I describe regarding firewalls.
Can anyone please advise on whether the Zone Alarm Pro firewall is any
better than the Norton firewall in my situation?
Should I renew the Zone Alarm Pro subscription or uninstall it when it
expires and turn on the Norton firewall?
Thanks for any advice.

Alt.comp.anti-virus or alt.comp.virus are better places to ask your
question. Many of the people in those two groups are unusually
knowledgeable about this subject. I will forewarn you however that (the
last time I was there at least) Norton home use products were not at the
top of their recommended lists.

John

 

[Gerald Vogt]

My Zone Alarm Pro firewall subscription expires in a few days and I recently
bought a Norton Internet Security 2008 package that contains a firewall.
I currently have the Norton firewall turned off and just use the Zone Alarm
Pro firewall.
I don't use the Win XP firewall because I heard that it's not a good idea to
have several firewall on at the same time.

It is actually also a bad idea to install more then one software
firewall on a computer. The software firewall to do its "job" deeply
integrates/messes with the Windows system. In general, the only way to
get properly rid of an installed (single) software firewall on a
Windows system is to reinstall the system. Otherwise you may see all
kinds of issues after the uninstallation plus usually not everything
is gone after the standard deinstallation from the software wizard.
That's why you have to download additional tools from Symantec or
others only to get rid of the rest.

Now make the math: you have already installed two firewalls on your
computer. (The Windows XP firewall is part of the OS that's why it
does not cause issues here). Twice you have messed up the system with
an installation of a software firewall. Both try to hook into the
system to do their job and to make them fixed into the system so that
other malware does not accidentally removes the firewall software.

It is even now impossible to say whether any of those two firewalls
operates correctly if turned on. Norton may well have removed some of
the hooks which ZoneAlarm installed which ZoneAlarm did not notice. Or
well, maybe ZoneAlarm noticed some of those changes and reverted them
back removing Norton hooks...

Honestly, I would recommend to reinstall Windows from scratch and
learn a little about computer security and how to keep your computer
secure by what you DO instead of what you INSTALL. It is not so
complicated and still human beings are more intelligent than some
piece of software. It is possible to run a computer without any
firewall running and without getting infected with malware. But
obviously, this last statement does not sell good that's why you find
a lot of opposite (well sponsored) statements.

At the current stage I doubt you will be able to get any of those
firewalls removed from your system without damage to the system...

Gerald

 

[Gerald Vogt]

Thanks. My understanding of router firewalls is that they only block
incoming traffic and if there is some malware on the system then outgoing
stuff is not blocked. Is that correct?

Correct. But software firewalls only detect outgoing traffic if the
malware is so nice/dumb to be detected. And even if it is detected and
something is blocked it does not mean it does not send anything out
because there are various ways to send something out even with a
firewall installed (through your browser, through DNS, etc. all things
you use and need to browse the internet for instance.)

It would be more effective for your overall security if you have
learned how to prevent malware on your computer in the first place.
And this mostly depends on what you do and not with some security
software you install.

Gerald

 

[Kayman]

However many knowledgeable people feel that monitoring outbound
traffic adds little or nothing to the effectiveness of the firewall.

Including:
Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx

Steve Riley,
a senior security strategist in the Microsoft Trustworthy Computing Group
and contributing editor for TechNet Magazine, jets around the world to
speak at conferences and spend time with customers to help them get and
stay secure.
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Steve Gibson,
Firewall LeakTesting.
http://www.grc.com/sn/SN-105.htm

Excerpts:
Leo Laporte: "So the leaktest is kind of pointless."
Steve Gibson: "Well,yes,...
Leo: "So are you saying that there's no point in doing a leaktest anymore?"
Steve: "Well, it's why I have not taken the trouble to update mine, because
you..."
Leo: "You can't test enough".
Steve: "Well, yeah.
Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
can't test for leaks, a software-based firewall is kind of essentially
worthless."

I'm personally not convinced that either point of view is absolutely
right, but as a precaution, I use the free ZA in addition to what my
router does. My guess is that any extra protection I'm adding is
slight, but on the other hand, the hit on performance by having it
running appears to be slight too.

Maker of PFW,
A realistic assessment with respect to 3rd party PFW from a respectable
software manufacturer 2007-08-07.
http://www.matousec.com/projects/wi...ysis/leak-tests-results.php#firewalls-ratings

Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
Excerpts:

....we have some reservations about personal firewall "leak testing" in
general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.

The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.

Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.
[unquote]

'nuff said

 

[RalfG]

I wonder what the causal circumstances might be. I used SR a number of times
when Norton firewall (2004 version) was installed and just this morning
(ZAIS installed) without encountering any problems.

 

[Kayman]

Honestly, I would recommend to reinstall Windows from scratch and
learn a little about computer security and how to keep your computer
secure by what you DO instead of what you INSTALL.

Hear, hear!!!!

It is not so complicated and still human beings are more intelligent than some
piece of software.

Precisely, education is the key!

It is possible to run a computer without any firewall running and without
getting infected with malware.

Hear, hear!!!

But obviously, this last statement does not sell good that's why you find a lot
of opposite (well sponsored) statements.

Also referred to: 'Blinded by advertisement'

At the current stage I doubt you will be able to get any of those
firewalls removed from your system without damage to the system...

Agree, he won't!

 

[Kayman]

My Zone Alarm Pro firewall subscription expires in a few days and I recently
bought a Norton Internet Security 2008 package that contains a firewall.
I currently have the Norton firewall turned off and just use the Zone Alarm
Pro firewall.

1.) http://zonealarm.donhoover.net/uninstall.html

2.) A number of experts agree that the retail AV version of McAfee, Norton
and Trend Micro has become cumbersome and bloated for the average user.
The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
and get a refund
As suggested on the site, you may wish to print out the directions before
proceeding.
Or
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

While Norton's removal tool usually gets the job done, you may also want to
go to:
http://www.snapfiles.com/get/winsockxpfix.html
and download a copy of winsockxpfix just in case. Rarely, the removal of
NIS breakes the networking components in XP to the point where internet
access is impossible. This little utility will fix it back up.

If the Norton removal tool doesn't work satisfactory use this:
Revo Uninstaller Freeware - Remove unwanted programs and traces easily
http://www.revouninstaller.com/
and/or
RegSeeker
http://www.hoverdesk.net/freeware.htm
RegSeeker will remove all associated detritus (registry keys,files and
folders) from any application. I found this application user friendly and
very effective but suggest *not* to use the 'Clean the Registry' option.
Click onto 'Find in registry' and in the 'Search for' box type *Norton*;
The pertinent registry keys can then be safely deleted (just in case,
ensure that the 'Backup before deletion' is checked). Repeat the task by
typing in the Search for' box *Symantec*. You can then go on search and
remove associated files as well.
Then use NTREGOPT to compact the registry; Follow instructions.
http://www.larshederer.homepage.t-online.de/erunt

I don't use the Win XP firewall because I heard that it's not a good idea to
have several firewall on at the same time.

That's correct, steer way from any PFW aka Phoney-Baloney ware and/or
Illussion ware.
In conjunction with WinXP SP2 Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
OR
Configuring NT-services much more secure.
http://www.ntsvcfg.de/ntsvcfg_eng.html

We get internet through a Belkin pre-N wireless router that is supposed to
have some sort of firewall built in and that one is turned on.
My computer connects to the router with an ethernet cable and my son's
computer uses a Belkin N usb wireless adapter. They both have the same
current setup I describe regarding firewalls.
Can anyone please advise on whether the Zone Alarm Pro firewall is any
better than the Norton firewall in my situation?

I'd recomment neither.

Should I renew the Zone Alarm Pro subscription or uninstall it when it
expires and turn on the Norton firewall?

No!

Consider this:
1. Do not work as administrator, use limtited user account (LUA) for
day-to-day work.
2. Keep your system (and all software on it) patched/updated.
3. Review use of IE and OE.
4. Don't expose services to public networks.
5. For inspirational reading go to:
http://home20.inet.tele.dk/b_nice/index.htm

Good luck

 

[Poprivet]

It is actually also a bad idea to install more then one software
firewall on a computer.

No, it's a bad idea to RUN more than one firewall at a time. Have fun
removing XP's firewall if that's how you operate.

The software firewall to do its "job" deeply

integrates/messes with the Windows system.

Actually, what it does is sit and monitor what goes in/out (sometimes only
in), compare it against its rules, and send messages appropriately to/from
the system. It does not "integrate" into the OS.

In general, the only way to

get properly rid of an installed (single) software firewall on a
Windows system is to reinstall the system.

Blatantly untrue and misinformed information here. It occurs to me that you
are doing no more than parroting what you think you have read and have
little to no experience in such matters. OR, you refuse RTFM and can not,
will not do things correctly. All the good ones come with perfectly
readable, understandable, concise information and instructions, including
removal instructions. Failing that, you can always go online to their site
and get the information again should you lose track of it.

Otherwise you may see all

kinds of issues after the uninstallation plus usually not everything
is gone after the standard deinstallation from the software wizard.

Not "everything" is "gone" after almost ANY uninstall of almost ANY
software. There are some good and some not so good reasons for that but
I'll not go into them because I can feel the hardness of your skull from
here.

That's why you have to download additional tools from Symantec or
others only to get rid of the rest.

But that should be obviously clear to anyone but those who refuse to read
anything and instead barge in like a bull in a china shop, and expect
everything to be oh so good for them. Generally very lazy people, plus
those with no actual experience but who love to bitch and carp like any good
bass turd. Ignorance is bliss for them, but not for long.

Now make the math: you have already installed two firewalls on your
computer. (The Windows XP firewall is part of the OS that's why it
does not cause issues here).

That's not what you said earlier, and it's not correct. You have little to
no knowledge of the SP firewall and/or other software firewalls and probably
even less on hardware firewalls.

Twice you have messed up the system with

an installation of a software firewall. Both try to hook into the
system to do their job and to make them fixed into the system so that
other malware does not accidentally removes the firewall software.

Patently untrue. Your misinformation is outdone only by your ignorance of
reality. Please adjust your brain.

It is even now impossible to say whether any of those two firewalls
operates correctly if turned on. Norton may well have removed some of
the hooks which ZoneAlarm installed which ZoneAlarm did not notice. Or
well, maybe ZoneAlarm noticed some of those changes and reverted them
back removing Norton hooks...

Again you have no idea what you're talking about but love the little
buzzwords you found somewhere and are trying to parrot here.

Honestly, I would recommend to reinstall Windows from scratch

Completely silly advice and totally unnecessary.

and

learn a little about computer security and how to keep your computer
secure by what you DO instead of what you INSTALL. It is not so
complicated and still human beings are more intelligent than some
piece of software. It is possible to run a computer without any
firewall running and without getting infected with malware. But
obviously, this last statement does not sell good that's why you find
a lot of opposite (well sponsored) statements.

Wow, that's so full of misinformed content and reasoning that even your
attempt at rationalizing failed to anyone with even a modest idea of the
reality of this situation.

At the current stage I doubt you will be able to get any of those
firewalls removed from your system without damage to the system...

It's very obvious that what you think is irrelevant to anything, probably in
most of your life in fact, not just this one circumstance. First you have
to learn to recognize reality, then you need to get some education about
things you wish to profess, acquire a few interpersonal skills, and then
gain some experience. Then you might be close to getting ready to respond
to the OP's question, which you have not answered clearly.

Thanks for the entertainment; I needed the break. But I meant what I said
here; you really aren't ready to respond to questions on newsgroups. Quit
being a parrot and face reality; only then will you actually understand the
pros and cons of what you've been attempting to make others think you know.

 

[Poprivet]

Whaaat? Sober up!

Correct. But software firewalls only detect outgoing traffic if the
malware is so nice/dumb to be detected. And even if it is detected and
something is blocked it does not mean it does not send anything out
because there are various ways to send something out even with a
firewall installed (through your browser, through DNS, etc. all things
you use and need to browse the internet for instance.)

It would be more effective for your overall security if you have
learned how to prevent malware on your computer in the first place.
And this mostly depends on what you do and not with some security
software you install.

Gerald

 

[Poprivet]

Very often you won't experience problems and fairly often they can indeed
live and work together. But consider this: Now when you want to allow or
deny something, you have TWO firewalls to grapple with instead of one,
probbly each with its own set of instructions on how to handle the rule
setups, etc.. That can get really confusing in the case of having an
intranet or LAN and pretty infuriating too I might add<g>.
Technically there is little danger, but the eventuality of one stepping
on the other is enough to avoid the situation. Most firewalls do the same
things internally, so they can and will often live together. But it's
pretty pointless to do so, really.

 

[Gerald Vogt]

Whaaat? Sober up!

Good argument. Very convincing...

Gerald

 

[Gerald Vogt]

No, it's a bad idea to RUN more than one firewall at a time. Have fun
removing XP's firewall if that's how you operate.

Why do you want to remove the XP firewall? Installing more then one
(i.e. two or more) software firewall on a computer (i.e. in addition
to the XP firewall) is not really useful.

The software firewall to do its "job" deeply


Actually, what it does is sit and monitor what goes in/out (sometimes only
in), compare it against its rules, and send messages appropriately to/from
the system. It does not "integrate" into the OS.

Exactly. It does not integrate. That's why it is so difficult to
uninstall that stuff afterwards???

A software firewall wants to provide security. For that it must
establish itself somewhere deep in the OS to prevent evasion or the
ability to turn it off quickly.

In general, the only way to


Blatantly untrue and misinformed information here. It occurs to me that you

Why exactly do you need additional tools available from Symantec to
uninstall Norton completely from your computer?? Is that untrue?

are doing no more than parroting what you think you have read and have
little to no experience in such matters. OR, you refuse RTFM and can not,
will not do things correctly. All the good ones come with perfectly
readable, understandable, concise information and instructions, including
removal instructions. Failing that, you can always go online to their site
and get the information again should you lose track of it.

There is an uninstaller available. That does something but not
everything. Why again does it happen to so many people that there
networking still does not work correctly after they have uninstalled
ZoneAlarm? The stupid uninstaller forgot to remove the proxy setting
in the internet settings... Hic. It was just not built to be
uninstalled.

Otherwise you may see all


Not "everything" is "gone" after almost ANY uninstall of almost ANY
software. There are some good and some not so good reasons for that but
I'll not go into them because I can feel the hardness of your skull from
here.

O.K. What was exactly the good reasons why some uninstallers forgot to
remove the proxy setting in the internet options which prevented
people to use the internet after uninstallation?

That's not what you said earlier, and it's not correct. You have little to
no knowledge of the SP firewall and/or other software firewalls and probably
even less on hardware firewalls.

What is your problem? Do you have anything else to say except
personal insults?

Twice you have messed up the system with


Patently untrue. Your misinformation is outdone only by your ignorance of
reality. Please adjust your brain.

If it does not fix itself deeply in the OS as they do they can
obviously very easily circumvented.

Again you have no idea what you're talking about but love the little
buzzwords you found somewhere and are trying to parrot here.

Do you have any arguments except personal insults?

Wow, that's so full of misinformed content and reasoning that even your
attempt at rationalizing failed to anyone with even a modest idea of the
reality of this situation.

No argument. Personal insult. What are you trying to say:

* A software is more intelligent than a human being?

* It is more effective to use some security software then to learn
something about security and to be careful while in the internet?

* It is not possible to run a computer securely connected to the
internet without any antivirus and firewall?

....

It's very obvious that what you think is irrelevant to anything, probably in
most of your life in fact, not just this one circumstance. First you have
to learn to recognize reality, then you need to get some education about
things you wish to profess, acquire a few interpersonal skills, and then
gain some experience. Then you might be close to getting ready to respond
to the OP's question, which you have not answered clearly.

The amount of personal insults and the lack of argument in your post
makes me thinking your lack a few interpersonal skills and some
experience.

Thanks for the entertainment; I needed the break. But I meant what I said
here; you really aren't ready to respond to questions on newsgroups. Quit
being a parrot and face reality; only then will you actually understand the
pros and cons of what you've been attempting to make others think you know.

You are the parrot here. You just write what everybody else repeats
all the timing withing thinking.

"You must install AV. You must install PFW."

That of course is not entertaining but boring.

Face reality. It is possible without AV and with PFW.

Gerald

 

[goarilla]

Luis Ortega added these comments in the current discussion du
jour ...


I know it's not but you responded negatively to the person who
warned you about Symantec and I wanted to let you know what this
is all about. How and where you spend your money is of no concern
of mine, just don't come crying here if you hose your system
after having been warned. Now, as to Norton vs. Zone Alarm vs.
XP's firewall, unless you're into marketing hype, ZA has NIS beat
hands down by any qualitative or quantitative measure, including
independent testing and owner experience. Now I'm sure of it: you
really do need good luck!

care to colaborate what you define as qualitative and quantitative
measures ?
most personal firewalls are utter crap, heck i've yet to find any good one
on windows

 

[Luis Ortega]

The amount of personal insults and the lack of argument in your post
makes me thinking your lack a few interpersonal skills and some
experience.


You are the parrot here. You just write what everybody else repeats
all the timing withing thinking.

Face reality. It is possible without AV and with PFW.

Gerald

Please, there is no need for you guys to get into a flame war over my post.
I understand that you are trying to be helpful, but I have to disagree with
you on the points that you have to reinstall windows to uninstall security
software or that running a windows system without av or pfw is a good idea.
I appreciate all the advice and thank everyone for their help.

 

[Gerry]

Ralf

http://bertk.mvps.org/html/srfail.html


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Ken

Bert has a bit to say on Zone Alarm. It's not as straight forward as
regards your pet hate Norton.
http://bertk.mvps.org/html/srfail.html

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Ansgar -59cobalt- Wiechers]

Whaaat? Sober up!

Unlike yourself Gerald knows what he's talking about. It's utterly
pointless to try and confine malware once it's already running on a
system (even more if the user has admin privileges). The only reasonable
way to deal with malware is to prevent it from being run in the first
place. That's what AV software or Windows' System Restriction Policies
are doing. And what Personal Firewalls fail to do.

Why don't you try getting a clue instead of making a fool of yourself?

cu
59cobalt

 

[RalfG]

I only have one firewall installed, Norton has been gone for a long time
already. It's just that this ZoneAlarm (suite) is recently installed. I've
never experienced a firewall related problem with System Restore, any
firewall, and one of our PCs has been running a Norton firewall for over 3
years. As far as running two firewalls at the same time, one firewall slows
down or complicates web browsing quite enough. For instance I haven't (yet)
been able to turn off enough 'security' features to allow Trend Micro
Housecall to run in either its Java or ActiveX interfaces with any
installed browsers.

I wouldn't generalise about the feasibility of running two software
firewalls simultaneously. They are too varied and these days many of them
incorporate functions of AV/AS software. In the past there were more choices
of "free" firewalls that were 'only' firewalls and it became quickly
apparent which ones could coexist (in idle state) and which wouldn't.