Are firewalls that good?

  • Thread starter Thread starter Greg R
  • Start date Start date
if you expect a firewall to prevent malware that's already on your machine
making outgoing connections that a legitimate program would be allowed to
make then, as the author of that site pointed out, you are like king canute
trying to stop the tide (or whatever it is) - it will only ever be a damage
limitation exercise

a firewall is just one important piece of the internet security jigsaw
 
MAP said:
Interesting reading,I gave it a try and the second I clicked on the
Click to expand...
firehole icon my anti-virus program lit up like a X-mas tree.
A firewall is one piece of soft/hardware in a layered defence.
Click to expand...

A firewall is a tool. It will allow things through if you set it to allow
things through. ZA even has a panic button to shut down the interenet if
you accidently say yes to something you should say no to.
 
Are firewalls that good?
I used outpost & zone alarm and FireHole still gets through?

http://keir.net/firehole.html

Greg:
(my responses below are to your post in the grc.security NG)

If the user is less than an Admin user, the user will see a dialog: "I could
not find a default web browser to use."

I tested this in XP Pro SP1 and in SP2 RC2.



Robert:
I disagree. IMO, it depends upon the techniques used by the trojan, and the
technologies/settings used by the firewall.

If we use the FireHole utility as an example, and my setup of running ZA
free, BID, and XP's ICF together:
Scenario: FireHole is usurping another app (MSIE) to make the outbound call:
1) ZA free:
ZA free is an application gate and I have it set to "Ask" for MSIE.
FireHole's attempt to call home via MSIE causes ZA free to prompt me for
approval.
However, this is the end of control over FireHole by ZA free, therefore, if
FireHole attempted to do anything damaging and I had ZA free approve the
connection attempt, FireHole is absolutely free to do whatever, subject to
the rights/permissions of the currently logged on user.

2)BID:
BID is an ID.
FireHole's attempt to call home does not cause any alarms/blockage by BID.
However, BID is still monitoring for suspicious activity, therefore, if
FireHole attempted to do a act qualified as "suspicious activity", BID could
intervene. (IMO, this is why it is so impt to run BID with ZA free).

3) XP's ICF:
Is a stateful packet filter.
FireHole's attempt to call home does not cause any alarms/blockage by BID.
As long as the "trojan" uses the same connection, ICF should not interfere.
 
Cz.
You cant double post to grc news group. Steve does not allow that.

I was wanting opinions from both windows xp groupies and grc groupies.
As I said my question should have been are firewalls any good?

Greg R
 
Map,

What is your anti-virus program?

Greg R
Interesting reading,I gave it a try and the second I clicked on the firehole icon my anti-virus program lit up like a X-mas tree.
A firewall is one piece of soft/hardware in a layered defence.
Click to expand...
 
I use sygate personal firewall pro and pest patrol. As soon as I opened
firehole.exe pest patrol popped up with a warning did I want to delete
the pest. I clicked on start in firehole. It started to load netscape
7, my browser and sygate firewall popped up with a warning that a new
dll had tried to run and named the firehole.dll asking if I wanted it to
run. So I was protected two ways.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Are firewalls that good? 1
sp2 firewall 19
zone alarm free firewall 3
Not Using Zone alarm KB951748 shutsdown network connect 7
NOT Using Zone ALARM! KB951748 2
XP Firewall and Zone alarm 19
firewall question 4
AV & Firewall Security 3

Back
Top