XP Firewall and Zone alarm

[Guest]

I've been advised to install the free edition of Zone Alarm firewall even
though I still have XP Home Edition firewall installed. The person said they
can both run at once. Is this true? Is it a good idea?

 

[Richard Urban]

When you install ZA, it will automatically turn off the Windows firewall.
You don't want to run two firewalls at the same time.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Paul Smith]

I've been advised to install the free edition of Zone Alarm firewall even
though I still have XP Home Edition firewall installed. The person said
they
can both run at once. Is this true? Is it a good idea?

As Richard pointed out Zone Alarm will disable the Windows Firewall.

In my experience however I'd recommend sticking with the Windows Firewall,
it's much less hassle than 3rd party ones.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

 

[Trevor]

I've been advised to install the free edition of Zone Alarm firewall even
though I still have XP Home Edition firewall installed. The person said they
can both run at once. Is this true? Is it a good idea?

It's usually not a good idea although it won't hurt anything if you
do.
The reason it is not a good idea is becuase sometimes the firewall
rules can potentially conflict with one another. That usually happens
when you create custom rules. EG. XP firewall allowing access but the
user has disallowed access in ZA. It overcomplicates things and gains
nothing to have both running.
The reason I prefer ZA is because it monitors and prevents outgoing
traffic allowing you to choose whether it goes out or not. This is
great for preventing apps from phoning home or preventing other
malicious software from sending private information.

Good Luck,

Trev

 

[Rick]

As Richard pointed out Zone Alarm will disable the Windows Firewall.

In my experience however I'd recommend sticking with the Windows
Firewall, it's much less hassle than 3rd party ones.

Windows firewall will not stop your computer from going places that
might be unwise to go to. ZA stops both directions in and out.

Rick

 

[Bruce Chambers]

I've been advised to install the free edition of Zone Alarm firewall even
though I still have XP Home Edition firewall installed. The person said they
can both run at once. Is this true? Is it a good idea?

The Windows Firewall included with SP2, while vastly superior to
the original ICF in terms of visibility, usability and configurability,
is still rather lacking, as a solid security component. It still can't
supplant 3rd-party solutions, nor is it intended to do so; rather, it's
intended to complement them. And, like the original ICF, it will not
monitor out-going traffic.

WinXP's built-in firewall is _not_ designed to act as a compliment
to 3rd party firewalls, and Microsoft actually recommends disabling it
if you use another software firewall, although a great many people have
reported no problems using ICF in conjunction with other products. My
position is that running two or more software firewalls simultaneously
is generally unnecessary and can _sometimes_ cause conflicts, possibly
negating the protection of both. In any event, having two firewalls
running simultaneously is most certainly an unnecessary drain on system
resources.

WinXP's built-in firewall is usually adequate at stopping incoming
attacks, and hiding your ports from probes. What WinXP SP2's firewall
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other than
to check for IP-spoofing, much less block (or at even ask you about) the
bad or the questionable out-going signals. It assumes that any
application you have on your hard drive is there because you want it
there, and therefore has your "permission" to access the Internet.
Further, because the Windows Firewall is a "stateful" firewall, it will
also assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

Having said that, it's important to remember that firewalls and
anti-virus applications, which should always be used and should always
be running, while important components of "safe hex," cannot, and should
not be expected to, protect the computer user from him/herself.
Ultimately, it is incumbent upon each and every computer user to learn
how to secure his/her own computer.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Bruce Chambers]

In my experience however I'd recommend sticking with the Windows
Firewall, it's much less hassle than 3rd party ones.

Only because it does so much less.

--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Pop`]

As Richard pointed out Zone Alarm will disable the Windows Firewall.

In my experience however I'd recommend sticking with the Windows
Firewall, it's much less hassle than 3rd party ones.

That's baloney; ZA is one of the best freebie firewalls around these days.
It's also a 2-way, where win firewall is only 1 way protection.

 

[Detlev Dreyer]

In my experience however I'd recommend sticking with the Windows
Firewall, it's much less hassle than 3rd party ones.

Correct. Installing third-party toys like "Zone Alarm" means wasting
system resources. As for monitoring the outgoing traffic, this is
nothing but a bad joke! Malware that does not want to be detected
that way will use "tunneling" for instance in order to fool these toys
and the "smart" user as well who believes in them.

 

[Trevor]

Correct. Installing third-party toys like "Zone Alarm" means wasting
system resources. As for monitoring the outgoing traffic, this is
nothing but a bad joke! Malware that does not want to be detected
that way will use "tunneling" for instance in order to fool these toys
and the "smart" user as well who believes in them.

Tunneling as you refer to includes the need to execute code.
ZA watches all services and applets and prevents their execution
unless otherwise instructed to allow them.

I doubt many would agree that decent firewalls are considered to be
"TOYS".

Trev

 

[Detlev Dreyer]

Tunneling as you refer to includes the need to execute code.
ZA watches all services and applets and prevents their execution
unless otherwise instructed to allow them.

"Entering through the Exits"
http://www.spirit.com/Network/net1103.html

I doubt many would agree that decent firewalls are considered to be
"TOYS".

ACK. Especially those users who wasted money for these toys will never
ever accept this to be a fact.

 

[Ken Blake, MVP]

I've been advised to install the free edition of Zone Alarm firewall
even though I still have XP Home Edition firewall installed. The
person said they can both run at once. Is this true?

Yes.


Is it a good idea?

No, it's a very bad idea. You achieve no extra protection, you incur the
extra overhead of running two firewalls, and you run the risk (probably
small, but not zero) of conflicts between them.

See http://www.microsoft.com/athome/security/protect/firewall.mspx which
includes the following:

"Q. Should I use both the built-in firewall and a software firewall from a
different company on my Windows XP computer?

"A. No. Running multiple software firewalls is unnecessary for typical home
computers, home networking, and small-business networking scenarios. Using
two firewalls on the same connection could cause issues with connectivity to
the Internet or other unexpected behavior. One firewall, whether it is the
Windows XP Internet Connection Firewall or a different software firewall,
can provide substantial protection for your computer."

Also note that if you update your third-party firewall to a new version, the
update routine will probably turn it off first. If the Windows firewall
isn't running, you will temporarily be left with no running firewall, which
is very dangerous. So turn on the Windows firewall temporarily before doing
maintenance on your third-party firewall.

The Windows firewall monitors incoming traffic only. Almost any third-party
firewall will also monitor outbound traffic, stopping rogue programs trying
to call home, and is a better choice.

 

[Jonny]

In some cases, both will run in congress without conflict. It can be a bad
idea though.
I just don't like all the messages ZA produces when its done its job. Kinda
like brown-nosing the boss alot. But, then again, its nice to know when
some intruders are blocked. Windows firewall does it all silently. Which
makes me wonder what its doing or not doing sometimes.

 

[Fra]

I install ZA on my computer but when I connect to internet, in my
network connections appear a gateway (Internet Connection). Why?

Rick ha escrito:

 

[Richard Urban]

Are you using a router?

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Guest]

You absolutely CAN run ZA and WF simultaneously, but to no advantage. ZA
will turn off the WF, BUT ONLY IF IT IS CONFIGURED TO DO SO. Note that if
you DO allow it to turn off WF, it will automatically turn it back on should
you have a need to disable ZA. If you understand the two-way nature of a
good software firewall product and don't mind building allowed exception
tables, ZA is an excellent security enhancement tool and creates minimal
system overhead. Software firewalls can annoy the less experienced user
because they essentially block everything by default, prompting you to choose
to allow exceptions on a case-by-case or permanent basis. Once your table of
permitted exceptions is populated with your common programs, etc. the initial
annoyance is alleviated, however.

NOTE: Best security practice is to use BOTH a hardware and software (i.e.,
"host") firewall as well as good anti-virus software.

J

 

[P. Johnson]

I've been advised to install the free edition of Zone Alarm firewall even
though I still have XP Home Edition firewall installed. The person said
they can both run at once. Is this true? Is it a good idea?

Bad plan. Windows Firewall is good enough for people who have enough common
sense not to run untrusted binaries or browse potentially hostile websites
in IE. If you have a router running as a firewall between you and the
internet, no need to install one at all on a desktop.

ZoneAlarm is snake oil. http://www.samspade.org/d/firewalls.html

 

[P. Johnson]

Windows firewall will not stop your computer from going places that
might be unwise to go to.

Neither will ZoneAlarm. Thinking user stupidity can be solved
technologically is a fallacy to be avoided.

 

[Pop`]

They CAN both be run at the same time, but the windows FW is redundant to
some of the ZA functions, and ZA does a lot more as far as protecting things
goes.
The general concensus it to NOT run multiple firewalls for a lot of
reasons, including but not limited to, having two places to make changes to
when you want to allow an access (or maybe not, depending), which can
generate quite a bit of confusion for the less experienced use. In addition
there are some strange things that can happen when two firewalls
accidentally step on each other. I won't go into that because it's a long
story. However, no damage to your computer will result by running ZA and
the MS firewall.
Realize also that ZA provides both incoming and outgoing protection; it
would keep your computer from becoming a zombie for instance, which the
windows firewall would not. ZA free or paid is a great tool and highly
recommended in most circles.

Bad plan. Windows Firewall is good enough for people who have enough
common sense not to run untrusted binaries or browse potentially
hostile websites in IE.

That's untrue. The only real difference between the MS firewall and ZA
besides look and user friendliness (ZA is better), is that the MS firewall
only monitors incoming traffic where ZA monitors it both ways; and adds a
lot more features.

If you have a router running as a firewall

between you and the internet, no need to install one at all on a
desktop.

No. If you have a NAT router, then you might be in pretty good shape, but a
software firewall is still a very good idea. NAT will not catch certain
things. Other routers may not catch anything and don't necessarily provide
any firewalling.
In general, it appears lately from a couple of papers I've read that a
combination of a NAT router and ZA is actually one of the best combinations
you can set up right now.

If you want to see how your firewall is going, go to grc.com and let them
run some port tests on your machine. They're perfectly safe, above board
and highly respected for this purpose. GRC is Steve Gibson's Research
center. He writes an incredible amount of very efficient code and put is up
for the taking, all freeware.

ZoneAlarm is snake oil. http://www.samspade.org/d/firewalls.html

That link isn't functional right now so I can't see what you're referring
to, but your ignorance of firewalls and online security is showing. You've
lucked out and made my "ignore" list for passing misinformation. Get real
or don't post, please.

Pop`

 

[Bruce Chambers]

Bad plan. Windows Firewall is good enough for people who have enough common
sense not to run untrusted binaries or browse potentially hostile websites
in IE. If you have a router running as a firewall between you and the
internet, no need to install one at all on a desktop.

Nonsense.

If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself
(or any "curious," over-confident teenagers in the home). Again --
and I cannot emphasize this enough -- almost all spyware and many
Trojans and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. (Remember: Most anti-virus applications do not even scan for
or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach. In the professional IT community,
this is also known as a "layered defense." Basically, it comes down
to never, ever "putting all of your eggs in one basket."

ZoneAlarm is snake oil. http://www.samspade.org/d/firewalls.html

Lies.

--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell