Zone Alarm opinions please (OT?)

[Wolf K.]

I've used Zone Alarm for many years. But 99.99% of its warnings have
been false alarms. AFAIK, it hasn't blocked the spyware applets that
Spybot finds just about every time I run it, so what's ZA's actual
value? The little icon that tells me there's net traffic doesn't seem to
be worth the money. I've turned off its A/V and e-mail scan, as that
conflicts with AVG.

So, really, I wonder whether it's worth keeping. I'm using a router, its
hardware firewall should be enough to block external attacks, right?

Opinions and advice gratefully received.

 

[Ernie B.]

I've used Zone Alarm for many years. But 99.99% of its warnings have
been false alarms. AFAIK, it hasn't blocked the spyware applets that
Spybot finds just about every time I run it, so what's ZA's actual
value? The little icon that tells me there's net traffic doesn't seem to
be worth the money. I've turned off its A/V and e-mail scan, as that
conflicts with AVG.

So, really, I wonder whether it's worth keeping. I'm using a router, its
hardware firewall should be enough to block external attacks, right?

Opinions and advice gratefully received.

Strictly opinion: I use ZA free version, find it useful to flag programs that
are trying to access the Internet. Most of the time these flags are updated
versions of existing programs but some cooties have been found and eliminated.
I also use a router but it doesn't tell me anything about outgoing stuph.

FWIW I also use Avast a-v as a TSR as well as Spybot S&D, a-squared and
SuperAntiSpyware for occasional scans.

 

[Lars-Erik Østerud]

I've used Zone Alarm for many years. But 99.99% of its warnings have
been false alarms. AFAIK, it hasn't blocked the spyware applets that
Spybot finds just about every time I run it, so what's ZA's actual

Most people in the firwall group think software firwalls are useless.
Programs that want to access the net will bypass them anyway.

I use ZA only to keep track of what "legal" programs access the net.
So that I can block MS applications and games from accessing the net.

My NAT router with firewall block all incoming "spam"/"attacks" anyway

I have never had any real threaths blocked either in all my years.

Besides I have an AV that catches things in mails and from downloads,
with a web-filter and network and on-access scanning. So I doubt that
anything would be able to start anyway.

Also scan regularrily with Spybot S&D and Ad-aware to be sure.

So... I hvae been thinking the same: Do I really need a SW firewall?

 

[Volker Birk]

Most people in the firwall group think software firwalls are useless.
Programs that want to access the net will bypass them anyway.

Firewalls are not useless. It's a bad concept to "inbound filter".

Yours,
VB.

 

[Van Helsing]

Firewalls are not useless. It's a bad concept to "inbound filter".

Yours,
VB.

FWIW, I'd describe them as host based firewall, rather than software.

The issue comes down to the fact that much modem malware actively seeks
to bypass or disable anti-malware software.

So, you software (host based) firewall pops up a warning..."Process
XcRyT7B9.exe wants to access the internet - cancel/allow?". Assuming
XcRyT7B9.exe is malware you've already been infected - what else in your
defences is broken?

If XcRyT7B9.exe is malware and its quietly disabled you firewall you
won't get any warning. So, you sit there happily surfing, getting no
untoward warnings from your firewall... is that because there's no
malware or there's some semi-intelligent malware?

Don't get me wrong - in the absence of anything else I'll take a
host-based firewall but I'd rather have something else.

VH.

 

[Lars-Erik Østerud]

Don't get me wrong - in the absence of anything else I'll take a
host-based firewall but I'd rather have something else.

So if you have a NAT router with a firwall, a decent anti-virus
programs that scan on-access, and web-pages and mail, and you check
your system for malware/adware often. Do you then need a SW firwall?

 

[David H. Lipman]

From: "Lars-Erik Østerud" <.@.>

| Van Helsing wrote:
||
| So if you have a NAT router with a firwall, a decent anti-virus
| programs that scan on-access, and web-pages and mail, and you check
| your system for malware/adware often. Do you then need a SW firwall?

I don't think so and I don't use any.

 

[Volker Birk]

So, you software (host based) firewall pops up a warning..."Process
XcRyT7B9.exe wants to access the internet - cancel/allow?".

And that's the problem. A normal user cannot answer such a question in a
sensible way. It's idiotic to ask the user: she/he is the person to
protect, not the person who should be responsible to protect.

And think about "Process ADOBEUPTR.EXE wants to access the internet -
cancel/allow?" Clicking "cancel" makes your machine less secure.

Yours,
VB.

 

[David W. Hodgins]

From: "Lars-Erik Østerud" <.@.>
| So if you have a NAT router with a firwall, a decent anti-virus
| programs that scan on-access, and web-pages and mail, and you check
| your system for malware/adware often. Do you then need a SW firwall?

I don't think so and I don't use any.

If you are using a router, make sure you turn off the Upnp "feature", otherwise
your dns servers, and other router settings can be changed, by visiting a
site (including hacked ad servers), with flash, or any other plugin, that
allows sending a SOAP request, from your computer, back to your router.

Note that this security hole affects all operating systems, and all browsers
that support plugins.

See http://www.gnucitizen.org/blog/hacking-the-interwebs/ for details.

Regards, Dave Hodgins

 

[Van Helsing]

So if you have a NAT router with a firwall, a decent anti-virus
programs that scan on-access, and web-pages and mail, and you check
your system for malware/adware often. Do you then need a SW firwall?

If you've got a decent PC (i.e not one thats going to slow down
noticeably) then why not - as long as you don't pay too much for the
privilege.

Some host based firewalls have other vaguely useful features like
measuring traffic levels.

Personally I tend not to bother and rely on the Windows firewall, on the
rare occasions I use Windows. I don't want to sound superior, or like
I'm Linux zealot, but I rarely use Windows in anger. I just prefer using
Linux and KDE/Gnome/Xfce 'cos they suit the way I work. I don't believe
that makes me immune to such problems, just much less likely to suffer.

VH.

 

[David H. Lipman]

From: "David W. Hodgins" <[email protected]>

..
|
| If you are using a router, make sure you turn off the Upnp "feature", otherwise
| your dns servers, and other router settings can be changed, by visiting a
| site (including hacked ad servers), with flash, or any other plugin, that
| allows sending a SOAP request, from your computer, back to your router.
|
| Note that this security hole affects all operating systems, and all browsers
| that support plugins.
|
| See http://www.gnucitizen.org/blog/hacking-the-interwebs/ for details.
|
| Regards, Dave Hodgins
|

Thanx Dave.

Thats new information for me.

 

[David W. Hodgins]

From: "David W. Hodgins" <[email protected]>
| If you are using a router, make sure you turn off the Upnp "feature", otherwise
| your dns servers, and other router settings can be changed, by visiting a
| site (including hacked ad servers), with flash, or any other plugin, that
| allows sending a SOAP request, from your computer, back to your router.
|
| Note that this security hole affects all operating systems, and all browsers
| that support plugins.
|
| See http://www.gnucitizen.org/blog/hacking-the-interwebs/ for details.

Thanx Dave.
Thats new information for me.

You're welcome. This one shocked me!

Almost all routers, including cable and dsl modem/routers, have upnp enabled
by default.

For anyone who doesn't want to check the above sited, the upnp "feature" allows
the dns servers returned from the router, to be altered, which means a malicious
person can redirect all of your internet traffic, to sites they control.

The security implications of this one, are mind boggling, to say the least.

Regards, Dave Hodgins

 

[David H. Lipman]

From: "David W. Hodgins" <[email protected]>


|
| You're welcome. This one shocked me!
|
| Almost all routers, including cable and dsl modem/routers, have upnp enabled
| by default.
|
| For anyone who doesn't want to check the above sited, the upnp "feature" allows
| the dns servers returned from the router, to be altered, which means a malicious
| person can redirect all of your internet traffic, to sites they control.
|
| The security implications of this one, are mind boggling, to say the least.
|
| Regards, Dave Hodgins
|

I am well aware of DNS Changer Trojans but one that uses uPnP to change SOHO Routers...
That's new.

 

[David W. Hodgins]

From: "David W. Hodgins" <[email protected]>
| The security implications of this one, are mind boggling, to say the least.

I am well aware of DNS Changer Trojans but one that uses uPnP to change SOHO Routers...
That's new.

I think I should clarify. It isn't the dns hijacking, I find mind boggling.
It's the scale, and difficulty in fixing, that I find mind boggling.

How many routers, and high speed modems, with built in nat routing are in
use? Most of them have upnp enabled by default. For a long time, standard
advice for windows users, has been to use a nat router, to help protect the
system. Now that has to be quailified, with "but, be sure to disable the
upnp feature".

The upnp feature was created, to allow programs like skype, to get a port
forwarded to the computer, without the user having to understand ports, or
how to configure the firewall. There are so many users who are just not
capable of configuring a firewall, or more accurately, are unwilling to
even think about trying to do it.

Now they have to turn off upnp, to protect their router settings, but that
means, they can't run the software, they want, without learning about port
forwarding, ip, and mac addresses, or getting someone to do it for them,
everytime they want to install a program that requires an incoming port.

The article in the link stresses, that this isn't a software bug, that can
be patched. While flash was used in the example, there are many other
possible ways to exploit the problem. Every piece of the problem, is
working exactly the way it was designed to work.

Whatever fix comes up is going to be very difficult, to get implemented
on existing hardware.

Regards, Dave Hodgins

 

[Lars-Erik Østerud]

If you are using a router, make sure you turn off the Upnp "feature", otherwise

your dns servers, and other router settings can be changed, by visiting a

And do the same on the PC (nice utilities on "http://grc.com").

 

[Kerry Brown]

Software firewalls can be useful in identifying "legitimate" programs that
are accessing the Internet if you do not have the skills needed to do so by
other means. If you are using a software firewall to identify malware trying
to access the Internet then you are on a wild goose chase. The fact that
some malware is caught this way says more about the skills of the malware
coder than how effective the firewall is. Once malware is on your computer
it can do whatever it wants, including bypass a firewall running on the
computer. I recommend a router. Preferably one with a firewall but to get a
truly effective firewall you need to spend ~$400.00 so for most people a NAT
router with uPnP turned off is good enough. If it has some simple firewall
capability then so much the better. In addition each pc should have a
software firewall that blocks unsolicited incoming connections. With XP and
Vista the built in firewalls are good enough. This is just to stop network
aware malware from spreading inside your perimeter if a pc on the network
gets infected. If the malware author is any good then they will get by this
but most malware currently doesn't.