*LOL*, good answer! I don't try to use software from untrusted source (cert.org - homeusers task 1), I keep my system and applications patched, I'm networking as a restricted user, I don't offer (any |vulnerable) services to the Internet, backing up my system, that's all.
Many firewall appliances can actually inspect the traffic and remove content from SMTP and HTTP sessions, in fact, we only install firewalls that permit us to remove content from HTTP and SMTP sessions as a means to protect users from their own ignorance.
It's a "firewall" (Marketing-speak) but not a firewall as IT professionals would call it.
A firewall in IT terms is a concept, consisting of various elements such as packet filters, proxy servers, virus-scanning gateways etc. - in IT-terms ZA is a host-based packet filter.
It's running on the same system that it's supposed to protect. Once the trojan is executed on the system by the user, the trojan can do everything the user could do - including disabling any security software installed on the same machine.
Nope. A system can be secure without any packet filters in front of it
- as long as there is nothing on it listening to inbound connections from the Internet (which the packet filter would block otherwise), and as long as nobody is sitting in front of it downloading and executing a trojan (they don't just magically install themselves...)
I do it for our company for SMTP, so the users can work more stress-less :-) In some cases I did it (inside of squid) for HTTP for not patched insecure flaws of browsers or graphic libraries (pattern came from sans.org)
The better way is: give the users (security) robust tools.
Yeah________^^^^^^____________^^^^^^^^^^^^^ , you said it.
About "stealth"... well, better not get something started again....
Anyway, protection against unsolicited inbound traffic is not that hard to achieve also without a firewall. Most users install 3rd party firewalls for the sake of "outbound application control" which is nonsense in terms of security.
What alternatives did you consider when making that descision?
Show me where it says that this wipfw is going to provide protection at boot. Even MS's IPsec which is another packet filter and is on the O/S cannot even do this. And I suspect that this wipfw cannot do it either.
maybe you will find out with what you are dealing with. I belive your system is already compromised. You have active malware which activates before ZA initialization is completed and downloads other malware. Best solution would be to flat and rebuild i.e. format. But if, for some reason, you don't want to do that, turn off system restore, boot into safe mode, scan with AV and hope that everything will be OK, maybe you will be lucky. In addition try to find help somewhere else. Try on some group or forum dealing with malware, this group deal with firewalls so your post is a bit OT. Maybe somebody might help you to determine how bad your system is compromised. Firewall cannot help you anymore. Remember, format is a _best_ solution. Leythos gave you a good advice, use NAT router in future.
And you would have been able to detect if it had failed to work how?
BTW, you do realize that ZA itself phones home, and that more recent versions incorporate rootkit functionality to restrict administrative accounts (which is utterly braindead)?
Managing a Personal Firewall is far from anything that could even remotely be regarded as "simplicity". Not only do most (if not all) of them provide insufficient information to make reasonable decisions, they present the user with choices he simply cannot make because he lacks the required understanding of TCP/IP and windows internals. Not to mention that several of them open additional attack vectors (some local, some even remote).
Not at boot, as first of all network services with highest priority would be enough.
Yes, IPSec is a conglomerate of secure networking and packet filtering. I was shown, that there are 3 different mechanism of packet filtering, not three ore more UI to one and the same mechanism.
Because it simply is none? Look up the definition, then look into the manual, and you can straightly tell that it is impossible to build a real firewall with ZoneAlarm.
So what? This just proves that marketing works. None of the users has any clue what they're doing.
Because it introduces well-known remote exploits? And local privilege escalation? Trivial remote DoS? Trivially bypassed? Vendor being unwilling to fix anything?
Definitely marketing works. Why the f*** do you think a system couldn't be secure without a firewall, and a firewall could make an insecure system become secure?
Which is s self-fullfilling prophecy. Someone who is using ZoneAlarm sure isn't competent enough to spot an intrusion.
Which helps exactly how much? Heck, even the obvious remote DoS (using a combination of SYN, ICMP and UDP flooding) remains sinceever it was discovered years ago)
Uoh, and then even the Kaspersky fun. Hey, do you know what NtCreateProcess(0,0,0,0,0,0,0) means? For you, it means a bluescreen.
And, um, did any of these sites test for what happens with overlapped IP fragments when injected close to your hop (in a topological sense)? You'd be surprised!
Just like magic charms. Your point being?
Oh, what about tomorrow? You're still offering an open door.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.