My Zone Alarm Pro firewall subscription expires in a few days and I recently bought a Norton Internet Security 2008 package that contains a firewall. I currently have the Norton firewall turned off and just use the Zone Alarm Pro firewall. I don't use the Win XP firewall because I heard that it's not a good idea to have several firewall on at the same time. We get internet through a Belkin pre-N wireless router that is supposed to have some sort of firewall built in and that one is turned on. My computer connects to the router with an ethernet cable and my son's computer uses a Belkin N usb wireless adapter. They both have the same current setup I describe regarding firewalls. Can anyone please advise on whether the Zone Alarm Pro firewall is any better than the Norton firewall in my situation? Should I renew the Zone Alarm Pro subscription or uninstall it when it expires and turn on the Norton firewall? Thanks for any advice.
Luis Ortega added these comments in the current discussion du jour ...
The person who replied to you is warning you that it can be problematical to effectively get 100% rid of any Symantec product. I have System Works 2006 and understand its limitations and I think I know what to do if I want to uninstall it, but I wouldn't want Norton Internet Security on my PC - it is too all- invasive. Now, it has happened to me and I've read of others having similar experiences, if you DO need or want to fully uninstall Norton/Symantec products, you almost always need to use their uninstall cleanup utility after you uninstall it in Add/Remove programs. I have also found that I must go through my Registry looking for orphan keys or entries and kill them, else I have problems with the new utility I'm trying to install. Now, what I DON'T know is if I ever really got rid of all the crap.
I personally run eTrust Pest Patrol and the commercial Zone Alarm. Yes, annual subscriptions for these are getting prices as is a NAV subscriptions. But, one has to decide for themselves how much money to spend on peace of mind. As to MS's XP SP2 firewall, it might be OK if it were at all reasonable to set it up to properly monitor all of the inbound and outbound ports on your PC and do anywhere near as effect a job on watching for bad guys as does Pest Patrol and ZA. Now, ZA is a bit annoying with its constant "do you want to allow or block this, or that", but I actually like to SEE what it thinks is a risk than to go blithely on my way ignorant of what is happening around me.
Your choice, and I'll add a "good luck", you may need it!
A couple of years ago Norton took over one of the smaller firewall software companies and integrated it into their own product. The name escapes me at this time. I am sure either will be adequate for your peace of mind, but not necessarily in reality. If you are comfortable with ZA then upgrade your subscription. If you have already paid for the NIS then you will be wasting your money, but that is your decision.
You are probably getting more protection from your NAT-enabled router than from either one of those products. But then again I am no expert so do what seems right to you.
Luis Ortega added these comments in the current discussion du jour ...
I know it's not but you responded negatively to the person who warned you about Symantec and I wanted to let you know what this is all about. How and where you spend your money is of no concern of mine, just don't come crying here if you hose your system after having been warned. Now, as to Norton vs. Zone Alarm vs. XP's firewall, unless you're into marketing hype, ZA has NIS beat hands down by any qualitative or quantitative measure, including independent testing and owner experience. Now I'm sure of it: you really do need good luck!
A bad mistake, in my view. Norton is the *worst* security product on the market.
That's correct. You should run only a single software firewall.
Good.
My view, as I said above, is that almost any other product is better than Norton anything.
Those are only two of your many choices. I would use ZA in preference to Norton, but I would also use ZA free rather than ZA Pro. I don't think Pro is worth the money.
You could also use the built-in Windows firewall instead of either.
Finally, note that with your router, any software firewall adds very little to your protection.
Thanks. My understanding of router firewalls is that they only block incoming traffic and if there is some malware on the system then outgoing stuff is not blocked. Is that correct?
Yes, it's correct. The same is true of the built-in Windows firewall; it too is inbound only.
However many knowledgeable people feel that monitoring outbound traffic adds little or nothing to the effectiveness of the firewall.
I'm personally not convinced that either point of view is absolutely right, but as a precaution, I use the free ZA in addition to what my router does. My guess is that any extra protection I'm adding is slight, but on the other hand, the hit on performance by having it running appears to be slight too.
Luis Ortega added these comments in the current discussion du jour ...
Again, can't speak definitely if a NAT router can or cannot monitor/block outgoing but it can do a modicum job on incoming. There ARE some caveats, though, such as you MUST make sure that it has been properly set-up in the first place to monitor incoming traffic on ports you're interested in and you MUST make sure from time-to-time that your set-up hasn't been lost. I lost mine inadvertantly during one of many short power hits where I live.
But, even if a "good" NAT router is properly set-up and monitored to ensure continuing protection, it's overall protection from an even moderately knowledgeable bad guy is pretty minimal. If you have ANY fears, founded or unfounded, about your Internet activities and/or identity theft, then you really should greatly harden your malware protection past the normal AV SW and you should add some sort of SW firewall and train it as to what you will allow and what you want blocked. Be aware, though, that ANY decent firewall will be annoying some amount of the time, and that is what you WANT, since you want the thing to err on the side of caution and at least give you a warning which you can ignore once, ignore forever, allow through once, or give it permission to allow that particular incoming traffic access every time.
Ken Blake, MVP added these comments in the current discussion du jour ...
I tried the free ZA and didn't think it did enough. As to a performance hit, I can't detect one except when it stops some other process and waits until I tell it to let the traffic in or out or to block it. That can be annoying but FAR less annoying then getting blasted by some nasty infection or suffering a major outtage or identity theft issue.
Hi Luis, I quit reading responses when the zealots crawled out of the woodwork so please forgive me if I'm repeating someone's input here:
IMO, and that of many other people I know, either of the firewalls you mention are good ones. Personally, I would base my opinion on which one to use based on how they "feel" to me; ease of use, setting blocks/unblocks, controlling when/how often it interrupts me settings, relevancy of log data, etc..
I have a NAT DSL router and ZoneAlarm. I'm quite happy with them. I also have Norton SystemWorks which is sans a firewall but my ISP is offering the NIS pkg, which includes a firewall, so I just may take a look at Norton's firewall but my choices will be based on how it fits to my own use and perceptions.
The XP firewall is "decent" but only checks incoming traffic, not outgoing, so if you had something that was calling home with your account passwords, it would miss it. It's real use is so that you CAN have a firewall when you first hit the internet and until you get all of your updates and other protection apps into place and updated. I seldom have to rebuild my system so I've only used it once or twice, but it does give basic protection but that's about all.
You're also correct in that having two software firewalls working at the same time is a no-no. They will step on each other's resources even if they seem to work together. Many firewalls won't even install until you disable any other one you have working. Some even make you actually Remove the other firewall before they'll install and XP also has a firewall monitor that'll complain to you.
So, I'd say use the one that feels right to you based on the two you indicated. They both have excellent reputations for ability and dependability. As for the crap about removing Norton, it boils down to being able to RTFM; if you can read and follow directions it's a snap. I've done it several times on my own machines and that of clients, for various reasons.
Alt.comp.anti-virus or alt.comp.virus are better places to ask your question. Many of the people in those two groups are unusually knowledgeable about this subject. I will forewarn you however that (the last time I was there at least) Norton home use products were not at the top of their recommended lists.
It is actually also a bad idea to install more then one software firewall on a computer. The software firewall to do its "job" deeply integrates/messes with the Windows system. In general, the only way to get properly rid of an installed (single) software firewall on a Windows system is to reinstall the system. Otherwise you may see all kinds of issues after the uninstallation plus usually not everything is gone after the standard deinstallation from the software wizard. That's why you have to download additional tools from Symantec or others only to get rid of the rest.
Now make the math: you have already installed two firewalls on your computer. (The Windows XP firewall is part of the OS that's why it does not cause issues here). Twice you have messed up the system with an installation of a software firewall. Both try to hook into the system to do their job and to make them fixed into the system so that other malware does not accidentally removes the firewall software.
It is even now impossible to say whether any of those two firewalls operates correctly if turned on. Norton may well have removed some of the hooks which ZoneAlarm installed which ZoneAlarm did not notice. Or well, maybe ZoneAlarm noticed some of those changes and reverted them back removing Norton hooks...
Honestly, I would recommend to reinstall Windows from scratch and learn a little about computer security and how to keep your computer secure by what you DO instead of what you INSTALL. It is not so complicated and still human beings are more intelligent than some piece of software. It is possible to run a computer without any firewall running and without getting infected with malware. But obviously, this last statement does not sell good that's why you find a lot of opposite (well sponsored) statements.
At the current stage I doubt you will be able to get any of those firewalls removed from your system without damage to the system...
Correct. But software firewalls only detect outgoing traffic if the malware is so nice/dumb to be detected. And even if it is detected and something is blocked it does not mean it does not send anything out because there are various ways to send something out even with a firewall installed (through your browser, through DNS, etc. all things you use and need to browse the internet for instance.)
It would be more effective for your overall security if you have learned how to prevent malware on your computer in the first place. And this mostly depends on what you do and not with some security software you install.
Including: Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I Security Program Manager Microsoft Corporation
formatting link
Steve Riley, a senior security strategist in the Microsoft Trustworthy Computing Group and contributing editor for TechNet Magazine, jets around the world to speak at conferences and spend time with customers to help them get and stay secure.
formatting link
down to: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
Steve Gibson, Firewall LeakTesting.
formatting link
Excerpts: Leo Laporte: "So the leaktest is kind of pointless." Steve Gibson: "Well,yes,... Leo: "So are you saying that there's no point in doing a leaktest anymore?" Steve: "Well, it's why I have not taken the trouble to update mine, because you..." Leo: "You can't test enough". Steve: "Well, yeah. Leo: "Right. Very interesting stuff. I guess that - my sense is, if you can't test for leaks, a software-based firewall is kind of essentially worthless."
Maker of PFW, A realistic assessment with respect to 3rd party PFW from a respectable software manufacturer 2007-08-07.
formatting link
Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall Excerpts:
[quote] ...we have some reservations about personal firewall "leak testing" in general. While we appreciate and support the unique value of independent security testing, we are admittedly skeptical as to just how meaningful these leak tests really are, especially as they reflect real-world environments.
The key assumption of "leak testing" -- namely, that it is somehow useful to measure the outbound protection provided by personal firewalls in cases where malware has already executed on the test box -- strikes us as a questionable basis on which to build a security assessment. Today's malware is so malicious and cleverly designed that it is often safest to regard PCs as so thoroughly compromised that nothing on the box can be trusted once the malware executes. In short, "leak testing" starts after the game is already lost, as the malware has already gotten past the inbound firewall protection.
Moreover, "leak testing" is predicated on the further assumption that personal firewalls should warn users about outbound connections even when the involved code components are not demonstrably malicious or suspicious (as is the case with the simulator programs used for "leak testing"). In fact, this kind of program design risks pop-up fatigue in users, effectively lowering the overall security of the system -- the reason developers are increasingly shunning this design for security applications. [unquote]
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.