guidance sought

So why are they using an universal Turing machine for such stuff? What they need is an iMac with OSX or, even better, a set-top box. Or what about a computer booted from a Linux Live system with only their data stored f.e. on a 32 MB CF card?

Ehm sorry, but configuration and backups are running costs that clearly have to be taken into account, whether they like it or not.

I'm usually pretty harsh and direct, but not insulting. Instead of telling them how to get their crippled configuration of a crappy software a bit less crippled, I'm telling that they don't need that software and uninstalling it saves from a lot of hassle.

But that doesn't help if they just want to hear what they like to hear.

The software that I've seen (or dealt with) has rules. You typically get a pop-up when a program attempts to connect with the outside world. On the flip side, you get a pop-up when the outside world attempts communication with you. At that point, you have to decide whether, or not, to allow communication.

To me, the biggest problem is authorizing the program to make all decisions, or just saying "yes" to every pop-up.

Notan

People want easy.

While your suggestions may be valid, they require time and effort, two things that *most* people don't care to invest.

Notan

Privilege escalation is usually irrelevant for normal users, as they're all running as default admins. :-(

You get a pop-up only, if the program lets the "Personal Firewall" in control. This has nothing to do with security.

Yes, and this is nonsense. If you're a home user, you just want to be secure. You don't want to know what's going on technically, and you don't want to decide security related questions, which you only can decide correctly, if you have the know-how.

Yes. This is a design flaw. The person, which should be protected by the system, now is responsible to decide technical questions affecting security and protection.

The problem is with such pop-ups as a concept. It's just a mistake to use such a wrong concept.

Yours, VB.

Those people don't need "Personal Firewalls" at all anyways.

Yours, VB.

Oh wonderful. A warning for every timed-out DNS reply, for every P2P request, for every worming bot, for every random noise, for Ident requests from your mail or IRC server, ...

Well, then shouldn't it provide any useful details?

Don't mind, the malware will do that for you. :-)

RealPlayer will detect a network communication error and will launch an IE window at a HTML file in temp dir, meta-redirecting itself to the target server and sending all data Base64 encoded in the GET request. Of course, IE is allowed to connect (a big mistake).

Adobe License Manager will employ calling the NDIS driver directly, not even being noticed by the PFW, happily telling Adobe that your version is cracked.

(In the meanwhile the malware has exploited AdobeLM service for privilege escalation...)

Yes, I did, I took into account the entire network, the entire computer, the entire environment. Fact is, that with many computer users, where there Windows Firewall protected computers were compromised monthly, that once cleaned (or wiped/reinstalled) and then just adding ZoneAlarm, without teaching them anything about Zone Alarm (they learned on their own), not one of those computers was compromised again.

So, lets address what is possible and what really happens - most of the apps in the world have exploits, but, most of those exploits don't hit the masses, they hit a very small percentage of systems (notice I said MOST, not all). So, even if ZA does have a hole/exploit, the chances that any one person might be compromised by is is much smaller than the chance of them being compromised while using the Windows Firewall ONLY.

You really need to learn more about REAL-WORLD experiences and testing VB.

That's another argument against PFWs. And it's a good argument for Windows Firewall, as it doesn't ask the user any technical questions, but happily does its job in the background.

Guess what my host-based packet filter (Win-IPFW for Windows, ipfw for FreeBSD, netfilter for Debian) on home computer does? It employs a simple black-listing strategy to keep of common stupid and bad stuff. Not that it would be a problem without, it's just a second line in defense and primarily focused on saving network traffic. It's supposed to work flawlessly in the background with no need for reconfiguration, all outbound and outbound-related traffic is allowed (except SMTP).

Because they're not hold responsible to any sufficient extend, especially due to their ISP not wanting to lose customers for shutting them off.

I have no vested interest in telling untruths. Everything I've stated about Windows XP Firewall vs Zone Alarm on noob's computers is 100% true and from actual experience with those people/products.

Windows firewall allows so many things that a firewall doesn't allow that it's useless after several months - I can't begin to count the number of Windows XP Firewall producted PC's I've seen directly connected to the Internet with File and Printer sharing enabled to the Internet.

Like I've said many times, you just don't live in the real world VB, neither you or Sebastian.

I've seen computers with just the Windows Firewall for protection compromised very quickly, between a week and a month, the same user, once their machine is cleaned and ZAP installed, operates for more than a year without a compromise (could be longer, but I didn't track longer than that).