Switching from ZoneAlarm to Jetico

After seeing the latest ZoneAlarm update (it has an even larger "mind of its own" when it comes to the safe-list safePrograms.xml, which I really don't like) I'm seriously considering switching to another personal firewall. I came across Jetico which seems like a nice no-bloatware thing. Any thoughts, suggestions, recommendations...?

Reply to
level13
Loading thread data ...

Of course, anyone who runs such scripts from untrusted/unverified sources such as those above has much more to worry about than which software firewall to use.

Reply to
Eamon Santiago

What if you do not have WXP?

Reply to
badgolferman

Better idea: forget "Personal Firewalls". Just use the Windows-Firewall.

Yours, VB.

Reply to
Volker Birk

Then there are other options. It is a good idea not to run any servers, which listen() to the wild, of course. Unfortunately, Windows in it's default configuration runs many such servers. Nobody knows why, of course, because usually no-one needs or even wants them (most people even don't know).

But these servers are the reason, why one will need filtering software on a Windows box.

Switching off this software programs will result in not needing any port filter software any more.

Unfortunately, Microsoft makes it difficult for Windows 2000 and Windows XP users to switch them all off. This is why Torsten Mann created this very useful script:

formatting link
If you're not used to deal with scripts, I hacked a small Windows program, which does just the same:

formatting link
If you're running Windows 9x, i.e. Windows 95, Windows 98 or Windows ME, then it's very easy for you to switch those servers off: just unbind them from the TCP/IP network protocol in the network settings.

Please test with:

C:\\> netstat -an

wether there is no process LISTENING any more, which is not bound to localhost 127.0.0.1, _before_ you connect to the Internet again.

If you're doing so, and if you're PC is nothing offering to the Internet any more, then you don't need a packet filter any more.

If you want a packet filter, also Windows 2000 has one. It's a little bit hidden, because Microsoft calles the user interface for it "IPSec" (which of course usually is somewhat completely different ;-)

Yours, VB.

Reply to
Volker Birk

That's something of a mantra from you, so I looked up old messages for an explanation of your opinion. I've wondered how a fw would prevent reaching out and touching someone via http, and you demonstrate the answer: it can't (though I suppose an opsys hook could prevent it). And maybe I didn't look hard enough, but I didn't find anyone offering a technical argument why you are wrong.

Of course, Gibson says ZoneAlarm is the cat's ass; perhaps that's enough. And there are testimonials like "I've used 'Impregnable' for 50 years and never got infected." (Never mind that this is like the person who, when told that Homeland Security Dept. is a bureaucratic boondoggle, says that can't be true because we've had no attacks since it was created.) But all that aside, it's just general knowledge that anything included in Windows must have some serious flaws.

nf

Reply to
nutso fasst

Torsten's and my site are as trusted or as untrusted as any "Personal Firewall" manufacturor's homepage.

But: in contrast to most of the "Personal Firewalls", Torsten's script and my small program are Free Software.

You can get the source code, and check yourself, what it's doing. Please feel free to do so.

Torsten's script is in source code (as every script), you can find the source code for my small program here:

formatting link
You can compile this with Microsoft Visual C++, or with MinGW.

Yours, VB.

Reply to
Volker Birk

If there are any questions, of course I'm happy to explain.

Yes, this simple approach I chose could be prevented by having a message hook, and filtering out those messages to the webbrowser.

But this only is the easiest way I found, and it already worked. There are many other ways, too, to do the same.

I cannot see that either.

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.