I think that Volker and a few others take an idealogical stance and more or less insist that it's up to the user to keep the nasties off their system to begin with. I pretty much agree with this approach. I also think that Volker is just saying that a 'personal firewall' is not guaranteed to stop everything outbound, and that it's possible to bypass them, and that a 'personal firewall' does not ensure 'security'. (Sorry Volker, I don't mean to try to speak for you.. I may have it wrong.. :))
I would agree with you a little and say that perhaps there are times when an alert to something bad going on might be useful. But I do believe in preventing things before they happen rather than trying to clean up the mess after the fact.
Well, I think you have to do what works for you. One situation is going to be different from another. If you have people using your machines and you can't stop them from installing or doing things, then you have to do what you can in the way of damage control I guess. But keep putting effort into educating them. Hopefully it'll pay off in time. :)
My nephew lives with me and he is very good about computer security. My wife is getting better, but she used to click on anything that popped up on the screen. Now she knows better.
I installed a content filter on several of the machines that the kids have access to and it has done a lot more than keeping the kids off playboy.com. It seems to keep them from sites that have malware. It also is configured to keep them from downloading anything - and it works.
If they can't download a new screen saver that if filled with spyware, that malware can't be installed on the computer. Unlike the other parental control software that I have seen, this works great. It has very few false positives and it has done a great job of keeping the kids off dangerous or inappropriate sites.
If I may amend: A "Personal Firewall" cannot prevent from malware communicating "outbound" _at_ _all_, if this malware is not programmed very dumb.
I'm remembering to the fact, that I wrote my first PoC code, breakout.c, in ten minutes without ever seen a "Personal Firewall". My second PoC code for Zone Alarm Pro, breakout-wp.cpp, took me little longer on a saturday evening.
This is the effort an attacker has to invest to fool a "Personal Firewall". If you're calling *this* "security", then feel free to use a diametral definition of this term compared to what I mean with it ;-)
No. All the time I'm "preaching", that this is impossible. So it's _very_ unlikely, indeed :-P
Yes, of course. And please read
Yes. They're dumb (while you're not - they have to know it better). It is completely ridiculous, that Microsoft are first starting lots of servers on their Windows operating systems, and afterwards are trying to filter any access to them away.
You're trusting too much in software, which cannot be perfect by design.
Yes. Perhaps you could consider not to use Windows, or at least to work in a safe way, if you're thinking so.
Volker, a lot of the software that I use is not available for other operating systems. That includes my CAD software and my engineering software, just to name a few. Whether I like it or not, I am stuck with Windows.
I tried a few variants of Linux, (I think that there must be a couple of hundred distro's of Linux out there), and they all had serious problems. Device drivers were lacking or they didn't work and there were a lot of hardware problems too.
Volker, the software that I mentioned included Bit Defender, Norton, and a couple of other mainstream packages that simply did not uninstall all of their components when they were uninstalled.
When my nephews machine started having problems with some spyware that came with his computer games, I used Erase to delete his entire hard drive and then I installed a safe image made with Acronis. We have had no more problems since then.
Unless the malware that you described has altered my routers logs, there are no unusual connections at this time on any of my machine.
Hm... I have good experiences with Debian GNU/Linux, SuSE Linux, Redhat Linux (now named Fedora), FreeBSD and NetBSD. Friends of mine are very happen with OpenBSD. And most of my friends which are not too technical, are happy with their Macintosh ;-)
But if the CAD software you need only is available for Windows, maybe separating the CAD machine from the Internet terminal could help. Maybe a Mac Mini as Internet terminal will make many things easier for you.
Outbound control is not reliable, so this is not a security feature. It doesn't make ZA a better Firewall.
Besides, outbound connections can be monitored by various means, even by tools from Microsoft (e.g. PortReporter).
The canonical measure against malware is not to install it rather than to suppress it's traffic after it got installed.
Or at least that's what you think. Again, there are many ways to bypass outbound control, so if some program want's to install malware and refuses to run (or be installed) otherwise: throw it away.
Look at the history of ZA (or any other personal firewall) and you will find them no less vulnerable than any Microsoft program (well, maybe except for IE). The Windows Firewall has been present since XP RTM, and has very few vulnerabilities up to now, so if there's a winner in *this* contest, it sure isn't ZA.
Besides, this is not a technical reason.
This isn't a technical reason either. Plus, any third-party software will still be running on Windows, thus you'll still have to rely on the party that "has not exactly been a world leader in computer security". Personal firewall software is still software. It doesn't magically run apart from the operating system.
Rated by whom? And for what (technical) reason? (actually that *was* my original question, remember?)
Just because people tell you something it doesn't mean they're right.
[...]
My answer would be the same as Volker's: Do not use ZoneAlarm. Period.
If you are going to actually USE your computer for consumer purposes, you have to make compromises.
If you are acessing the internet in any way, shape, or form, you are opening yourself up to the potential of malware. Unfortunately, blocking all cookies, banners, animations, and 3rd party links makes the internet virtually unnavigable for the home user. There are major retail outlets online (BestBuy, Circuit City, Toys R Us, etc) which outright refuse to work without enabling the bells & whistles.
Since the "intelligent" people can't just keep the clueless people away from computers and the internet, they can only be told what to do, and hope that they follow the advice: Disable all access points you possibly can as you reccomend, get that anti-virus program and keep it up to date, and if at all possible, have a hardware router w/ firewall between you and the Wild.
This is nonsense.. You should revise that to say "If you are clueless and accessing the internet ... then you are opening yourself up to the potential of malware."
If yoru computer is connected to a network, it is vulnerable. Granted, it might be extremely difficult if you are behind a properly configured firewall on a properly configured network and protected by strong passwords, but you're still theoretically vulnerable.
And frankly, if you are the average user, you don't have either of the above lines of defense. At best, you might have a $50 router from Best Buy for your home network. More computer literate people have better defenses.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.