So tells everyone that does deny the vulnerabilities of windows.
If you don't want to know when you're infected you're really braindead.
Why a unreliable redmond 'solution', probably because that is hiding what is sent to the MS servers.
arja
Malware can circumvent and defeat the worthless Application Control of personal FW(s)/packet filters at the drop of a hat. A user may not even get asked the question. I certainly woundn't be depending upon App. Control of some PFW/packet filter to watch my back, but that's just me.
And why this does not work at all, you can find here in this group, arguing again and again and again against this nonsense.
Yours, VB.
Because it does not. If you would be able to use a packet sniffer, you for sure would detect, that the only software, which "phones home" strange things, is Zone Alarm itself.
Yours, VB.
Onyl, if the malware is run not as Administrator. If so, then no "Zone Alarm" will help, beside nothing else will help.
But even with "Zone Alarm" being "password protected" and malware running just as simple user, the malware just can ignore "Zone Alarm", as many leak tests show.
Yours, VB.
Yes, the Windows-Firewall does not even try to detect "malicous outgoing traffic". And why should it?
Of course, and IDS could help - if it would be implemented not as dumb as with "Personal Firewalls" like "Zone Alarm". And if it would be driven by a user not as uninformed and not interested as the common home user.
If.
Now, with Windows Vista, the Windows-Firewall will. And I'm expecting the same problems.
Yours, VB.
Difficult to say. Some people will not have anything to do with any personal firewall, saying that they are pointless as any malware worth its salt would be able to circumvent the pfw's outbound checks. Could well be true. Software such as Kaspersky Internet Security does a lot more than just monitor outbound traffic, however, and ought to offer some extra protection.
One positive aspect of your post is that you have provided a brilliant platform for Volker Birk and others to stand on their much trodden soap box again ;-)
Oh, I missed that one about Gibson, old Gibson. Maybe, I'll put up a Web site and become a guru too. I am sure there are plenty that will take a big wet and juicy bite.
I'm probably much more aware of the vulnerabilities of Windows than you are. However, I prefer to stick with facts rather than superstition. Unlike you, apparently.
Oh, I do want to know. However, AV software already accomplishes that very nicely, so why would I want to waste resources on additional software that does the very same task?
Superstition again. Port Reporter is just as (un-)reliable as any software firewall, because all of them can only identify the process sending or receiving the network traffic, which isn't necessarily the process that is the actuall endpoint of the communication.
Besides, since all software firewalls are running on top of Microsoft software (i.e. their operating system), none of them are able to detect anything Microsoft wants to hide. You may want to read "Reflections on Trusting Trust" [1] to understand why that is.
[1]
The latest version of ZA I had looked at (5.5 Pro) still had all of its config files world-writable and "protected" them by keeping them locked while opened. Plus, it installed a ton of kernel-hooks to intercept file and registry operations.
cu
59cobalt
No. The Windows-Firewall just doesn't bother to try and do what actually can't be done. If you want to monitor outgoing traffic: Port Reporter (which I already mentioned) has been around for years and does a good job on that.
cu
59cobalt
Technique called process infection. Malware pick a process in memory (software firewalls usually makes checksums for files) and add it's own code to the process which is on software firewall "trusted" list. Recently I tried to repair a machine where uTorren was sending mailes/spam (broadband account was locked). uTorrent client normally didn't have e-mail capacibility. Machine was zombie, flatten and rebuilded. Firewall was ZA and it didn't report anything.
Rootkit. How to stop something WinAPI (software firewalls use it) cannot see. Recently I noticed that rootkit infections (usually zombie machines) are not uncommon anymore. On a same machine after killing uTorrenr, Rootkit revealers didn't report anything. But after scanning machine remote (nmap) I noticed unusal ports opened (netstat and activeports didn't report anything there), so probably rootkit was running. ZA didn't report anything as well.
This does not work reliably and only with very dumb malware. As a drawback, your user has to answer security related questions in popups and so has the possibility (and for sure will do) fuckup the complete concept.
Yours, VB.
Do you remember when AtGuard rule sets used to be shared and discussed here?
The latest version of ZA I had looked at (6.5 Pro) still had all of its config files world-writable and "protected" them by keeping them locked while opened. Plus, it installed a ton of kernel-hooks to intercept file and registry operations.
cu
59cobalt
That doesn't sound too great. Is KIS6.0 any better in this respect - it claims to protect its own files and also monitors all manner of process activity?
I only took a closer look at a small selection of personal firewalls (ZA, Norton, Sygate, Outpost, Tiny, Kerio, Norman). Kaspersky was not among them, so I can't tell whether they do the same or not. I would suspect that they don't, though, because ZA is the only one showing this behaviour IIRC.
cu
59cobaltCaution: this software requires 128 MB of RAM with Win XP. (I wonder how much less RAM it would use if you didn't install the ZA anti-virus portion?) I'm running out of RAM to put this on a Dell machine with 512MB of RAM, about 175 MB left after boot-up (IE7 stole a lot of RAM, about 80 MB)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.