ZoneAlarm Pro vs Outpost Pro?

Toyota.

Why?

So what? Any arguments here at last?

Yours, VB.

Except convincing him of something he doesn't want to believe.

He may be repeating something but it is for the information of the original poster. Most usenet users subscribe to a group and ask a question before reading previous posts.

And if he didn't repeat this there would be no point replying, and if he didn't reply it looks like he has given up and has nothing more to say.

Ignore this post VB and keep up the good work.

Please consider that my first thought when reading Leythos' post was the same as above, and i believe many other readers* will think the same, due to the same reasons VB gave. Just statements, no evidence.

• readers that have no knowledge/care of the arguments between Leythos and VB.

I have no idea of any previous posts between Leythos and VB that mention any cultural differences (I may have not read them see snippet above), but whether or not there is this thread did not have anything to do with culture before you mentioned it.

Stop trying to stir the pot.

And we enabled the Windows XP firewall on a couple Sorority networks, installed AVG that was set to check for updates every day, and they are all behind a NAT router with SPI. In less than 30 days they had 4 systems infected with viruses due to IM and Web-browsing.

The compromised machines were running AVG, none of the ones running Norton AV or Symantec Corp were compromised. Oh, the ones running Zone Alarm or NIS were compromised. Not scientific, but we don't actively manage those systems/network, they are an on-call type client, and we consider them as "in the wild" type systems/exposure.

I would never suggest a FREE solution that was not worth purchasing for anyone that cares enough to want to really protect their systems - and never for business systems.

One of the nice things about clients that purchase a firewall is that I can strip out attachments from email, bad content from http sessions, and that's something that Windows XP firewall can't even come close to doing - making my IT management job easier.

What for sure isn't possible, is to convince me of something without one single good argument for it. ;-)

But of course, I'm waiting for you to introdruce your very first one. You will not disappoint me, will you?

Yours, VB.

^^^^^^^

BTW: this is your main mistake. We're talking about technics here, not about religion. There is nothing to believe here, only facts and sometimes opinions how to judge them.

In this view you're right here - it will not possible to make me _believe_ in anything. I just want to _know_ it.

Yours, VB.

This depends on the question. If I would assume, that he's trying to prevent malware from sending information, then: yes.

Please read

See

*

It's very exhausting to again and again write the same. And it's boring the regulars. An FAQ is missing with these answers.

Please read the thread starting with

Yes.

You just did not read our discussion, I guess.

And to my credibility, a topic, you seem to be very familiar with ;-) :

Believe what you want. And don't believe too much - just test it, and look for proofs.

Yours, VB.

The only thing I want to add to this is also from personal experience. I've setup numerous family and friends pcs using just XP sp2 Firewall and MS Antispyware plus AVG's free anti virus. To date, none have been either compromised or had any form of malware. From my own experiences then, I'd recommend the above, with one proviso: spend a little time explaining how the antispyware and anti virus work and how important it is to accept automatic updates to both, plus any automatic updates to the operating system itself. I don't recommend this to my corporate students, but I do recommend they use this on their home pcs.

Wayne McGl>> Consider to use the Windows-Firewall.

Ok so you made an assumption, and there is no way for you to know whether or not this assumption is correct.

This does not change the fact that they will be mystified as to why you responded the way you did. Suppose you didn't know that the online update check of Acrobat can simply be switched off. Perhaps because you didn't even know that it checks for updates. What would make you aware that it checks for updates without you having to look through its configuration settings?

* What is the point of pointing this out to me? I already know how to find it.

Perhaps you should write it then, and simply post a link to the relevant part when required. Then you don't have to write it every time. There are reasons why I don't necessarily think that this is a good idea because you can't know who will read it or how they will interpret it.

I already have. The point is not whether I need to read it, the point is whether or not you can assume that other people have read it.

A discussion which is clouded by personal insults is not easy to read and it is not easy to remember any facts which were discussed.

Yes I already know this Volker, and I prefer facts which can be proved, but if you are going to prove your facts to others then you will have to present the proof in a way which they can understand instead of simply telling them "This will not work" or "You are lying" That's hardly a proof. Some people will refuse your facts no matter how much proof you give, but if you break into personal insult at this stage then you will simply give them a reason to ignore you and believe that your facts must be wrong.

Anyway I have to get ready to go on holiday. You will be relieved to know that I won't be able to post again until next week.

Jason

In this case, you're right. I'm just assuming, what I'm seeing in most of the cases, and what is the topic of this newsgroup BTW ;-)

Please feel free to communicate yourself, what you're feeling better with.

I'm so old fashioned, that I'm even reading documentation ;-)

In the postings you can find this way, I explained, _why_ "Personal Firewalls" sometimes are dangerous.

Good idea.

Yes. But with this argument in mind, perhaps nobody could write anything anymore. So it's not very useful.

It's better to have something clearly written than having nothing to think about.

I'm not very interested in this meta-discussion, to be honestly. Why should I bother?

Oh, I already presented good proofs here, just read again my postings. I'm sure you will find them easily.

Yes. Maybe. And: I don't care.

Yours, VB.

interesting,

I see no reason why the Windows firewall shouldn't be called a real firewall, as software firewalls go. The main argument against using it seems to be lack of outbound control. Most of us here are aware of how personal firewall outbound control can be easily bypassed but it is still going to work in cases were malware is not sufficiently sophisticated and non-malware applications have no reason to want to work around the software firewall. Does that make a software firewall with outbound control worth having? And does it depend on whether the user is sufficiently educated to understand the limitations of the personal firewall?

Personal firewall software can be a useful quick way to see what non-malware applications are making outbound connections to. I do not doubt for a second that malware can bypass a personal firewall and allow control of a PC without the user being aware, but what is wrong with an experienced user using a personal firewall to monitor non-malware applications? If there is nothing wrong with this then it is wrong to conclude that no-one should ever use personal firewall software and it is wrong to tell everyone who comes here that they should just use the Windows firewall when you don't know who you're giving the advice to.

Personal firewall software can also be educational for those who wish to be educated. It can help an educable user increase their knowledge to the level where they will easily understand the configuration of a proper external firewall box when they come to use one.

My own preference for a firewall is a properly configured external box, but this just isn't going to happen in the case of the average home Windows user.

I agree that giving reasons like "you would know this if you knew anything about security" is not a good way to have a technical discussion.

Well Microsoft do have to keep their customers happy, and most of them are likely to believe certain web sites which tell them that they are not secure unless they are stealth. If I were Microsoft I would find it easier to keep these people happy by using stealth instead of trying to explain why sending RST is a better idea.

I don't use kerio or any personal firewall. I come across zonealarm a lot and sometimes have to configure it for people who would think I'm nuts if I suggest they would be better off without it.

Calling people liars and accusing them of babbling or whatever is not a good way to have a technical discussion in my opinion. If you do this then you have only yourself to blame if you don't get the clear and precise discussion you wanted.

Jason

And the problem with VB is that he didn't disprove anything I said. He also posted a snipped of code (c) and an Exe, which didn't work as he said it would on my systems - not to mention that my "firewall" blocked the exe in the HTTP session, so it could not be downloaded unless I manually bypassed by firewall APPLIANCE.

Ok

Ok so if someone asks for help setting up application control on a personal firewall do you think that saying "This will not work" is a helpful resopnse? Put yourself in the position of the person who is asking. Do you think that they are going to be totally mystified as to why you gave this response? If they don't understand why you gave it then are they likely to ignore it?

But I don't always see any clear reasons for warning or explanation of why personal firewalls are dangerous. Sometimes I just see "This will not work" and I wonder how the OP could possibly make sense of why you said this. You may not want to explain it all in detail every time but how can you assume that the OP knows this?

Also I don't think it always helps to ask people why they use something they don't understand. I think this is likely to increase your chances of being ignored. I don't know many people who like being told that they are using something they don't fully understand. It may be that they already know this. I see no reason at all why people shouldn't use something they don't fully understand provided they understand the risks of doing so. How else are they going to learn anything? And how can you assume that they don't know the risks?

It may be that some of us here do understand the risks of personal firewall software, do understand why words like "dangerous" may be applied to personal firewall software and get frustrated when clueless home Windows users think that personal firewall software is a complete answer to their security prayers.

I didn't see any attempt at discussion, I saw you accuse him of presenting FUD and being a liar. I don't see how this will increase your credibility, even if it were true.

Jason

Nothing. And I never claimed so.

I don't agree with the last sentence. Most of the users don't know, that outbound filtering with a "Personal Firewall" is no security feature at all. So telling them "forget that, it does not work" is a good idea.

Beside the fact, that most "Personal Firewalls" even are dangerous, and users should be warned. Think about Sygate, for example.

Yes. As you can see, when you read my trial for a discussion with "Leythos", I gave up.

I don't think any more, that there is a way to a clear and precise discussion with him.

Yours, VB.

This depends on the question. If I would assume, that he's trying to prevent malware from sending information, then: yes.

Please read

See

*

It's very exhausting to again and again write the same. And it's boring the regulars. An FAQ is missing with these answers.

Please read the thread starting with

Yes.

You just did not read our discussion, I guess.

And to my creditibilty, a topic, you seem to be very familiar with ;-) :

Believe what you want. And don't believe too much - just test it, and look for proofs.

Yours, VB.

The main arguments have been written down by Lutz and others long ago:

Wolfgang

Ah, this is available in English, too. Nice to hear!

Yours, VB.

That is reason enough. A firewall that works only one way is not a firewall.

And it is MS. I wouldn't trust MS to do anything right, especially where security is concerned. The very name MS is synonymous with insecurity, and that includes deliberate insecurity.