My wife happens to be an abuse manager at a very large service provider.
(I myself do security work, ergo this list.)
Therefore, I offer this warning: Black Ice and Zonealarm both have
a VERY high propensity to generate alerts for things which are NOT
worth alerting on. They often misinterpret delayed/timed-out response
packets. Most often are alerts where people think that a major website
is "hacking" them on port 1035 from the web site's port 80. The second
would be udp "portscans" coming from a major dns servers port 53, going
to their udp port 1211.
In other words, for those in the IP know, they're getting responses to
their legitimate requests, and these products misinterpret those packets.
They seem to maximize the "DANGER DANGER" alarm factor to make people
think they're really great, and they are all that stand between them and
complete computer chaos. This seems to be a dishonest emphasis. It would
be different entirely if they had such a wild warning for packets
received on many ports, especially priveleged ports where common services
(say, SSH, or nb services) might be found.
Sadly, I can't recommend any decent alternative (on windows. Linux,
of course, will do a great firewall/masquerade job). For those
with single windows boxes, I generally just recommend removing
the client for microsoft networks from their network settings, since
most single-computer users have no need. (no file sharing, etc)
Then windows stops listening on any ports, and its a dead issue.
That aside, the bigger risk for any home user is their browser and
email client, as people using IE on weak security settings and
email-borne trojans are a much bigger danger.
--Matt Wallace
==================
(My opinions are my own, and my own only. If my employer wants them,
they have to pay extra)
On Wed, Jul 26, 2000 at 07:44:51PM -0700, Steven Pierce wrote:
>
> I second this...
> *********** REPLY SEPARATOR ***********
>
> On 7/26/2000 at 5:29 PM Carric Dooley wrote:
>
> >Zone Alarm is better.. and free for home use. =)
> >
> >----- Original Message -----
> >From: "Russell Nomer" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> >Sent: Wednesday, July 26, 2000 3:43 PM
> >Subject: RE: Home Network Security
> >
> >
> >> Black Ice is excellent
> >>
> >> -----Original Message-----
> >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> >> Sent: Wednesday, July 26, 2000 3:20 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: Home Network Security
> >>
> >>
> >> Hello,
> >>
> >> What do you all recommend for a good home security firewall?
> >> I have hear of Black Ice and Zonealarm.
> >>
> >> I am hooking up 3 PCs to a cable modem connection in a home for a
> >> friend.
> >> What issues should I be aware concerning security.
> >>
> >> How would I block netbeui from being broadcast out through the cable
> >> modem.
> >>
> >> Your input is greatly appreciated.
> >>
> >> Thank You
> >>
> >> al
> >>
> >> -
> >> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >> "unsubscribe firewalls" in the body of the message.]
> >> -
> >> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >> "unsubscribe firewalls" in the body of the message.]
> >>
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
