I run three firewalls and an HTML filter:
1 CONSEAL PERSONAL FW
2 BLACKICE DEFENDER
3 ZONEALARM FW
4 PROXOMITRON
McAfee recently acquired Signal9 the developer and marketing company
for Conseal Personal FW (packet filtering) and Conseal Private Desktop
(application filtering or stateful inspection. Conseal FW is
preconfigured with a ruleset that blocks all ports except those that
are needed for browsing. It also blocks Netbios and Netbeui (ports
135-139) by default. Many rulesets are available for special
configurations, such as DSL, cable modem, Napster, ICQ, and other
junk. Conseal FW logs incoming and outgoing connections, blocks
incoming connections that are not permitted, and will optionally allow
the user to chose to block or allow an incoming connection,
permanently or temporarily. Rule building is GUI control and for
anyone with some experience in protocols, ports, and services, rules
are easy to create, modify, test, or delete. Rules are processed in
priority order, so you can make things hairy, just like any packet
filtering firewall with prioritized rules.
McAfee is already offering Conseal Personal Desktop without mentioning
Conseal Personal FW on their site. This has caused general
frustration and aggravation amongst the CFW users, plus numerous
negative statements about McAfee products and support.
BlackIce Defender provides no rule control. Instead it monitors ports
and services and categorizes them. You chose the level of
port/service control (from Paranoid to Don't care). BlackIce
identifies and filters some Trojans and viruses, but is not a
replacement for a good antiviral program.
ZoneAlarm was originally an outgoing connection filter, but it is now
a full-fledged firewall for both incoming and outgoing connections and
is application based (stateful inspection). You can establish trusted
services or let ZoneAlarm ask you everytime. It definitely works to
block incoming or outgoing connections that are not allowed. The
current release also logs alerts.
Proxomitron is an HTML proxy filter with prebuilt rules. You can add
new ones if you understand HTML and replace any incoming HTML element
or subelement with a new element or value or comment. It's primary
purpose is to eliminate trash, but it is very effective in eliminating
any DoubleClick--in some cases disabling some webpages completely.
There is a logging feature that displays all the HTML action, server
names, URLs contacted, and HTML editing performed. You can override
(bypass) the Proxomitron filtering while still allowing it to be the
local proxy. It works with remote proxies as well.
They will all work together in the same system without conflict.
Sometimes people are critical and arrogant about anyone who uses
multiple firewalls in the same system. If there isn't any performance
hit, the combination is effective and each works well to make the user
fully aware of the events of the active programs and incoming
connections. Port scans will sometimes go through Conseal, but they
are stopped dead by BlackIce. ZoneAlarm won't allow an outgoing
connection from your system (like one of the ad trojans, RealAudio
phone-home, SubSeven or BackOrifice) without your permission--you're
really well informed by it.
ZoneAlarm and Proxomitron are both free for personal use.
Conseal is priced according to operating system.
BlackIce is a single price for all operating systems.
______________________________ Reply Separator _________________________________
Subject: Re: ZoneAlarm
Author: rj <[EMAIL PROTECTED]> at Internet
Date: 04/06/2000 10:49 PM
Why do you run two firewalls, I am assuming that BlackIce is a firewall?
Is it that no firewall is bullet proof and one should catch the one(s)
the other missed?
On Wed, 5 Apr 2000 [EMAIL PROTECTED] wrote:
> I too have had excellent results with ZoneAlarm. I am running it on a
> personal system running Windows 98 and have been using it for almost three
> months now with no problems. I also use Blackice and it works well with
> ZoneAlarm. Blackice only checks inbound while ZoneAlarm checks both inbound
> and outbound.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Received: from mimesweeper.sec.gov ([162.138.246.4]) by smtpgate.sec.gov with
SMTP
(IMA Internet Exchange 3.13) id 00022CC5; Thu, 6 Apr 2000 23:02:03 -0400
Received: from secfw2.sec.gov (unverified) by mimesweeper.sec.gov
(Content Technologies SMTPRS 2.0.15) with SMTP id
<[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;
Thu, 06 Apr 2000 22:07:58 -0400
Received: by secfw2.sec.gov; id XAA19767; Thu, 6 Apr 2000 23:00:48 -0400
Received: from spike.rwc.gnac.net(209.182.195.137) by secfw2.sec.gov via smap
(/2.1+anti-relay+anti-spam)
id xma019763; Thu, 6 Apr 00 23:00:29 -0400
Received: (qmail 25393 invoked by uid 15); 7 Apr 2000 02:52:10 -0000
Delivered-To: [EMAIL PROTECTED]
Received: from chele.cais.net (shell.cais.net [205.252.14.8])
by spike.rwc.gnac.net (8.8.8/8.8.8) with ESMTP id TAA24854
for <[EMAIL PROTECTED]>; Thu, 6 Apr 2000 19:51:48 -0700 (PDT)
Received: from localhost (rj@localhost)
by chele.cais.net (8.9.1/8.9.1) with ESMTP id WAA05576;
Thu, 6 Apr 2000 22:49:13 -0400 (EDT)
Date: Thu, 6 Apr 2000 22:49:12 -0400 (EDT)
From: rj <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: ZoneAlarm
In-Reply-To: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Loop: [EMAIL PROTECTED]
Content-Type: TEXT/PLAIN; charset=US-ASCII
