As far as I know, Zone Alarm (the personal version) requires manual intervention from
the user, to 'teach' it which applications are permitted access to the LAN, to the
Internet or to both. From memory, it also doesn't allow you to specify which ports;
any application gets carte blanche access once you give it the ok. Which means that
the kewl free FTP client you downloaded can quite happily go out on any port it
wants, to anywhere it wants, on the pretext of 'accessing the internet'.
(I could be wrong on this - it was a while ago that I looked at it, and I don't know
whether this has been improved since - feel free to correct me!)
I have used Norton's Internet Security tool, which apart from the fact that it is
bloatware actually works pretty well. When an application tries to make a connection
anywhere, from any port (to any port), you get a pop-up that allows you to block,
permit or create a rule. There is a good database of pre-built rules for different
applications, giving common applications access to only the ports they require; you
can also restrict an application to only access a given address, or range of
addresses.
The same goes for external machines trying to make a connection to your machine.
It is a pain in the backside the first week or so (which means it is no improvement
over ZoneAlarm with regards to this), but once you get it settled in things run
pretty smoothly. I have yet to check out some of the recently suggested free
personal firewalls, but presumably they offer similar functionality.
Cheers
Geoff
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 04, 2000 11:12 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: ZoneAlarm *AND* a "real" firewall
Can Zone Alarm do this automatically or does it require manual
intervention??
/mark
At 10:45 AM 12/4/00 -0500, Jim Rosenberg wrote:
>There seems to be a train of thought hereabouts that tools like
>ZoneAlarm are toys and real geeks need a "real" firewall. I would
>just like to point out that ZoneAlarm can do some things that the so-
>called serious firewalls *can't*.
>
>Let's say for the sake of argument that you have a Windows desktop
>behind a firewall which is [substitute serious firewall of your
>choice]. That firewall has no clue *what program* on the Windows
>desktop is trying to make a connection. It does matter. For
>instance, I tell ZoneAlarm that my E-mail client is *not* allowed to
>access the Internet. (My Web Browser is.) What does this buy me?
>Protection from Web Bugs. If I get a Web Bug in E-mail, the E-mail
>client will attempt to connect to the Net to retrieve the graphic.
>ZoneAlarm asks me if I want to allow that. I say no. Web Bug
>squished. How would my "adult" firewall handle this? The BigBoy
>firewall would only know that client such-and-such wants to connect
>to site such-and-such using http -- *ALLOWED*. The firewall *CANNOT*
>enforce rules based on which *desktop* programs are trying to access
>the Net. Programs like ZoneAlarm can do this.
>
>Programs like ZoneAlarm have a place in the security scheme *along
>with* strong firewalls protecting the network. They allow security
>policies that are "smart" about what's going on on the desktop. They
>can protect against some goofball trojans that would do things you
>wouldn't want through http tunnels.
>
>No tool is a panacea, but if you've avoided looking at personal
>firewalls like ZoneAlarm thinking you already have a BigBoy firewall,
>think again. ZoneAlarm is pretty cool. Use ZoneAlarm *AND* a strong
>firewall.
>
>---
>#include <disclaimer.h>
>Jim Rosenberg
>Ross Mould
>259 S. College St.
>Washington, PA 15301
>(724) 222-7006 x 189
>E-mail: [EMAIL PROTECTED]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
