Dear Mr. Brent: I've tested four of the popular personal software firewall products (ISS/NetworkICE, McAfee, Symantec, and Zone Labs) and found that they work okay in most cases.
When I oversaw tests about 2 years ago, I found interoperability problems with McAfee Personal Firewall and Symantec Norton Internet Security ONLY when used in conjunction with a VPN client (such as those from Altiga/Cisco, Check Point, or Nortel). The companies were notified of the problems, so the difficulties may have been addressed. However, I no longer consult at that company were I did the tests and therefore lack access to its controlled laboratory environment to carefully retest them. BlackICE Defender and ZoneAlarm did not exhibit such difficulties during those tests. To keep up on the technology, I have purchased and loaded versions of BlackICE, ZoneAlarm, and Norton Internet Security Family Edition on my home personal computers. I have yet to experience a problem with any of them. If I had more machines, I'd get the McAfee Personal Firewall and Tiny Personal Firewall to observe their behavior in a normal environment as well. One of the benefits that I have found is that a personal firewall can be configured to ask permission to allow newly encountered outbound traffic from the computer. I have been often amazed to find a commercial software product conducting undocumented communication to the Internet. I have always forbidden such traffic until I can research and validate the need for it. In most cases, I have not found a reason to ever allow such traffic. Before the project was established to test both software and hardware based home firewall products began, my colleagues and I personally bought different ones to try at home. I began with BlackICE Defender and access via a dial-up Mindspring account. BlackICE alerted me to scanning even in that low-speed environment. As a result of that initial experience plus the project test results, I strongly recommend that users of a high-speed broadband cable or DSL connection use a hardware router capable of Network Address Translation (NAT) to defend the access point plus software firewalls on all Macs and PCs on the home network. I also believe that corporate computers should have the software firewalls installed on them. I should also stress that an anti-virus product should be installed in addition to the software firewall, particularly a product that features an automated process to download new virus definitions. Consider that the firewall may require a rule to allow such traffic to occur. Note that any software firewall product, particularly in a corporate or VPN environment, may cause some difficulties when first installed. Such difficulties are not problems with the product, which is functioning as intended. Rather, the problems arise because many organizations are unaware of the types of information flows that are going on and have therefore not configured the software firewall to allow such traffic, particularly where a server will initiate packets to the client. I have also found numerous cases were a vendor has done a poor job of identifying all of the ports (both TCP and UDP) that its product utilizes, which makes the configuration of any firewall (personal or corporate) to support the product somewhat of a chore. I have also faulted many vendors for not registering their port usage with IANA (Internet Assigned Numbers Authority) or for using some other organization's registered port, an approach which could cause interoperability problems in the future. Well-known ports are 0 - 1023 and registered ports are 1024 - 49151. For more information, see http://www.iana.org/assignments/port-numbers Respectfully yours; Marc Mandel At 03:08 PM 05/03/2002 -0400, you wrote: >Hi > >What is the biggest problem, with or pitfall of >software firewalls that sit on the end user's PC >or work station? (meaning products like ZoneAlarm > >thanks >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >For Account Management (unsubscribe, get/change password, etc) Please go to: >http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
