Time to thrown my
.02 cents in.
Zone - Good product,
though it requires much thought and proper configuration for successful
installs. does not, always save your configurations settings when you shutdown.
This I find occurs most often when you upgrade Zone from one version to another
and not use the "clean install option." If this occurs you have 2 options.
1. re-install zone,
utilizing the clean install option and then re-enter your rules.
2. do not re-install
zone but when you have made firewall rules changes, exit out of the program
after making the aforementioned changes, when Zone exits, not as part of a
shutdown it seems to correctly flush the configuration to disk.
Another issue with
zone, is that they have not yet fixed the bug in the true vector engine. I can
can cause true vector, to regularly crash out and leave the system unprotected
from a remote client. I have notified Zone's engineers, specifically how this
was done and to date no response from their side. To their credit, when this
occurs now the system loses all network connectivity (with recent update.) and
the VSMON service now restarts. So even though the bug in True Vector still
exists they have worked around it so as to not leave your system completely
vulnerable as in the 5.x versions.
But other than this
it is a good package, very flexible, and powerful though requiring a certain
level of sophistication to configure it properly.
However I do wish it
had the feature that Sygate PRO has, which will blackhole a IP if it detects a
ports scan coming to it. it then blocks all activity from the offending IP for
approximately 10 minutes.
It however had a
similar problem to zone in that we could easily get the FW to crash out, however
when it did crash out all connectivity was lost. To date this also has not been
fixed.
the other firewalls
I've played with, all had their own set of feature issues, With Black Ice being
the worst piece of Garbage, I have had my displeasure of ever installing. Just
too damn easy to defeat.
in all cases, I
would recommend a firewall software, especially if you are on a laptop, and
might ever be out on he wild wild internet without being behind a hardware
firewall. Preferably something that will also check on programs attempting to
make outbound connections. But I would not rely on just a software one either.
And with hardware
many users/companies make the same mistake, layering firewalls all of the same
vendor/brand. So that in the event of an exploit weakens they're all penetrated.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
