Le jeu 05/06/2003 � 11:09, Lars Duesing a �crit : > ZoneAlarm has in my eyes a very interesting feature. As it runs on the > clients' system it can distinguish which (local) application is allowed > to send data to the net. In days of gator et al a very nice feature.
This is to me the interest of so called personal firewalls. But I do not like ZA, because its decisions are only application based. On tools such as Kerio Personal Firewall, you can add rules to restrict applications in terms of addresses, protocols and ports. If you consider what it is possible to do through IE using ActiveX as an example, it could be a good idea not to authorize this kind of application without network restriction. Btw, it makes ZA simple to use, but weak to me. > So if an user knows how to use this personal firewalls, it is yet > another step of security. <metoo>Agree</metoo> -- C�dric Blancher <[EMAIL PROTECTED]> IT systems and networks security - Cartel S�curit� Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
