Firewalls!
- Thread starter shadoe_phantom
- Start date
S
Shoebedobedoo
Guest
ZoneAlarm Pro beats them all. I've tried Sygate sh*tty firewall and dumped right after install. BlackIce Defender is a decent firewall, along with Kerio.
Shoebedobedoo
Shoebedobedoo
ZAP or sygate?
I also agree that Zap pro does a pretty durned good job. I decided to try out sygate seeing that so many people like it here in this thread. I believe its working, but I dont know what makes it any better than zap pro. I liked zap's interface MUCH better as its more user friendly and purty.
~Diomed7
I also agree that Zap pro does a pretty durned good job. I decided to try out sygate seeing that so many people like it here in this thread. I believe its working, but I dont know what makes it any better than zap pro. I liked zap's interface MUCH better as its more user friendly and purty.
~Diomed7
S
Shoebedobedoo
Guest
My best buddy ole pal is running Win2k and ZoneAlarm Pro and not having any problems at all.
Kerio/Tiny/Outpost= Not bad firewalls
BlackIce Defender= Better firewall
Shoebedobedoo
Kerio/Tiny/Outpost= Not bad firewalls
BlackIce Defender= Better firewall
Shoebedobedoo
ZAP is the pitts since v3.x. They were good prior to them & many people have problems with it. Not to say some won't, but majority seem to be (or more often most people don't realize the problems it is causing).
BlackIce isn't great either. Haven't been testing the latest one out long enough, but all earlier ones bite. Only good for intruders, not for blocking outward packets & trojans well.
Kerio is very good, just needs getting used to.
Also Sygate.
That's my final say (ofcourse you are all welcome to your opinions, though I would suggest you run more tests on your firewalls *not just port scans).
BlackIce isn't great either. Haven't been testing the latest one out long enough, but all earlier ones bite. Only good for intruders, not for blocking outward packets & trojans well.
Kerio is very good, just needs getting used to.
Also Sygate.
That's my final say (ofcourse you are all welcome to your opinions, though I would suggest you run more tests on your firewalls *not just port scans).
Hello everybody,
I just read this thread and some statements got me so upset that I decided to join and post some replies in here.I am parallel to replying reading all post again and will give some comments.
First of all you're right I wouldn't trust MS regarding my security.
Then I have to say I consider myself still a newbie because I know there are still very much details about networking that I do NOT know. Let me tell you how I got involved in security issues: I got my first broadband connection and had heard about hackers so I grabbed the first socalled "firewall" ( Lockdown) and starting surfing around. And only minutes later the proggy made an alarming sound and told me that a hacker tried to hack me on port (???) and that is is backtracing the intruder.
I was VERY impressed, just like in the movies - hacking tracing, WOW
Then after a while I tried a early version of Zonealarm and Atguard 322. That are two very different fw.ZA uses a application aproach => you state which program may access the internet and/or receive connections from the internet (advanced users can also specify on which ports) while atguard uses a lets say more port-oriented aproach => you can also specify programs that are allowed to pass or not but you can do a lot more finetuning concerning ports.
So first I think one must decide whether he knows enough to try more complicated fws like atguard, tiny or kerio or if one wants just good security without having to go too deep into it.
And now just some more facts:
- I used mya own vocabulary here and I am no native englisch speaker so don't nail me down if not everything is expressed properly.
- the "older" 2.x version of tiny seems to have been bought by kerio while tiny brought us the 3.x version which I personally find too bloated (same opinion on sygate fw and
- Norton Personal Firewall which bought atguard, bloated a lot of "unnecessary" features around it and now even sell us that thing
- concerning the so called internetchecks, most of them like the one on grc.c*m do only take a quick look at your pc and then state that you are secure - I don't believe this things until I try to "hack" into my own pc (I am no hacker so that means I just try to scan my pc most likely from linux using something like saint, nessus, nmap or ask some linux - guru if he does a scan on my machine)
- btw concerning grc I was one of his "believers" until I found this ww*.grcsucks.com and I have to admit that they crush nearly every statement Gibson has ever made
- concerning modem users, I think if one is rarely online, just short for downloading emails amaybe reading an article one does not really need a fw because one gets a new ip everytime one connects and in the short time one is online one would to have the bad luck to run across a hacker scanning ips, getting his own scanned and getting hacked.And then what? Getting a troyan installed? If one is using a proper av proggy that would be no threat.
Allow me a final conclusion:
- If one is just interested in not getting hacked easily, just grab an instant firewall like an older z.a. version 2.x because it does not have all the privacy features the 3.x version has and it is free.
- On the other hand if one is interested what a port might be or wants to know more how programs are connecting the outside world and what different protocols like tcp and udp are doing/needed for I recommend starting by taking one of the thick books from the shelf concerned with networking and reading it.
OK thats it; hope I get my portion of criticism too for this long post.
P.S. and even if you have an av proggy and a fw running always keep up with the hotfixes and patches of MS as security flaws are detected day by day
I just read this thread and some statements got me so upset that I decided to join and post some replies in here.I am parallel to replying reading all post again and will give some comments.
First of all you're right I wouldn't trust MS regarding my security.
Then I have to say I consider myself still a newbie because I know there are still very much details about networking that I do NOT know. Let me tell you how I got involved in security issues: I got my first broadband connection and had heard about hackers so I grabbed the first socalled "firewall" ( Lockdown) and starting surfing around. And only minutes later the proggy made an alarming sound and told me that a hacker tried to hack me on port (???) and that is is backtracing the intruder.
I was VERY impressed, just like in the movies - hacking tracing, WOW
Then after a while I tried a early version of Zonealarm and Atguard 322. That are two very different fw.ZA uses a application aproach => you state which program may access the internet and/or receive connections from the internet (advanced users can also specify on which ports) while atguard uses a lets say more port-oriented aproach => you can also specify programs that are allowed to pass or not but you can do a lot more finetuning concerning ports.
So first I think one must decide whether he knows enough to try more complicated fws like atguard, tiny or kerio or if one wants just good security without having to go too deep into it.
And now just some more facts:
- I used mya own vocabulary here and I am no native englisch speaker so don't nail me down if not everything is expressed properly.
- the "older" 2.x version of tiny seems to have been bought by kerio while tiny brought us the 3.x version which I personally find too bloated (same opinion on sygate fw and
- Norton Personal Firewall which bought atguard, bloated a lot of "unnecessary" features around it and now even sell us that thing
- concerning the so called internetchecks, most of them like the one on grc.c*m do only take a quick look at your pc and then state that you are secure - I don't believe this things until I try to "hack" into my own pc (I am no hacker so that means I just try to scan my pc most likely from linux using something like saint, nessus, nmap or ask some linux - guru if he does a scan on my machine)
- btw concerning grc I was one of his "believers" until I found this ww*.grcsucks.com and I have to admit that they crush nearly every statement Gibson has ever made
- concerning modem users, I think if one is rarely online, just short for downloading emails amaybe reading an article one does not really need a fw because one gets a new ip everytime one connects and in the short time one is online one would to have the bad luck to run across a hacker scanning ips, getting his own scanned and getting hacked.And then what? Getting a troyan installed? If one is using a proper av proggy that would be no threat.
Allow me a final conclusion:
- If one is just interested in not getting hacked easily, just grab an instant firewall like an older z.a. version 2.x because it does not have all the privacy features the 3.x version has and it is free.
- On the other hand if one is interested what a port might be or wants to know more how programs are connecting the outside world and what different protocols like tcp and udp are doing/needed for I recommend starting by taking one of the thick books from the shelf concerned with networking and reading it.
OK thats it; hope I get my portion of criticism too for this long post.
P.S. and even if you have an av proggy and a fw running always keep up with the hotfixes and patches of MS as security flaws are detected day by day
Last edited:
Strahlen
1
I agree with Shadoe Re:Zonealarm, I think there's some confusion with the posts, anyone that says ZoneAlarm is better than Sygate Pro obviously hasn't spent some time (a little bit more than a minute..) with the product..
Sure the check boxes are daunting.. compared to Zonealarm's slidebars but hey, try and climb that learning curve a bit.. and you'll be rewarded with a fine bit o' software..
>>X<<
Sure the check boxes are daunting.. compared to Zonealarm's slidebars
but hey, try and climb that learning curve a bit.. and you'll be rewarded with a fine bit o' software..>>X<<
Do you know what DNS-, DHCP-,LDAPservices are? Do you know what ports are? Do you know what a broadcast is and what purpose TCP and UDP have and which is used for what?Do you know what parts/dlls/components of your OS should be allowed access to the internet?
If so you can take tiny, kerio or atguard (while atguard has a privacy control center for cookies, active x etc.).
If you don't know or not exactly and don't want to know that either you can just stick to lets say za but take a version from the 2.x series because it is reported to be faster .
If so you can take tiny, kerio or atguard (while atguard has a privacy control center for cookies, active x etc.).
If you don't know or not exactly and don't want to know that either you can just stick to lets say za but take a version from the 2.x series because it is reported to be faster .
S
Shoebedobedoo
Guest
AppShield best firewall??????
Some experts say AppShield is the best firewall on the market today. The reason for this is most firewalls leave port 80 open where most hackers find their way in to your pc. READ the posted link.
hxxp://xww.zdnet.com/anchordesk/stories/story/0,10738,2871205,00.html
Looking for the full version as I speak.
A word about ZoneAlarmPro from editors at ZDNet,
ZoneAlarm is probably the most widely used free personal firewall today. It offers you almost instant protection from the Internet's most common threats with a user friendly interface and easy to configure security levels. In fact, all you have to do is select one of the 3 preset levels and you are good to go.
While many may think, simply selecting the highest level would be best, this may not always be suitable for your needs, since a high level will also limit some of your internet activity. If this should be the case, you can simply select a lower level and still be properly protected while giving yourself some more freedom when it comes to use certain protocols and ports. However there is no need to know anything about the details, simply use the level that works best with what you usually do on the net.
ZoneAlarm's security levels provide protection from outside intruders and hide your PC from potentially dangerous port scans, the additional application monitor will allow you to set privileges for any application that uses the Internet. Once ZoneAlarm detects that a program is trying to access the Internet, it will pop up a dialog that allows you to grant access or deny it. So after you first install ZA, you will see quiet a few dialogs popping up over the first few days (depending on how many Internet enabled tools you use), but since you can grant the privileges permanently, there is no need to repeat the procedure for each application once you run it the second time. Using this method, you are not only protected from intruders that try to access your computer from the outside (Internet, LAN) but also from trojan activity, caused by malicious applications that open a backdoor to your system or attempt to send data from your machine to a remote location.
Here is a basic example of how ZoneAlarm handles application privileges... You just installed it and decide to sent an email to your friend, as soon as you hit the "send" button on your email program, ZoneAlarm will prompt you that Outlook Express (or whatever program you use) is trying to access the Internet - do you allow it? Yes? No? Remember? Since you trust your easily program, you select "Yes- Remember"... and you will not be prompted again. Next will probably be your browser and so on... Don't be confused by these prompts, it is necessary to provide complete inside and outside protection customized for your system. Once you have used most of your Internet enabled applications, you will hardly ever see a prompt again, and if you do, you may want to take a close look and make sure that you really want the software to use the internet - if you change your mind, you can always revoke or grant privileges from a very user friendly and easy to understand configuration dialog.
If ZoneAlarm detects a connection attempt from an outside source, it will alert you with a dialog, specifying the IP address and port that being attempted to access. Since there is a lot of port scanning activity going on these days, you may get bored by these notifications and can select to turn them off and only log them to a text file. The ZoneAlarm interface also provides you with a "panic button" that let's you terminate all open connections immediately and an optional lock feature. In addition, it displays the icons of all applications that are currently using your Internet connection for quick reference.
For more advanced or network users, ZA offers the option to customize each levels based on IP addresses or host names for a more customized setup and greater flexibility.
Unlike BlackIce Defender, ZoneAlarm does not offer signature based analysis of incoming traffic, which can be useful if you are running a personal web server or similar on your PC since many hack attempts can be prevented using this type of detection.
hxxp://xww.webattack.com/reviews/zonealarm_rv.shtml
Shoebedobedoo
Some experts say AppShield is the best firewall on the market today. The reason for this is most firewalls leave port 80 open where most hackers find their way in to your pc. READ the posted link.
hxxp://xww.zdnet.com/anchordesk/stories/story/0,10738,2871205,00.html
Looking for the full version as I speak.
A word about ZoneAlarmPro from editors at ZDNet,
ZoneAlarm is probably the most widely used free personal firewall today. It offers you almost instant protection from the Internet's most common threats with a user friendly interface and easy to configure security levels. In fact, all you have to do is select one of the 3 preset levels and you are good to go.
While many may think, simply selecting the highest level would be best, this may not always be suitable for your needs, since a high level will also limit some of your internet activity. If this should be the case, you can simply select a lower level and still be properly protected while giving yourself some more freedom when it comes to use certain protocols and ports. However there is no need to know anything about the details, simply use the level that works best with what you usually do on the net.
ZoneAlarm's security levels provide protection from outside intruders and hide your PC from potentially dangerous port scans, the additional application monitor will allow you to set privileges for any application that uses the Internet. Once ZoneAlarm detects that a program is trying to access the Internet, it will pop up a dialog that allows you to grant access or deny it. So after you first install ZA, you will see quiet a few dialogs popping up over the first few days (depending on how many Internet enabled tools you use), but since you can grant the privileges permanently, there is no need to repeat the procedure for each application once you run it the second time. Using this method, you are not only protected from intruders that try to access your computer from the outside (Internet, LAN) but also from trojan activity, caused by malicious applications that open a backdoor to your system or attempt to send data from your machine to a remote location.
Here is a basic example of how ZoneAlarm handles application privileges... You just installed it and decide to sent an email to your friend, as soon as you hit the "send" button on your email program, ZoneAlarm will prompt you that Outlook Express (or whatever program you use) is trying to access the Internet - do you allow it? Yes? No? Remember? Since you trust your easily program, you select "Yes- Remember"... and you will not be prompted again. Next will probably be your browser and so on... Don't be confused by these prompts, it is necessary to provide complete inside and outside protection customized for your system. Once you have used most of your Internet enabled applications, you will hardly ever see a prompt again, and if you do, you may want to take a close look and make sure that you really want the software to use the internet - if you change your mind, you can always revoke or grant privileges from a very user friendly and easy to understand configuration dialog.
If ZoneAlarm detects a connection attempt from an outside source, it will alert you with a dialog, specifying the IP address and port that being attempted to access. Since there is a lot of port scanning activity going on these days, you may get bored by these notifications and can select to turn them off and only log them to a text file. The ZoneAlarm interface also provides you with a "panic button" that let's you terminate all open connections immediately and an optional lock feature. In addition, it displays the icons of all applications that are currently using your Internet connection for quick reference.
For more advanced or network users, ZA offers the option to customize each levels based on IP addresses or host names for a more customized setup and greater flexibility.
Unlike BlackIce Defender, ZoneAlarm does not offer signature based analysis of incoming traffic, which can be useful if you are running a personal web server or similar on your PC since many hack attempts can be prevented using this type of detection.
hxxp://xww.webattack.com/reviews/zonealarm_rv.shtml
Shoebedobedoo
Shoebedobedoo I think here you switched sides - weren't we talking about a "normal" end-user sitting at home, reading emails and surfing?
The Appshield you mentioned as being the best firewall is meant for companies to protect their web-servers. I took the time to read the rewiev and I have to say that this appshield does nothing more than prevent an e-comerce web-server from being highjacked/abused by using flaws in the programming code of the webserver itsself or of the website. i.e. flaws in java-code, flaws in html leaving important data in the plaintext etc. BTW the company mentions only what is prevented but no clue about how.
The Appshield you mentioned as being the best firewall is meant for companies to protect their web-servers. I took the time to read the rewiev and I have to say that this appshield does nothing more than prevent an e-comerce web-server from being highjacked/abused by using flaws in the programming code of the webserver itsself or of the website. i.e. flaws in java-code, flaws in html leaving important data in the plaintext etc. BTW the company mentions only what is prevented but no clue about how.
S
Shoebedobedoo
Guest
Some experts say AppShield is the best firewall on the market today
is what I said, I didn't say Appshield is the best firewall. Your pc has port 80, right? You can use 7th Sphere Scanner and "scan" my ports, and you'll see port 80. So if all pc users have port 80, then Appshield would be pretty darn good firewall for me.
Shoebedobedoo
Shoebedobedoo plz do not take this personal but sure every pc has a port 80 but only ppl who run a webserver need to have port 80 open for incoming data. YOU as a normal user can safely close port 80 except for outgoing requests of your favorite browser. So if you scan my pc you will see no open port. Because my firewall is ignoring any incoming connection attempts that are not directed to specific programs running on my pc.
You would find open ports if you tried to connect to the port my ICQ is listening to AND if you specified that you want to connect to icq.exe on that specific port. You would also find an open port if you tried connecting to edonkey AND the exact port it is listening to....
But as I have no servers running on my machine except ICQ and edonkey I have only this 2 ports open and even those respond only if the correct program listening behind is asked for.
P.S. This should be so if everything is fine - I mean this is the best case if I configured my firewall correctly.
P.P.S. Plz read the article about appshield again and even take a look at the demo of appshield
hxxp://www.sanctuminc.com/demo/hacking_demo_v1200.html
P.P.P.S. This is a quote taken from the page you linked above.
thx mate
You would find open ports if you tried to connect to the port my ICQ is listening to AND if you specified that you want to connect to icq.exe on that specific port. You would also find an open port if you tried connecting to edonkey AND the exact port it is listening to....
But as I have no servers running on my machine except ICQ and edonkey I have only this 2 ports open and even those respond only if the correct program listening behind is asked for.
P.S. This should be so if everything is fine - I mean this is the best case if I configured my firewall correctly.
P.P.S. Plz read the article about appshield again and even take a look at the demo of appshield
hxxp://www.sanctuminc.com/demo/hacking_demo_v1200.html
P.P.P.S. This is a quote taken from the page you linked above.
So they do not even state that appshield is a firewall. BTW I did not even find the part where "some experts state that appshield is the best firewall on the market today".
thx mate
Last edited:
It gets even better,
under the article Shoebedobedoo linked one has the option to talk back to the writer of the article and plz take alook at the comments of 2 readers:
#1
So I think we're done with appshield by now.
under the article Shoebedobedoo linked one has the option to talk back to the writer of the article and plz take alook at the comments of 2 readers:
#1
#2
Vamosi being the writer of the article about appshield.
So I think we're done with appshield
by now.
Last edited:
tnx for the welcome joripe
i've read the rules
reading the posts i've understandig that there is no best firewall, but I think that is possible to make test like port scan and other to make a comparison and a classification.
ovi, I'm using za 3 and for me is not slower than 2.6, maybe depends from the system, i've p4 1.7 ghz and 512 of ddr, it takes more ram than the previous, but have more improvements, like privacy, mobile control, ad blocking etc
i've used tiny and atguard, but they seem to me more friendly but in bad way, you can't control a lot of things like the listen port.
Za seems to me more stronger.
i've read the rules
reading the posts i've understandig that there is no best firewall, but I think that is possible to make test like port scan and other to make a comparison and a classification.
ovi, I'm using za 3 and for me is not slower than 2.6, maybe depends from the system, i've p4 1.7 ghz and 512 of ddr, it takes more ram than the previous, but have more improvements, like privacy, mobile control, ad blocking etc
i've used tiny and atguard, but they seem to me more friendly but in bad way, you can't control a lot of things like the listen port.
Za seems to me more stronger.
mirken
maybe you didn't test tiny and atguard good enough. Both are working like this: when a new prog tries to connect to the internet there is a popup telling you that application X wants to connect to IP xxx.x.x.xxx on the remote port xx and even the protocol i.e. tcp. You can permit or deny but also specify details for a rule: like program X can use any or only a specific local port to connect to this IP or to all IPs and it may connect only to port XX on the remote site or to any port.you may also specify ranges of IPs or ranges of ports.
and exactly like this do both fws handle incoming connection requests.
maybe you didn't test tiny and atguard good enough. Both are working like this: when a new prog tries to connect to the internet there is a popup telling you that application X wants to connect to IP xxx.x.x.xxx on the remote port xx and even the protocol i.e. tcp. You can permit or deny but also specify details for a rule: like program X can use any or only a specific local port to connect to this IP or to all IPs and it may connect only to port XX on the remote site or to any port.you may also specify ranges of IPs or ranges of ports.
and exactly like this do both fws handle incoming connection requests.
Last edited: