Have to agree with that. I read a report on grc.com ages ago that proved how bad & leaky black ice was compared with zonealarm, (unless the author was getting a kickback). Steer clear.Quote:
Originally Posted by Matridom
Printable View
Have to agree with that. I read a report on grc.com ages ago that proved how bad & leaky black ice was compared with zonealarm, (unless the author was getting a kickback). Steer clear.Quote:
Originally Posted by Matridom
Well I think its pretty good & the security guys who have my ear like it muchly too (so if you have some evidence of 'misdemeanors' pray tell .. it comes out pretty good on most 'tests' I ever saw ...) - I still think you have to pay for this ... so I might agree with Mat regardless ! ;)Quote:
Originally Posted by Matridom
& here's another Link on the 'free' firewall contenders ... if you are taking this 'seriously' I highly recommend a read of this ;) its upto date (12/03) & loads of good links - good feature comparisson table too (doesn't identify the free firewalls though, but most software ones) ...
nothing per sayQuote:
Originally Posted by confus-ed
But, i get a strong feeling of a program that tells you what is going on, like a packet scanner, rather then a firewall that is designed to block.
But then again, i'm someone who likes to have everything running in the background, do what your supposed and don't hassel me. if i want to check in, i'll look. Black ice just kept popping up with legitamite traffic. Pissed the hell out of me, but that's also why i don't like zone alarm much.
Just for you -ED I dug it up. Available as part of the following report. Happy reading ;) (the last paragraph sums it up really)
Personal Firewalls and IRC Zombie/Bot Intrusions
ZoneAlarm v2.6 (Free) —
The last of my testing was to see whether the firewall I keep telling everyone to use: ZoneAlarm — either FREE or Pro — would be effective in stopping the IRC Zombie/Bot and the Sub7 Servers that had taken up residence in my poor "Sitting Duck" laptop.
I downloaded the current, completely free, version of ZoneAlarm 2.6 from the ZoneLabs web site and installed it on the "Sitting Duck" laptop. Upon restarting the machine I was gratified to receive immediate notification that the Zombie/Bot was attempting to make an outbound connection to its IRC chat server.
Meanwhile, the Sub7 Trojan was sitting quietly waiting for someone to connect to it. So I used another machine to "Telnet" to the port the Sub7Server Trojan was listening on. Up popped ZoneAlarm asking whether the nonsense-looking random character name the Sub7Server had chosen for itself should be allowed to accept a connection from the Internet.
Perfect performance from ZoneAlarm.
Then I had a thought: What would Network ICE's BlackICE Defender do under the same circumstances?
BlackICE Defender v2.5 ($39.95) —
I did not have a current copy of BlackICE Defender around, but I felt that this was an important test. So I laid out $39.95 through Network ICE's connection to the Digital River eCommerce retailer and purchased the latest version (v2.5) of BlackICE Defender hot off the Internet. I had already removed all traces of ZoneAlarm and restarted the machine, so I installed BlackICE Defender, let everything settle down, and restarted the machine with my packet sniffer running on an adjacent PC.
As far as I could tell, BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the Zombies and Trojans running inside the poor "Sitting Duck" laptop. I knew that BlackICE Defender was a lame personal firewall, but this even surprised me.
The Zombie/Bot happily connected without a hitch to its IRC chat server to await further instructions. The Sub7 Trojan sent off its eMail containing the machine's IP and the port where it was listening. Then it connected and logged itself into the Sub7 IRC server, repeating the disclosure of the machine's IP address and awaiting port number. No alerts were raised, nothing was flashing in the system tray. The Trojans were not hampered and I received no indication that anything wrong or dangerous was going on.
I took a lot of grief after my LeakTest utility cut right through BlackICE Defender. Network ICE told everyone that LeakTest was "being allowed through" because it was a completely benign Trojan. I knew that was a load of bull (and they must have too), but it didn't really matter to me, and I had no affirmative means of proving otherwise.
Well . . . I have that now, and so do you.
I performed one final test: As I had with ZoneAlarm, I attempted to connect to the Sub7Server Trojan running inside the "Sitting Duck" machine on the IP and listening port number the Trojan was advertising all over the Internet . . . and it worked perfectly. I received Sub7's "PWD" prompt asking me to login.
Anyone want an "only used once"
copy of BlackICE Defender?
I certainly have no use for it.
To anyone who is still stubborn enough to insist that BlackICE Defender is actually good for something: PLEASE do not write to me. I don't want to hear it. I'm a scientist who will not find your mystic beliefs to be compelling. I respect your right to your own opinions, no matter how blatantly they fly in the face of logic and reality. That is, after all, the nature of faith. Happy computing. I suggest prayer.
finally, someone who agrees with me wholeheartedly :)Quote:
Originally Posted by Matridom
Ok so black ice is no damn good with trojans then :) ... yes s/w firewalls ought to get trojans even though hardware can't - I guess that's why the security guys have nothing bad to say about it ... anyway its not free so it never really got in the running.Quote:
Originally Posted by gazzak
But ta for the research ! :thumbs:
I highly suggest trying a recent hardware firewall before dismissing them like you do. No offense, but it's quite obvious you haven't been keeping up to date on them, perhaps if you were to try one you'd see how much more adept :) they are. I've actually been selling Asante routers ($60 CAD) and external dialup modems for better firewalls in the last while...
Is this aimed at me ? Hardware boxes can't do trojan blocking they are like M$'s firewall blocking 'ins' only ... s/w firewalls do it both ways generally, all the big boys use s/w & hardware combined to get extra features & blocking - anyway the threads about free s/w firewalls not hardware vs s/w unless they started giving them away then maybe :DQuote:
Originally Posted by arch0nmyc0n
So you're a feature junkie?Quote:
Originally Posted by confus-ed
I am behind a router but I still use Zonealarm. WHY? Because I want to see exactly what is trying to access the net. Nothing goes out unless za tells me first
Going back to your first post here:Quote:
Originally Posted by arch0nmyc0n
Well: that's like saying that once you removed your front door, people stopped knocking!!!???? Come on now. Concerning your first point, if you put ZA in Program/Learning Mode you will eliminate most of the prompts. But, the prompts are necessary. Do you want so and so program accessing the internet or not??? Sounds reasonable to me.Quote:
...once I got rid of the firewall I was testing I stopped getting port scanned...
PS
Don't have ANY firewall??? Shame on you!!!
I'm gonna get this through to you if it kills me ! :DQuote:
Originally Posted by arch0nmyc0n
Hardware firewalls can't be used to control outbound communications - software ones can !
That's why Gary 'rubbished' black Ice even though its 'inbound' firewall is 'goodish' ;)
Yeah the 'training' aspect is a bit of a pain ... but you get 'wise' & can create the appropriate rules in about 5 minutes ;) - you want some sort of firewall if you have an always on connection - maybe on dial up you can 'do without' (a firewall) but you still want a trojan checker/blocker -& the best thing for that is probably a s/w firewall ...
Any business that is dependant on just hardware blocking of 'ins' is asking for trojans to get out sooner or later - when AV products develop into full 'malware' removal tools & can get & block trojans all the time then I'll give up with software firewalls ;)
Software firewalls are good things - maybe not as efficient as hardware at stopping ins (though probably as effective if not more sometimes - just when was the last time you updated your routers firmware & therefore its detection abilities ? Software autoupdates generally)..
The threads not about all this !:p Which is the best 'free' firewall !?!?!
(there are software firewalls way better than the free ones ;), better than most boxes ... but I digress & will no doubt now cause another steam of protest from the 'hardware is best' camp ...:))
Quote:
Originally Posted by confus-ed
You can get linksys routers for under $100 CAD, that's 60 quibs to you, but i digress. When i was running a software firewall, i used programs i obtained from my action pack subscription. Mainly Internet Security and Acceleration server, I had it fined tuned to the point where it would ignore "background noise" of the internet, yet e-mail me of someone took a serious wack at my box. Before that, I was on dial-up with 95/98 and had not need for a firewall back then, in those days, the worse you could expect was winnuke.
I've since moved on to a hardware firewall, linksys home gateway to be exact, they only thing i dislike about it, is it's habit of dropping the connection (not sure if that's the router or my ISP) and it's lack of serious logging abilities.
I was doing some work on a doctor's PC this week, just basically making sure he can access a section of our webpage and I had to reboot it. When it started loading the desktop Zone Alarm comes up and says, "Do you want to let msblast.exe to access the internet?"Quote:
Originally Posted by confus-ed
guess who didn't update their Norton Antivirus 2002 subscription *ever*?
gotta love that Zone Alarm. :thumbs:
you can get it to send the log to a computer running their logviewer program It's not the best, but still a good little program.Quote:
Originally Posted by Matridom