Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
computer would not boot, so I am wondering if there is a firewall out there
that is compatible with the SP2 firewall.

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I run ZA on SP2 and there are no compatibility issues, you should disable
windows firewall, because it s not recomended to run 2 firewalls at same
time.

"Rod P." <RodP@discussions.microsoft.com> wrote in message
news:B9AD7BE0-296F-4261-880F-97E49C0AEC15@microsoft.com...
>I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
> computer would not boot, so I am wondering if there is a firewall out
> there
> that is compatible with the SP2 firewall.

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Rod P." wrote:

> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
> computer would not boot, so I am wondering if there is a firewall out there
> that is compatible with the SP2 firewall.

Yeah. The SP2 firewall. Once you install SP2 and keep it up to date, you
really don't need a third party firewall as long as you use other measures to
keep viruses, trojans, worms, adware, and spyware from getting on your system
in the first place -- and you will also be free of all the problems (did
someone mention Zone Alarm?) that people seem to experience whenever they
attempt to install a third party firewall with SP2 (as you can quickly learn
by regularly following these newsgroups).

If, despite all this, you want to use a third party firewall, you should
turn off the Windows firewall. You should have only one firewall running at
any time on your system. Ditto for antivirus.

Ken

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I use ZA with XP Pro SP2 and have had no problems on any of the 6 machines I
use it with. I would NOT recommend the XP Firewall as the other person
suggested. The Windows Firewall is crude at best.


"Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
> "Rod P." wrote:
>
>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
>> computer would not boot, so I am wondering if there is a firewall out
>> there
>> that is compatible with the SP2 firewall.
>
> Yeah. The SP2 firewall. Once you install SP2 and keep it up to date, you
> really don't need a third party firewall as long as you use other measures
> to
> keep viruses, trojans, worms, adware, and spyware from getting on your
> system
> in the first place -- and you will also be free of all the problems (did
> someone mention Zone Alarm?) that people seem to experience whenever they
> attempt to install a third party firewall with SP2 (as you can quickly
> learn
> by regularly following these newsgroups).
>
> If, despite all this, you want to use a third party firewall, you should
> turn off the Windows firewall. You should have only one firewall running
> at
> any time on your system. Ditto for antivirus.
>
> Ken

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Rod P. wrote:
> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
> computer would not boot, so I am wondering if there is a firewall out
> there that is compatible with the SP2 firewall.

Zone Alarm does work with SP2.. If you have the latest version.
Also many other firewalls work with SP2 - given you disable the built in
firewall.

ZoneAlarm (Free and up)
http://snipurl.com/6ohg

Kerio Personal Firewall (KPF) (Free and up)
http://www.kerio.com/kpf_download.html

Outpost Firewall from Agnitum (Free and up)
http://www.agnitum.com/download/

Sygate Personal Firewall (Free and up)
http://smb.sygate.com/buy/download_buy.htm

Symantec's Norton Personal Firewall (~$25 and up)
http://www.symantec.com/sabu/nis/npf/

BlackICE PC Protection ($39.95 and up)
http://blackice.iss.net/

--
<- Shenan ->
--
The information is provided "as is", it is suggested you research for
yourself before you take any advice - you are the one ultimately
responsible for your actions/problems/solutions. Know what you are
getting into before you jump in with both feet.

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Scott M. wrote:
> I use ZA with XP Pro SP2 and have had no problems on any of the 6
> machines I use it with. I would NOT recommend the XP Firewall as the
> other person suggested. The Windows Firewall is crude at best.

I'd say "simple", rather than "crude". It blocks *all* inbound traffic by
default....and no outbound, which is often enough.

I personally don't use it myself, but I've found that for the majority of
home/small biz users, it's very confusing for them to continually get popup
messages asking if they want to allow blah.exe to access the Internet. They
either click No all the time out of (reasonable) paranoia and mess up
something, or they allow things they shouldn't.

I prefer perimeter network firewalls, even for home networks.
>
>
> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
> news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
>> "Rod P." wrote:
>>
>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but
>>> my computer would not boot, so I am wondering if there is a
>>> firewall out there
>>> that is compatible with the SP2 firewall.
>>
>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
>> date, you really don't need a third party firewall as long as you
>> use other measures to
>> keep viruses, trojans, worms, adware, and spyware from getting on
>> your system
>> in the first place -- and you will also be free of all the problems
>> (did someone mention Zone Alarm?) that people seem to experience
>> whenever they attempt to install a third party firewall with SP2 (as
>> you can quickly learn
>> by regularly following these newsgroups).
>>
>> If, despite all this, you want to use a third party firewall, you
>> should turn off the Windows firewall. You should have only one
>> firewall running at
>> any time on your system. Ditto for antivirus.
>>
>> Ken

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I agree with most of what you say with exception that no outbound blocking
is usually enough. As you know, *most/many* home users are oblivious to
what is running on their PCs and *many* have spyware/adware that they don't
even know about. Having no outbound blocking for *most* people in these
circumstances is like leaving the bank vault open and walking away. For
this reason, I say the Windows Firewall is crude at best.

I whole-heartedly agree that a perimeter firewall is a much better solution.
Myself, I use a hardware firewall at my network perimeter and software
firewalls (ZA) on each of my client machines.


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
> Scott M. wrote:
>> I use ZA with XP Pro SP2 and have had no problems on any of the 6
>> machines I use it with. I would NOT recommend the XP Firewall as the
>> other person suggested. The Windows Firewall is crude at best.
>
> I'd say "simple", rather than "crude". It blocks *all* inbound traffic by
> default....and no outbound, which is often enough.
>
> I personally don't use it myself, but I've found that for the majority of
> home/small biz users, it's very confusing for them to continually get
> popup
> messages asking if they want to allow blah.exe to access the Internet.
> They
> either click No all the time out of (reasonable) paranoia and mess up
> something, or they allow things they shouldn't.
>
> I prefer perimeter network firewalls, even for home networks.
>>
>>
>> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
>> news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
>>> "Rod P." wrote:
>>>
>>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but
>>>> my computer would not boot, so I am wondering if there is a
>>>> firewall out there
>>>> that is compatible with the SP2 firewall.
>>>
>>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
>>> date, you really don't need a third party firewall as long as you
>>> use other measures to
>>> keep viruses, trojans, worms, adware, and spyware from getting on
>>> your system
>>> in the first place -- and you will also be free of all the problems
>>> (did someone mention Zone Alarm?) that people seem to experience
>>> whenever they attempt to install a third party firewall with SP2 (as
>>> you can quickly learn
>>> by regularly following these newsgroups).
>>>
>>> If, despite all this, you want to use a third party firewall, you
>>> should turn off the Windows firewall. You should have only one
>>> firewall running at
>>> any time on your system. Ditto for antivirus.
>>>
>>> Ken
>
>

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Scott M. wrote:
> I agree with most of what you say with exception that no outbound
> blocking is usually enough.

For home/novice users, it usually is, unless they have something else
(gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
outbound). These things are inexpensive nowadays. I see no reason not to
have one.

> As you know, *most/many* home users are
> oblivious to what is running on their PCs and *many* have
> spyware/adware that they don't even know about. Having no outbound
> blocking for *most* people in these circumstances is like leaving the
> bank vault open and walking away.

Well - I somewhat disagree. First, the spyware got in there somehow - and it
didn't just blithely wander in through the guy's cable modem when he wasn't
looking, & install itself. And spyware infestation is not going to be
stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
safe hex, XP SP2, tightening browser security, running antispyware software
(Microsoft's beta, or others). In fact - this is a must, regardless.

Re *trojans* (which are more of an issue in the context we're discussing
here) yes, one can do the whole internet a favor by not allowing all but
needed traffic outbound, it's true - and this is a Good Thing. However,
again, the trojan got in somehow and didn't just blithely wander in through
the... (see above). And the aforementioned guy needs good antivirus
software, kept updated regularly and needs to know how to practice safe hex,
as well as running WU regularly. Again, this is a must, regardless.

If this guy doesn't get how to deal with the above, you think he's going to
know exactly what to do when his local fw software asks him whether he would
like to allow svchost.exe to access the Internet? I don't. He'll get
frustrated and pick the wrong choice- or he'll simply turn off the annoying
thing to avoid being asked.

> For this reason, I say the Windows
> Firewall is crude at best.

Yes, it's simple, or if you must insist, I'll allow you your "crude." But it
won't be any *less* useful than a third party application with regard to
spyware. Spyware comes in and runs - it doesn't then launch attacks to the
Internet.
>
> I whole-heartedly agree that a perimeter firewall is a much better
> solution. Myself, I use a hardware firewall at my network perimeter
> and software firewalls (ZA) on each of my client machines.

Yep - belt & suspenders, but your clients had better be pretty savvy unless
you don't present them with "pick yes or no" messages.
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
>> Scott M. wrote:
>>> I use ZA with XP Pro SP2 and have had no problems on any of the 6
>>> machines I use it with. I would NOT recommend the XP Firewall as
>>> the other person suggested. The Windows Firewall is crude at best.
>>
>> I'd say "simple", rather than "crude". It blocks *all* inbound
>> traffic by default....and no outbound, which is often enough.
>>
>> I personally don't use it myself, but I've found that for the
>> majority of home/small biz users, it's very confusing for them to
>> continually get popup
>> messages asking if they want to allow blah.exe to access the
>> Internet. They
>> either click No all the time out of (reasonable) paranoia and mess up
>> something, or they allow things they shouldn't.
>>
>> I prefer perimeter network firewalls, even for home networks.
>>>
>>>
>>> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
>>> message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
>>>> "Rod P." wrote:
>>>>
>>>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
>>>>> but my computer would not boot, so I am wondering if there is a
>>>>> firewall out there
>>>>> that is compatible with the SP2 firewall.
>>>>
>>>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
>>>> date, you really don't need a third party firewall as long as you
>>>> use other measures to
>>>> keep viruses, trojans, worms, adware, and spyware from getting on
>>>> your system
>>>> in the first place -- and you will also be free of all the problems
>>>> (did someone mention Zone Alarm?) that people seem to experience
>>>> whenever they attempt to install a third party firewall with SP2
>>>> (as you can quickly learn
>>>> by regularly following these newsgroups).
>>>>
>>>> If, despite all this, you want to use a third party firewall, you
>>>> should turn off the Windows firewall. You should have only one
>>>> firewall running at
>>>> any time on your system. Ditto for antivirus.
>>>>
>>>> Ken

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

there once was a time when using multiple anti-spyware programs
protected people from contracting spyware infections. this is no longer
true. new spyware is being developed so fast, that even the best
anti-spyware program fails to stop over 1/3 of all spyware. this is
proven by tests documented at the following web site:
http://windowssecrets.com/050127/#story1

there once was a time when the only way you could get a
virus/worm/Trojan/spyware infection was to intentionally click on
something. this is no longer true. these days, infectious code is much
more sophisticated, and can be acquired even by clicking on Nothing.
these are called "No-click attacks". plenty of sources of information
can be found by searching Google for "No-click attack".

they can occur not only through E-mail and web browsing, but also
through IM programs. in fact, the No-click attack vulnerability got so
bad, that Microsoft has stopped people from signing into MSN Messenger
until they install the newest upgrade, because you could be attacked
with an infection using MSN Messenger, even if you clicked on Nothing.

anti-virus programs are of some help, but even with frequent updates,
they still only recognize infections known up until yesterday. they
might or might not recognize new infections spreading today, so PCs will
always be vulnerable to new infections until the anti-virus software
maker develops the signature, makes it available, and the PC acquires
it. this can mean a vulnerability of hours or days. therefore, it is
easy to acquire a newly released virus/worm, without knowing it.

and anti-virus programs fail miserably when it comes to
detecting/removing Trojans. these Trojans can be easily acquired
nowadays too, with the sophistication of "No-click" E-mail attachments,
and your friend's name in the From field. the web site
www.anti-trojan-software-reviews.com states
"Most folk harbor the belief that they are totally protected from
malicious trojan horses by their anti-virus scanner. The bad news is
that many anti-virus scanners give only limited protection against
trojans. Just how limited can be gauged from the fact that Norton
Anti-Virus 2004 missed every single trojan in the test data set we used
in these series of reviews."

of course, your years of knowledge and experience about how to correctly
tweak every program and router can stop practically all of these
infections, but 99% of average PC users in the world will never acquire
(and have no desire to spend time acquiring) the same years of
knowledge and experience that you have. they truly want to practice
"safe-hex" and they think they know what it means (do not visit Bangkok
porn sites), but since they really don't know what "safe hex" means, and
don't know that they don't know, their only protection is their cheap
$25 router (which has no firewall), and/or a free software firewall. of
course, neither one will guarantee 100% security.

but at least these 99% of average PC users in the world have a fighting
chance with a free software firewall. and yes, they can defeat it
easily by saying "Yes" to everything, just as easily as they can defeat
their cheap router by allowing Outbound communication on every port.
but with a software firewall, at least they get a chance by seeing and
deciding how to answer a pop-up question. plus, 99% of the time it is
not a mysteriously complicated question. if ZoneAlarm asks me "Do you
want XYZ program to access the internet", i would say Yes, if i just now
launched it. if i did not launch XYZ program, and ZoneAlarm suddenly
asks me out of no where "Do you want XYZ program to access the
internet", i would say "What for? i didn't just launch that program.".

yes, there will always be the unclear 1% leading to confusion. but if
people refuse to ask an expert or search Google, then they deserve the
consequences of taking that "leap in the dark". a cheap $25 router, on
the other hand, would never ask the question, because it is either
totally clueless to this Outbound breach of security, or is easily
tricked into approving it using the trick documented by the LeakTest
program at www.grc.com

the best solution is documented at
www.firewallguide.com which states the following:
Bottom Line -- If a personal firewall is the sheriff, a posse is needed
to help the sheriff capture the pests sent out by Internet outlaws like
spyware, browser hijackers, viruses, Trojan horses, worms, phishing,
spam and hybrids thereof.
A layered approach is best to protect your security and privacy:
* First line of defense -- Choose an Internet service provider
(ISP), an email service and/or a website hosting service that offers
online virus, spam and content filters.
* Second line of defense -- Install a hardware router with a built
in firewall between your modem and your computer or network.
* Third line of defense -- Use personal firewall, anti-virus,
anti-Trojan, anti-spyware, anti-spam, anti-phishing, and privacy
software on your desktop computer and every computer on your network.






Lanwench [MVP - Exchange] wrote:
> Scott M. wrote:
>
>>I agree with most of what you say with exception that no outbound
>>blocking is usually enough.
>
>
> For home/novice users, it usually is, unless they have something else
> (gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
> outbound). These things are inexpensive nowadays. I see no reason not to
> have one.
>
>
>> As you know, *most/many* home users are
>>oblivious to what is running on their PCs and *many* have
>>spyware/adware that they don't even know about. Having no outbound
>>blocking for *most* people in these circumstances is like leaving the
>>bank vault open and walking away.
>
>
> Well - I somewhat disagree. First, the spyware got in there somehow - and it
> didn't just blithely wander in through the guy's cable modem when he wasn't
> looking, & install itself. And spyware infestation is not going to be
> stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
> safe hex, XP SP2, tightening browser security, running antispyware software
> (Microsoft's beta, or others). In fact - this is a must, regardless.
>
> Re *trojans* (which are more of an issue in the context we're discussing
> here) yes, one can do the whole internet a favor by not allowing all but
> needed traffic outbound, it's true - and this is a Good Thing. However,
> again, the trojan got in somehow and didn't just blithely wander in through
> the... (see above). And the aforementioned guy needs good antivirus
> software, kept updated regularly and needs to know how to practice safe hex,
> as well as running WU regularly. Again, this is a must, regardless.
>
> If this guy doesn't get how to deal with the above, you think he's going to
> know exactly what to do when his local fw software asks him whether he would
> like to allow svchost.exe to access the Internet? I don't. He'll get
> frustrated and pick the wrong choice- or he'll simply turn off the annoying
> thing to avoid being asked.
>
>
>> For this reason, I say the Windows
>>Firewall is crude at best.
>
>
> Yes, it's simple, or if you must insist, I'll allow you your "crude." But it
> won't be any *less* useful than a third party application with regard to
> spyware. Spyware comes in and runs - it doesn't then launch attacks to the
> Internet.
>
>>I whole-heartedly agree that a perimeter firewall is a much better
>>solution. Myself, I use a hardware firewall at my network perimeter
>>and software firewalls (ZA) on each of my client machines.
>
>
> Yep - belt & suspenders, but your clients had better be pretty savvy unless
> you don't present them with "pick yes or no" messages.
>
>>
>>"Lanwench [MVP - Exchange]"
>><lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
>>message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
>>
>>>Scott M. wrote:
>>>
>>>>I use ZA with XP Pro SP2 and have had no problems on any of the 6
>>>>machines I use it with. I would NOT recommend the XP Firewall as
>>>>the other person suggested. The Windows Firewall is crude at best.
>>>
>>>I'd say "simple", rather than "crude". It blocks *all* inbound
>>>traffic by default....and no outbound, which is often enough.
>>>
>>>I personally don't use it myself, but I've found that for the
>>>majority of home/small biz users, it's very confusing for them to
>>>continually get popup
>>>messages asking if they want to allow blah.exe to access the
>>>Internet. They
>>>either click No all the time out of (reasonable) paranoia and mess up
>>>something, or they allow things they shouldn't.
>>>
>>>I prefer perimeter network firewalls, even for home networks.
>>>
>>>>
>>>>"Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
>>>>message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
>>>>
>>>>>"Rod P." wrote:
>>>>>
>>>>>
>>>>>>I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
>>>>>>but my computer would not boot, so I am wondering if there is a
>>>>>>firewall out there
>>>>>>that is compatible with the SP2 firewall.
>>>>>
>>>>>Yeah. The SP2 firewall. Once you install SP2 and keep it up to
>>>>>date, you really don't need a third party firewall as long as you
>>>>>use other measures to
>>>>>keep viruses, trojans, worms, adware, and spyware from getting on
>>>>>your system
>>>>>in the first place -- and you will also be free of all the problems
>>>>>(did someone mention Zone Alarm?) that people seem to experience
>>>>>whenever they attempt to install a third party firewall with SP2
>>>>>(as you can quickly learn
>>>>>by regularly following these newsgroups).
>>>>>
>>>>>If, despite all this, you want to use a third party firewall, you
>>>>>should turn off the Windows firewall. You should have only one
>>>>>firewall running at
>>>>>any time on your system. Ditto for antivirus.
>>>>>
>>>>>Ken
>
>
>

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

there once was a time when the only way to get an infection from an
Email message was to click on something. this is no longer true.
the following came out a year ago on April 15:

"The latest Netsky is squirming across the Internet as an email without
an attachment. Experienced Internet veterans have grown suspicious of
any email with an attachment. It's almost always going to be infected
with a worm or virus. Well, Netsky.v has monkey-wrenched us all with a
way to infect computers via email with no double-click required!

Yep, you heard me right, by using a combination of Windows security
flaws, the creators of Netsky.v figured out how to infect a vulnerable
computer without requiring the computer's owner to double-click on an
attached file. If the computer is vulnerable, and isn't protected by
up-to-date antivirus software, Netsky.v will automatically infect the
victim system. How's that for an eye opener?

Not only does it infect the victim system with its own wormy code, but
it also installs its own mail, web, and ftp servers which it uses to
spread itself to other computers."

quoted from http://www.hiwaayviruscenter.com/b [...] 00006.html

now maybe somebody will say, "since MS fixed that flaw, it is no longer
an issue." maybe, if "it" only means that particular mutation of
virus/worm. but the bigger problem (No-click attacks) has just begun,
now that Pandora's box is open.




JW wrote:
> there once was a time when using multiple anti-spyware programs
> protected people from contracting spyware infections. this is no longer
> true. new spyware is being developed so fast, that even the best
> anti-spyware program fails to stop over 1/3 of all spyware. this is
> proven by tests documented at the following web site:
> http://windowssecrets.com/050127/#story1
>
> there once was a time when the only way you could get a
> virus/worm/Trojan/spyware infection was to intentionally click on
> something. this is no longer true. these days, infectious code is much
> more sophisticated, and can be acquired even by clicking on Nothing.
> these are called "No-click attacks". plenty of sources of information
> can be found by searching Google for "No-click attack".
>
> they can occur not only through E-mail and web browsing, but also
> through IM programs. in fact, the No-click attack vulnerability got so
> bad, that Microsoft has stopped people from signing into MSN Messenger
> until they install the newest upgrade, because you could be attacked
> with an infection using MSN Messenger, even if you clicked on Nothing.
>
> anti-virus programs are of some help, but even with frequent updates,
> they still only recognize infections known up until yesterday. they
> might or might not recognize new infections spreading today, so PCs will
> always be vulnerable to new infections until the anti-virus software
> maker develops the signature, makes it available, and the PC acquires
> it. this can mean a vulnerability of hours or days. therefore, it is
> easy to acquire a newly released virus/worm, without knowing it.
>
> and anti-virus programs fail miserably when it comes to
> detecting/removing Trojans. these Trojans can be easily acquired
> nowadays too, with the sophistication of "No-click" E-mail attachments,
> and your friend's name in the From field. the web site
> www.anti-trojan-software-reviews.com states
> "Most folk harbor the belief that they are totally protected from
> malicious trojan horses by their anti-virus scanner. The bad news is
> that many anti-virus scanners give only limited protection against
> trojans. Just how limited can be gauged from the fact that Norton
> Anti-Virus 2004 missed every single trojan in the test data set we used
> in these series of reviews."
>
> of course, your years of knowledge and experience about how to correctly
> tweak every program and router can stop practically all of these
> infections, but 99% of average PC users in the world will never acquire
> (and have no desire to spend time acquiring) the same years of
> knowledge and experience that you have. they truly want to practice
> "safe-hex" and they think they know what it means (do not visit Bangkok
> porn sites), but since they really don't know what "safe hex" means, and
> don't know that they don't know, their only protection is their cheap
> $25 router (which has no firewall), and/or a free software firewall. of
> course, neither one will guarantee 100% security.
>
> but at least these 99% of average PC users in the world have a fighting
> chance with a free software firewall. and yes, they can defeat it
> easily by saying "Yes" to everything, just as easily as they can defeat
> their cheap router by allowing Outbound communication on every port. but
> with a software firewall, at least they get a chance by seeing and
> deciding how to answer a pop-up question. plus, 99% of the time it is
> not a mysteriously complicated question. if ZoneAlarm asks me "Do you
> want XYZ program to access the internet", i would say Yes, if i just now
> launched it. if i did not launch XYZ program, and ZoneAlarm suddenly
> asks me out of no where "Do you want XYZ program to access the
> internet", i would say "What for? i didn't just launch that program.".
>
> yes, there will always be the unclear 1% leading to confusion. but if
> people refuse to ask an expert or search Google, then they deserve the
> consequences of taking that "leap in the dark". a cheap $25 router, on
> the other hand, would never ask the question, because it is either
> totally clueless to this Outbound breach of security, or is easily
> tricked into approving it using the trick documented by the LeakTest
> program at www.grc.com
>
> the best solution is documented at
> www.firewallguide.com which states the following:
> Bottom Line -- If a personal firewall is the sheriff, a posse is needed
> to help the sheriff capture the pests sent out by Internet outlaws like
> spyware, browser hijackers, viruses, Trojan horses, worms, phishing,
> spam and hybrids thereof.
> A layered approach is best to protect your security and privacy:
> * First line of defense -- Choose an Internet service provider
> (ISP), an email service and/or a website hosting service that offers
> online virus, spam and content filters.
> * Second line of defense -- Install a hardware router with a built
> in firewall between your modem and your computer or network.
> * Third line of defense -- Use personal firewall, anti-virus,
> anti-Trojan, anti-spyware, anti-spam, anti-phishing, and privacy
> software on your desktop computer and every computer on your network.
>
>
>
>
>
>
> Lanwench [MVP - Exchange] wrote:
>
>> Scott M. wrote:
>>
>>> I agree with most of what you say with exception that no outbound
>>> blocking is usually enough.
>>
>>
>>
>> For home/novice users, it usually is, unless they have something else
>> (gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
>> outbound). These things are inexpensive nowadays. I see no reason not to
>> have one.
>>
>>
>>> As you know, *most/many* home users are
>>> oblivious to what is running on their PCs and *many* have
>>> spyware/adware that they don't even know about. Having no outbound
>>> blocking for *most* people in these circumstances is like leaving the
>>> bank vault open and walking away.
>>
>>
>>
>> Well - I somewhat disagree. First, the spyware got in there somehow -
>> and it
>> didn't just blithely wander in through the guy's cable modem when he
>> wasn't
>> looking, & install itself. And spyware infestation is not going to be
>> stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
>> safe hex, XP SP2, tightening browser security, running antispyware
>> software
>> (Microsoft's beta, or others). In fact - this is a must, regardless.
>>
>> Re *trojans* (which are more of an issue in the context we're discussing
>> here) yes, one can do the whole internet a favor by not allowing all but
>> needed traffic outbound, it's true - and this is a Good Thing. However,
>> again, the trojan got in somehow and didn't just blithely wander in
>> through
>> the... (see above). And the aforementioned guy needs good antivirus
>> software, kept updated regularly and needs to know how to practice
>> safe hex,
>> as well as running WU regularly. Again, this is a must, regardless.
>>
>> If this guy doesn't get how to deal with the above, you think he's
>> going to
>> know exactly what to do when his local fw software asks him whether he
>> would
>> like to allow svchost.exe to access the Internet? I don't. He'll get
>> frustrated and pick the wrong choice- or he'll simply turn off the
>> annoying
>> thing to avoid being asked.
>>
>>
>>> For this reason, I say the Windows
>>> Firewall is crude at best.
>>
>>
>>
>> Yes, it's simple, or if you must insist, I'll allow you your "crude."
>> But it
>> won't be any *less* useful than a third party application with regard to
>> spyware. Spyware comes in and runs - it doesn't then launch attacks to
>> the
>> Internet.
>>
>>> I whole-heartedly agree that a perimeter firewall is a much better
>>> solution. Myself, I use a hardware firewall at my network perimeter
>>> and software firewalls (ZA) on each of my client machines.
>>
>>
>>
>> Yep - belt & suspenders, but your clients had better be pretty savvy
>> unless
>> you don't present them with "pick yes or no" messages.
>>
>>>
>>> "Lanwench [MVP - Exchange]"
>>> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
>>> message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
>>>
>>>> Scott M. wrote:
>>>>
>>>>> I use ZA with XP Pro SP2 and have had no problems on any of the 6
>>>>> machines I use it with. I would NOT recommend the XP Firewall as
>>>>> the other person suggested. The Windows Firewall is crude at best.
>>>>
>>>>
>>>> I'd say "simple", rather than "crude". It blocks *all* inbound
>>>> traffic by default....and no outbound, which is often enough.
>>>>
>>>> I personally don't use it myself, but I've found that for the
>>>> majority of home/small biz users, it's very confusing for them to
>>>> continually get popup
>>>> messages asking if they want to allow blah.exe to access the
>>>> Internet. They
>>>> either click No all the time out of (reasonable) paranoia and mess up
>>>> something, or they allow things they shouldn't.
>>>>
>>>> I prefer perimeter network firewalls, even for home networks.
>>>>
>>>>>
>>>>> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
>>>>> message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
>>>>>
>>>>>> "Rod P." wrote:
>>>>>>
>>>>>>
>>>>>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
>>>>>>> but my computer would not boot, so I am wondering if there is a
>>>>>>> firewall out there
>>>>>>> that is compatible with the SP2 firewall.
>>>>>>
>>>>>>
>>>>>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
>>>>>> date, you really don't need a third party firewall as long as you
>>>>>> use other measures to
>>>>>> keep viruses, trojans, worms, adware, and spyware from getting on
>>>>>> your system
>>>>>> in the first place -- and you will also be free of all the problems
>>>>>> (did someone mention Zone Alarm?) that people seem to experience
>>>>>> whenever they attempt to install a third party firewall with SP2
>>>>>> (as you can quickly learn
>>>>>> by regularly following these newsgroups).
>>>>>>
>>>>>> If, despite all this, you want to use a third party firewall, you
>>>>>> should turn off the Windows firewall. You should have only one
>>>>>> firewall running at
>>>>>> any time on your system. Ditto for antivirus.
>>>>>>
>>>>>> Ken
>>
>>
>>
>>

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

> These things are inexpensive nowadays. I see no reason not to have one.

I agree, but nontheless the general computer user has no clue about such
things.

> Well - I somewhat disagree. First, the spyware got in there somehow - and
> it
> didn't just blithely wander in through the guy's cable modem when he
> wasn't
> looking, & install itself. And spyware infestation is not going to be
> stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
> safe hex, XP SP2, tightening browser security, running antispyware
> software
> (Microsoft's beta, or others). In fact - this is a must, regardless.

I agree, but nontheless the general computer user doesn't tighten browser
security or keep their anti-virus software up to date.

> Re *trojans* (which are more of an issue in the context we're discussing
> here) yes, one can do the whole internet a favor by not allowing all but
> needed traffic outbound, it's true - and this is a Good Thing. However,
> again, the trojan got in somehow and didn't just blithely wander in
> through
> the... (see above). And the aforementioned guy needs good antivirus
> software, kept updated regularly and needs to know how to practice safe
> hex,
> as well as running WU regularly. Again, this is a must, regardless.

See last comment.

> If this guy doesn't get how to deal with the above, you think he's going
> to
> know exactly what to do when his local fw software asks him whether he
> would
> like to allow svchost.exe to access the Internet? I don't. He'll get
> frustrated and pick the wrong choice- or he'll simply turn off the
> annoying
> thing to avoid being asked.

In my experience, I disagree. Being asked (outbound filtering) gives
someone a better chance than not being asked at all (Windows Firewall). If
someone is going to take the time to install a software firewall, then they
are doing so because they know and care about the safety of their pc. True,
they may not always know what the message is exactly asking, but these days
(ZA specifically), it's not hard to find out more info. when those messages
come up.

>> For this reason, I say the Windows
>> Firewall is crude at best.
>
> Yes, it's simple, or if you must insist, I'll allow you your "crude." But
> it
> won't be any *less* useful than a third party application with regard to
> spyware. Spyware comes in and runs - it doesn't then launch attacks to the
> Internet.

No, but it does report back to some machine as to what it has been spying
on. And, thanks for *allowing* me my own opinion.

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Scott M. wrote:
||| These things are inexpensive nowadays. I see no reason not to have
||| one.
||
|| I agree, but nontheless the general computer user has no clue about
|| such things.
||

And that's because they are not told about security at point of purchase!
It's my view that Joe Public (ie those who are buying computers outside of a
corporate scenario) should be TOLD about computer security when they buy
one. For example, I was watching a show on a cable channel here in the UK
the other day going through the basics of computing. The presenter had gone
RIGHT through almost everything to do with getting an ISP, logging on,
browsing the internet and email use before even MENTIONING the fact that
"you might consider using a firewall", and I think they only did that
because I rang them up and told them about the ommission! The security
aspect should have been the FIRST thing the program covered!

--
Interim Systems and Management Accounting
Gordon Burgess-Parker
Director
www.gbpcomputing.co.uk

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Gordon wrote:

>
> And that's because they are not told about security at point of purchase!


And do they also not have access to television news, newspapers, and
magazines? The only person who can _reasonably_ claim to be unaware of
the rampant computer secure threats has been living in a cave in upper
Slovakia for the past ten years, with no contact with the outside world.


> It's my view that Joe Public (ie those who are buying computers outside of a
> corporate scenario) should be TOLD about computer security when they buy
> on