On 1/12/06, Per Jessen wrote:

Kai Ponte wrote:

...

First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)

Kai, a hardware firewall is nothing but a blackbox running a software firewall.

Partially true, but most poeple (just as I do) understand the term "hardware firewall" as an advanced piece of hardware, application-level firewall and not just a simple port filter, which is what effectively every "software firewall" is doing. A port filter does not protect you from spyware or other malicious codes (a fact not known to the average user who is quite confused when getting hit by worms even while actively running a so called "firewall"). An application-level firewall is capable of detecting known malicious code signatures that are carried as payloads in application level protocols, such as HTTP or FTP. The techniques involved in analyzing network packets (at real-time) are highly processing intensive, thus requiring highly specialized hardware to cope with transmission speeds used today in the Internet and local networks. From this point of view a hardware firewall is _not_ just a blackbox running a software firewall. Wow, this is even more OT. Just my 2 cents. \Steve -- Steve Graegert Software Consultant {C/C++ && Java && .NET} Office: +49 9131 7123988 Mobile: +49 1520 9289212

On 1/12/06, Per Jessen wrote:

Steve Graegert wrote:

...

On 1/12/06, Per Jessen wrote:

...

Kai Ponte wrote:

...

First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)

Kai, a hardware firewall is nothing but a blackbox running a software firewall.

Partially true,

Isn't it actually _completely_ true? Unless we've got a manufacturer with a box with a TCP/IP stack implemented as an ASIC, the firewall has got to be software. Splitting hairs, I know, but still.

This is exactly what manufacturers are doing. The stack is not implemented in a single ASIC, but distributed over multiple chips, which are sometimes pipelined (Cisco's implementation) or connected to complex matrices. Every ASIC performs highly specialized operations on the packets.

...

but most poeple (just as I do) understand the term "hardware firewall" as an advanced piece of hardware, application-level firewall and not just a simple port filter, which is what effectively every "software firewall" is doing.

Perhaps it's a matter of who "most people" are, but a firewall, whether hardware or software, is not much more than a port-filter. OK, with a few bells and whistles for detecting and dealing with certain kind of attacks (e.g. DoS). If I take a 486, install Linux and a decent iptables setup, I've got myself a solid hardware firewall - except of course, the firewall is really a software firewall.

A firewall can be much more than a port filter. As stated in my last post, highly sophisticated application-level firewalls operate between layer 4 and 7 of the OSI model, processing data contained in application protocols. This is a fundamentally different approach compared to port filtering. While it's of course possible to implement application-level firewalls on stock hardware (e.g. CheckPoint offers one for AIX), there are numerous products that have implemented such functionality entirely in hardware. I have a Nokia box which operates at the application level and, additionally, does port filtering. \Steve -- Steve Graegert Software Consultant {C/C++ && Java && .NET} Office: +49 9131 7123988 Mobile: +49 1520 9289212

On Thu, 12 Jan 2006 14:59:54 -0500, you wrote:

On Thursday 12 January 2006 13:59, Kai Ponte wrote:

...

I know this is going way OT

no, no, no.... it's waaaaaaaaay OT!

...

First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)

[snip] My $.02 (USD) - I didn't see anyone mention the reason I use ZA on doze boxes - it's great for catching and blocking phone-homes. "Windows media player is trying to access the internet, allow or not? No - never. End of problem. Honest to $DIETY, I never used to hate windows as much as I do after watching every damned application, patch, and OS update want to phone home. It's flat out disgusting. What I run on my computer is nobodies business. And as for the 'hardware firewall' question, please tell me you're talking about a real firewall and not one of those stupid Linksys things. As I'm sure you know, that's in no way a firewall (or a router) - it's a buggy (VERY buggy, the last time I tried one) NAT layer implemented in hardware. The port forwarding and 'DMZ' features don't (or didn't) even work right. I'm working my way thru making snort_inline work in front of a shorewall/iptables setup. THAT is a firewall. After I get that figured out I'm going to try my hand at traffic shaping. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,

Kevanf1 wrote:

Just a bit of help for those guys running a Windwoes box:

http://free.grisoft.com/doc/2/lng/us/tpl/v5

That's the official AVG page for the 'free' version of their AV software.

I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-)

Have to disagree with you about AVG, Kevan. A friend of mine had AVG installed and then rang me because he acquired a virus and couldn't get rid of the virus. I went over to his place and installed my Computer Associates (CA) eTrust and it zapped the virus before you could say "virus". The problem with AVG is that while it can detect a virus/trojan it cannot do anything about getting rid of it- you have to go to the Grisoft site and download the virus/trojan remover and apply it. AVG does not automatically zap a virus/trojan. On the other hand eTrust does (but then there are others that do as well). I've been using eTrust for ~6 years now. Back in the early 90s there was the best anti-virus app. available called Thunderbyte but this got taken over by some European company and, as far as I know, vanished off the scene :-( (which is typical when a product beats the pants off its competition). I was using Thunderbyte when operating a couple of BBSs for some years before it vanished off the scene and I was very sorry to see it go. Cheers. -- Don't argue with an idiot, people may not see the difference.

Ken Schneider wrote:

On Sat, 2006-01-14 at 00:33 +1100, Basil Chupin wrote:

...

Kevanf1 wrote:

...

Just a bit of help for those guys running a Windwoes box:

http://free.grisoft.com/doc/2/lng/us/tpl/v5

That's the official AVG page for the 'free' version of their AV software.

I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-) Have to disagree with you about AVG, Kevan.

A friend of mine had AVG installed and then rang me because he acquired a virus and couldn't get rid of the virus. I went over to his place and installed my Computer Associates (CA) eTrust and it zapped the virus before you could say "virus".

The problem with AVG is that while it can detect a virus/trojan it cannot do anything about getting rid of it- you have to go to the Grisoft site and download the virus/trojan remover and apply it. AVG does not automatically zap a virus/trojan. On the other hand eTrust does (but then there are others that do as well). I've been using eTrust for ~6 years now.

Back in the early 90s there was the best anti-virus app. available called Thunderbyte but this got taken over by some European company and, as far as I know, vanished off the scene :-( (which is typical when a product beats the pants off its competition). I was using Thunderbyte when operating a couple of BBSs for some years before it vanished off the scene and I was very sorry to see it go.

Check this link, it appears that Thunderbyte is still alive and kicking although perhaps not current. http://www.pcworld.com/downloads/file_description/0,fid,931,00.asp

Thanks Ken. I'll check it out shortly. Cheers. -- Don't argue with an idiot, people may not see the difference.

On 14/01/06, Basil Chupin wrote:

I've now checked this link and found that Thunderbyte is now available from www.norman.nl but am not sure if it is actually called Thunderbyte although there is also the URL called www.thunderbyte.nl.

Seems also that there are a number of variations-on-a-theme as in antivirus, firewall, corporate, non-corporate, etc. and the price is a bit steep as in $US40.98 for 1 licence for one year's use.

Nevertheless, Thunderbyte appears to live on (possibly under a new name of Norman) and, ignoring the current price, would be worth having if it is the same product I knew back in early 90's. (The author of the BBS software I was running had a computer filled to the brim with viruses [he was also the first to come up with a 'cure' for the polymorphic virus] and he tested all the available anti-virus applications to see which ones worked. Thunderbyte at the time came out on top as being not only THE fastest but also outstripped all the other applications in the detection stakes.)

Thanks again for the link you gave.

There is an anti virus program called Norman AV in the Windwoes world. That could be the one referred to. IT is possible to get it free but I no longer have the links to it. It was a legitimate freebie too, not some warez stuff. Norman AV does have a good reputation but I have not tried it myself. -- ============================================== I am only human, please forgive me if I make a mistake it is not deliberate. ============================================== Xmas may be over but, PLEASE DON'T drink and drive you'll make it to the next one that way. Kevan Farmer Linux user #373362 Cheslyn Hay Staffordshire WS6 7HR