Zone Alarm Free (Google "download ZoneAlarm Free") You turn OFF the built-in XP firewall and ICS (Internet Connection Sharing)
install Zone Alarm and then... critical... learn how to use it. This kills two birds with one stone: ICS is highly insecure and ZA gains you program level control, meaning you can manage all *outgoing connections.*
I know this is going way OT, but the peeps running Wintendo systems need to know this, too. (I run XP at work and 2K at home in addtion to SUSE and SLES.) First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.) If a software solution is needed, a very well respected one is Outpost (http://www.agnitum.com/products/), which isn't free, but very good. They also have a Trojan killer - Tauscan - which acts similar to the one you mentioned. Second - as an addition - go hang out at www.security-forums.com - they have a ton of peeps dedicated to security on all OS platforms, including Linux. Thanks for the write up!!!! -- kai ponte www.perfectreign.com linux - genuine windows replacement part
Kai Ponte wrote:
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
Kai, a hardware firewall is nothing but a blackbox running a software firewall. /Per Jessen, Zürich
On 1/12/06, Per Jessen
Kai Ponte wrote:
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
Kai, a hardware firewall is nothing but a blackbox running a software firewall.
Partially true, but most poeple (just as I do) understand the term
"hardware firewall" as an advanced piece of hardware,
application-level firewall and not just a simple port filter, which is
what effectively every "software firewall" is doing. A port filter
does not protect you from spyware or other malicious codes (a fact not
known to the average user who is quite confused when getting hit by
worms even while actively running a so called "firewall"). An
application-level firewall is capable of detecting known malicious
code signatures that are carried as payloads in application level
protocols, such as HTTP or FTP. The techniques involved in analyzing
network packets (at real-time) are highly processing intensive, thus
requiring highly specialized hardware to cope with transmission speeds
used today in the Internet and local networks. From this point of
view a hardware firewall is _not_ just a blackbox running a software
firewall.
Wow, this is even more OT. Just my 2 cents.
\Steve
--
Steve Graegert
Steve Graegert wrote:
On 1/12/06, Per Jessen
wrote: Kai Ponte wrote:
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
Kai, a hardware firewall is nothing but a blackbox running a software firewall.
Partially true,
Isn't it actually _completely_ true? Unless we've got a manufacturer with a box with a TCP/IP stack implemented as an ASIC, the firewall has got to be software. Splitting hairs, I know, but still.
but most poeple (just as I do) understand the term "hardware firewall" as an advanced piece of hardware, application-level firewall and not just a simple port filter, which is what effectively every "software firewall" is doing.
Perhaps it's a matter of who "most people" are, but a firewall, whether hardware or software, is not much more than a port-filter. OK, with a few bells and whistles for detecting and dealing with certain kind of attacks (e.g. DoS). If I take a 486, install Linux and a decent iptables setup, I've got myself a solid hardware firewall - except of course, the firewall is really a software firewall. /Per Jessen, Zürich
On 1/12/06, Per Jessen
Steve Graegert wrote:
On 1/12/06, Per Jessen
wrote: Kai Ponte wrote:
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
Kai, a hardware firewall is nothing but a blackbox running a software firewall.
Partially true,
Isn't it actually _completely_ true? Unless we've got a manufacturer with a box with a TCP/IP stack implemented as an ASIC, the firewall has got to be software. Splitting hairs, I know, but still.
This is exactly what manufacturers are doing. The stack is not implemented in a single ASIC, but distributed over multiple chips, which are sometimes pipelined (Cisco's implementation) or connected to complex matrices. Every ASIC performs highly specialized operations on the packets.
but most poeple (just as I do) understand the term "hardware firewall" as an advanced piece of hardware, application-level firewall and not just a simple port filter, which is what effectively every "software firewall" is doing.
Perhaps it's a matter of who "most people" are, but a firewall, whether hardware or software, is not much more than a port-filter. OK, with a few bells and whistles for detecting and dealing with certain kind of attacks (e.g. DoS). If I take a 486, install Linux and a decent iptables setup, I've got myself a solid hardware firewall - except of course, the firewall is really a software firewall.
A firewall can be much more than a port filter. As stated in my last
post, highly sophisticated application-level firewalls operate between
layer 4 and 7 of the OSI model, processing data contained in
application protocols. This is a fundamentally different approach
compared to port filtering. While it's of course possible to
implement application-level firewalls on stock hardware (e.g.
CheckPoint offers one for AIX), there are numerous products that have
implemented such functionality entirely in hardware. I have a Nokia
box which operates at the application level and, additionally, does
port filtering.
\Steve
--
Steve Graegert
On Thursday 12 January 2006 13:59, Kai Ponte wrote:
I know this is going way OT
no, no, no.... it's waaaaaaaaay OT!
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
You need direct program-level control installed on every single client (no exceptions) *in addition to* a hardware firewall (that was presumed.) Don't forget how quickly malware propagates from client to client inside a network if one machine is compromised... even by 'sneakernet.' This layered approach is the safest. In addition, ZA lets you control access differently for each program installed on the computer. If it doesn't recognize a program that tries to access the network, it'll block that access attempt and pop up an alert for the user. It also keeps decent logs.
If a software solution is needed, a very well respected one is Outpost (http://www.agnitum.com/products/), which isn't free, but very good. They also have a Trojan killer - Tauscan - which acts similar to the one you mentioned.
I listed the programs that I did because I've used each one for a very long time... actually since before spyware/malware ever became newsworthy or a mainstream topic. There are other programs out there and they may be effective, but they don't have the long track record that these programs have. Moreover, I haven't had to re-evaluate or change my list because the developers keep the software very current and the combination has *always* been effective; it just gets the job done every time. Having said that, this statement may not be true by this time next year... the way things are going... the nature of the threats on that platform is *so* mature and severe today that the only *practical* solution I can see is to install Linux.
Second - as an addition - go hang out at www.security-forums.com - they have a ton of peeps dedicated to security on all OS platforms, including Linux.
Thanks for the write up!!!!
Thanks for your input, Kai, particularly about the need for hardware firewalls, and I appreciate the link. regards, - Carl
On Thu, 12 Jan 2006 14:59:54 -0500, you wrote:
On Thursday 12 January 2006 13:59, Kai Ponte wrote:
I know this is going way OT
no, no, no.... it's waaaaaaaaay OT!
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
[snip] My $.02 (USD) - I didn't see anyone mention the reason I use ZA on doze boxes - it's great for catching and blocking phone-homes. "Windows media player is trying to access the internet, allow or not? No - never. End of problem. Honest to $DIETY, I never used to hate windows as much as I do after watching every damned application, patch, and OS update want to phone home. It's flat out disgusting. What I run on my computer is nobodies business. And as for the 'hardware firewall' question, please tell me you're talking about a real firewall and not one of those stupid Linksys things. As I'm sure you know, that's in no way a firewall (or a router) - it's a buggy (VERY buggy, the last time I tried one) NAT layer implemented in hardware. The port forwarding and 'DMZ' features don't (or didn't) even work right. I'm working my way thru making snort_inline work in front of a shorewall/iptables setup. THAT is a firewall. After I get that figured out I'm going to try my hand at traffic shaping. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
Just a bit of help for those guys running a Windwoes box: http://free.grisoft.com/doc/2/lng/us/tpl/v5 That's the official AVG page for the 'free' version of their AV software. I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-) -- ============================================== I am only human, please forgive me if I make a mistake it is not deliberate. ============================================== Xmas may be over but, PLEASE DON'T drink and drive you'll make it to the next one that way. Kevan Farmer Linux user #373362 Cheslyn Hay Staffordshire WS6 7HR
Kevanf1 wrote:
Just a bit of help for those guys running a Windwoes box:
http://free.grisoft.com/doc/2/lng/us/tpl/v5
That's the official AVG page for the 'free' version of their AV software.
I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-)
Have to disagree with you about AVG, Kevan. A friend of mine had AVG installed and then rang me because he acquired a virus and couldn't get rid of the virus. I went over to his place and installed my Computer Associates (CA) eTrust and it zapped the virus before you could say "virus". The problem with AVG is that while it can detect a virus/trojan it cannot do anything about getting rid of it- you have to go to the Grisoft site and download the virus/trojan remover and apply it. AVG does not automatically zap a virus/trojan. On the other hand eTrust does (but then there are others that do as well). I've been using eTrust for ~6 years now. Back in the early 90s there was the best anti-virus app. available called Thunderbyte but this got taken over by some European company and, as far as I know, vanished off the scene :-( (which is typical when a product beats the pants off its competition). I was using Thunderbyte when operating a couple of BBSs for some years before it vanished off the scene and I was very sorry to see it go. Cheers. -- Don't argue with an idiot, people may not see the difference.
On Sat, 2006-01-14 at 00:33 +1100, Basil Chupin wrote:
Kevanf1 wrote:
Just a bit of help for those guys running a Windwoes box:
http://free.grisoft.com/doc/2/lng/us/tpl/v5
That's the official AVG page for the 'free' version of their AV software.
I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-)
Have to disagree with you about AVG, Kevan.
A friend of mine had AVG installed and then rang me because he acquired a virus and couldn't get rid of the virus. I went over to his place and installed my Computer Associates (CA) eTrust and it zapped the virus before you could say "virus".
The problem with AVG is that while it can detect a virus/trojan it cannot do anything about getting rid of it- you have to go to the Grisoft site and download the virus/trojan remover and apply it. AVG does not automatically zap a virus/trojan. On the other hand eTrust does (but then there are others that do as well). I've been using eTrust for ~6 years now.
Back in the early 90s there was the best anti-virus app. available called Thunderbyte but this got taken over by some European company and, as far as I know, vanished off the scene :-( (which is typical when a product beats the pants off its competition). I was using Thunderbyte when operating a couple of BBSs for some years before it vanished off the scene and I was very sorry to see it go.
Check this link, it appears that Thunderbyte is still alive and kicking although perhaps not current. http://www.pcworld.com/downloads/file_description/0,fid,931,00.asp -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Ken Schneider wrote:
On Sat, 2006-01-14 at 00:33 +1100, Basil Chupin wrote:
Kevanf1 wrote:
Just a bit of help for those guys running a Windwoes box:
http://free.grisoft.com/doc/2/lng/us/tpl/v5
That's the official AVG page for the 'free' version of their AV software.
I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-) Have to disagree with you about AVG, Kevan.
A friend of mine had AVG installed and then rang me because he acquired a virus and couldn't get rid of the virus. I went over to his place and installed my Computer Associates (CA) eTrust and it zapped the virus before you could say "virus".
The problem with AVG is that while it can detect a virus/trojan it cannot do anything about getting rid of it- you have to go to the Grisoft site and download the virus/trojan remover and apply it. AVG does not automatically zap a virus/trojan. On the other hand eTrust does (but then there are others that do as well). I've been using eTrust for ~6 years now.
Back in the early 90s there was the best anti-virus app. available called Thunderbyte but this got taken over by some European company and, as far as I know, vanished off the scene :-( (which is typical when a product beats the pants off its competition). I was using Thunderbyte when operating a couple of BBSs for some years before it vanished off the scene and I was very sorry to see it go.
Check this link, it appears that Thunderbyte is still alive and kicking although perhaps not current. http://www.pcworld.com/downloads/file_description/0,fid,931,00.asp
Thanks Ken. I'll check it out shortly. Cheers. -- Don't argue with an idiot, people may not see the difference.
Ken Schneider wrote:
On Sat, 2006-01-14 at 00:33 +1100, Basil Chupin wrote:
Kevanf1 wrote:
Just a bit of help for those guys running a Windwoes box:
http://free.grisoft.com/doc/2/lng/us/tpl/v5
That's the official AVG page for the 'free' version of their AV software.
I think Grisoft - the makers of AVG - are going to be or, possibly already are doing, a Linux version. Now I've used AVG for years, tried others and gone back. It's rock solid in a soft and squishy, messy world of virii :-) Have to disagree with you about AVG, Kevan.
A friend of mine had AVG installed and then rang me because he acquired a virus and couldn't get rid of the virus. I went over to his place and installed my Computer Associates (CA) eTrust and it zapped the virus before you could say "virus".
The problem with AVG is that while it can detect a virus/trojan it cannot do anything about getting rid of it- you have to go to the Grisoft site and download the virus/trojan remover and apply it. AVG does not automatically zap a virus/trojan. On the other hand eTrust does (but then there are others that do as well). I've been using eTrust for ~6 years now.
Back in the early 90s there was the best anti-virus app. available called Thunderbyte but this got taken over by some European company and, as far as I know, vanished off the scene :-( (which is typical when a product beats the pants off its competition). I was using Thunderbyte when operating a couple of BBSs for some years before it vanished off the scene and I was very sorry to see it go.
Check this link, it appears that Thunderbyte is still alive and kicking although perhaps not current. http://www.pcworld.com/downloads/file_description/0,fid,931,00.asp
I've now checked this link and found that Thunderbyte is now available from www.norman.nl but am not sure if it is actually called Thunderbyte although there is also the URL called www.thunderbyte.nl. Seems also that there are a number of variations-on-a-theme as in antivirus, firewall, corporate, non-corporate, etc. and the price is a bit steep as in $US40.98 for 1 licence for one year's use. Nevertheless, Thunderbyte appears to live on (possibly under a new name of Norman) and, ignoring the current price, would be worth having if it is the same product I knew back in early 90's. (The author of the BBS software I was running had a computer filled to the brim with viruses [he was also the first to come up with a 'cure' for the polymorphic virus] and he tested all the available anti-virus applications to see which ones worked. Thunderbyte at the time came out on top as being not only THE fastest but also outstripped all the other applications in the detection stakes.) Thanks again for the link you gave. Cheers. -- Don't argue with an idiot, people may not see the difference.
On 14/01/06, Basil Chupin
I've now checked this link and found that Thunderbyte is now available from www.norman.nl but am not sure if it is actually called Thunderbyte although there is also the URL called www.thunderbyte.nl.
Seems also that there are a number of variations-on-a-theme as in antivirus, firewall, corporate, non-corporate, etc. and the price is a bit steep as in $US40.98 for 1 licence for one year's use.
Nevertheless, Thunderbyte appears to live on (possibly under a new name of Norman) and, ignoring the current price, would be worth having if it is the same product I knew back in early 90's. (The author of the BBS software I was running had a computer filled to the brim with viruses [he was also the first to come up with a 'cure' for the polymorphic virus] and he tested all the available anti-virus applications to see which ones worked. Thunderbyte at the time came out on top as being not only THE fastest but also outstripped all the other applications in the detection stakes.)
Thanks again for the link you gave.
There is an anti virus program called Norman AV in the Windwoes world. That could be the one referred to. IT is possible to get it free but I no longer have the links to it. It was a legitimate freebie too, not some warez stuff. Norman AV does have a good reputation but I have not tried it myself. -- ============================================== I am only human, please forgive me if I make a mistake it is not deliberate. ============================================== Xmas may be over but, PLEASE DON'T drink and drive you'll make it to the next one that way. Kevan Farmer Linux user #373362 Cheslyn Hay Staffordshire WS6 7HR
participants (8)
-
Basil Chupin
-
Carl Hartung
-
Kai Ponte
-
Ken Schneider
-
Kevanf1
-
Michael W Cocke
-
Per Jessen
-
Steve Graegert