On Wednesday 22 March 2006 02:25, Andre Truter wrote:
But, I think you need to have a look at squil and snort, as that is basically what you want.
No, I think what Linda wants is a way for her to be able to justify downloading and running whatever executable she finds on the net, on the basis of "ZoneAlarm will tell me if it's something bad"
It will notify you immediately of any suspect activity on your ports. It does not read log files, it acts the moment the activity is happening on the port, so it is rather pro-active than re-active.
Proactive means doing something before the fact to prevent its happening in the first place. In this case, it means having a sane configuration. There are two scenarios, server and desktop. When you run servers listening on incoming connections from the internet, you need to let that happen in your packet filter, or you will very quickly get bored. Interactive approval of packets is simply not an option. Security here is complex, multilayered, and does not allow easy solutions a la ZoneAlarm The second scenario is the desktop. Here you normally don't have things listening on the internet, which means the only attack vector is the software you yourself run. As long as you don't run garbage you find just anywhere on the net, you should be reasonably safe here, but caution is the best guard. Far better than having ZoneAlarm pop up to tell you "you have been infected by something, you better reinstall your system." Be careful with what you install and run -- Certified: Yes. Certifiable: of course! jabber ID: anders@rydsbo.net