Re: firewall opinions

From: Van (Van_at_discussions.microsoft.com)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 06:27:02 -0800

As usual ...... great advise and comments!!! Thanks to everyone and
especially to you, JW!!!!

"JW" wrote:

> Hey Van, whenever you see conflicting advice on firewalls
> (such as, (a) software firewalls are an important addition to a complete
> multi-layer security system VS. (b) software firewalls are unnecessary
> because hardware firewalls do everything that software firewalls do,
> plus no Trojan can ever open a port on a hardware firewall), you really
> have to go to a higher authority. Opinions are like armpits.
>
> Last year, PC World Labs partnered with German security firm AV-Test to
> test, evaluate and compare many firewall, antivirus, and anti-spyware
> products. Included in the test was one of Linksys' best hardware
> firewall/router/NAT devices. Their conclusion on page 3 was that two
> software firewalls deserved the Editors Best Buy award, but neither of
> two hardware firewall/router devices deserved the award. Furthermore,
> the final recommendations on page 9 stressed the importance of using a
> combination of defenses (not any one product that is good at only one
> specialty), including Both a software firewall and a hardware firewall.
> you can see their article at
> http://www.pcworld.com/reviews/article/0,aid,115939,pg,1,00.asp
>
> after reading this article, you will see that the test results prove
> that (a) a hardware firewall/router does things that a software firewall
> does not, and (b) a software firewall does things that a hardware
> firewall does not. this is clearly why you need Both. For example, see
> page 2 of the above article that states the following facts:
>
> Consider the Bagle worm, which hides its identity by injecting itself
> into the Windows Explorer application. When AV-Test infected a system
> with this worm, the McAfee, Norton, Sygate, and ZoneAlarm firewalls
> asked if Windows Explorer could access the Internet.
>
> by comparison, a hardware firewall would not stop to ask the user for
> approval of this outbound transmission of who knows what (maybe your
> personal credit card or bank account number/password captured by a
> keystroke logging program?), but would simply allow this outbound
> transmission to go through unchecked.
>
> another source of facts you can go to, when facing conflicting advice
> from those who offer nothing but opinions, is an authoritative web site
> such as the Gibson Research Corp web site. at www.grc.com, the section
> named LeakTest describes another vulnerability that hardware
> firewall/router devices are Helpless to defend against.
>
> take the test for yourself. download their program named LeakTest.exe.
> rename a legitimate program like IExplore.exe to IExplore.old. then
> rename LeakTest.exe to IExplore.exe and launch it. the results are
> clear and indisputable. a hardware router/firewall will not even stop
> to ask you if this outbound leak of information is OK, but will allow
> this outbound communication to pass through unchecked. ZoneAlarm will
> stop it and ask for your approval. besides the fact that hardware
> firewalls are inherently clueless to this vulnerability, what this also
> means is that any kid who has read a book like Windows 101 can rename
> any file from something like KeystrokeLoggerThatAlsoLaunchesIE.exe to
> IExplore.exe with two simple commands.
>
>
>
>
> Van wrote:
> > I've been running Zone Alarm free version on my XP home SP2 system. The ONLY
> > thing I don't like about it, is the time it takes to load on bootup. Besides
> > ZA, what are some of the firewalls that you folks use and recommend??
> > Thanks ....
>

Relevant Pages
Quantcast