RE: whats the best firewall.

[Ch3tan]

Was a thread a while back from a bloke asking what the best firewall would be.

NOw the linux box suggestions where thick and fast, but so were thoose for personal home firewalls.

Zonealarm and BlackIce to be precise.

Well I am a zonealarm user and once u set it up on first use it will never bother u again unless it spots something wrong. However it was stated in this thread

http://forums.barrysworld.com/showthread.php?threadid=9216&highlight=firewall

Originally posted by Luap-ffs
Best FW is Blackice. Unlike ZoneAlarm you don't have to authorise every outgoing connection.

So BlackIce over Zonealarm simply cause it does not bother you? Well fair enough, the only time ZA bothered me was when i booted once last month and the program pzwbfh.exe (or something) wanted to access the net. Well I updated mcafee and sure enough found a trojan on my system.

Anyway I recently read Steve Gibson's entire artivle detailing the DOS attacks on his site > http://grc.com/dos/grcdos.htm

Now there is a very interesting few lines in this

from http://grc.com/dos/grcdos.htm
Somewhere, Windows users were innocently turning on their PC's. Lacking any effective personal firewall security (we will see later that BlackICE Defender provides no protection), the Zombies running secretly and silently inside those machines were connecting to this IRC server.

But the best bit comes when Gibson tries to test ZA'a and BlacIces performance at stopping this Bot and the sub7trojan

from http://grc.com/dos/grcdos.htm
Personal Firewalls and IRC Zombie/Bot Intrusions

ZoneAlarm v2.6 (Free) —

The last of my testing was to see whether the firewall I keep telling everyone to use: ZoneAlarm — either FREE or Pro — would be effective in stopping the IRC Zombie/Bot and the Sub7 Servers that had taken up residence in my poor "Sitting Duck" laptop.

I downloaded the current, completely free, version of ZoneAlarm 2.6 from the ZoneLabs web site and installed it on the "Sitting Duck" laptop. Upon restarting the machine I was gratified to receive immediate notification that the Zombie/Bot was attempting to make an outbound connection to its IRC chat server.

Meanwhile, the Sub7 Trojan was sitting quietly waiting for someone to connect to it. So I used another machine to "Telnet" to the port the Sub7Server Trojan was listening on. Up popped ZoneAlarm asking whether the nonsense-looking random character name the Sub7Server had chosen for itself should be allowed to accept a connection from the Internet.

Perfect performance from ZoneAlarm.

Then I had a thought: What would Network ICE's BlackICE Defender do under the same circumstances?



BlackICE Defender v2.5 ($39.95) —

I did not have a current copy of BlackICE Defender around, but I felt that this was an important test. So I laid out $39.95 through Network ICE's connection to the Digital River eCommerce retailer and purchased the latest version (v2.5) of BlackICE Defender hot off the Internet. I had already removed all traces of ZoneAlarm and restarted the machine, so I installed BlackICE Defender, let everything settle down, and restarted the machine with my packet sniffer running on an adjacent PC.

As far as I could tell, BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the Zombies and Trojans running inside the poor "Sitting Duck" laptop. I knew that BlackICE Defender was a lame personal firewall, but this even surprised me.

The Zombie/Bot happily connected without a hitch to its IRC chat server to await further instructions. The Sub7 Trojan sent off its eMail containing the machine's IP and the port where it was listening. Then it connected and logged itself into the Sub7 IRC server, repeating the disclosure of the machine's IP address and awaiting port number. No alerts were raised, nothing was flashing in the system tray. The Trojans were not hampered and I received no indication that anything wrong or dangerous was going on.

I took a lot of grief after my LeakTest utility cut right through BlackICE Defender. Network ICE told everyone that LeakTest was "being allowed through" because it was a completely benign Trojan. I knew that was a load of bull (and they must have too), but it didn't really matter to me, and I had no affirmative means of proving otherwise.

Well . . . I have that now, and so do you.

I performed one final test: As I had with ZoneAlarm, I attempted to connect to the Sub7Server Trojan running inside the "Sitting Duck" machine on the IP and listening port number the Trojan was advertising all over the Internet . . . and it worked perfectly. I received Sub7's "PWD" prompt asking me to login.

Sorry that was a bit long, but the article was even longer and I know not everyone would be bothered. SO whats my point?

Well its a question really, you dont want to use a linux box, but do you still feel safe with your copy of BlackIce?

 

[nothing]

scary. Um, if i am connected to the net with no kind of firewall what are the chances that I am being noted by some crazy hacker somewhere with a grudge against all people without firewalls? High? Low? Inbetween?

 

[old.Rostam]

I use ZA and I like it. I have seen quite a few test/review/comparisons of ZA with other firewalls and ZA almost always comes top.
Most my friends and family who were/are casual pc users do not and did not use any form of pc protection, no firewall, Anti-virus and so on (its amazing how many pc bundles didn't come with any such software), so i recommonded ZA for Firewall. It's free for home use and easy to set up and after all any protection is better the none.

 

[old.Rostam]

Originally posted by mungo_jerry
scary. Um, if i am connected to the net with no kind of firewall what are the chances that I am being noted by some crazy hacker somewhere with a grudge against all people without firewalls? High? Low? Inbetween?

Depends, a mate of mine got atacked twice in the last few months and that was using modem connection just browsing the web. I just don't think it's worth the risk, small as it may be specially with some good freesoftware avaiable.

 

[Moving Target]

I just use ZA but it does get on my nerves everytime it asks me for damn authorisation

 

[Ch3tan]

You can turn the pop ups off, you can setup auth for all your programs and tick the allow this program in future box.

 

[Moving Target]

Thing is I dont know which programs might have viruses

 

[Ch3tan]

okay....... some common sense and a virus scanner maybe?

 

[luap]

I can't help but wonder if Steve Gibson was not only helping us all out with some expert advice, I don't doubt his credentials at all, but maybe he's also simply pimp0ring his own product. I know it's a free download but ZA Pro isn't and one naturally leads to another. I bought pro and while it does exactly what it says on the tin, without being a l33t haxor myself I can't tell if it is as good as it needs to be.

 

[Ch3tan]

ZA aint his own product nor is he connected with the company as far as I can ascertain. Sure he is a fan of ZA, but to be fair he ran the same test on both firewalls, one failed one did not.

 

[Embattle]

I use ZA and will use ZA when my cable modem is installed.

 

[luap]

Originally posted by Ch3tan
ZA aint his own product nor is he connected with the company as far as I can ascertain. Sure he is a fan of ZA, but to be fair he ran the same test on both firewalls, one failed one did not.

IIRC, Steve Gibson wrote ZA basic before he went more dot-commish

 

[Custy]

I use blackICE. Works well under heavy network usage

 

[old.Squally]

I use zone alarm, i find it a good firewall...

 

[old.logic7]

I use PM Firewall.

Free ipchains Firewall; works well and worth the install on a Linux proxy.

 

[Ch3tan]

Originally posted by Custy
I use blackICE. Works well under heavy network usage

Read the big thread above m8? Or the details of the DOS attack on gibson?

 

[old.V-f-u-b-a-r]

Zone Alarm's not given me any trouble at all, i'd recommend it to anyone