Low Resource Software Firewall

[Maximus the Mad]

Vanguard aka no@mail.invalid on 7/10/2007 at 8:44:12 PM in
alt.privacy.spyware<m7OdnS2VbKFIugnbnZ2dnUVZ_tCtnZ 2d@comcast.com> after
much thought,came up with this jewel:

> "Maximus the Mad" wrote in message
> news:xn0f8jhqr2sjfe001@news.albasani.net...
> >
> > Vanguard wrote:
> >
> > > "Steve H" wrote ...
> > > >
> > > > Perhaps this is a bit off topic, but I mainly use a software
> > > > firewall to check for bad guys trying to phone home. My PC is
> > > > already behind a hardware firewall.
> > > >
> > > > I recently replaced my AV which was starting to become bloatware
> > > > with a lean and mean AV that I am so far impressed with. When
> > > > I went to update, ZoneAlarm, I was amazed at how big the
> > > > download was. ZoneAlarm has been moving in the direction of
> > > > bloatware for a few years now.
> > >
> > > Comodo firewall
> > > memory usage: 12.7MB real + 18.1MB virtual
> > >
> > > Just remember that a software firewall that runs on the same host
> > > as the malware can be compromised. Usually good enough
> > > protection and control but not perfect. However, as compared to
> > > a firewall appliance, a local software firewall lets you define
> > > application rules which is what you said you wanted.
> >
> > MS07-038 - Vulnerability in Windows Vista Firewall Could Allow
> > Information Disclosure (935807)
> >
> > Affected Software:
> > - Windows Vista
> >
> > couldn't resist
>
> You couldn't resist bringing up deficiencies in Microsoft's firewall
> when the discussing (in this subthread in which you replied) is about
> the Comodo firewall? Not one other respondent has mentioned the
> Windows firewall.

The firewall that comes with windows is fine for the home user(gives
that warm and fuzzy feeling of being protected). Why spend more money
and resources?
>
> Also, provide a link to the article you claim exists. A search at
> Microsoft's support knowledgebase does not find a match on "935807".

The full version of the Microsoft Security Bulletin Summary for July
2007 can be found at
http://www.microsoft.com/technet/sec.../MS07-jul.mspx
>
> > max
> > -- My Pages:
> > Virus Removal Instructions:
> > http://www.freespaces.com/maxwachtel/removal.html
> > Keeping Windows Clean:
> > http://www.freespaces.com/maxwachtel/keepingclean.html
> > Tools: http://www.freespaces.com/maxwachtel/tools.html
> > Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
> > specifically setup for USENET.Feel free to use it yourself.
> > Always remember - only download files from Trusted Sites.
> > "VISTA" is an acronym for the top five Windows problems: Viruses,
> > Infections, Spyware, Trojans and Adware. -PanHandler
> > Registered Linux User #393236
>
> Is this your normal or default signature?

no-it's this weeks but I could add more if you like.
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.
"VISTA" is an acronym for the top five Windows problems: Viruses,
Infections, Spyware, Trojans and Adware. -PanHandler
Registered Linux User #393236

[Gladiator]

On Wed, 11 Jul 2007 01:14:57 +0000 (UTC), "Maximus the Mad"
<maxwachtel@nomail.afraid.org> wrote:


>The firewall that comes with windows is fine for the home user(gives
>that warm and fuzzy feeling of being protected). Why spend more money
>and resources?

And you think you are somehow safer with Comodo? I've been trying out
Comodo on anothr pC and it's nothing but a ****iong annoying piece of
nagware to make you feel all safe and secure. If the XP firewall
nagged you every minute of the day would that make you feel better
about it? Any software firewall can be circumvented. Knowing that why
waste your time with annoying nagware?

[Vanguard]

"Gladiator" wrote in message
news:0sp89350as3j5ovs4ebfl25j6mutqidnov@4ax.com...
>
> And you think you are somehow safer with Comodo? I've been trying out
> Comodo on anothr pC and it's nothing but a ****iong annoying piece of
> nagware to make you feel all safe and secure. If the XP firewall
> nagged you every minute of the day would that make you feel better
> about it? Any software firewall can be circumvented. Knowing that why
> waste your time with annoying nagware?


From someone that is too lazy to bother checking the options within the
program. If you don't want outbound firewalling (i.e., app rules) then
disable that function. Then you're crippled the product down to be the
Windows firewall. Pick any firewall product (other than the Windows
firewall) and they all nag unless you disable outbound firewalling.
That's fine if you feel comfy that all executables on your host are
non-malware and that all of those have user-configurable options
regarding connecting outside.

[sli]

Vanguard wrote:
>
> Pick any firewall product (other
> than the Windows firewall) and they all nag unless you disable
> outbound firewalling.

ZoneAlarm Free nags? I don't see any nagging.

[Vanguard]

"sli" wrote in message news:zytli.15$b43.7@newsfe02.lga...
>
> Vanguard wrote:
>>
>> Pick any firewall product (other
>> than the Windows firewall) and they all nag unless you disable
>> outbound firewalling.
>
> ZoneAlarm Free nags? I don't see any nagging.


ZoneAlarm and many other firewalls include a database of known
applications and what protocols and ports they use. If the option is
enabled to use that database then the program will do the lookup from
the database to automatically configure the rules. From what I've read,
usually there is a hash value assigned to the executable or library
files to ensure that malware using the same filename doesn't get
outbound app rules automatically configured for them. In that case, it
is possible you will do an update that results in a prompt regarding the
new [version of the] program if the database hasn't been updated yet or
you haven't updated the firewall recently. Also, any programs not in
their pre-config database will result in a prompt asking if you want to
grant permission for that unknown program to connect out.

The pre-config database can be hazardous in that it hides from the user
what programs are making outbound connections. What if you don't want
Adobe Reader to get out to do updates? Well, the database has that app
listed so you won't get prompted when the AcrobatUpdater executes and
successfully makes a connection through your auto-configuring firewall.
If possible, I turn off that "smart" auto-config option so *I* decide
which apps can connect and which can't.

If the firewall checks for DLL-injection or monitor the parent that
called the process that makes the network connection, you will get lots
of prompts even with the smart auto-config option enabled. That
database lists the program and its files and not every possible program
that may have called it. For example, if you click on a URL link in a
newsgroups post while reading it in Outlook Express (msimn.exe), the
application making the network connection is Internet Explorer
(iexplore.exe) but the caller was msimn.exe. A favorite ploy is to use
a caller to get IE to make a connection on its behalf. BHOs use this
scheme, too. You end up getting a prompt from the firewall asking if
you want the caller to get a connection through the other authorized
program. Some freebie firewalls are little more than app rule filters.
My guess is that ZA Free doesn't include protection against DLL
injection or monitor the callers of previously authorized apps. Comodo
and Sygate have this hijack protection. It does mean more prompts
because no database of known and pre-authorized apps will know every
possible parent process that might execute those known pre-authorized
apps.

If you want more protection, you'll need more information and control.
To have more control, you need to actually manage it. Security and
ease-of-use are the antithesis of each other.

With ZA *Free*, you obviously don't get all the features of the Pro
version. I couldn't find a feature-by-feature comparison list between
the Free and Pro versions. Instead they send you to
http://www.zonealarm.com/store/conte...st2_comparison
or general FAQ pages that describes some differences but not under a
correct context to compare just these 2 products and with sufficient
details to actually do a comparison (and the "advanced" comparison page
is blank).

[use_a_hammer@yahoo.com]

On Jul 11, 1:31 am, "Vanguard" <n...@mail.invalid> wrote:
> "Gladiator" wrote in message
>
> news:0sp89350as3j5ovs4ebfl25j6mutqidnov@4ax.com...
>
>
>
> > And you think you are somehow safer with Comodo? I've been trying out
> > Comodo on anothr pC and it's nothing but a ****iong annoying piece of
> > nagware to make you feel all safe and secure. If the XP firewall
> > nagged you every minute of the day would that make you feel better
> > about it? Any software firewall can be circumvented. Knowing that why
> > waste your time with annoying nagware?
>
> From someone that is too lazy to bother checking the options within the
> program. If you don't want outbound firewalling (i.e., app rules) then
> disable that function. Then you're crippled the product down to be the
> Windows firewall. Pick any firewall product (other than the Windows
> firewall) and they all nag unless you disable outbound firewalling.
> That's fine if you feel comfy that all executables on your host are
> non-malware and that all of those have user-configurable options
> regarding connecting outside.

Nag free and recommended here http://www.techsupportalert.com/best..._utilities.htm

http://www.sunbelt-software.com/Home...onal-Firewall/