"sli" wrote in message news:zytli.15$b43.7@newsfe02.lga...
>
> Vanguard wrote:
>>
>> Pick any firewall product (other
>> than the Windows firewall) and they all nag unless you disable
>> outbound firewalling.
>
> ZoneAlarm Free nags? I don't see any nagging.


ZoneAlarm and many other firewalls include a database of known
applications and what protocols and ports they use. If the option is
enabled to use that database then the program will do the lookup from
the database to automatically configure the rules. From what I've read,
usually there is a hash value assigned to the executable or library
files to ensure that malware using the same filename doesn't get
outbound app rules automatically configured for them. In that case, it
is possible you will do an update that results in a prompt regarding the
new [version of the] program if the database hasn't been updated yet or
you haven't updated the firewall recently. Also, any programs not in
their pre-config database will result in a prompt asking if you want to
grant permission for that unknown program to connect out.

The pre-config database can be hazardous in that it hides from the user
what programs are making outbound connections. What if you don't want
Adobe Reader to get out to do updates? Well, the database has that app
listed so you won't get prompted when the AcrobatUpdater executes and
successfully makes a connection through your auto-configuring firewall.
If possible, I turn off that "smart" auto-config option so *I* decide
which apps can connect and which can't.

If the firewall checks for DLL-injection or monitor the parent that
called the process that makes the network connection, you will get lots
of prompts even with the smart auto-config option enabled. That
database lists the program and its files and not every possible program
that may have called it. For example, if you click on a URL link in a
newsgroups post while reading it in Outlook Express (msimn.exe), the
application making the network connection is Internet Explorer
(iexplore.exe) but the caller was msimn.exe. A favorite ploy is to use
a caller to get IE to make a connection on its behalf. BHOs use this
scheme, too. You end up getting a prompt from the firewall asking if
you want the caller to get a connection through the other authorized
program. Some freebie firewalls are little more than app rule filters.
My guess is that ZA Free doesn't include protection against DLL
injection or monitor the callers of previously authorized apps. Comodo
and Sygate have this hijack protection. It does mean more prompts
because no database of known and pre-authorized apps will know every
possible parent process that might execute those known pre-authorized
apps.

If you want more protection, you'll need more information and control.
To have more control, you need to actually manage it. Security and
ease-of-use are the antithesis of each other.

With ZA *Free*, you obviously don't get all the features of the Pro
version. I couldn't find a feature-by-feature comparison list between
the Free and Pro versions. Instead they send you to
http://www.zonealarm.com/store/conte...st2_comparison
or general FAQ pages that describes some differences but not under a
correct context to compare just these 2 products and with sufficient
details to actually do a comparison (and the "advanced" comparison page
is blank).