What version of ZOneAlarm fastest with XP SP2

Today I use 6.1.744, but I often see advices in discussions about
using older version (like 4.5.594) is much faster even with XP and
that the security is just as good (I have a router with a firwall so I
only use ZA to monitor outgoing programs, is there anything else I
could do to speed up things?)
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605
WinXP, Asus P4PE, 2.53 GHz, Asus V8420 (Ti4200), SB-Live!

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik Østerud wrote:
> Today I use 6.1.744, but I often see advices in discussions about
> using older version (like 4.5.594) is much faster even with XP and
> that the security is just as good (I have a router with a firwall so I
> only use ZA to monitor outgoing programs, is there anything else I
> could do to speed up things?)

If you keep your system clean of software that is only a marketing gag
(like personal firewalls) it well be at best speed.
Activate the XP included firewall and that is all you need.

--
Ulf Leichsenring
ulf@leichsenring.net

Re: What version of ZOneAlarm fastest with XP SP2

In article <1e430$45045c35$54d05007$6982@news.chello.no>, .@. says...
> Today I use 6.1.744, but I often see advices in discussions about
> using older version (like 4.5.594) is much faster even with XP and
> that the security is just as good (I have a router with a firwall so I
> only use ZA to monitor outgoing programs, is there anything else I
> could do to speed up things?)
>
Use opera ,and a light av like antivir.
me

Re: What version of ZOneAlarm fastest with XP SP2

"Lars-Erik Østerud" <.@.> wrote in message
news:1e430$45045c35$54d05007$6982@news.chello.no...
> Today I use 6.1.744, but I often see advices in discussions about
> using older version (like 4.5.594) is much faster even with XP and
> that the security is just as good (I have a router with a firwall so I
> only use ZA to monitor outgoing programs, is there anything else I
> could do to speed up things?)
> --
> Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605
> WinXP, Asus P4PE, 2.53 GHz, Asus V8420 (Ti4200), SB-Live!
I have used all of the versions since 4.5.xxx or thereabouts. Quite
frankly, I can't see any difference in speed. Mine is the free version.
Jim

Re: What version of ZOneAlarm fastest with XP SP2

Post removed (X-No-Archive: yes)

Re: What version of ZOneAlarm fastest with XP SP2

On 12 Sep 2006 03:05:56 -0000, Anonymous
wrote:



>I also use the freebie and update it frequently. I have never noticed
>any slowdown or any other problems with ZA.

Real malware you would allow to run normally would'nt notice any
significant problems with ZA either.

My guess is, you are a normal cautious user and ZA is'nt really being
put to the test on your machine.

BTW, one of the problems with personal firewalls in general is that
when it blocks something it will let you know (even about the most
harmless things), and you as a user are happy because you think it
works. When it fails however, you most likely would'nt notice. The
perfect product for a salesman, really.

>If you believe every piece of trash talk you read in this group, you'll
>drive yourself weird.

You are absolutely right. It's incredible what is being said in this
group about the effectiveness of personal firewalls running on a
windows platform.

But it is not surprising in any way. The marketing departments of
personal firewall vendors truly are doing a great job.

/B. Nice

--
Comments I make or advice I may provide is primarily aimed at home users.

Re: What version of ZOneAlarm fastest with XP SP2

B. Nice schrieb:

> On 12 Sep 2006 03:05:56 -0000, Anonymous
> wrote:

>
> >If you believe every piece of trash talk you read in this group, you'll
> >drive yourself weird.
>
> You are absolutely right. It's incredible what is being said in this
> group about the effectiveness of personal firewalls running on a
> windows platform.

Does the platform really make a difference when it comes to host based
solutions?

Thomas

Re: What version of ZOneAlarm fastest with XP SP2

On 13 Sep 2006 12:50:05 -0700, "Thomas" wrote:

>
>B. Nice schrieb:
>> You are absolutely right. It's incredible what is being said in this
>> group about the effectiveness of personal firewalls running on a
>> windows platform.
>
>Does the platform really make a difference when it comes to host based
>solutions?

Not in principle, no.

/B. Nice

--
Comments I make or advice I may provide is primarily aimed at home users.

Re: What version of ZOneAlarm fastest with XP SP2

Ulf Leichsenring wrote:

> Activate the XP included firewall and that is all you need.

Why on earth would I do that? I have a hardware firewall in my
router. The WIndows firewall will add NO benefits for me.

I mainly use the ZA firewall to monitor what programs try to send data
or act as servers. The optimal solution for me and others with a
hardware firewall would be a small program that just did that
(monitored what programs trying to access internet).

Is there such a program out there?
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Anonymous wrote:

> If you believe every piece of trash talk you read in this group, you'll
> drive yourself weird.

Well, the 6.1 version use twice as much memory, and the transfer speed
is slightly lower than with the 4.5 versjon (I have compared them now)
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik Østerud wrote:
> I mainly use the ZA firewall to monitor what programs try to send data
> or act as servers. The optimal solution for me and others with a
> hardware firewall would be a small program that just did that
> (monitored what programs trying to access internet).

Hi Lars-Eric

Sorry, but this function can't be done by any program (Personal
Firewalls) because malicious software can deactivate this monitoring on
Windows systems without your knowledge.
Please take a look at
http://www.microsoft.com/technet/technetmag/issues/2006/05/S ecurityMyths/default.aspx
in the secion called "Myth: Host-Based Firewalls Must Filter Outbound
Traffic to be Safe." for further information from Microsoft about this
security myth.

--
Ulf Leichsenring
ulf@leichsenring.net

Re: What version of ZOneAlarm fastest with XP SP2

Ulf Leichsenring wrote:

> Sorry, but this function can't be done by any program (Personal
> Firewalls) because malicious software can deactivate this monitoring on

Well well, I can stop most usual programs (windows services, media
player etc) from accessing or acting as server. That helps a lot (just
stopping all those microsoft services listening or sending info :-)

Of course I have a anti-virus too (and as stated a hardware
firewall/NAT router)...

So I only need the "program access" part of ZA actually
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik Østerud wrote:
>> Sorry, but this function can't be done by any program (Personal
>> Firewalls) because malicious software can deactivate this monitoring on
>
> Well well, I can stop most usual programs (windows services, media
> player etc) from accessing or acting as server. That helps a lot (just
> stopping all those microsoft services listening or sending info :-)

You can only stop programs that are so gentle to let them being stopped
by another software.
To stop microsoft services from listening or sending infos why don't you
just stop the service on the system. And if you are not sure, if a
program (eg. media player) sends information over the internet, why
don't you choose an alternative software in what you can trust.
I don't run software, that I do not trust.

--
Ulf Leichsenring
ulf@leichsenring.net

Re: What version of ZOneAlarm fastest with XP SP2

Ulf Leichsenring wrote:

> To stop microsoft services from listening or sending infos why don't you
> just stop the service on the system. And if you are not sure, if a

Some MS programs always try to send/receive things :-(
And I have to use some of them :-(

I have stopped all services I don't need of course :-)
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Post removed (X-No-Archive: yes)

Re: What version of ZOneAlarm fastest with XP SP2

Ulf Leichsenring wrote:

> Please take a look at
> http://www.microsoft.com/technet/technetmag/issues/2006/05/S ecurityMyth=
s/default.aspx
> in the secion called "Myth: Host-Based Firewalls Must Filter Outbound
> Traffic to be Safe."

Although I mostly agree with what's being said there, this little blip=20
made me wonder:
"Outbound filtering is only useful on computers that are already=20
infected. And in that case, it=92s too late=97the damage is done."

The damage is done, but outbound filtering could have prevented the=20
payload from being delivered. Getting infected and letting info leak=20
from your system afterwards are two different things IMHO. In cases of=20
malware that's smart enough to circumvent your PFW, that doesn't do a=20
bit of good of course. But there's also malware that actually can be=20
stopped before doing _more_ damage (beside the infection).

People that can't (or won't) understand security, like the grandmother=20
in that article, could be helped by a PFW that doesn't let anything=20
connect out that it doesn't have a rule for. That is, when the PFW is=20
configured to only allow known programs and assuming the malware in=20
question doesn't hijack another program's connection.

I've been reading this ng for quite a while, and I agree with most=20
people here that prevention is way better than trying to cure an already =

compromised system after the fact. But what about those cases where a=20
PFW can limit the damage when infected? Doesn't that have _any_ merit at =

all, especially for inexperienced users?

Re: What version of ZOneAlarm fastest with XP SP2

Leythos wrote:

>> But what about those cases where a
>> PFW can limit the damage when infected? Doesn't that have _any_ merit at
>> all, especially for inexperienced users?
>
> Sure it does, but the idea that you can prevent apps from getting out,
> once the system is compromised, is just folly.

Consider that I was talking about the average Joe, who might have
clicked on a shady e-mail attachment, or visited a "bad" website.
Without a PFW he likely wouldn't know he just got infected and
information about his machine got sent to a hacker somewhere, ready to
be exploited. On the other hand, even if he did have a PFW and it
notified him about some funny business going on, he probably would've
clicked "Yes, allow" to get rid of that annoying popup window :-/

I don't know what I'm trying to say here... I'm beginning to think that
the only truly safe system is one that can't be used (and thus can't be
abused). The only case where my example _might_ work, is when someone
knowledgable enough has already configured the machine correctly
(hardened the OS). But even then I have my doubts.

> What you want the PFW to
> do is block outbound by port or protocol, not to care about about what
> application.

True, but the average user doesn't want to get involved in configuring
his machine. He just wants to turn it on and use it, like he would a
television or microwave oven. PFW companies are cleverly playing into
this. As long as they can sell the idea that security is "easy", they
will be around. Together with people religiously defending outbound
blocking by application.

Re: What version of ZOneAlarm fastest with XP SP2

Post removed (X-No-Archive: yes)

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik =D8sterud schrieb:

> Ulf Leichsenring wrote:
>
> > Activate the XP included firewall and that is all you need.
>
> Why on earth would I do that? I have a hardware firewall in my
> router. The WIndows firewall will add NO benefits for me.

So why on earth would you use Zone Alarm? It will add NO benefits for
you.

> I mainly use the ZA firewall to monitor what programs try to send data
> or act as servers.

As others told you before, this will not work.

> The optimal solution for me and others with a
> hardware firewall would be a small program that just did that
> (monitored what programs trying to access internet).
>=20
> Is there such a program out there?

No

Regards
Thomas

Re: What version of ZOneAlarm fastest with XP SP2

In comp.security.firewalls prophet wrote:
> The damage is done, but outbound filtering could have prevented the
> payload from being delivered.

Yes. "Could have". Or couldn't, because it's not possible to implement
that securely.

> But what about those cases where a
> PFW can limit the damage when infected? Doesn't that have _any_ merit at
> all, especially for inexperienced users?

If common "Personal Firewalls" wouldn't have security design flaws
(which they have), then I'd agree. Why not? It's a bad disproportion of
effort to fruits, implementing such complex software programs,
which cost so much resources. And for what? To have the unlikely
possibility to limit damage if the security system already failed.

But: why not? Nice try.

But many common "Personal Firewall" implementations don't only make a PC
more insecure only in theory because of adding more complexity.

We're talking about design flaws like system services, which open
windows, opening popups and asking the user important security related
questions (which he or she does not understand for sure and therefore
only can answer wrongly). We're talking about counterproductive nonsense
like filtering PINs away, which is an idiotic misinterpretation of data
security.

We are talking about software programs, which make a PC much more
insecure compared to a PC, which does not have such design flaws.

And for what? For the unlikely possibility, that it might help if we're
very, very lucky?

IBTD!

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: What version of ZOneAlarm fastest with XP SP2

Thomas wrote:

> > Why on earth would I do that? I have a hardware firewall in my
> > router. The WIndows firewall will add NO benefits for me.
>
> So why on earth would you use Zone Alarm? It will add NO benefits for

Oh yes. It will alert me when some of MS programs try to either send
some data (usually unneeded) or "act as a server" (for something I
don't need or use). I like to keep track of what is happening :-)

> As others told you before, this will not work.

For malware and viruses yes, but I guess they will be caught be the
AV, but for "serious programs" it will. I can deny MS programs access,
I can deny Word access, I can stop "host services" from beeing servers
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik =D8sterud schrieb:

> Thomas wrote:
>
> > > Why on earth would I do that? I have a hardware firewall in my
> > > router. The WIndows firewall will add NO benefits for me.
> >
> > So why on earth would you use Zone Alarm? It will add NO benefits for
>
> Oh yes. It will alert me when some of MS programs try to either send
> some data (usually unneeded) or "act as a server" (for something I
> don't need or use). I like to keep track of what is happening :-)

Disable services you don=B4t need, and you=B4re done. Far more reliable.
Plus don=B4t install programs that phone home if you don=B4t want them to
phone home. Or disable the phone home function.
>>
> > As others told you before, this will not work.
>
> For malware and viruses yes, but I guess they will be caught be the
> AV,

If they try to establish outbound connections, your AV has very
obviously _not_ caught them. And your system is toast.

>but for "serious programs" it will.

A "serious program" will not try to establish outbound connections
without you knowing about this.

> It can deny MS programs access,
> I can deny Word access, I can stop "host services" from beeing servers

It can stop everything that allows Zone Alarm to stop it. I will not
stop anything that does not allow ZA to stop it.

Regards
Thomas

Re: What version of ZOneAlarm fastest with XP SP2

Thomas wrote:

> Disable services you don´t need, and you´re done. Far more reliable.
> Plus don´t install programs that phone home if you don´t want them to
> phone home. Or disable the phone home function.

Some MS programs don't behave. Why should the printer spooler have
Internet access (it ask for), why should it have "act as a server",
and most MS programs send thing even with "phone home" off.

So even if it is not fullproof the program check funtion of ZA does
make it possibel to stop lots of programs from sending/listening.

And for malware I have anti-virus anyway (though I don't really need
that I think as I have never gotten anything, it's just to be a bit
awake on what links and messages you click on and don't use Outlook)

> If they try to establish outbound connections, your AV has very
> obviously _not_ caught them. And your system is toast.

They are caught. I get a "xxxxxxx is asking for server permissions"
etc. Have you ever used ZA or similar. I catches them, asks if they
should be able to communicate, and if not you can block them. ZA is
hooked on a very low level of the communication system in Windows (if
you stop the firewall service, nothing gets out from the machine).

> A "serious program" will not try to establish outbound connections
> without you knowing about this.

Tell that to MS :-)

> It can stop everything that allows Zone Alarm to stop it. I will not
> stop anything that does not allow ZA to stop it.

How does that get passed the "wsmon" service then? Does it have it
own network drivers all together then (since ZA has patched into the
system drivers). I know huge serious companies using ZoneLabs
firewalls on their PCs (with central administration). Are they stupid?
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

In comp.security.firewalls Lars-Erik ?sterud <.@.> wrote:
> Why should the printer spooler have
> Internet access (it ask for), why should it have "act as a server",

Because it's a print server. Just switch this functionality off if you
don't need it. BTW: this is filtered away by the Windows-Firewall, too.

> and most MS programs send thing even with "phone home" off.

Please give an example. BTW: most of the "phoning home" incidents are
useful online software updates, which you shouldn't filter.

> So even if it is not fullproof the program check funtion of ZA does
> make it possibel to stop lots of programs from sending/listening.

Most of what's done is useless or even counterproductive.

> And for malware I have anti-virus anyway

Virus Scanners cannot prevent from geting viruses by concept. They can
filter out already known viruses, so they're useful. But they will not
prevent you from getting infected, because they cannot know all malware.

> > If they try to establish outbound connections, your AV has very
> > obviously _not_ caught them. And your system is toast.
> They are caught. I get a "xxxxxxx is asking for server permissions"
> etc.

Yes. Your "Personal Firewall" is fooling you with useless claims of
securing you. The real threats are not detected, and preventing from
getting online software updates is counterproductive.

> ZA is
> hooked on a very low level of the communication system in Windows (if
> you stop the firewall service, nothing gets out from the machine).

This is just wrong. Zone Alarm cannot prevent kernel code from
communicating at all, and it even cannot prevent my little PoC code at
http://www.dingens.org/breakout-wp.cpp from phoning home.

It's even worse, Zone Alarm phones home itself. Zone Alarm does this
what they claim to prevent from.

> know huge serious companies using ZoneLabs
> firewalls on their PCs (with central administration). Are they stupid?

Yes.

Or better: they likely just don't know better.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: What version of ZOneAlarm fastest with XP SP2

Volker Birk wrote:

> Because it's a print server. Just switch this functionality off if you
> don't need it. BTW: this is filtered away by the Windows-Firewall, too.

How? I have tturned off all I can find. If I turn off more my USB
printer stops working too :-) What service should I look for.

> Please give an example. BTW: most of the "phoning home" incidents are
> useful online software updates, which you shouldn't filter.

I can post the log from ZA over all attempts to send/act as server :-)

> Virus Scanners cannot prevent from geting viruses by concept. They can
> filter out already known viruses, so they're useful. But they will not
> prevent you from getting infected, because they cannot know all malware.

I know. That is why one should always be careful what to clik on :-))

> It's even worse, Zone Alarm phones home itself. Zone Alarm does this
> what they claim to prevent from.

Well, that can be stopped too :-)
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik ?sterud <.@.> wrote:
> Volker Birk wrote:
> > Because it's a print server. Just switch this functionality off if you
> > don't need it. BTW: this is filtered away by the Windows-Firewall, too.
> How?

Beside the Windows-Firewall, you can stop File-/Printersharing.

> > Please give an example. BTW: most of the "phoning home" incidents are
> > useful online software updates, which you shouldn't filter.
> I can post the log from ZA over all attempts to send/act as server :-)

Feel free to do this.

> > It's even worse, Zone Alarm phones home itself. Zone Alarm does this
> > what they claim to prevent from.
> Well, that can be stopped too :-)

I'd be interested how to do so. We already discussed this here, and
everybody was surprised, that Zone Alarm does this.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: What version of ZOneAlarm fastest with XP SP2

prophet wrote:
> compromised system after the fact. But what about those cases where a
> PFW can limit the damage when infected? Doesn't that have _any_ merit at
> all, especially for inexperienced users?

But most of the inexperienced users equipped with personal firewalls
behave like: "I don't have to be carefully while using the internet. I'm
totally secured by this ."
And then they will click on every dubious link and email attachment. I'm
working in it-security for more than 10 years now and that's the reality
unfortunately.


--
Ulf Leichsenring
ulf@leichsenring.net

Re: What version of ZOneAlarm fastest with XP SP2

Ulf Leichsenring wrote:

> But most of the inexperienced users equipped with personal firewalls
> behave like: "I don't have to be carefully while using the internet. I'm
> totally secured by this ."

Their problems. IT techs need to have work too :-)

> And then they will click on every dubious link and email attachment. I'm
> working in it-security for more than 10 years now and that's the reality

Even employees in IT companies does this (especially sales-people :-)
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Volker Birk wrote:

> Beside the Windows-Firewall, you can stop File-/Printersharing.

That's the strange thing. It IS not even enabled. And both the
"Server" and "Workstation" services are disabled. Tried disabling the
"Spooler" service too, but then I loose all mye printers :-(

So why does the spooler go on the net then (and not the internal
127.0.0.1 zone either, it asks for external network access)?
--
Lars-Erik - http://home.chello.no/~larse/ - ICQ 7297605

Re: What version of ZOneAlarm fastest with XP SP2

Lars-Erik ?sterud <.@.> wrote:
> So why does the spooler go on the net then

Because it's stupid? ;-)

BTW: You'll find more on how to disable Windows' services on Torsten's
page:

http://ntsvcfg.de/ntsvcfg_eng.html

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc