Norton vs Zone Alarm firewalls

My Zone Alarm Pro firewall subscription expires in a few days and I recently
bought a Norton Internet Security 2008 package that contains a firewall.
I currently have the Norton firewall turned off and just use the Zone Alarm
Pro firewall.
I don't use the Win XP firewall because I heard that it's not a good idea to
have several firewall on at the same time.
We get internet through a Belkin pre-N wireless router that is supposed to
have some sort of firewall built in and that one is turned on.
My computer connects to the router with an ethernet cable and my son's
computer uses a Belkin N usb wireless adapter. They both have the same
current setup I describe regarding firewalls.
Can anyone please advise on whether the Zone Alarm Pro firewall is any
better than the Norton firewall in my situation?
Should I renew the Zone Alarm Pro subscription or uninstall it when it
expires and turn on the Norton firewall?
Thanks for any advice.

Re: Norton vs Zone Alarm firewalls

Luis Ortega wrote:
> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.
> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.
> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?
> Thanks for any advice.
>
>
Good luck if you should decide to try and uninstall Norton.

John.

Re: Norton vs Zone Alarm firewalls

You don't understand.
I'm not trying to uninstall Norton, I'm wondering whether to renew the Zone
alarm if Norton already comes with a firewall. I'm interested to know which
might be the better firewall.
Does anyone have any relevant advice on this?

"John" wrote in message
news:5qqit1F119k12U1@mid.individual.net...
> Luis Ortega wrote:
>> My Zone Alarm Pro firewall subscription expires in a few days and I
>> recently bought a Norton Internet Security 2008 package that contains a
>> firewall.
>> I currently have the Norton firewall turned off and just use the Zone
>> Alarm Pro firewall.
>> I don't use the Win XP firewall because I heard that it's not a good idea
>> to have several firewall on at the same time.
>> We get internet through a Belkin pre-N wireless router that is supposed
>> to have some sort of firewall built in and that one is turned on.
>> My computer connects to the router with an ethernet cable and my son's
>> computer uses a Belkin N usb wireless adapter. They both have the same
>> current setup I describe regarding firewalls.
>> Can anyone please advise on whether the Zone Alarm Pro firewall is any
>> better than the Norton firewall in my situation?
>> Should I renew the Zone Alarm Pro subscription or uninstall it when it
>> expires and turn on the Norton firewall?
>> Thanks for any advice.
> Good luck if you should decide to try and uninstall Norton.
>
> John.

Re: Norton vs Zone Alarm firewalls

Luis Ortega added these comments in the current discussion du
jour ...

> You don't understand.
> I'm not trying to uninstall Norton, I'm wondering whether to
> renew the Zone alarm if Norton already comes with a firewall.
> I'm interested to know which might be the better firewall.
> Does anyone have any relevant advice on this?

The person who replied to you is warning you that it can be
problematical to effectively get 100% rid of any Symantec
product. I have System Works 2006 and understand its limitations
and I think I know what to do if I want to uninstall it, but I
wouldn't want Norton Internet Security on my PC - it is too all-
invasive. Now, it has happened to me and I've read of others
having similar experiences, if you DO need or want to fully
uninstall Norton/Symantec products, you almost always need to use
their uninstall cleanup utility after you uninstall it in
Add/Remove programs. I have also found that I must go through my
Registry looking for orphan keys or entries and kill them, else I
have problems with the new utility I'm trying to install. Now,
what I DON'T know is if I ever really got rid of all the crap.

I personally run eTrust Pest Patrol and the commercial Zone
Alarm. Yes, annual subscriptions for these are getting prices as
is a NAV subscriptions. But, one has to decide for themselves how
much money to spend on peace of mind. As to MS's XP SP2 firewall,
it might be OK if it were at all reasonable to set it up to
properly monitor all of the inbound and outbound ports on your PC
and do anywhere near as effect a job on watching for bad guys as
does Pest Patrol and ZA. Now, ZA is a bit annoying with its
constant "do you want to allow or block this, or that", but I
actually like to SEE what it thinks is a risk than to go blithely
on my way ignorant of what is happening around me.

Your choice, and I'll add a "good luck", you may need it!

> "John" wrote in message
> news:5qqit1F119k12U1@mid.individual.net...
>> Luis Ortega wrote:
>>> My Zone Alarm Pro firewall subscription expires in a few
>>> days and I recently bought a Norton Internet Security 2008
>>> package that contains a firewall. I currently have the
>>> Norton firewall turned off and just use the Zone Alarm Pro
>>> firewall. I don't use the Win XP firewall because I heard
>>> that it's not a good idea to have several firewall on at the
>>> same time. We get internet through a Belkin pre-N wireless
>>> router that is supposed to have some sort of firewall built
>>> in and that one is turned on. My computer connects to the
>>> router with an ethernet cable and my son's computer uses a
>>> Belkin N usb wireless adapter. They both have the same
>>> current setup I describe regarding firewalls. Can anyone
>>> please advise on whether the Zone Alarm Pro firewall is any
>>> better than the Norton firewall in my situation?
>>> Should I renew the Zone Alarm Pro subscription or uninstall
>>> it when it expires and turn on the Norton firewall?
>>> Thanks for any advice.
>> Good luck if you should decide to try and uninstall Norton.
>>
>> John.
>
>
>



--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

Thanks, but that's not what I'm asking or even interested in.

"HEMI-Powered" wrote in message
news:Xns99F251CCECA8CReplyScoreID@140.99.99.130...
> Luis Ortega added these comments in the current discussion du
> jour ...
>
>> You don't understand.
>> I'm not trying to uninstall Norton, I'm wondering whether to
>> renew the Zone alarm if Norton already comes with a firewall.
>> I'm interested to know which might be the better firewall.
>> Does anyone have any relevant advice on this?
>
> The person who replied to you is warning you that it can be
> problematical to effectively get 100% rid of any Symantec
> product. I have System Works 2006 and understand its limitations
> and I think I know what to do if I want to uninstall it, but I
> wouldn't want Norton Internet Security on my PC - it is too all-
> invasive. Now, it has happened to me and I've read of others
> having similar experiences, if you DO need or want to fully
> uninstall Norton/Symantec products, you almost always need to use
> their uninstall cleanup utility after you uninstall it in
> Add/Remove programs. I have also found that I must go through my
> Registry looking for orphan keys or entries and kill them, else I
> have problems with the new utility I'm trying to install. Now,
> what I DON'T know is if I ever really got rid of all the crap.
>
> I personally run eTrust Pest Patrol and the commercial Zone
> Alarm. Yes, annual subscriptions for these are getting prices as
> is a NAV subscriptions. But, one has to decide for themselves how
> much money to spend on peace of mind. As to MS's XP SP2 firewall,
> it might be OK if it were at all reasonable to set it up to
> properly monitor all of the inbound and outbound ports on your PC
> and do anywhere near as effect a job on watching for bad guys as
> does Pest Patrol and ZA. Now, ZA is a bit annoying with its
> constant "do you want to allow or block this, or that", but I
> actually like to SEE what it thinks is a risk than to go blithely
> on my way ignorant of what is happening around me.
>
> Your choice, and I'll add a "good luck", you may need it!
>
>> "John" wrote in message
>> news:5qqit1F119k12U1@mid.individual.net...
>>> Luis Ortega wrote:
>>>> My Zone Alarm Pro firewall subscription expires in a few
>>>> days and I recently bought a Norton Internet Security 2008
>>>> package that contains a firewall. I currently have the
>>>> Norton firewall turned off and just use the Zone Alarm Pro
>>>> firewall. I don't use the Win XP firewall because I heard
>>>> that it's not a good idea to have several firewall on at the
>>>> same time. We get internet through a Belkin pre-N wireless
>>>> router that is supposed to have some sort of firewall built
>>>> in and that one is turned on. My computer connects to the
>>>> router with an ethernet cable and my son's computer uses a
>>>> Belkin N usb wireless adapter. They both have the same
>>>> current setup I describe regarding firewalls. Can anyone
>>>> please advise on whether the Zone Alarm Pro firewall is any
>>>> better than the Norton firewall in my situation?
>>>> Should I renew the Zone Alarm Pro subscription or uninstall
>>>> it when it expires and turn on the Norton firewall?
>>>> Thanks for any advice.
>>> Good luck if you should decide to try and uninstall Norton.
>>>
>>> John.
>>
>>
>>
>
>
>
> --
> HP, aka Jerry
>
> "Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

Luis Ortega, 11/24/2007,6:31:59 AM, wrote:

> My Zone Alarm Pro firewall subscription expires in a few days and I
> recently bought a Norton Internet Security 2008 package that contains
> a firewall. I currently have the Norton firewall turned off and just
> use the Zone Alarm Pro firewall. I don't use the Win XP firewall
> because I heard that it's not a good idea to have several firewall on
> at the same time. We get internet through a Belkin pre-N wireless
> router that is supposed to have some sort of firewall built in and
> that one is turned on. My computer connects to the router with an
> ethernet cable and my son's computer uses a Belkin N usb wireless
> adapter. They both have the same current setup I describe regarding
> firewalls. Can anyone please advise on whether the Zone Alarm Pro
> firewall is any better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when
> it expires and turn on the Norton firewall? Thanks for any advice.

A couple of years ago Norton took over one of the smaller firewall
software companies and integrated it into their own product. The name
escapes me at this time. I am sure either will be adequate for your
peace of mind, but not necessarily in reality. If you are comfortable
with ZA then upgrade your subscription. If you have already paid for
the NIS then you will be wasting your money, but that is your decision.

You are probably getting more protection from your NAT-enabled router
than from either one of those products. But then again I am no expert
so do what seems right to you.

Re: Norton vs Zone Alarm firewalls

Luis Ortega added these comments in the current discussion du
jour ...

> Thanks, but that's not what I'm asking or even interested in.

I know it's not but you responded negatively to the person who
warned you about Symantec and I wanted to let you know what this
is all about. How and where you spend your money is of no concern
of mine, just don't come crying here if you hose your system
after having been warned. Now, as to Norton vs. Zone Alarm vs.
XP's firewall, unless you're into marketing hype, ZA has NIS beat
hands down by any qualitative or quantitative measure, including
independent testing and owner experience. Now I'm sure of it: you
really do need good luck!

> "HEMI-Powered" wrote in message
> news:Xns99F251CCECA8CReplyScoreID@140.99.99.130...
>> Luis Ortega added these comments in the current discussion du
>> jour ...
>>
>>> You don't understand.
>>> I'm not trying to uninstall Norton, I'm wondering whether to
>>> renew the Zone alarm if Norton already comes with a
>>> firewall. I'm interested to know which might be the better
>>> firewall. Does anyone have any relevant advice on this?
>>
>> The person who replied to you is warning you that it can be
>> problematical to effectively get 100% rid of any Symantec
>> product. I have System Works 2006 and understand its
>> limitations and I think I know what to do if I want to
>> uninstall it, but I wouldn't want Norton Internet Security on
>> my PC - it is too all- invasive. Now, it has happened to me
>> and I've read of others having similar experiences, if you DO
>> need or want to fully uninstall Norton/Symantec products, you
>> almost always need to use their uninstall cleanup utility
>> after you uninstall it in Add/Remove programs. I have also
>> found that I must go through my Registry looking for orphan
>> keys or entries and kill them, else I have problems with the
>> new utility I'm trying to install. Now, what I DON'T know is
>> if I ever really got rid of all the crap.
>>
>> I personally run eTrust Pest Patrol and the commercial Zone
>> Alarm. Yes, annual subscriptions for these are getting prices
>> as is a NAV subscriptions. But, one has to decide for
>> themselves how much money to spend on peace of mind. As to
>> MS's XP SP2 firewall, it might be OK if it were at all
>> reasonable to set it up to properly monitor all of the
>> inbound and outbound ports on your PC and do anywhere near as
>> effect a job on watching for bad guys as does Pest Patrol and
>> ZA. Now, ZA is a bit annoying with its constant "do you want
>> to allow or block this, or that", but I actually like to SEE
>> what it thinks is a risk than to go blithely on my way
>> ignorant of what is happening around me.
>>
>> Your choice, and I'll add a "good luck", you may need it!
>>
>>> "John" wrote in message
>>> news:5qqit1F119k12U1@mid.individual.net...
>>>> Luis Ortega wrote:
>>>>> My Zone Alarm Pro firewall subscription expires in a few
>>>>> days and I recently bought a Norton Internet Security 2008
>>>>> package that contains a firewall. I currently have the
>>>>> Norton firewall turned off and just use the Zone Alarm Pro
>>>>> firewall. I don't use the Win XP firewall because I heard
>>>>> that it's not a good idea to have several firewall on at
>>>>> the same time. We get internet through a Belkin pre-N
>>>>> wireless router that is supposed to have some sort of
>>>>> firewall built in and that one is turned on. My computer
>>>>> connects to the router with an ethernet cable and my son's
>>>>> computer uses a Belkin N usb wireless adapter. They both
>>>>> have the same current setup I describe regarding
>>>>> firewalls. Can anyone please advise on whether the Zone
>>>>> Alarm Pro firewall is any better than the Norton firewall
>>>>> in my situation? Should I renew the Zone Alarm Pro
>>>>> subscription or uninstall it when it expires and turn on
>>>>> the Norton firewall? Thanks for any advice.
>>>> Good luck if you should decide to try and uninstall Norton.
>>>>
>>>> John.
>>>
>>>
>>>
>>
>>
>>
>> --
>> HP, aka Jerry
>>
>> "Never complain, never explain" - Henry Ford II
>
>
>



--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
wrote:

>My Zone Alarm Pro firewall subscription expires in a few days and I recently
>bought a Norton Internet Security 2008 package that contains a firewall.
>I currently have the Norton firewall turned off and just use the Zone Alarm
>Pro firewall.
>I don't use the Win XP firewall because I heard that it's not a good idea to
>have several firewall on at the same time.
>We get internet through a Belkin pre-N wireless router that is supposed to
>have some sort of firewall built in and that one is turned on.
>My computer connects to the router with an ethernet cable and my son's
>computer uses a Belkin N usb wireless adapter. They both have the same
>current setup I describe regarding firewalls.
>Can anyone please advise on whether the Zone Alarm Pro firewall is any
>better than the Norton firewall in my situation?
>Should I renew the Zone Alarm Pro subscription or uninstall it when it
>expires and turn on the Norton firewall?
>Thanks for any advice.
>

Many a computer * screwup * is caused by Norton .

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
wrote:

> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package


A bad mistake, in my view. Norton is the *worst* security product on
the market.


> that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.


That's correct. You should run only a single software firewall.


> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.


Good.


> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?


My view, as I said above, is that almost any other product is better
than Norton anything.


> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?


Those are only two of your many choices. I would use ZA in preference
to Norton, but I would also use ZA free rather than ZA Pro. I don't
think Pro is worth the money.

You could also use the built-in Windows firewall instead of either.

Finally, note that with your router, any software firewall adds very
little to your protection.

--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup

Re: Norton vs Zone Alarm firewalls

Thanks. My understanding of router firewalls is that they only block
incoming traffic and if there is some malware on the system then outgoing
stuff is not blocked. Is that correct?


"Ken Blake, MVP" wrote in message
news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
> On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
> wrote:
>
>> My Zone Alarm Pro firewall subscription expires in a few days and I
>> recently
>> bought a Norton Internet Security 2008 package
>
>
> A bad mistake, in my view. Norton is the *worst* security product on
> the market.
>
>
>> that contains a firewall.
>> I currently have the Norton firewall turned off and just use the Zone
>> Alarm
>> Pro firewall.
>> I don't use the Win XP firewall because I heard that it's not a good idea
>> to
>> have several firewall on at the same time.
>
>
> That's correct. You should run only a single software firewall.
>
>
>> We get internet through a Belkin pre-N wireless router that is supposed
>> to
>> have some sort of firewall built in and that one is turned on.
>
>
> Good.
>
>
>> My computer connects to the router with an ethernet cable and my son's
>> computer uses a Belkin N usb wireless adapter. They both have the same
>> current setup I describe regarding firewalls.
>> Can anyone please advise on whether the Zone Alarm Pro firewall is any
>> better than the Norton firewall in my situation?
>
>
> My view, as I said above, is that almost any other product is better
> than Norton anything.
>
>
>> Should I renew the Zone Alarm Pro subscription or uninstall it when it
>> expires and turn on the Norton firewall?
>
>
> Those are only two of your many choices. I would use ZA in preference
> to Norton, but I would also use ZA free rather than ZA Pro. I don't
> think Pro is worth the money.
>
> You could also use the built-in Windows firewall instead of either.
>
> Finally, note that with your router, any software firewall adds very
> little to your protection.
>
> --
> Ken Blake, Microsoft MVP Windows - Shell/User
> Please Reply to the Newsgroup

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 15:49:43 GMT, "Luis Ortega"
wrote:

> Thanks. My understanding of router firewalls is that they only block
> incoming traffic and if there is some malware on the system then outgoing
> stuff is not blocked. Is that correct?


Yes, it's correct. The same is true of the built-in Windows firewall;
it too is inbound only.

However many knowledgeable people feel that monitoring outbound
traffic adds little or nothing to the effectiveness of the firewall.

I'm personally not convinced that either point of view is absolutely
right, but as a precaution, I use the free ZA in addition to what my
router does. My guess is that any extra protection I'm adding is
slight, but on the other hand, the hit on performance by having it
running appears to be slight too.


> "Ken Blake, MVP" wrote in message
> news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
> > On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
> > wrote:
> >
> >> My Zone Alarm Pro firewall subscription expires in a few days and I
> >> recently
> >> bought a Norton Internet Security 2008 package
> >
> >
> > A bad mistake, in my view. Norton is the *worst* security product on
> > the market.
> >
> >
> >> that contains a firewall.
> >> I currently have the Norton firewall turned off and just use the Zone
> >> Alarm
> >> Pro firewall.
> >> I don't use the Win XP firewall because I heard that it's not a good idea
> >> to
> >> have several firewall on at the same time.
> >
> >
> > That's correct. You should run only a single software firewall.
> >
> >
> >> We get internet through a Belkin pre-N wireless router that is supposed
> >> to
> >> have some sort of firewall built in and that one is turned on.
> >
> >
> > Good.
> >
> >
> >> My computer connects to the router with an ethernet cable and my son's
> >> computer uses a Belkin N usb wireless adapter. They both have the same
> >> current setup I describe regarding firewalls.
> >> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> >> better than the Norton firewall in my situation?
> >
> >
> > My view, as I said above, is that almost any other product is better
> > than Norton anything.
> >
> >
> >> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> >> expires and turn on the Norton firewall?
> >
> >
> > Those are only two of your many choices. I would use ZA in preference
> > to Norton, but I would also use ZA free rather than ZA Pro. I don't
> > think Pro is worth the money.
> >
> > You could also use the built-in Windows firewall instead of either.
> >
> > Finally, note that with your router, any software firewall adds very
> > little to your protection.
> >
> > --
> > Ken Blake, Microsoft MVP Windows - Shell/User
> > Please Reply to the Newsgroup
>

--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup

Re: Norton vs Zone Alarm firewalls

Luis Ortega added these comments in the current discussion du
jour ...

> Thanks. My understanding of router firewalls is that they only
> block incoming traffic and if there is some malware on the
> system then outgoing stuff is not blocked. Is that correct?
>
Again, can't speak definitely if a NAT router can or cannot
monitor/block outgoing but it can do a modicum job on incoming.
There ARE some caveats, though, such as you MUST make sure that
it has been properly set-up in the first place to monitor
incoming traffic on ports you're interested in and you MUST make
sure from time-to-time that your set-up hasn't been lost. I lost
mine inadvertantly during one of many short power hits where I
live.

But, even if a "good" NAT router is properly set-up and monitored
to ensure continuing protection, it's overall protection from an
even moderately knowledgeable bad guy is pretty minimal. If you
have ANY fears, founded or unfounded, about your Internet
activities and/or identity theft, then you really should greatly
harden your malware protection past the normal AV SW and you
should add some sort of SW firewall and train it as to what you
will allow and what you want blocked. Be aware, though, that ANY
decent firewall will be annoying some amount of the time, and
that is what you WANT, since you want the thing to err on the
side of caution and at least give you a warning which you can
ignore once, ignore forever, allow through once, or give it
permission to allow that particular incoming traffic access every
time.

> "Ken Blake, MVP" wrote in
> message news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
>> On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
>> wrote:
>>
>>> My Zone Alarm Pro firewall subscription expires in a few
>>> days and I recently bought a Norton Internet Security 2008
>>> package
>>
>>
>> A bad mistake, in my view. Norton is the *worst* security
>> product on the market.
>>
>>
>>> that contains a firewall.
>>> I currently have the Norton firewall turned off and just use
>>> the Zone Alarm
>>> Pro firewall.
>>> I don't use the Win XP firewall because I heard that it's
>>> not a good idea to have several firewall on at the same
>>> time.
>>
>>
>> That's correct. You should run only a single software
>> firewall.
>>
>>
>>> We get internet through a Belkin pre-N wireless router that
>>> is supposed to have some sort of firewall built in and that
>>> one is turned on.
>>
>>
>> Good.
>>
>>
>>> My computer connects to the router with an ethernet cable
>>> and my son's computer uses a Belkin N usb wireless adapter.
>>> They both have the same current setup I describe regarding
>>> firewalls. Can anyone please advise on whether the Zone
>>> Alarm Pro firewall is any better than the Norton firewall in
>>> my situation?
>>
>>
>> My view, as I said above, is that almost any other product is
>> better than Norton anything.
>>
>>
>>> Should I renew the Zone Alarm Pro subscription or uninstall
>>> it when it expires and turn on the Norton firewall?
>>
>>
>> Those are only two of your many choices. I would use ZA in
>> preference to Norton, but I would also use ZA free rather
>> than ZA Pro. I don't think Pro is worth the money.
>>
>> You could also use the built-in Windows firewall instead of
>> either.
>>
>> Finally, note that with your router, any software firewall
>> adds very little to your protection.
>>
>> --
>> Ken Blake, Microsoft MVP Windows - Shell/User
>> Please Reply to the Newsgroup
>
>
>



--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

Ken Blake, MVP added these comments in the current discussion du
jour ...

>> Thanks. My understanding of router firewalls is that they
>> only block incoming traffic and if there is some malware on
>> the system then outgoing stuff is not blocked. Is that
>> correct?
>
> Yes, it's correct. The same is true of the built-in Windows
> firewall; it too is inbound only.
>
> However many knowledgeable people feel that monitoring
> outbound traffic adds little or nothing to the effectiveness
> of the firewall.
>
> I'm personally not convinced that either point of view is
> absolutely right, but as a precaution, I use the free ZA in
> addition to what my router does. My guess is that any extra
> protection I'm adding is slight, but on the other hand, the
> hit on performance by having it running appears to be slight
> too.

I tried the free ZA and didn't think it did enough. As to a
performance hit, I can't detect one except when it stops some
other process and waits until I tell it to let the traffic in or
out or to block it. That can be annoying but FAR less annoying
then getting blasted by some nasty infection or suffering a major
outtage or identity theft issue.
>
>> "Ken Blake, MVP" wrote in
>> message news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
>> > On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
>> > wrote:
>> >
>> >> My Zone Alarm Pro firewall subscription expires in a few
>> >> days and I recently bought a Norton Internet Security 2008
>> >> package
>> >
>> >
>> > A bad mistake, in my view. Norton is the *worst* security
>> > product on the market.
>> >
>> >
>> >> that contains a firewall.
>> >> I currently have the Norton firewall turned off and just
>> >> use the Zone Alarm
>> >> Pro firewall.
>> >> I don't use the Win XP firewall because I heard that it's
>> >> not a good idea to have several firewall on at the same
>> >> time.
>> >
>> >
>> > That's correct. You should run only a single software
>> > firewall.
>> >
>> >
>> >> We get internet through a Belkin pre-N wireless router
>> >> that is supposed to have some sort of firewall built in
>> >> and that one is turned on.
>> >
>> >
>> > Good.
>> >
>> >
>> >> My computer connects to the router with an ethernet cable
>> >> and my son's computer uses a Belkin N usb wireless
>> >> adapter. They both have the same current setup I describe
>> >> regarding firewalls. Can anyone please advise on whether
>> >> the Zone Alarm Pro firewall is any better than the Norton
>> >> firewall in my situation?
>> >
>> >
>> > My view, as I said above, is that almost any other product
>> > is better than Norton anything.
>> >
>> >
>> >> Should I renew the Zone Alarm Pro subscription or
>> >> uninstall it when it expires and turn on the Norton
>> >> firewall?
>> >
>> >
>> > Those are only two of your many choices. I would use ZA in
>> > preference to Norton, but I would also use ZA free rather
>> > than ZA Pro. I don't think Pro is worth the money.
>> >
>> > You could also use the built-in Windows firewall instead of
>> > either.
>> >
>> > Finally, note that with your router, any software firewall
>> > adds very little to your protection.
>> >
>> > --
>> > Ken Blake, Microsoft MVP Windows - Shell/User
>> > Please Reply to the Newsgroup
>>
>



--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

Hi Luis,
I quit reading responses when the zealots crawled out of the woodwork so
please forgive me if I'm repeating someone's input here:

IMO, and that of many other people I know, either of the firewalls you
mention are good ones.
Personally, I would base my opinion on which one to use based on how
they "feel" to me; ease of use, setting blocks/unblocks, controlling
when/how often it interrupts me settings, relevancy of log data, etc..

I have a NAT DSL router and ZoneAlarm. I'm quite happy with them. I also
have Norton SystemWorks which is sans a firewall but my ISP is offering the
NIS pkg, which includes a firewall, so I just may take a look at Norton's
firewall but my choices will be based on how it fits to my own use and
perceptions.

The XP firewall is "decent" but only checks incoming traffic, not outgoing,
so if you had something that was calling home with your account passwords,
it would miss it. It's real use is so that you CAN have a firewall when you
first hit the internet and until you get all of your updates and other
protection apps into place and updated. I seldom have to rebuild my system
so I've only used it once or twice, but it does give basic protection but
that's about all.

You're also correct in that having two software firewalls working at the
same time is a no-no. They will step on each other's resources even if they
seem to work together. Many firewalls won't even install until you disable
any other one you have working. Some even make you actually Remove the
other firewall before they'll install and XP also has a firewall monitor
that'll complain to you.

So, I'd say use the one that feels right to you based on the two you
indicated. They both have excellent reputations for ability and
dependability.
As for the crap about removing Norton, it boils down to being able to
RTFM; if you can read and follow directions it's a snap. I've done it
several times on my own machines and that of clients, for various reasons.

HTH

Pop`


Luis Ortega wrote:
> My Zone Alarm Pro firewall subscription expires in a few days and I
> recently bought a Norton Internet Security 2008 package that contains
> a firewall. I currently have the Norton firewall turned off and just use
> the Zone
> Alarm Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good
> idea to have several firewall on at the same time.
> We get internet through a Belkin pre-N wireless router that is
> supposed to have some sort of firewall built in and that one is
> turned on. My computer connects to the router with an ethernet cable and
> my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?
> Thanks for any advice.

Re: Norton vs Zone Alarm firewalls

Ken

Are you using System Restore? Have you ever noticed any outbound traffic
being stopped by Zone Alarm? Does Zone alarm stop malware phoning home?


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Ken Blake, MVP wrote:
> On Sat, 24 Nov 2007 15:49:43 GMT, "Luis Ortega"
> wrote:
>
>> Thanks. My understanding of router firewalls is that they only block
>> incoming traffic and if there is some malware on the system then
>> outgoing stuff is not blocked. Is that correct?
>
>
> Yes, it's correct. The same is true of the built-in Windows firewall;
> it too is inbound only.
>
> However many knowledgeable people feel that monitoring outbound
> traffic adds little or nothing to the effectiveness of the firewall.
>
> I'm personally not convinced that either point of view is absolutely
> right, but as a precaution, I use the free ZA in addition to what my
> router does. My guess is that any extra protection I'm adding is
> slight, but on the other hand, the hit on performance by having it
> running appears to be slight too.
>
>
>> "Ken Blake, MVP" wrote in message
>> news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
>>> On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
>>> wrote:
>>>
>>>> My Zone Alarm Pro firewall subscription expires in a few days and I
>>>> recently
>>>> bought a Norton Internet Security 2008 package
>>>
>>>
>>> A bad mistake, in my view. Norton is the *worst* security product on
>>> the market.
>>>
>>>
>>>> that contains a firewall.
>>>> I currently have the Norton firewall turned off and just use the
>>>> Zone Alarm
>>>> Pro firewall.
>>>> I don't use the Win XP firewall because I heard that it's not a
>>>> good idea to
>>>> have several firewall on at the same time.
>>>
>>>
>>> That's correct. You should run only a single software firewall.
>>>
>>>
>>>> We get internet through a Belkin pre-N wireless router that is
>>>> supposed to
>>>> have some sort of firewall built in and that one is turned on.
>>>
>>>
>>> Good.
>>>
>>>
>>>> My computer connects to the router with an ethernet cable and my
>>>> son's computer uses a Belkin N usb wireless adapter. They both
>>>> have the same current setup I describe regarding firewalls.
>>>> Can anyone please advise on whether the Zone Alarm Pro firewall is
>>>> any better than the Norton firewall in my situation?
>>>
>>>
>>> My view, as I said above, is that almost any other product is better
>>> than Norton anything.
>>>
>>>
>>>> Should I renew the Zone Alarm Pro subscription or uninstall it
>>>> when it expires and turn on the Norton firewall?
>>>
>>>
>>> Those are only two of your many choices. I would use ZA in
>>> preference to Norton, but I would also use ZA free rather than ZA
>>> Pro. I don't think Pro is worth the money.
>>>
>>> You could also use the built-in Windows firewall instead of either.
>>>
>>> Finally, note that with your router, any software firewall adds very
>>> little to your protection.
>>>
>>> --
>>> Ken Blake, Microsoft MVP Windows - Shell/User
>>> Please Reply to the Newsgroup

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 18:24:44 -0000, "Gerry" wrote:

> Ken
>
> Are you using System Restore?


It's on. I've restored from it a couple of times, on my XP machines,
where ZA is running.. I've never had a problem or conflict between it
and ZA.


> Have you ever noticed any outbound traffic
> being stopped by Zone Alarm?


Not that I remember.


> Does Zone alarm stop malware phoning home?


That's the theory. Some dispute it. I can't say from my own
experience, since I've never had any malware installed here.



> Ken Blake, MVP wrote:
> > On Sat, 24 Nov 2007 15:49:43 GMT, "Luis Ortega"
> > wrote:
> >
> >> Thanks. My understanding of router firewalls is that they only block
> >> incoming traffic and if there is some malware on the system then
> >> outgoing stuff is not blocked. Is that correct?
> >
> >
> > Yes, it's correct. The same is true of the built-in Windows firewall;
> > it too is inbound only.
> >
> > However many knowledgeable people feel that monitoring outbound
> > traffic adds little or nothing to the effectiveness of the firewall.
> >
> > I'm personally not convinced that either point of view is absolutely
> > right, but as a precaution, I use the free ZA in addition to what my
> > router does. My guess is that any extra protection I'm adding is
> > slight, but on the other hand, the hit on performance by having it
> > running appears to be slight too.
> >
> >
> >> "Ken Blake, MVP" wrote in message
> >> news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
> >>> On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
> >>> wrote:
> >>>
> >>>> My Zone Alarm Pro firewall subscription expires in a few days and I
> >>>> recently
> >>>> bought a Norton Internet Security 2008 package
> >>>
> >>>
> >>> A bad mistake, in my view. Norton is the *worst* security product on
> >>> the market.
> >>>
> >>>
> >>>> that contains a firewall.
> >>>> I currently have the Norton firewall turned off and just use the
> >>>> Zone Alarm
> >>>> Pro firewall.
> >>>> I don't use the Win XP firewall because I heard that it's not a
> >>>> good idea to
> >>>> have several firewall on at the same time.
> >>>
> >>>
> >>> That's correct. You should run only a single software firewall.
> >>>
> >>>
> >>>> We get internet through a Belkin pre-N wireless router that is
> >>>> supposed to
> >>>> have some sort of firewall built in and that one is turned on.
> >>>
> >>>
> >>> Good.
> >>>
> >>>
> >>>> My computer connects to the router with an ethernet cable and my
> >>>> son's computer uses a Belkin N usb wireless adapter. They both
> >>>> have the same current setup I describe regarding firewalls.
> >>>> Can anyone please advise on whether the Zone Alarm Pro firewall is
> >>>> any better than the Norton firewall in my situation?
> >>>
> >>>
> >>> My view, as I said above, is that almost any other product is better
> >>> than Norton anything.
> >>>
> >>>
> >>>> Should I renew the Zone Alarm Pro subscription or uninstall it
> >>>> when it expires and turn on the Norton firewall?
> >>>
> >>>
> >>> Those are only two of your many choices. I would use ZA in
> >>> preference to Norton, but I would also use ZA free rather than ZA
> >>> Pro. I don't think Pro is worth the money.
> >>>
> >>> You could also use the built-in Windows firewall instead of either.
> >>>
> >>> Finally, note that with your router, any software firewall adds very
> >>> little to your protection.
> >>>
> >>> --
> >>> Ken Blake, Microsoft MVP Windows - Shell/User
> >>> Please Reply to the Newsgroup
>

--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup

Re: Norton vs Zone Alarm firewalls

Luis Ortega wrote:
> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.
> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.
> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?
> Thanks for any advice.


Alt.comp.anti-virus or alt.comp.virus are better places to ask your
question. Many of the people in those two groups are unusually
knowledgeable about this subject. I will forewarn you however that (the
last time I was there at least) Norton home use products were not at the
top of their recommended lists.

John

Re: Norton vs Zone Alarm firewalls

On Nov 24, 8:31 pm, "Luis Ortega" wrote:
> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.

It is actually also a bad idea to install more then one software
firewall on a computer. The software firewall to do its "job" deeply
integrates/messes with the Windows system. In general, the only way to
get properly rid of an installed (single) software firewall on a
Windows system is to reinstall the system. Otherwise you may see all
kinds of issues after the uninstallation plus usually not everything
is gone after the standard deinstallation from the software wizard.
That's why you have to download additional tools from Symantec or
others only to get rid of the rest.

Now make the math: you have already installed two firewalls on your
computer. (The Windows XP firewall is part of the OS that's why it
does not cause issues here). Twice you have messed up the system with
an installation of a software firewall. Both try to hook into the
system to do their job and to make them fixed into the system so that
other malware does not accidentally removes the firewall software.

It is even now impossible to say whether any of those two firewalls
operates correctly if turned on. Norton may well have removed some of
the hooks which ZoneAlarm installed which ZoneAlarm did not notice. Or
well, maybe ZoneAlarm noticed some of those changes and reverted them
back removing Norton hooks...

Honestly, I would recommend to reinstall Windows from scratch and
learn a little about computer security and how to keep your computer
secure by what you DO instead of what you INSTALL. It is not so
complicated and still human beings are more intelligent than some
piece of software. It is possible to run a computer without any
firewall running and without getting infected with malware. But
obviously, this last statement does not sell good that's why you find
a lot of opposite (well sponsored) statements.

At the current stage I doubt you will be able to get any of those
firewalls removed from your system without damage to the system...

Gerald

Re: Norton vs Zone Alarm firewalls

On Nov 25, 12:49 am, "Luis Ortega" wrote:
> Thanks. My understanding of router firewalls is that they only block
> incoming traffic and if there is some malware on the system then outgoing
> stuff is not blocked. Is that correct?

Correct. But software firewalls only detect outgoing traffic if the
malware is so nice/dumb to be detected. And even if it is detected and
something is blocked it does not mean it does not send anything out
because there are various ways to send something out even with a
firewall installed (through your browser, through DNS, etc. all things
you use and need to browse the internet for instance.)

It would be more effective for your overall security if you have
learned how to prevent malware on your computer in the first place.
And this mostly depends on what you do and not with some security
software you install.

Gerald

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 09:19:53 -0700, Ken Blake, MVP wrote:
>
> However many knowledgeable people feel that monitoring outbound
> traffic adds little or nothing to the effectiveness of the firewall.

Including:
Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at -least-this-snake-oil-is-free.aspx

Steve Riley,
a senior security strategist in the Microsoft Trustworthy Computing Group
and contributing editor for TechNet Magazine, jets around the world to
speak at conferences and spend time with customers to help them get and
stay secure.
http://www.microsoft.com/technet/technetmag/issues/2006/05/S ecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Steve Gibson,
Firewall LeakTesting.
http://www.grc.com/sn/SN-105.htm

Excerpts:
Leo Laporte: "So the leaktest is kind of pointless."
Steve Gibson: "Well,yes,...
Leo: "So are you saying that there's no point in doing a leaktest anymore?"
Steve: "Well, it's why I have not taken the trouble to update mine, because
you..."
Leo: "You can't test enough".
Steve: "Well, yeah.
Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
can't test for leaks, a software-based firewall is kind of essentially
worthless."

> I'm personally not convinced that either point of view is absolutely
> right, but as a precaution, I use the free ZA in addition to what my
> router does. My guess is that any extra protection I'm adding is
> slight, but on the other hand, the hit on performance by having it
> running appears to be slight too.
>

Maker of PFW,
A realistic assessment with respect to 3rd party PFW from a respectable
software manufacturer 2007-08-07.
http://www.matousec.com/projects/windows-personal-firewall-a nalysis/leak-tests-results.php#firewalls-ratings

Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
Excerpts:

[quote]
....we have some reservations about personal firewall "leak testing" in
general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.

The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.

Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.
[unquote]

'nuff said :)
--
Security is a process not a product.
(Bruce Schneier)

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 14:57:44 -0800 (PST), Gerald Vogt wrote:
>
> Honestly, I would recommend to reinstall Windows from scratch and
> learn a little about computer security and how to keep your computer
> secure by what you DO instead of what you INSTALL.

Hear, hear!!!!

> It is not so complicated and still human beings are more intelligent than some
> piece of software.

Precisely, education is the key!

> It is possible to run a computer without any firewall running and without
> getting infected with malware.

Hear, hear!!!

> But obviously, this last statement does not sell good that's why you find a lot
> of opposite (well sponsored) statements.

Also referred to: 'Blinded by advertisement' :)

> At the current stage I doubt you will be able to get any of those
> firewalls removed from your system without damage to the system...

Agree, he won't!
--
Security is a process not a product.
(Bruce Schneier)

Re: Norton vs Zone Alarm firewalls

On Sat, 24 Nov 2007 11:31:59 GMT, Luis Ortega wrote:

> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.

1.) http://zonealarm.donhoover.net/uninstall.html

2.) A number of experts agree that the retail AV version of McAfee, Norton
and Trend Micro has become cumbersome and bloated for the average user.
The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200 5033108162039
and get a refund :)
As suggested on the site, you may wish to print out the directions before
proceeding.
Or
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.h tml

While Norton's removal tool usually gets the job done, you may also want to
go to:
http://www.snapfiles.com/get/winsockxpfix.html
and download a copy of winsockxpfix just in case. Rarely, the removal of
NIS breakes the networking components in XP to the point where internet
access is impossible. This little utility will fix it back up.

If the Norton removal tool doesn't work satisfactory use this:
Revo Uninstaller Freeware - Remove unwanted programs and traces easily
http://www.revouninstaller.com/
and/or
RegSeeker
http://www.hoverdesk.net/freeware.htm
RegSeeker will remove all associated detritus (registry keys,files and
folders) from any application. I found this application user friendly and
very effective but suggest *not* to use the 'Clean the Registry' option.
Click onto 'Find in registry' and in the 'Search for' box type *Norton*;
The pertinent registry keys can then be safely deleted (just in case,
ensure that the 'Backup before deletion' is checked). Repeat the task by
typing in the Search for' box *Symantec*. You can then go on search and
remove associated files as well.
Then use NTREGOPT to compact the registry; Follow instructions.
http://www.larshederer.homepage.t-online.de/erunt

> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.

That's correct, steer way from any PFW aka Phoney-Baloney ware and/or
Illussion ware.
In conjunction with WinXP SP2 Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download- 39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
OR
Configuring NT-services much more secure.
http://www.ntsvcfg.de/ntsvcfg_eng.html

> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.
> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?

I'd recomment neither.

> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?

No!

Consider this:
1. Do not work as administrator, use limtited user account (LUA) for
day-to-day work.
2. Keep your system (and all software on it) patched/updated.
3. Review use of IE and OE.
4. Don't expose services to public networks.
5. For inspirational reading go to:
http://home20.inet.tele.dk/b_nice/index.htm

Good luck :)
--
Security is a process not a product.
(Bruce Schneier)

Re: Norton vs Zone Alarm firewalls

Gerald Vogt wrote:
> On Nov 24, 8:31 pm, "Luis Ortega" wrote:
....
>
> It is actually also a bad idea to install more then one software
> firewall on a computer.

No, it's a bad idea to RUN more than one firewall at a time. Have fun
removing XP's firewall if that's how you operate.

The software firewall to do its "job" deeply
> integrates/messes with the Windows system.

Actually, what it does is sit and monitor what goes in/out (sometimes only
in), compare it against its rules, and send messages appropriately to/from
the system. It does not "integrate" into the OS.

In general, the only way to
> get properly rid of an installed (single) software firewall on a
> Windows system is to reinstall the system.

Blatantly untrue and misinformed information here. It occurs to me that you
are doing no more than parroting what you think you have read and have
little to no experience in such matters. OR, you refuse RTFM and can not,
will not do things correctly. All the good ones come with perfectly
readable, understandable, concise information and instructions, including
removal instructions. Failing that, you can always go online to their site
and get the information again should you lose track of it.

Otherwise you may see all
> kinds of issues after the uninstallation plus usually not everything
> is gone after the standard deinstallation from the software wizard.

Not "everything" is "gone" after almost ANY uninstall of almost ANY
software. There are some good and some not so good reasons for that but
I'll not go into them because I can feel the hardness of your skull from
here.

> That's why you have to download additional tools from Symantec or
> others only to get rid of the rest.

But that should be obviously clear to anyone but those who refuse to read
anything and instead barge in like a bull in a china shop, and expect
everything to be oh so good for them. Generally very lazy people, plus
those with no actual experience but who love to bitch and carp like any good
bass turd. Ignorance is bliss for them, but not for long.
>
> Now make the math: you have already installed two firewalls on your
> computer. (The Windows XP firewall is part of the OS that's why it
> does not cause issues here).

That's not what you said earlier, and it's not correct. You have little to
no knowledge of the SP firewall and/or other software firewalls and probably
even less on hardware firewalls.

Twice you have messed up the system with
> an installation of a software firewall. Both try to hook into the
> system to do their job and to make them fixed into the system so that
> other malware does not accidentally removes the firewall software.

Patently untrue. Your misinformation is outdone only by your ignorance of
reality. Please adjust your brain.
>
> It is even now impossible to say whether any of those two firewalls
> operates correctly if turned on. Norton may well have removed some of
> the hooks which ZoneAlarm installed which ZoneAlarm did not notice. Or
> well, maybe ZoneAlarm noticed some of those changes and reverted them
> back removing Norton hooks...

Again you have no idea what you're talking about but love the little
buzzwords you found somewhere and are trying to parrot here.
>
> Honestly, I would recommend to reinstall Windows from scratch

Completely silly advice and totally unnecessary.

and
> learn a little about computer security and how to keep your computer
> secure by what you DO instead of what you INSTALL. It is not so
> complicated and still human beings are more intelligent than some
> piece of software. It is possible to run a computer without any
> firewall running and without getting infected with malware. But
> obviously, this last statement does not sell good that's why you find
> a lot of opposite (well sponsored) statements.

Wow, that's so full of misinformed content and reasoning that even your
attempt at rationalizing failed to anyone with even a modest idea of the
reality of this situation.

>
> At the current stage I doubt you will be able to get any of those
> firewalls removed from your system without damage to the system...

It's very obvious that what you think is irrelevant to anything, probably in
most of your life in fact, not just this one circumstance. First you have
to learn to recognize reality, then you need to get some education about
things you wish to profess, acquire a few interpersonal skills, and then
gain some experience. Then you might be close to getting ready to respond
to the OP's question, which you have not answered clearly.

Thanks for the entertainment; I needed the break. But I meant what I said
here; you really aren't ready to respond to questions on newsgroups. Quit
being a parrot and face reality; only then will you actually understand the
pros and cons of what you've been attempting to make others think you know.



>
> Gerald

Re: Norton vs Zone Alarm firewalls

Whaaat? Sober up!

Gerald Vogt wrote:
> On Nov 25, 12:49 am, "Luis Ortega" wrote:
>> Thanks. My understanding of router firewalls is that they only block
>> incoming traffic and if there is some malware on the system then
>> outgoing stuff is not blocked. Is that correct?
>
> Correct. But software firewalls only detect outgoing traffic if the
> malware is so nice/dumb to be detected. And even if it is detected and
> something is blocked it does not mean it does not send anything out
> because there are various ways to send something out even with a
> firewall installed (through your browser, through DNS, etc. all things
> you use and need to browse the internet for instance.)
>
> It would be more effective for your overall security if you have
> learned how to prevent malware on your computer in the first place.
> And this mostly depends on what you do and not with some security
> software you install.
>
> Gerald

Re: Norton vs Zone Alarm firewalls

On Nov 25, 10:35 am, "Poprivet" wrote:
> Whaaat? Sober up!

Good argument. Very convincing...

Gerald

Re: Norton vs Zone Alarm firewalls

On Nov 25, 10:34 am, "Poprivet" wrote:
> Gerald Vogt wrote:
> > On Nov 24, 8:31 pm, "Luis Ortega" wrote:
> ...
>
> > It is actually also a bad idea to install more then one software
> > firewall on a computer.
>
> No, it's a bad idea to RUN more than one firewall at a time. Have fun
> removing XP's firewall if that's how you operate.

Why do you want to remove the XP firewall? Installing more then one
(i.e. two or more) software firewall on a computer (i.e. in addition
to the XP firewall) is not really useful.

> The software firewall to do its "job" deeply
>
> > integrates/messes with the Windows system.
>
> Actually, what it does is sit and monitor what goes in/out (sometimes only
> in), compare it against its rules, and send messages appropriately to/from
> the system. It does not "integrate" into the OS.

Exactly. It does not integrate. That's why it is so difficult to
uninstall that stuff afterwards???

A software firewall wants to provide security. For that it must
establish itself somewhere deep in the OS to prevent evasion or the
ability to turn it off quickly.

> In general, the only way to
>
> > get properly rid of an installed (single) software firewall on a
> > Windows system is to reinstall the system.
>
> Blatantly untrue and misinformed information here. It occurs to me that you

Why exactly do you need additional tools available from Symantec to
uninstall Norton completely from your computer?? Is that untrue?

> are doing no more than parroting what you think you have read and have
> little to no experience in such matters. OR, you refuse RTFM and can not,
> will not do things correctly. All the good ones come with perfectly
> readable, understandable, concise information and instructions, including
> removal instructions. Failing that, you can always go online to their site
> and get the information again should you lose track of it.

There is an uninstaller available. That does something but not
everything. Why again does it happen to so many people that there
networking still does not work correctly after they have uninstalled
ZoneAlarm? The stupid uninstaller forgot to remove the proxy setting
in the internet settings... Hic. It was just not built to be
uninstalled.

> Otherwise you may see all
>
> > kinds of issues after the uninstallation plus usually not everything
> > is gone after the standard deinstallation from the software wizard.
>
> Not "everything" is "gone" after almost ANY uninstall of almost ANY
> software. There are some good and some not so good reasons for that but
> I'll not go into them because I can feel the hardness of your skull from
> here.

O.K. What was exactly the good reasons why some uninstallers forgot to
remove the proxy setting in the internet options which prevented
people to use the internet after uninstallation?

> > Now make the math: you have already installed two firewalls on your
> > computer. (The Windows XP firewall is part of the OS that's why it
> > does not cause issues here).
>
> That's not what you said earlier, and it's not correct. You have little to
> no knowledge of the SP firewall and/or other software firewalls and probably
> even less on hardware firewalls.

What is your problem? Do you have anything else to say except
personal insults?

> Twice you have messed up the system with
>
> > an installation of a software firewall. Both try to hook into the
> > system to do their job and to make them fixed into the system so that
> > other malware does not accidentally removes the firewall software.
>
> Patently untrue. Your misinformation is outdone only by your ignorance of
> reality. Please adjust your brain.

If it does not fix itself deeply in the OS as they do they can
obviously very easily circumvented.

> > It is even now impossible to say whether any of those two firewalls
> > operates correctly if turned on. Norton may well have removed some of
> > the hooks which ZoneAlarm installed which ZoneAlarm did not notice. Or
> > well, maybe ZoneAlarm noticed some of those changes and reverted them
> > back removing Norton hooks...
>
> Again you have no idea what you're talking about but love the little
> buzzwords you found somewhere and are trying to parrot here.

Do you have any arguments except personal insults?

> > learn a little about computer security and how to keep your computer
> > secure by what you DO instead of what you INSTALL. It is not so
> > complicated and still human beings are more intelligent than some
> > piece of software. It is possible to run a computer without any
> > firewall running and without getting infected with malware. But
> > obviously, this last statement does not sell good that's why you find
> > a lot of opposite (well sponsored) statements.
>
> Wow, that's so full of misinformed content and reasoning that even your
> attempt at rationalizing failed to anyone with even a modest idea of the
> reality of this situation.

No argument. Personal insult. What are you trying to say:

* A software is more intelligent than a human being?

* It is more effective to use some security software then to learn
something about security and to be careful while in the internet?

* It is not possible to run a computer securely connected to the
internet without any antivirus and firewall?

....

> > At the current stage I doubt you will be able to get any of those
> > firewalls removed from your system without damage to the system...
>
> It's very obvious that what you think is irrelevant to anything, probably in
> most of your life in fact, not just this one circumstance. First you have
> to learn to recognize reality, then you need to get some education about
> things you wish to profess, acquire a few interpersonal skills, and then
> gain some experience. Then you might be close to getting ready to respond
> to the OP's question, which you have not answered clearly.

The amount of personal insults and the lack of argument in your post
makes me thinking your lack a few interpersonal skills and some
experience.

> Thanks for the entertainment; I needed the break. But I meant what I said
> here; you really aren't ready to respond to questions on newsgroups. Quit
> being a parrot and face reality; only then will you actually understand the
> pros and cons of what you've been attempting to make others think you know.

You are the parrot here. You just write what everybody else repeats
all the timing withing thinking.

"You must install AV. You must install PFW."

That of course is not entertaining but boring.

Face reality. It is possible without AV and with PFW.

Gerald

Re: Norton vs Zone Alarm firewalls

HEMI-Powered wrote:
> Luis Ortega added these comments in the current discussion du
> jour ...
>
>> Thanks, but that's not what I'm asking or even interested in.
>
> I know it's not but you responded negatively to the person who
> warned you about Symantec and I wanted to let you know what this
> is all about. How and where you spend your money is of no concern
> of mine, just don't come crying here if you hose your system
> after having been warned. Now, as to Norton vs. Zone Alarm vs.
> XP's firewall, unless you're into marketing hype, ZA has NIS beat
> hands down by any qualitative or quantitative measure, including
> independent testing and owner experience. Now I'm sure of it: you
> really do need good luck!

care to colaborate what you define as qualitative and quantitative
measures ?
most personal firewalls are utter crap, heck i've yet to find any good one
on windows

>
>> "HEMI-Powered" wrote in message
>> news:Xns99F251CCECA8CReplyScoreID@140.99.99.130...
>>> Luis Ortega added these comments in the current discussion du
>>> jour ...
>>>
>>>> You don't understand.
>>>> I'm not trying to uninstall Norton, I'm wondering whether to
>>>> renew the Zone alarm if Norton already comes with a
>>>> firewall. I'm interested to know which might be the better
>>>> firewall. Does anyone have any relevant advice on this?
>>> The person who replied to you is warning you that it can be
>>> problematical to effectively get 100% rid of any Symantec
>>> product. I have System Works 2006 and understand its
>>> limitations and I think I know what to do if I want to
>>> uninstall it, but I wouldn't want Norton Internet Security on
>>> my PC - it is too all- invasive. Now, it has happened to me
>>> and I've read of others having similar experiences, if you DO
>>> need or want to fully uninstall Norton/Symantec products, you
>>> almost always need to use their uninstall cleanup utility
>>> after you uninstall it in Add/Remove programs. I have also
>>> found that I must go through my Registry looking for orphan
>>> keys or entries and kill them, else I have problems with the
>>> new utility I'm trying to install. Now, what I DON'T know is
>>> if I ever really got rid of all the crap.
>>>
>>> I personally run eTrust Pest Patrol and the commercial Zone
>>> Alarm. Yes, annual subscriptions for these are getting prices
>>> as is a NAV subscriptions. But, one has to decide for
>>> themselves how much money to spend on peace of mind. As to
>>> MS's XP SP2 firewall, it might be OK if it were at all
>>> reasonable to set it up to properly monitor all of the
>>> inbound and outbound ports on your PC and do anywhere near as
>>> effect a job on watching for bad guys as does Pest Patrol and
>>> ZA. Now, ZA is a bit annoying with its constant "do you want
>>> to allow or block this, or that", but I actually like to SEE
>>> what it thinks is a risk than to go blithely on my way
>>> ignorant of what is happening around me.
>>>
>>> Your choice, and I'll add a "good luck", you may need it!
>>>
>>>> "John" wrote in message
>>>> news:5qqit1F119k12U1@mid.individual.net...
>>>>> Luis Ortega wrote:
>>>>>> My Zone Alarm Pro firewall subscription expires in a few
>>>>>> days and I recently bought a Norton Internet Security 2008
>>>>>> package that contains a firewall. I currently have the
>>>>>> Norton firewall turned off and just use the Zone Alarm Pro
>>>>>> firewall. I don't use the Win XP firewall because I heard
>>>>>> that it's not a good idea to have several firewall on at
>>>>>> the same time. We get internet through a Belkin pre-N
>>>>>> wireless router that is supposed to have some sort of
>>>>>> firewall built in and that one is turned on. My computer
>>>>>> connects to the router with an ethernet cable and my son's
>>>>>> computer uses a Belkin N usb wireless adapter. They both
>>>>>> have the same current setup I describe regarding
>>>>>> firewalls. Can anyone please advise on whether the Zone
>>>>>> Alarm Pro firewall is any better than the Norton firewall
>>>>>> in my situation? Should I renew the Zone Alarm Pro
>>>>>> subscription or uninstall it when it expires and turn on
>>>>>> the Norton firewall? Thanks for any advice.
>>>>> Good luck if you should decide to try and uninstall Norton.
>>>>>
>>>>> John.
>>>>
>>>>
>>>
>>>
>>> --
>>> HP, aka Jerry
>>>
>>> "Never complain, never explain" - Henry Ford II
>>
>>
>
>
>

Re: Norton vs Zone Alarm firewalls

"Gerald Vogt" wrote in message
news:1e07da14-2fc4-452d-a98c-
> The amount of personal insults and the lack of argument in your post
> makes me thinking your lack a few interpersonal skills and some
> experience.
>
>> Thanks for the entertainment; I needed the break. But I meant what I
>> said
>> here; you really aren't ready to respond to questions on newsgroups.
>> Quit
>> being a parrot and face reality; only then will you actually understand
>> the
>> pros and cons of what you've been attempting to make others think you
>> know.
>
> You are the parrot here. You just write what everybody else repeats
> all the timing withing thinking.
>
> Face reality. It is possible without AV and with PFW.
>
> Gerald

Please, there is no need for you guys to get into a flame war over my post.
I understand that you are trying to be helpful, but I have to disagree with
you on the points that you have to reinstall windows to uninstall security
software or that running a windows system without av or pfw is a good idea.
I appreciate all the advice and thank everyone for their help.

Re: Norton vs Zone Alarm firewalls

Ken

Bert has a bit to say on Zone Alarm. It's not as straight forward as
regards your pet hate Norton.
http://bertk.mvps.org/html/srfail.html

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Ken Blake, MVP wrote:
> On Sat, 24 Nov 2007 18:24:44 -0000, "Gerry" wrote:
>
>> Ken
>>
>> Are you using System Restore?
>
>
> It's on. I've restored from it a couple of times, on my XP machines,
> where ZA is running.. I've never had a problem or conflict between it
> and ZA.
>
>
>> Have you ever noticed any outbound traffic
>> being stopped by Zone Alarm?
>
>
> Not that I remember.
>
>
>> Does Zone alarm stop malware phoning home?
>
>
> That's the theory. Some dispute it. I can't say from my own
> experience, since I've never had any malware installed here.
>
>
>
>> Ken Blake, MVP wrote:
>>> On Sat, 24 Nov 2007 15:49:43 GMT, "Luis Ortega"
>>> wrote:
>>>
>>>> Thanks. My understanding of router firewalls is that they only
>>>> block incoming traffic and if there is some malware on the system
>>>> then outgoing stuff is not blocked. Is that correct?
>>>
>>>
>>> Yes, it's correct. The same is true of the built-in Windows
>>> firewall; it too is inbound only.
>>>
>>> However many knowledgeable people feel that monitoring outbound
>>> traffic adds little or nothing to the effectiveness of the firewall.
>>>
>>> I'm personally not convinced that either point of view is absolutely
>>> right, but as a precaution, I use the free ZA in addition to what my
>>> router does. My guess is that any extra protection I'm adding is
>>> slight, but on the other hand, the hit on performance by having it
>>> running appears to be slight too.
>>>
>>>
>>>> "Ken Blake, MVP" wrote in
>>>> message news:duegk35uco6l75o5klqmor4hmq3tu3drk0@4ax.com...
>>>>> On Sat, 24 Nov 2007 11:31:59 GMT, "Luis Ortega"
>>>>> wrote:
>>>>>
>>>>>> My Zone Alarm Pro firewall subscription expires in a few days
>>>>>> and I recently
>>>>>> bought a Norton Internet Security 2008 package
>>>>>
>>>>>
>>>>> A bad mistake, in my view. Norton is the *worst* security product
>>>>> on the market.
>>>>>
>>>>>
>>>>>> that contains a firewall.
>>>>>> I currently have the Norton firewall turned off and just use the
>>>>>> Zone Alarm
>>>>>> Pro firewall.
>>>>>> I don't use the Win XP firewall because I heard that it's not a
>>>>>> good idea to
>>>>>> have several firewall on at the same time.
>>>>>
>>>>>
>>>>> That's correct. You should run only a single software firewall.
>>>>>
>>>>>
>>>>>> We get internet through a Belkin pre-N wireless router that is
>>>>>> supposed to
>>>>>> have some sort of firewall built in and that one is turned on.
>>>>>
>>>>>
>>>>> Good.
>>>>>
>>>>>
>>>>>> My computer connects to the router with an ethernet cable and my
>>>>>> son's computer uses a Belkin N usb wireless adapter. They both
>>>>>> have the same current setup I describe regarding firewalls.
>>>>>> Can anyone please advise on whether the Zone Alarm Pro firewall
>>>>>> is any better than the Norton firewall in my situation?
>>>>>
>>>>>
>>>>> My view, as I said above, is that almost any other product is
>>>>> better than Norton anything.
>>>>>
>>>>>
>>>>>> Should I renew the Zone Alarm Pro subscription or uninstall it
>>>>>> when it expires and turn on the Norton firewall?
>>>>>
>>>>>
>>>>> Those are only two of your many choices. I would use ZA in
>>>>> preference to Norton, but I would also use ZA free rather than ZA
>>>>> Pro. I don't think Pro is worth the money.
>>>>>
>>>>> You could also use the built-in Windows firewall instead of
>>>>> either.
>>>>>
>>>>> Finally, note that with your router, any software firewall adds
>>>>> very little to your protection.
>>>>>
>>>>> --
>>>>> Ken Blake, Microsoft MVP Windows - Shell/User
>>>>> Please Reply to the Newsgroup

Re: Norton vs Zone Alarm firewalls

In comp.security.firewalls Poprivet wrote:
> Gerald Vogt wrote:
>> On Nov 25, 12:49 am, "Luis Ortega" wrote:
>>> Thanks. My understanding of router firewalls is that they only block
>>> incoming traffic and if there is some malware on the system then
>>> outgoing stuff is not blocked. Is that correct?
>>
>> Correct. But software firewalls only detect outgoing traffic if the
>> malware is so nice/dumb to be detected. And even if it is detected
>> and something is blocked it does not mean it does not send anything
>> out because there are various ways to send something out even with a
>> firewall installed (through your browser, through DNS, etc. all
>> things you use and need to browse the internet for instance.)
>>
>> It would be more effective for your overall security if you have
>> learned how to prevent malware on your computer in the first place.
>> And this mostly depends on what you do and not with some security
>> software you install.
>
> Whaaat? Sober up!

Unlike yourself Gerald knows what he's talking about. It's utterly
pointless to try and confine malware once it's already running on a
system (even more if the user has admin privileges). The only reasonable
way to deal with malware is to prevent it from being run in the first
place. That's what AV software or Windows' System Restriction Policies
are doing. And what Personal Firewalls fail to do.

Why don't you try getting a clue instead of making a fool of yourself?

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Norton vs Zone Alarm firewalls

f'ups set to microsoft.public.windowsxp.general

Gerald Vogt wrote:
> On Nov 25, 10:34 am, "Poprivet" wrote:
>> Gerald Vogt wrote:
>>> On Nov 24, 8:31 pm, "Luis Ortega" wrote:
>> ...
>>
>>> It is actually also a bad idea to install more then one software
>>> firewall on a computer.
>>
>> No, it's a bad idea to RUN more than one firewall at a time. Have
>> fun removing XP's firewall if that's how you operate.
>
> Why do you want to remove the XP firewall? Installing more then one
> (i.e. two or more) software firewall on a computer (i.e. in addition
> to the XP firewall) is not really useful.
>
>> The software firewall to do its "job" deeply
>>
>>> integrates/messes with the Windows system.
>>
>> Actually, what it does is sit and monitor what goes in/out
>> (sometimes only in), compare it against its rules, and send messages
>> appropriately to/from the system. It does not "integrate" into the
>> OS.
>
> Exactly. It does not integrate. That's why it is so difficult to
> uninstall that stuff afterwards???

No, not really. If your questions are serious, I'll go thru here and give
you what I have experience and knowledge with, so maybe that'll help.
"Integrate" means to essentially become a part of. However, I do
understand that the term is used very loosely by many people. AV sw looks
into, and captures, system communications in order to monitor and function.
Depending on what you've asked it to do, some of those can be more than just
inserting itself in between your internet connection and your email client
of browser, which is where most of the detection is done.

>
> A software firewall wants to provide security. For that it must
> establish itself somewhere deep in the OS to prevent evasion or the
> ability to turn it off quickly.
>
>> In general, the only way to
>>
>>> get properly rid of an installed (single) software firewall on a
>>> Windows system is to reinstall the system.
>>
>> Blatantly untrue and misinformed information here. It occurs to me
>> that you
>
> Why exactly do you need additional tools available from Symantec to
> uninstall Norton completely from your computer?? Is that untrue?

No, it's definitely true! There are some silly reasons and some good
reasons for it. The silly reason is that you might want to reinstall it in
the future and that way it preserves all your settings and things should you
reinstall it to "fix" a file corruption or whatever. But if your aim is to
get it off your computer, it's a pia. The good reason is that the way
theyve chosen to install files and where to put them isn't tracked well by
XP nor Norton, and can be a very considerable amount of data. This is some
of the "bloatware" that people often refer to, but only a piece of it. The
"big deal" is that Norton creates a LOT of files "on the fly" and only
Norton knows the best way to rid a system of everything so that it won't
interfere with anything later. Sucks, and I hate it, but that's how it is.
FWIW, the methodology Norton uses isn't particular to them; many other
applications do the same thing for basically the same reasons. IMO it's
mostly because of the rush to market, inability to be sure of MS's various
proprietary areas and what it's doing, and a few others but I'd be
rationalizing and want to stop here with that thought.
In reality, this "tool" should have been part of the installation but if
you notice, Norton (and others) must look at your installations to be able
to give you the correct tool to use. So, it's obviously not something
simple and is widespread. I think really, in Norton's case, it's a matter
of rush to market after having coded themselves into a corner over the years
and of course, when Symantec bought Norton, the problem only got worse
because the Norton SW coders didn't go with it and they had to relearn it
from scratch.
So now they have a mess to work themselves out of.
OTOH, I find the products bug free and fully functional so I've stuck
with them since I have a well managed and maintained system. I've never had
any serious problems with Norton (I use SystemWorks) and the only reason I'd
leave them would be over money. Which is an event in progress; their virus
subscriptions are getting pretty expensive and considering the other
protections I have, I may forego Norton when my subscription is up next
year.
As for bloatware, it probaby is, and as for slowing down a system, there
is only one part of their apps that I've noticed slows anything down; that
is their GoBack. It works wonderfully and I used it to great advantage
until I got backup imaging applications running, after which I dispensed
with it. It did slow down boot and shut-down times although I never noticed
any other delays it caused. Others will tell you differently but in my
circle of friends and acquaintances, we all have pretty much the same
experiences.

>
>> are doing no more than parroting what you think you have read and
>> have little to no experience in such matters. OR, you refuse RTFM
>> and can not, will not do things correctly. All the good ones come
>> with perfectly readable, understandable, concise information and
>> instructions, including removal instructions. Failing that, you can
>> always go online to their site and get the information again should
>> you lose track of it.
>
> There is an uninstaller available. That does something but not
> everything. Why again does it happen to so many people that there
> networking still does not work correctly after they have uninstalled
> ZoneAlarm? The stupid uninstaller forgot to remove the proxy setting
> in the internet settings... Hic. It was just not built to be
> uninstalled.

I can't answer that one because I don't have any issues with it. I use
ZoneAlarm Pro after using the free version for a long time, and never had
issues with it. The proxy I use is a very simple one, and my LAN is small,
so maybe that has soemthing to do with it. I'd probably start at ZA and if
there's any good reason for it, I'm sure they have it covered there. I've
no idea whether it's a Norton or a ZA issue so ... can't say anything here.

>
>> Otherwise you may see all
>>
>>> kinds of issues after the uninstallation plus usually not everything
>>> is gone after the standard deinstallation from the software wizard.
>>
>> Not "everything" is "gone" after almost ANY uninstall of almost ANY
>> software. There are some good and some not so good reasons for that
>> but I'll not go into them because I can feel the hardness of your
>> skull from here.
>
> O.K. What was exactly the good reasons why some uninstallers forgot to
> remove the proxy setting in the internet options which prevented
> people to use the internet after uninstallation?

As I've said above, I have no experience with that. My most recent removal
of Norton was a few weeks ago in order to try out the free NIS my ISP was
offering, but it also wanted me to remove ZoneAlarm before it'd install, so
that that says there IS some truth to what you're alleging. But if it's not
Norton's proxy, I wouldn't expect it to fix anything that ZA did and vice
versa. It does however, appear to be covered in the documentation. I read
that I should uninstall ZA, but didn't, and NIS just refused to install
until I did uninstall it. AFter the install, I reinstalled ZA and all was
fine.
Again though, I see the same things in other applications and not always
explained or recognized. Norton at least controlled the sitiation with NIS
2007. I had no issues at all uninstalling it and reinstalling my
SystemWorks 2006.
So, that's the extent of my experience there. Sorry.

>
>>> Now make the math: you have already installed two firewalls on your
>>> computer. (The Windows XP firewall is part of the OS that's why it
>>> does not cause issues here).
>>
>> That's not what you said earlier, and it's not correct. You have
>> little to no knowledge of the SP firewall and/or other software
>> firewalls and probably even less on hardware firewalls.
>
> What is your problem? Do you have anything else to say except
> personal insults?

I simply believe that inconsistancies and misinformation are bad, very bad,
in a public place because too many newbies will hook onto the one they like
the best and remember that instead of the more accurate assessments. I
think I've said a LOT other than insults, and if you find them personal, you
need a slightly thicker skin. I'm gentle by many standards but I do say
what I think and mean what I say. If I'm wrong then so be it; I'm not
afraid to say so, and if you're actually reading this, I guess I was wrong
and apologize for that. I felt that the misinformation needed to be pointed
out, in particular, and wanted it to stop.

>
>> Twice you have messed up the system with
>>
>>> an installation of a software firewall. Both try to hook into the
>>> system to do their job and to make them fixed into the system so
>>> that other malware does not accidentally removes the firewall
>>> software.
>>
>> Patently untrue. Your misinformation is outdone only by your
>> ignorance of reality. Please adjust your brain.
>
> If it does not fix itself deeply in the OS as they do they can
> obviously very easily circumvented.

Hmm, that's a sort of semantics thing I think, depending on what one
considers the meaning of those words in that context. What you mean is
probably correct as far as it goes. It's not the "deepness" but the logic
and points of the application's connection that are important, along with
what it does with such information of course. But I'm rationalizing,
something I abhor, so ...

>
>>> It is even now impossible to say whether any of those two firewalls
>>> operates correctly if turned on. Norton may well have removed some
>>> of the hooks which ZoneAlarm installed which ZoneAlarm did not
>>> notice. Or well, maybe ZoneAlarm noticed some of those changes and
>>> reverted them back removing Norton hooks...
>>
>> Again you have no idea what you're talking about but love the little
>> buzzwords you found somewhere and are trying to parrot here.
>
> Do you have any arguments except personal insults?
>
>>> learn a little about computer security and how to keep your computer
>>> secure by what you DO instead of what you INSTALL. It is not so
>>> complicated and still human beings are more intelligent than some
>>> piece of software. It is possible to run a computer without any
>>> firewall running and without getting infected with malware. But
>>> obviously, this last statement does not sell good that's why you
>>> find a lot of opposite (well sponsored) statements.
>>
>> Wow, that's so full of misinformed content and reasoning that even
>> your attempt at rationalizing failed to anyone with even a modest
>> idea of the reality of this situation.
>
> No argument. Personal insult. What are you trying to say:
>
> * A software is more intelligent than a human being?

No, but it's more reliable, consistant and usually much more dependable.

>
> * It is more effective to use some security software then to learn
> something about security and to be careful while in the internet?
>
> * It is not possible to run a computer securely connected to the
> internet without any antivirus and firewall?

Not really. Within minutes, the "noise" of the internet is likely to
discover one or more of your open ports and start testing them. One can
literally become infected with a virus or spyware within minutes of
accessing the internet without some sort of protection in place, especially
considering all of the "noise" looking for you are covert in nature and
aren't going to announce themselves. You'll find very, very few
recommendations to EVER connect to the 'net without some sort of protection
installed. If fact, if you find such a site saying you can connect safely,
get the hell away from them; they are likely already probing you. It can
ruin a good afternoon of rebuilding a system.

There's a little hype involved, but if you'd like to see what's happening on
your machine and who can see what in and on it, visit grc.com and let them
run a few tests on you ports. In my current configuration, I'm fully
"stealthed", meaning no one on the 'net can see me in any way. That's the
target to shoot for. It's a free service, and pretty good. There are
others also but I like grc.

>
> ...
>
>>> At the current stage I doubt you will be able to get any of those
>>> firewalls removed from your system without damage to the system...
>>
>> It's very obvious that what you think is irrelevant to anything,
>> probably in most of your life in fact, not just this one
>> circumstance. First you have to learn to recognize reality, then
>> you need to get some education about things you wish to profess,
>> acquire a few interpersonal skills, and then gain some experience.
>> Then you might be close to getting ready to respond to the OP's
>> question, which you have not answered clearly.
>
> The amount of personal insults and the lack of argument in your post
> makes me thinking your lack a few interpersonal skills and some
> experience.

Very possible, and a fair shot! I obviously could/should have chosen my
words much better than I did. My apologies if you felt attacked; it wasn't
really my intent nor was it deserved; but I guess Freud was at work.

>
>> Thanks for the entertainment; I needed the break. But I meant what
>> I said here; you really aren't ready to respond to questions on
>> newsgroups. Quit being a parrot and face reality; only then will
>> you actually understand the pros and cons of what you've been
>> attempting to make others think you know.
>
> You are the parrot here. You just write what everybody else repeats
> all the timing withing thinking.
>
> "You must install AV. You must install PFW."
>
> That of course is not entertaining but boring.
>
> Face reality. It is possible without AV and with PFW.

No idea where PFW came from; that's a product I don't use but is still a
viable firewall.
If you're really sans firewall and antivirus software, you're going to
understand soon enough; that's about all I can say.

I do apologize if you felt attacked.
I'm more than willing to discuss things amicabley.
If you're just trolling though, I'm done.

Cheers,

Pop`


>
> Gerald

Re: Norton vs Zone Alarm firewalls

Luis Ortega wrote:
> "Gerald Vogt" wrote in message
> news:1e07da14-2fc4-452d-a98c-
>> The amount of personal insults and the lack of argument in your post
>> makes me thinking your lack a few interpersonal skills and some
>> experience.
>>
>>> Thanks for the entertainment; I needed the break. But I meant what
>>> I said
>>> here; you really aren't ready to respond to questions on newsgroups.
>>> Quit
>>> being a parrot and face reality; only then will you actually
>>> understand the
>>> pros and cons of what you've been attempting to make others think
>>> you know.
>>
>> You are the parrot here. You just write what everybody else repeats
>> all the timing withing thinking.
>>
>> Face reality. It is possible without AV and with PFW.
>>
>> Gerald
>
> Please, there is no need for you guys to get into a flame war over my
> post. I understand that you are trying to be helpful, but I have to
> disagree with you on the points that you have to reinstall windows to
> uninstall security software or that running a windows system without
> av or pfw is a good idea. I appreciate all the advice and thank
> everyone for their help.

No flame war intended, Luis. I've apologized and responded to him that if
he wishes to debate amicably that's fine with me. I was off target and
admit it. See my response if you're curious. We all have those "bad"
days I guess.

Regards,

Pop`

Re: Norton vs Zone Alarm firewalls

Post removed (X-No-Archive: yes)

Re: Norton vs Zone Alarm firewalls

Luis Ortega wrote:
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?

They both exactly have the same type of "quality" - the runs.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Re: Norton vs Zone Alarm firewalls

ChronJob wrote:
> "Luis Ortega" wrote in
> news:rKX1j.43682$T8.871@newsfe5-win.ntli.net:
>
>> Thanks. My understanding of router firewalls is that they only block
>> incoming traffic and if there is some malware on the system then
>> outgoing stuff is not blocked. Is that correct?
>>
>>
>
> If you've got malware on your system you're already done, cooked,
> finished, hacked, and compomised. The ONLY serious remedy at that
> point is to flatten your system and rebuild it.

There are very few good reasons to "rebuild" a system. Much better to start
with AV and an arsenal of spyware tools to clean things up as much as
possible. Results might be faster obtained, too.
OTOH it's not "wrong" to rebuild/reinstall, just very seldom necessary.
The best solution is to be prepared with images of the system stored away
and updated automatically. Then it's a minor detail to put the system back
to pre-malware state with a few key clicks.



>
> Software firewalls are garbage, pure and simple. If it makes you feel
> better though, use Windows native free firewall.
>
> Do use a NAT router and hardware firewall. You can get these for
> $100.00 or so.
>
> See:
> http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx
>
> and http://samspade.org/d/firewalls.html
>
> Good luck!
>
>
> ChronJob
> _____________________________________
> "-When you have to shoot, shoot, don't talk."

Re: Norton vs Zone Alarm firewalls

In comp.security.firewalls Poprivet` wrote:
> ChronJob wrote:
>> "Luis Ortega" wrote:
>>> Thanks. My understanding of router firewalls is that they only block
>>> incoming traffic and if there is some malware on the system then
>>> outgoing stuff is not blocked. Is that correct?
>>
>> If you've got malware on your system you're already done, cooked,
>> finished, hacked, and compomised. The ONLY serious remedy at that
>> point is to flatten your system and rebuild it.
>
> There are very few good reasons to "rebuild" a system. Much better to
> start with AV and an arsenal of spyware tools to clean things up as
> much as possible. Results might be faster obtained, too.

Nonsense. Once a system got compromised there are virtually no reasons
*not* to flatten and rebuild the system.

http://www.microsoft.com/technet/archive/community/columns/s ecurity/essays/10imlaws.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Norton vs Zone Alarm firewalls

Hello Ansgar,

> Nonsense. Once a system got compromised there are virtually no reasons
> *not* to flatten and rebuild the system.

I totally agree. You don't know what else have hitted your system. Do not
trust A/V to find everytings.

I had a case about a year ago with Trend OfficeScan - it did not detect a
worm that had compromised a system. When we asked support the reply was that
OfficeScan only detects viruses, not worms...

Doh
---
Helge Olav Helgesen
http://www.helge.net

Re: Norton vs Zone Alarm firewalls

Poprivet` wrote:
> ChronJob wrote:
>> "Luis Ortega" wrote in
>> news:rKX1j.43682$T8.871@newsfe5-win.ntli.net:
>>
>>> Thanks. My understanding of router firewalls is that they only block
>>> incoming traffic and if there is some malware on the system then
>>> outgoing stuff is not blocked. Is that correct?
>>>
>>>
>> If you've got malware on your system you're already done, cooked,
>> finished, hacked, and compomised. The ONLY serious remedy at that
>> point is to flatten your system and rebuild it.
>
> There are very few good reasons to "rebuild" a system. Much better to start
> with AV and an arsenal of spyware tools to clean things up as much as
> possible. Results might be faster obtained, too.

I would not want to run a computer cleaned up "as much as possible"
leaving some malware undetected behind because that malware so well
hidden is the really dangerous one. A trojan, key logger, similar.

If you use the computer to send a single password, credit card number,
or any thing else personal I would never use a computer which is cleaned
up "as much as possible".

Either reinstall the computer or restore a 100% sure clean system image.
IMHO anything else is bad advice.

Gerald

Re: Norton vs Zone Alarm firewalls

> There are very few good reasons to "rebuild" a system. Much better to start

Haven't rebuild my system since I installed Win98se.
When I upgraded to XP I cloned the Win98se partition.
Still stable as ****. OK, I do some reg cleaning, but.
--
Lars-Erik - http://www.osterud.name - ICQ 7297605
WinXP, Asus P4PE, 2.53GHz, 1GB, MSI 7600GS, SB-Live

Re: Norton vs Zone Alarm firewalls

Gerald Vogt added these comments in the current discussion du
jour ...

>>> If you've got malware on your system you're already done,
>>> cooked, finished, hacked, and compomised. The ONLY serious
>>> remedy at that point is to flatten your system and rebuild
>>> it.
>>
>> There are very few good reasons to "rebuild" a system. Much
>> better to start with AV and an arsenal of spyware tools to
>> clean things up as much as possible. Results might be faster
>> obtained, too.
>
> I would not want to run a computer cleaned up "as much as
> possible" leaving some malware undetected behind because that
> malware so well hidden is the really dangerous one. A trojan,
> key logger, similar.
>
> If you use the computer to send a single password, credit card
> number, or any thing else personal I would never use a
> computer which is cleaned up "as much as possible".
>
> Either reinstall the computer or restore a 100% sure clean
> system image. IMHO anything else is bad advice.
>
Nice name, Gerald, same as mine! I completely agree with you
here. Before I run a periodic image backup with Acronis True
Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
Patrol, and NAV 2006 (in addition to the latter 2 running all the
time) because it makes no sense to image an infected HD. Still, I
am never completely sure it is clean, probably I never will be
but at least I don't notice any obvious or even subtle signs of
an infection.

--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:

> Nice name, Gerald, same as mine! I completely agree with you
> here. Before I run a periodic image backup with Acronis True
> Image 9.0, about once every 6-8 weeks, I first do as exhaustive a
> malware scan as I can including Ad-Aware, Spy Bot, eTrust Pest
> Patrol, and NAV 2006 (in addition to the latter 2 running all the
> time)...

Is security software becoming a security risk?

http://www.infoworld.com/article/07/11/21/Is-security-softwa re-becoming-a-security-risk_1.html

"People think that putting one AV engine after another is somehow defense
in depth. They think that if one engine doesn't catch the worm, the other
will catch it," he said. "You haven't decreased your attack surface; you've
increased it because every AV engine has bugs"

Although attackers have exploited parsing bugs in browsers for years now
with some success, Zoller believes that because antivirus software runs
everywhere and often with greater administrative rights than the browser,
these flaws could lead to even greater problems in the future.

The bottom line, he says, is that antivirus software is broken. "One e-mail
and boom, you're gone," he said.

Zoller says he has been criticized by his peers in the security industry
for "questioning the very glue that holds IT security all together," but he
believes that by bringing this issue to the forefront, the industry will be
forced to address a very real security problem.
---
Interesting report:
(Though Russ Cooper, a senior scientist with Verizon Business, had some
criticism for the work of n.runs)

The Death of Anti-Virus Defense.

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Rev isiting_Anti-Virus_Software.pdf
--
Security is a process not a product.
(Bruce Schneier)

Re: Norton vs Zone Alarm firewalls

Kayman added these comments in the current discussion du jour
....

> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:
>
>> Nice name, Gerald, same as mine! I completely agree with you
>> here. Before I run a periodic image backup with Acronis True
>> Image 9.0, about once every 6-8 weeks, I first do as
>> exhaustive a malware scan as I can including Ad-Aware, Spy
>> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the
>> latter 2 running all the time)...
>
> Is security software becoming a security risk?
>
> http://www.infoworld.com/article/07/11/21/Is-security-softwa re-
> becoming-a-security-risk_1.html
>
> "People think that putting one AV engine after another is
> somehow defense in depth. They think that if one engine
> doesn't catch the worm, the other will catch it," he said.
> "You haven't decreased your attack surface; you've increased
> it because every AV engine has bugs"

I don't think anyone thinks that having more than one true AV
utility running at a time is a good idea. But, what I listed
running all the time, eTrust Pest Patrol, commercial Zone Alarm,
and NAV 2006 are all intended to do different things in different
ways. And, running Ad-Aware and Spy Bot Search & Destroy as
separate utilities periodically do yet another security-related
purpose. So, I see no conflicts here.

Now, as to one malware scanner finding things another misses, I
don't think this is uncommon or unexpected behavior as the
creation of definitions to detect new threats is not done in
tandem with other developers and different specific utilities
perform in entirely different ways.

> Although attackers have exploited parsing bugs in browsers for
> years now with some success, Zoller believes that because
> antivirus software runs everywhere and often with greater
> administrative rights than the browser, these flaws could lead
> to even greater problems in the future.
>
> The bottom line, he says, is that antivirus software is
> broken. "One e-mail and boom, you're gone," he said.
>
> Zoller says he has been criticized by his peers in the
> security industry for "questioning the very glue that holds IT
> security all together," but he believes that by bringing this
> issue to the forefront, the industry will be forced to address
> a very real security problem. ---
> Interesting report:
> (Though Russ Cooper, a senior scientist with Verizon Business,
> had some criticism for the work of n.runs)
>
> The Death of Anti-Virus Defense.
>
> http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Rev isi
> ting_Anti-Virus_Software.pdf

Interesting. What there's a "death" of, IMO, is people who're
aware enough to pay attention to safe computing and have at least
a modicum of defenses against the bad guys. The popular malware
utilities will catch the vast majority of common threats but if
one's PC is attacked by a sophisticated enough hacker or
whatever, it is doubtful that any software will catch it.

--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II

Re: Norton vs Zone Alarm firewalls

On Nov 27, 3:43 pm, "HEMI-Powered" wrote:
> I don't think anyone thinks that having more than one true AV
> utility running at a time is a good idea. But, what I listed
> running all the time, eTrust Pest Patrol, commercial Zone Alarm,
> and NAV 2006 are all intended to do different things in different
> ways. And, running Ad-Aware and Spy Bot Search & Destroy as
> separate utilities periodically do yet another security-related
> purpose. So, I see no conflicts here.

The problem is only that you are running the security software on the
infected machine. If you have got malware which runs with
Administrator privileges you cannot rely on anything in your system
anymore. It may have installed a good root kit which goes undetected.
It may patch the signatures of your security software to go
undetected. It can effectively disable your firewall even though the
firewall and Windows still think it is running

Thus, if you have an infected machine you simply cannot tell how bad
it is. Once you have a trojan on your computer which allows remote
access to your computer you are well off the standard malware which
you'll find in the wild and which security software may detect. And as
some people are more then happy to clean the computer "as good as
possible" (or until none of the security software finds more) you can
never tell what goes undetected on a computer if you check it on the
same system. You should never trust a security check which is running
on the infected system. If you want to scan you should use a clean
boot disk and scan the file system from there or run a full comparison
of the compromised file system with a clean backup to see what has
been modified. That would give you more trustworthy results although
even then I would rather recommend to restore a clean system image.

> Now, as to one malware scanner finding things another misses, I
> don't think this is uncommon or unexpected behavior as the
> creation of definitions to detect new threats is not done in
> tandem with other developers and different specific utilities
> perform in entirely different ways.

There is a lot out there which no malware scanner finds or will ever
find. They find what you can find very often. A malware which only
appears a few hundred or thousand times, for instance for a little bot
net, is unlikely to be found ever. And even if eventually the code is
sent to a security company for analysis and is added to their
signatures, you can as well just recompile the malware with some code
obfuscation and it goes undetected again.

> Interesting. What there's a "death" of, IMO, is people who're
> aware enough to pay attention to safe computing and have at least
> a modicum of defenses against the bad guys. The popular malware
> utilities will catch the vast majority of common threats but if
> one's PC is attacked by a sophisticated enough hacker or
> whatever, it is doubtful that any software will catch it.

Exactly that's why you cannot trust a infected system with whatever
security scanner you may scan it. I will never understand why some
people still use the same computer with the same system after 20
different scanners found a dozen different trojans, worms, viruses,
etc. They use various removal tools and continue to use the computer
after the next scan does not report anything anymore...

But that is what people do when they think a malware infection is
simply inevitable eventually if you connect your computer to the
internet.

Gerald

Re: Norton vs Zone Alarm firewalls

On Nov 24, 9:50 am, "Poprivet" wrote:
> Hi Luis,

> The XP firewall is "decent" but only checks incoming traffic, not outgoing,
> so if you had something that was calling home with your account passwords,
> it would miss it. It's real use is so that you CAN have a firewall when you
> first hit the internet and until you get all of your updates and other
> protection apps into place and updated. I seldom have to rebuild my system
> so I've only used it once or twice, but it does give basic protection but
> that's about all.
>

I keep hearing this 'fact' about outgoing messages having to be
checked by a firewall, but, though I see the logic behind it, I'm not
entirely convinced. After all, if a virus is smart enough to
penetrate the incoming firewall, don't you think it will be smart
enough to penetrate the outgoing firewall? Say by pretending it is a
legitimate windows process (like MSFT Update) and then tricking the
user into approving of it? I think so.


> You're also correct in that having two software firewalls working at the
> same time is a no-no. They will step on each other's resources even if they
> seem to work together. Many firewalls won't even install until you disable
> any other one you have working. Some even make you actually Remove the
> other firewall before they'll install and XP also has a firewall monitor
> that'll complain to you.

Two software firewalls may be a no-no, but I have three antivirus and
spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
and they all happily play nicely together, with the most obnoxious of
the three programs being Kaspersky (the "heuristics" is a pain),
followed by Webroot (has given false positives in the past, though the
company is good at correcting these mistakes) and AVG (works so nice,
with no problems, that I sometimes wonder if it's doing anything at
all, since I've seen ads saying that of all the vendors AVG products
miss the most viruses, but when scanning your system AVG finds
tracking cookies that the other two programs miss). Also Blacklight's
free online Windows Explorer ActiveX product has found tracking
cookies that all three of the above programs have missed.

RL

Re: Norton vs Zone Alarm firewalls

On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:

> Kayman added these comments in the current discussion du jour
> ...
>
>> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:
>>
>>> Nice name, Gerald, same as mine! I completely agree with you
>>> here. Before I run a periodic image backup with Acronis True
>>> Image 9.0, about once every 6-8 weeks, I first do as
>>> exhaustive a malware scan as I can including Ad-Aware, Spy
>>> Bot, eTrust Pest Patrol, and NAV 2006 (in addition to the
>>> latter 2 running all the time)...
>>
>> Is security software becoming a security risk?
>>
>> http://www.infoworld.com/article/07/11/21/Is-security-softwa re-
>> becoming-a-security-risk_1.html
>>
>> "People think that putting one AV engine after another is
>> somehow defense in depth. They think that if one engine
>> doesn't catch the worm, the other will catch it," he said.
>> "You haven't decreased your attack surface; you've increased
>> it because every AV engine has bugs"
>
> I don't think anyone thinks that having more than one true AV
> utility running at a time is a good idea. But, what I listed
> running all the time, eTrust Pest Patrol, commercial Zone Alarm,
> and NAV 2006 are all intended to do different things in different
> ways. And, running Ad-Aware and Spy Bot Search & Destroy as
> separate utilities periodically do yet another security-related
> purpose. So, I see no conflicts here.

Conflict(s) is/are not the issue; The OS may appear working smoothly. But
installing anti-whatever applications has made your OS more vulnerable to
attacks.

> Now, as to one malware scanner finding things another misses, I
> don't think this is uncommon or unexpected behavior as the
> creation of definitions to detect new threats is not done in
> tandem with other developers and different specific utilities
> perform in entirely different ways.
>
>> Although attackers have exploited parsing bugs in browsers for
>> years now with some success, Zoller believes that because
>> antivirus software runs everywhere and often with greater
>> administrative rights than the browser, these flaws could lead
>> to even greater problems in the future.
>>
>> The bottom line, he says, is that antivirus software is
>> broken. "One e-mail and boom, you're gone," he said.
>>
>> Zoller says he has been criticized by his peers in the
>> security industry for "questioning the very glue that holds IT
>> security all together," but he believes that by bringing this
>> issue to the forefront, the industry will be forced to address
>> a very real security problem. ---
>> Interesting report:
>> (Though Russ Cooper, a senior scientist with Verizon Business,
>> had some criticism for the work of n.runs)
>>
>> The Death of Anti-Virus Defense.
>>
>> http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Rev isi
>> ting_Anti-Virus_Software.pdf
>
> Interesting. What there's a "death" of, IMO, is people who're
> aware enough to pay attention to safe computing and have at least
> a modicum of defenses against the bad guys.

It is important that administrators follow the rule of least privilege.
This means that users should operate their computer with only the minimum
set of privileges that they need to do their job

The best denfenses are:
1. Do not work as administrator, use limtited user account (LUA) for
day-to-day work.
2. Keep your system (and all software on it) patched.
3. Review usage of IE and OE; Look for good alternatives.
4. Don't expose services to public networks.
5. Routinely practice safe-hex.
6. Backup, backup, backup.

> The popular malware utilities will catch the vast majority of common
> threats but if one's PC is attacked by a sophisticated enough hacker or
> whatever, it is doubtful that any software will catch it.

The least preferred defenses are:
Most popular anti-whatever applications.
--
Security is a process not a product.
(Bruce Schneier)

Re: Norton vs Zone Alarm firewalls

On Nov 24, 3:31 am, "Luis Ortega" wrote:
> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.
> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.
> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?
> Thanks for any advice.

I use to have Norton anti-virus and firewall and it caused nothing but
problems and is a resource hog. I eventually removed it, and glad I
did. I now use AVG for my anti-virus along with A-Squared and Spybot
for malware removable, and Comodo for my firewall, all of which are
free and I haven't had a problem since.


Robert

Re: Norton vs Zone Alarm firewalls

On Nov 24, 3:31 am, "Luis Ortega" wrote:
> My Zone Alarm Pro firewall subscription expires in a few days and I recently
> bought a Norton Internet Security 2008 package that contains a firewall.
> I currently have the Norton firewall turned off and just use the Zone Alarm
> Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea to
> have several firewall on at the same time.
> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.
> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?
> Thanks for any advice.

I forgot to mention that if you decide to remove Norton remember to
uninstall Live Update and you also need to go to Norton's site
(Symantec) for their removal utility. Your computer should run alot
faster without it.


Robert

Re: Norton vs Zone Alarm firewalls

In comp.security.firewalls Kayman wrote:
> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:
>> Kayman added these comments in the current discussion du jour
>>> "People think that putting one AV engine after another is somehow
>>> defense in depth. They think that if one engine doesn't catch the
>>> worm, the other will catch it," he said. "You haven't decreased your
>>> attack surface; you've increased it because every AV engine has
>>> bugs"
>>
>> I don't think anyone thinks that having more than one true AV utility
>> running at a time is a good idea. But, what I listed running all the
>> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all
>> intended to do different things in different ways. And, running
>> Ad-Aware and Spy Bot Search & Destroy as separate utilities
>> periodically do yet another security-related purpose. So, I see no
>> conflicts here.
>
> Conflict(s) is/are not the issue; The OS may appear working smoothly.
> But installing anti-whatever applications has made your OS more
> vulnerable to attacks.

Not true. Conflicts between two on-access scanners are a very real issue
and are indeed the main argument against installing concurring scanners.
Also, installing applications does not necessarily make an OS more
vulnerable. The OS only becomes more vulnerable if some application has
an exploitable bug. Of course installing additional software does
increase the chance of that happening, but it doesn't automagically make
the OS (more) vulnerable.

For example: you can easily run two or more on-demand virus scanners
without a single problem, because they're running as simple userspace
applications (and thus won't affect each other), and only run with the
privileges of the user initiating the scan.

However, that doesn't mean that it'd be okay to install arbitrary AV
software, because several of them have issues aside from what I
mentioned above.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Norton vs Zone Alarm firewalls

It doesn't need to be a virus. I did encounter that one time when accessing
a web page unexpectedly triggered OE and the firewall blocked it. A
firewall may have the ability to block -any- application from sending email
without explicit approval. Monitoring outbound traffic also entails
differentiating the legitimate processes from suspicious ones or spoofs. All
firewalls are not equal, but if the firewall is doing the job well it's not
enough for a process to pretend to be "iexplore.exe" in order to pass the
firewall, it has to be c:\program files\internet explorer\iexplore.exe, with
additional identifying information, be it a specific version number, CRC
etc. etc..

Viruses aren't smart, they're all constrained to operating within specific
program parameters. Some are more cleverly written than others but the vast
majority have already been beaten.

Anyway this thread seems to be missing the point. It's analagous to saying
that we shouldn't bother using crosswalks or crossing at the lights because
it is always possible that some idiot driver might ignore the signals and
run us down anyway. One side (anti-security) says avoid the problem by never
crossing a street, the other side (pro-security) says use due caution and
cross with the lights. I use a firewall mainly to keep unauthorised -people-
out of my PC, AV and AS software to keep out or kill malicious software.


"raylopez99" wrote in message
news:fe3efb02-7235-4ff3-a386-229c92b53787@e23g2000prf.google groups.com...
> On Nov 24, 9:50 am, "Poprivet" wrote:
>> Hi Luis,
>
>> The XP firewall is "decent" but only checks incoming traffic, not
>> outgoing,
>> so if you had something that was calling home with your account
>> passwords,
>> it would miss it. It's real use is so that you CAN have a firewall when
>> you
>> first hit the internet and until you get all of your updates and other
>> protection apps into place and updated. I seldom have to rebuild my
>> system
>> so I've only used it once or twice, but it does give basic protection but
>> that's about all.
>>
>
> I keep hearing this 'fact' about outgoing messages having to be
> checked by a firewall, but, though I see the logic behind it, I'm not
> entirely convinced. After all, if a virus is smart enough to
> penetrate the incoming firewall, don't you think it will be smart
> enough to penetrate the outgoing firewall? Say by pretending it is a
> legitimate windows process (like MSFT Update) and then tricking the
> user into approving of it? I think so.
>
>
>> You're also correct in that having two software firewalls working at the
>> same time is a no-no. They will step on each other's resources even if
>> they
>> seem to work together. Many firewalls won't even install until you
>> disable
>> any other one you have working. Some even make you actually Remove the
>> other firewall before they'll install and XP also has a firewall monitor
>> that'll complain to you.
>
> Two software firewalls may be a no-no, but I have three antivirus and
> spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
> and they all happily play nicely together, with the most obnoxious of
> the three programs being Kaspersky (the "heuristics" is a pain),
> followed by Webroot (has given false positives in the past, though the
> company is good at correcting these mistakes) and AVG (works so nice,
> with no problems, that I sometimes wonder if it's doing anything at
> all, since I've seen ads saying that of all the vendors AVG products
> miss the most viruses, but when scanning your system AVG finds
> tracking cookies that the other two programs miss). Also Blacklight's
> free online Windows Explorer ActiveX product has found tracking
> cookies that all three of the above programs have missed.
>
> RL

Re: Norton vs Zone Alarm firewalls

I use absolutely no virus programs whatsoever, have never had a virus or
malware. Can you tell me why?
"Ansgar -59cobalt- Wiechers" wrote in message
news:fih5q5UogeL1@news.in-ulm.de...
> In comp.security.firewalls Kayman wrote:
>> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:
>>> Kayman added these comments in the current discussion du jour
>>>> "People think that putting one AV engine after another is somehow
>>>> defense in depth. They think that if one engine doesn't catch the
>>>> worm, the other will catch it," he said. "You haven't decreased your
>>>> attack surface; you've increased it because every AV engine has
>>>> bugs"
>>>
>>> I don't think anyone thinks that having more than one true AV utility
>>> running at a time is a good idea. But, what I listed running all the
>>> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all
>>> intended to do different things in different ways. And, running
>>> Ad-Aware and Spy Bot Search & Destroy as separate utilities
>>> periodically do yet another security-related purpose. So, I see no
>>> conflicts here.
>>
>> Conflict(s) is/are not the issue; The OS may appear working smoothly.
>> But installing anti-whatever applications has made your OS more
>> vulnerable to attacks.
>
> Not true. Conflicts between two on-access scanners are a very real issue
> and are indeed the main argument against installing concurring scanners.
> Also, installing applications does not necessarily make an OS more
> vulnerable. The OS only becomes more vulnerable if some application has
> an exploitable bug. Of course installing additional software does
> increase the chance of that happening, but it doesn't automagically make
> the OS (more) vulnerable.
>
> For example: you can easily run two or more on-demand virus scanners
> without a single problem, because they're running as simple userspace
> applications (and thus won't affect each other), and only run with the
> privileges of the user initiating the scan.
>
> However, that doesn't mean that it'd be okay to install arbitrary AV
> software, because several of them have issues aside from what I
> mentioned above.
>
> cu
> 59cobalt
> --
> "If a software developer ever believes a rootkit is a necessary part of
> their architecture they should go back and re-architect their solution."
> --Mark Russinovich

Re: Norton vs Zone Alarm firewalls

The interesting thing is that you probably wouldn't have any problems even
without
AVG, A-Squared, Spybot and Comodo.
"Robert" wrote in message
news:a30359fc-3992-4d7f-869f-58bf965f10b7@s12g2000prg.google groups.com...
> On Nov 24, 3:31 am, "Luis Ortega" wrote:
>> My Zone Alarm Pro firewall subscription expires in a few days and I
>> recently
>> bought a Norton Internet Security 2008 package that contains a firewall.
>> I currently have the Norton firewall turned off and just use the Zone
>> Alarm
>> Pro firewall.
>> I don't use the Win XP firewall because I heard that it's not a good idea
>> to
>> have several firewall on at the same time.
>> We get internet through a Belkin pre-N wireless router that is supposed
>> to
>> have some sort of firewall built in and that one is turned on.
>> My computer connects to the router with an ethernet cable and my son's
>> computer uses a Belkin N usb wireless adapter. They both have the same
>> current setup I describe regarding firewalls.
>> Can anyone please advise on whether the Zone Alarm Pro firewall is any
>> better than the Norton firewall in my situation?
>> Should I renew the Zone Alarm Pro subscription or uninstall it when it
>> expires and turn on the Norton firewall?
>> Thanks for any advice.
>
> I use to have Norton anti-virus and firewall and it caused nothing but
> problems and is a resource hog. I eventually removed it, and glad I
> did. I now use AVG for my anti-virus along with A-Squared and Spybot
> for malware removable, and Comodo for my firewall, all of which are
> free and I haven't had a problem since.
>
>
> Robert

Re: Norton vs Zone Alarm firewalls

HEMI-Powered wrote:
> Kayman added these comments in the current discussion du jour
> ...
>
>> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote:
....
>
> Interesting. What there's a "death" of, IMO, is people who're
> aware enough to pay attention to safe computing and have at least
> a modicum of defenses against the bad guys. The popular malware
> utilities will catch the vast majority of common threats but if
> one's PC is attacked by a sophisticated enough hacker or
> whatever, it is doubtful that any software will catch it.

Actually I think it's more akin to birth than death. The major problems are
most always for the newbies who haven't yet been educated, have been
mis-educated, or simply kept in the background by people purposely talking
over their heads when they do try to learn.

Pop`

Re: Norton vs Zone Alarm firewalls

raylopez99 wrote:
> On Nov 24, 9:50 am, "Poprivet" wrote:
>> Hi Luis,
....
>
> I keep hearing this 'fact' about outgoing messages having to be
> checked by a firewall, but, though I see the logic behind it, I'm not
> entirely convinced. After all, if a virus is smart enough to
> penetrate the incoming firewall, don't you think it will be smart
> enough to penetrate the outgoing firewall? Say by pretending it is a
> legitimate windows process (like MSFT Update) and then tricking the
> user into approving of it? I think so.

An entirely possible set of events, yes. But there are other avenues onto a
system than always in-bound and alone through the 'net ports.
One example is being invited in: there's a program or 5 out there that
will let you use smilies wherever you want to use them; Word, IE, Wordpad,
most any application. Yahoo carries it as a link. Lots of newbies think
Yahoo is pretty danged neat and go ahead and download it. I forget what
it's called and it is pretty neat at first, but then the machine starts to
slow down and you keep noticing lots of downloads coming into your machine.
If the firewall see is, they allow it because it's a familiar name and has
to do with the app they just downloaded, claiming to be its updates. Only
the "updates" never stop. It's the GAIN spyware though it goes by several
different names. It's a PIA to remove and even their remove instructions,
of course, don't fully work.
I found it on the client's machine quickly with a malware scan.

Another possibility is a disk from a friend or acquaintance. It may or
may not get scanned by a newbie. If it's only spyware it covertly contains,
AV won't catch a problem. Not all spyware detectors will find it right away
so if all you use is say Windows Defender, there's a good chance you're not
going to catch it, if you did bother to scan it. So, it starts calling home
and guess what? You have spyware being downloaded into your machine, small
pieces at at time until ... .

There's another side of this discussion too I'd like to mention. It
seems a lot of the posts have begun to concentrate on the really miserable
malware out there that's actually seldom seen by the normal user. Rather
than discuss the generally relevant information in addition to the tough
ones, they are contentrating on the tough ones as though they are all that
exist. It appears to me to be more an attempt to display inflated egos than
to impart any useful information to the masses and is dangerously close to
being trolling in more than one of the posters; the others are just being
sucked into endless discussions, the signature responses trolls hope for.
>
>
>> You're also correct in that having two software firewalls working at
>> the same time is a no-no. They will step on each other's resources
>> even if they seem to work together. Many firewalls won't even
>> install until you disable any other one you have working. Some even
>> make you actually Remove the other firewall before they'll install
>> and XP also has a firewall monitor that'll complain to you.
>
> Two software firewalls may be a no-no, but I have three antivirus and
> spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot)
> and they all happily play nicely together, with the most obnoxious of
> the three programs being Kaspersky (the "heuristics" is a pain),
> followed by Webroot (has given false positives in the past, though the
> company is good at correcting these mistakes) and AVG (works so nice,
> with no problems, that I sometimes wonder if it's doing anything at
> all, since I've seen ads saying that of all the vendors AVG products
> miss the most viruses, but when scanning your system AVG finds
> tracking cookies that the other two programs miss). Also Blacklight's
> free online Windows Explorer ActiveX product has found tracking
> cookies that all three of the above programs have missed.

That's a reasonable arsenal you have, IMO with the exception of possibly
Webroot, which I've only read about but don't have any actual experience
with. Heuristics, for what it's worth, IS good, but by its nature very
prone to false positives; better a false positive than a false negative.
The user should be fairly savvy and understand what is causing the hits with
heuristics or it can create a sense of worry that's totally unnecessary.
Heuristics is simply watching for virus-like activity, unable to know
whether it's legitimate accesses due to a user's programs or viral activity,
so it notifies the user each time.
Cookies, IMO I don't worry too much about. I only keep a few of them
on my machine that I need for certain web site password, fast signongs etc
and delete everything else. I use WinPatrol for that but for a lot of other
things unrelated, too.

REgards,

Pop`


>
> RL

Re: Norton vs Zone Alarm firewalls

RalfG wrote:
> It doesn't need to be a virus. I did encounter that one time when accessing
> a web page unexpectedly triggered OE and the firewall blocked it. A

Which means again you went to that web page to start with. It was your
action which brought you there.

> firewall may have the ability to block -any- application from sending email
> without explicit approval. Monitoring outbound traffic also entails

Still, any application can send email without explicit approval if it
really wants to. That's the point which is usually not mentioned.

> differentiating the legitimate processes from suspicious ones or spoofs. All
> firewalls are not equal, but if the firewall is doing the job well it's not
> enough for a process to pretend to be "iexplore.exe" in order to pass the
> firewall, it has to be c:\program files\internet explorer\iexplore.exe, with
> additional identifying information, be it a specific version number, CRC
> etc. etc..

An what keeps the malware from using the original IE to send out its data?

> Viruses aren't smart, they're all constrained to operating within specific
> program parameters. Some are more cleverly written than others but the vast
> majority have already been beaten.

Yes. But that's all. A single little bit cleverer malware sends out your
credit card number through DNS. Your firewall does not help. It does not
recognize it. You still need more effective means to protect your data
which no security suite can provide.

> Anyway this thread seems to be missing the point. It's analagous to saying
> that we shouldn't bother using crosswalks or crossing at the lights because
> it is always possible that some idiot driver might ignore the signals and
> run us down anyway. One side (anti-security) says avoid the problem by never
> crossing a street, the other side (pro-security) says use due caution and

No. That is the wrong analogy. Noone ever said you can never cross the
street.

You say you have to install security firewall, i.e. you have to cross
the street with the security installed, i.e. at the lights. You must not
cross the street at any other place (i.e. without security) because you
will be killed, i.e. it is impossible to cross the street at any other
place except at the lights.

Others say, this is not true. You don't need the security software. You
can cross the street wherever you want. The traffic lights won't prevent
you from being killed if all you do is to cross the street at the lights
and never looking to the right or left. If you just start to walk when
it's green you'll be eventually killed. There are a lot of nice drivers
who stop at their red light but eventually you'll meet the one who does not.

The alternative is not to rely on the lights. Don't trust the lights.
The effective security is to switch on your brain and protect yourself
looking to the left and right and making sure yourself it is safe to
cross the street at this time and at this place. This effectively
protects you far better than relying on some software which tries to
make the decision for you when it is safe to cross and when not.

And once you have learned how to cross the streets safely at any place
you'll figure that you don't really need the lights as they only slow
down your computer. Then you'll see that there is no MUST to use a
security software as there are other far more efficient means to protect
you. Then you'll see that all those people you think they MUST cross at
the lights tend to turn off their brains because everybody else does the
same and they'll never think about what they could do to protect
themselves as it is "too complicated" or because everybody says "it is
not possible otherwise".

That's the correct analogy if you want to use the "lights". Noone ever
said you cannot cross the street. On the contrary. (I already know how
you will now adjust your analogy but...)

> cross with the lights. I use a firewall mainly to keep unauthorised -people-
> out of my PC, AV and AS software to keep out or kill malicious software.

Anything that comes on to your computer first of all got there because
of your action, i.e. your "invitation". But none of the security suites
really deals with this fact nor

Gerald

Re: Norton vs Zone Alarm firewalls

On Tue, 27 Nov 2007 14:24:21 +0100 (CET), Ansgar -59cobalt- Wiechers wrote:

> In comp.security.firewalls Kayman wrote:
>> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote:
>>> Kayman added these comments in the current discussion du jour
>>>> "People think that putting one AV engine after another is somehow
>>>> defense in depth. They think that if one engine doesn't catch the
>>>> worm, the other will catch it," he said. "You haven't decreased your
>>>> attack surface; you've increased it because every AV engine has
>>>> bugs"
>>>
>>> I don't think anyone thinks that having more than one true AV utility
>>> running at a time is a good idea. But, what I listed running all the
>>> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all
>>> intended to do different things in different ways. And, running
>>> Ad-Aware and Spy Bot Search & Destroy as separate utilities
>>> periodically do yet another security-related purpose. So, I see no
>>> conflicts here.
>>
>> Conflict(s) is/are not the issue; The OS may appear working smoothly.
>> But installing anti-whatever applications has made your OS more
>> vulnerable to attacks.
>
> Not true. Conflicts between two on-access scanners are a very real issue
> and are indeed the main argument against installing concurring scanners.

Yes of course! Utilizing more than one (1) real-time anti-virus scanning
engine most likely will cause conflicts; I didn't mean to suggest
otherwise. I was trying to emphasise that additional software such as
on-demand av/a-s and other anti-whatever apps. are not causing noticable
conflicts per se. Sorry for confusion.

> Also, installing applications does not necessarily make an OS more
> vulnerable. The OS only becomes more vulnerable if some application has
> an exploitable bug. Of course installing additional software does
> increase the chance of that happening, but it doesn't automagically make
> the OS (more) vulnerable.
>
> For example: you can easily run two or more on-demand virus scanners
> without a single problem, because they're running as simple userspace
> applications (and thus won't affect each other), and only run with the
> privileges of the user initiating the scan.
>
> However, that doesn't mean that it'd be okay to install arbitrary AV
> software, because several of them have issues aside from what I
> mentioned above.
>
> cu
> 59cobalt

Re: Norton vs Zone Alarm firewalls

Unknown wrote:
> "Ansgar -59cobalt- Wiechers" wrote:
>> In comp.security.firewalls Kayman wrote:
>>> Conflict(s) is/are not the issue; The OS may appear working
>>> smoothly. But installing anti-whatever applications has made your OS
>>> more vulnerable to attacks.
>>
>> Not true. Conflicts between two on-access scanners are a very real
>> issue and are indeed the main argument against installing concurring
>> scanners. Also, installing applications does not necessarily make an
>> OS more vulnerable. The OS only becomes more vulnerable if some
>> application has an exploitable bug. Of course installing additional
>> software does increase the chance of that happening, but it doesn't
>> automagically make the OS (more) vulnerable.
>>
>> For example: you can easily run two or more on-demand virus scanners
>> without a single problem, because they're running as simple userspace
>> applications (and thus won't affect each other), and only run with
>> the privileges of the user initiating the scan.
>>
>> However, that doesn't mean that it'd be okay to install arbitrary AV
>> software, because several of them have issues aside from what I
>> mentioned above.
>
> I use absolutely no virus programs whatsoever, have never had a virus
> or malware. Can you tell me why?

You may want to explain how exactly that is supposed to relate to what I
wrote.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Norton vs Zone Alarm firewalls

"Gerald Vogt" wrote in message
news:ex5$zCVMIHA.1164@TK2MSFTNGP02.phx.gbl...
> RalfG wrote:
>> It doesn't need to be a virus. I did encounter that one time when
>> accessing a web page unexpectedly triggered OE and the firewall blocked
>> it. A
>
> Which means again you went to that web page to start with. It was your
> action which brought you there.

Normal usage of the computer for browsing, yes. Staying off of the internet
is almost certainly the best way to avoid trouble but that's just a tad self
defeating.

>> firewall may have the ability to block -any- application from sending
>> email without explicit approval. Monitoring outbound traffic also entails
>
> Still, any application can send email without explicit approval if it
> really wants to. That's the point which is usually not mentioned.

In your preferred setup nothing prevents emails from being sent. With an
appropriate firewall
the firewall can block emails from being sent without user intervention.

>> differentiating the legitimate processes from suspicious ones or spoofs.
>> All firewalls are not equal, but if the firewall is doing the job well
>> it's not enough for a process to pretend to be "iexplore.exe" in order to
>> pass the firewall, it has to be c:\program files\internet
>> explorer\iexplore.exe, with additional identifying information, be it a
>> specific version number, CRC etc. etc..
>
> An what keeps the malware from using the original IE to send out its data?

In your setup nothing, with many firewalls nothing as well, however there
are firewalls
which do monitor all processes that try to start other processes.

>> Viruses aren't smart, they're all constrained to operating within
>> specific program parameters. Some are more cleverly written than others
>> but the vast majority have already been beaten.
>
> Yes. But that's all. A single little bit cleverer malware sends out your
> credit card number through DNS. Your firewall does not help. It does not
> recognize it. You still need more effective means to protect your data
> which no security suite can provide.

You're basing your argument on a hypothetical malware and deficient AV and
firewall apps. Sorry, that strawman logic doesn't work. One of the reasons
for monitoring outbound traffic is precisely to stop unrecognized processes
from making connections, either to the internet or to other nodes on a LAN.
Firewall X might do this better than Firewall Y, Firewall Z might not do it
at all. Y may not be as good a firewall as X but it is still better than Z,
and even Z is better than nothing at all.

>> Anyway this thread seems to be missing the point. It's analagous to
>> saying that we shouldn't bother using crosswalks or crossing at the
>> lights because it is always possible that some idiot driver might ignore
>> the signals and run us down anyway. One side (anti-security) says avoid
>> the problem by never crossing a street, the other side (pro-security)
>> says use due caution and
>
> No. That is the wrong analogy. Noone ever said you can never cross the
> street.
>
> You say you have to install security firewall, i.e. you have to cross the
> street with the security installed, i.e. at the lights. You must not cross
> the street at any other place (i.e. without security) because you will be
> killed, i.e. it is impossible to cross the street at any other place
> except at the lights.

I never suggested certainty. The whole computer security issue is about
probabilities. There is a greater probability of being hit by traffic if you
don't use the crosswalks just as there is a greater probability of falling
victim to malware if you don't use security software.

> Others say, this is not true. You don't need the security software. You
> can cross the street wherever you want. The traffic lights won't prevent

Drivers do so love aggressive j-walkers... so many bonus points.

> you from being killed if all you do is to cross the street at the lights
> and never looking to the right or left. If you just start to walk when
> it's green you'll be eventually killed. There are a lot of nice drivers
> who stop at their red light but eventually you'll meet the one who does
> not.
>
> The alternative is not to rely on the lights. Don't trust the lights. The
> effective security is to switch on your brain and protect yourself looking
> to the left and right and making sure yourself it is safe to cross the
> street at this time and at this place. This effectively

You just described using due caution.

> protects you far better than relying on some software which tries to make
> the decision for you when it is safe to cross and when not.
>
> And once you have learned how to cross the streets safely at any place
> you'll figure that you don't really need the lights as they only slow
> down your computer. Then you'll see that there is no MUST to use a
> security software as there are other far more efficient means to protect
> you. Then you'll see that all those people you think they MUST cross at
> the lights tend to turn off their brains because everybody else does the
> same and they'll never think about what they could do to protect
> themselves as it is "too complicated" or because everybody says "it is not
> possible otherwise".
>
> That's the correct analogy if you want to use the "lights". Noone ever
> said you cannot cross the street. On the contrary. (I already know how you
> will now adjust your analogy but...)

There's no need to adjust my analogy. You haven't yet made a compelling
argument in favour of your position.. and I doubt that accident statistics
will support your contentions either. :)

>> cross with the lights. I use a firewall mainly to keep
>> unauthorised -people- out of my PC, AV and AS software to keep out or
>> kill malicious software.
>
> Anything that comes on to your computer first of all got there because of
> your action, i.e. your "invitation". But none of the security suites
> really deals with this fact nor

Blaming the victim?

>
> Gerald

Re: Norton vs Zone Alarm firewalls

In comp.security.firewalls RalfG wrote:
> "Gerald Vogt" wrote:
>> RalfG wrote:
>>> firewall may have the ability to block -any- application from
>>> sending email without explicit approval. Monitoring outbound traffic
>>> also entails
>>
>> Still, any application can send email without explicit approval if it
>> really wants to. That's the point which is usually not mentioned.
>
> In your preferred setup nothing prevents emails from being sent. With
> an appropriate firewall the firewall can block emails from being sent
> without user intervention.

The user's mail client is allowed to send mail. %OTHER_PROGRAM% utilizes
the user's mail client to send mail. How does the firewall prevent that?

No, trying to intercept IPC and then let the user decide is not an
option, because that kind of decision is *way* over a normal user's
head.

>>> differentiating the legitimate processes from suspicious ones or
>>> spoofs. All firewalls are not equal, but if the firewall is doing
>>> the job well it's not enough for a process to pretend to be
>>> "iexplore.exe" in order to pass the firewall, it has to be
>>> c:\program files\internet explorer\iexplore.exe, with additional
>>> identifying information, be it a specific version number, CRC etc.
>>> etc..
>>
>> An what keeps the malware from using the original IE to send out its
>> data?
>
> In your setup nothing, with many firewalls nothing as well, however
> there are firewalls which do monitor all processes that try to start
> other processes.

There's exactly no need at all to do that. Software Restriction Policies
already allow to define which programs may or may not be executed.

>>> Viruses aren't smart, they're all constrained to operating within
>>> specific program parameters. Some are more cleverly written than
>>> others but the vast majority have already been beaten.
>>
>> Yes. But that's all. A single little bit cleverer malware sends out
>> your credit card number through DNS. Your firewall does not help. It
>> does not recognize it. You still need more effective means to protect
>> your data which no security suite can provide.
>
> You're basing your argument on a hypothetical malware and deficient AV
> and firewall apps. Sorry, that strawman logic doesn't work. One of the
> reasons for monitoring outbound traffic is precisely to stop
> unrecognized processes from making connections, either to the internet
> or to other nodes on a LAN.

Instead of restricting the communication of unrecognized processes you
want to prevent unrecognized processes from being started in the first
place. That's what AV software and SRP do.

> Firewall X might do this better than Firewall Y, Firewall Z might not
> do it at all. Y may not be as good a firewall as X but it is still
> better than Z, and even Z is better than nothing at all.

Wrong, because this neglects the existence of exploitable bugs and
design flaws in the firewall software as well as the possibility of
intelligent malware.

>>> Anyway this thread seems to be missing the point. It's analagous to
>>> saying that we shouldn't bother using crosswalks or crossing at the
>>> lights because it is always possible that some idiot driver might
>>> ignore the signals and run us down anyway. One side (anti-security)
>>> says avoid the problem by never crossing a street, the other side
>>> (pro-security) says use due caution and
>>
>> No. That is the wrong analogy. Noone ever said you can never cross
>> the street.
>>
>> You say you have to install security firewall, i.e. you have to cross
>> the street with the security installed, i.e. at the lights. You must
>> not cross the street at any other place (i.e. without security)
>> because you will be killed, i.e. it is impossible to cross the
>> street at any other place except at the lights.
>
> I never suggested certainty. The whole computer security issue is
> about probabilities.

No. Computer security is about reliability. Which may very well be based
on probabilities, but only if you have some hard numbers. Which numbers
are the probabilities you're talking about based on?

> There is a greater probability of being hit by traffic if you don't
> use the crosswalks just as there is a greater probability of falling
> victim to malware if you don't use security software.

Pointless, unless you are able to quantify that.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Norton vs Zone Alarm firewalls

RalfG wrote:
> "Gerald Vogt" wrote in message
> news:ex5$zCVMIHA.1164@TK2MSFTNGP02.phx.gbl...
>> RalfG wrote:
>>> It doesn't need to be a virus. I did encounter that one time when
>>> accessing a web page unexpectedly triggered OE and the firewall blocked
>>> it. A
>> Which means again you went to that web page to start with. It was your
>> action which brought you there.
>
> Normal usage of the computer for browsing, yes. Staying off of the internet
> is almost certainly the best way to avoid trouble but that's just a tad self
> defeating.

I'll never understand why many people also jump to the "stay of the
internet". No one said so. It is your conclusion that it is inevitable
to come to such "bad" web pages. And that is simply not true. You can
browse the internet and with still avoid most of those pages.

>>> firewall may have the ability to block -any- application from sending
>>> email without explicit approval. Monitoring outbound traffic also entails
>> Still, any application can send email without explicit approval if it
>> really wants to. That's the point which is usually not mentioned.
>
> In your preferred setup nothing prevents emails from being sent. With an
> appropriate firewall
> the firewall can block emails from being sent without user intervention.

Yes. The firewall may be able to block emails from send with OE without
user intervention.

It cannot prevent some malware to put some mails into the outbox which
is send out the next time the user sends something out.

And it cannot prevent some malware sending out e-mail or other data
bypassing the firewall. If you want to get something out you'll get it
out even with the firewall in place.

>>> differentiating the legitimate processes from suspicious ones or spoofs.
>>> All firewalls are not equal, but if the firewall is doing the job well
>>> it's not enough for a process to pretend to be "iexplore.exe" in order to
>>> pass the firewall, it has to be c:\program files\internet
>>> explorer\iexplore.exe, with additional identifying information, be it a
>>> specific version number, CRC etc. etc..
>> An what keeps the malware from using the original IE to send out its data?
>
> In your setup nothing, with many firewalls nothing as well, however there
> are firewalls
> which do monitor all processes that try to start other processes.

Many people have a browser running at all times. You don't need to start
a process. You just have to make the other process do what you want.
That's not so awfully difficult.

>>> Viruses aren't smart, they're all constrained to operating within
>>> specific program parameters. Some are more cleverly written than others
>>> but the vast majority have already been beaten.
>> Yes. But that's all. A single little bit cleverer malware sends out your
>> credit card number through DNS. Your firewall does not help. It does not
>> recognize it. You still need more effective means to protect your data
>> which no security suite can provide.
>
> You're basing your argument on a hypothetical malware and deficient AV and
> firewall apps. Sorry, that strawman logic doesn't work. One of the reasons
> for monitoring outbound traffic is precisely to stop unrecognized processes
> from making connections, either to the internet or to other nodes on a LAN.

Again. IE, OE, and other installed applications on your computer are not
unrecognized processes. ping for example is a standard application. You
can simply enter

ping VISA12341234123412340108RalfGGG.badguy.example.com

And here goes your credit card... You'll never notice. At the same time
you run another process which you let get caught by the firewall to make
the user think it is all safe and he can continue...

I don't have to use unrecognized processes to send data.

And even "unrecognized processes" can trick the firewall.


> Firewall X might do this better than Firewall Y, Firewall Z might not do it
> at all. Y may not be as good a firewall as X but it is still better than Z,
> and even Z is better than nothing at all.

Good at blocking software you have installed and use to communicate: yes.

Good at blocking malware effectively: no.

>> You say you have to install security firewall, i.e. you have to cross the
>> street with the security installed, i.e. at the lights. You must not cross
>> the street at any other place (i.e. without security) because you will be
>> killed, i.e. it is impossible to cross the street at any other place
>> except at the lights.
>
> I never suggested certainty. The whole computer security issue is about
> probabilities. There is a greater probability of being hit by traffic if you
> don't use the crosswalks just as there is a greater probability of falling
> victim to malware if you don't use security software.

This is just plain wrong. I am far more safe if I open my eyes and make
sure that it is safe to cross the street then to rely on traffic lights.

Thus, why would you tell everybody to use the lights and it is
absolutely essential to use the lights when there is a far more
effective and safer method?

>> you from being killed if all you do is to cross the street at the lights
>> and never looking to the right or left. If you just start to walk when
>> it's green you'll be eventually killed. There are a lot of nice drivers
>> who stop at their red light but eventually you'll meet the one who does
>> not.
>>
>> The alternative is not to rely on the lights. Don't trust the lights. The
>> effective security is to switch on your brain and protect yourself looking
>> to the left and right and making sure yourself it is safe to cross the
>> street at this time and at this place. This effectively
>
> You just described using due caution.

Which is far more effective security.

>> That's the correct analogy if you want to use the "lights". Noone ever
>> said you cannot cross the street. On the contrary. (I already know how you
>> will now adjust your analogy but...)
>
> There's no need to adjust my analogy. You haven't yet made a compelling
> argument in favour of your position.. and I doubt that accident statistics
> will support your contentions either. :)

You started that analogy. I did not adjust it. You described it wrong.

The goal was to cross the street.

You use security software as aid just like traffic lights are a aid for
that.

I say you don't need the lights. You don't need the security software.

It is useless to discuss your analogy if you want the analogy to be that
not using security software equals not crossing the street. Because you
mix the aim with the tool which is supposed to help.

>>> cross with the lights. I use a firewall mainly to keep
>>> unauthorised -people- out of my PC, AV and AS software to keep out or
>>> kill malicious software.
>> Anything that comes on to your computer first of all got there because of
>> your action, i.e. your "invitation". But none of the security suites
>> really deals with this fact nor
>
> Blaming the victim?

Yes. If a person refuses to learn about security. If a person thinks it
only has to install a software suite to protect your computer. If a
person thinks with security suite in place everything is done which one
can possibly do to have security. If someone wants to dig in the dirt
he'll get dirty. If you are concerned about the security of your
computer and data you'll learn rules how to keep secure.

Gerald

Re: Norton vs Zone Alarm firewalls

Yes Gerald, I know I should be kind of ashamed to belong still to the
species who use ZA to some extend, but:

>Why again does it happen to so many people that there
>networking still does not work correctly after they have uninstalled
>ZoneAlarm? The stupid uninstaller forgot to remove the proxy setting
>in the internet settings... Hic. It was just not built to be
>uninstalled.

you are right , I can confirm it is so.

Re: Norton vs Zone Alarm firewalls

>I understand that you are trying to be helpful, but I have to disagree with
>you on the points that you have to reinstall windows to uninstall security
>software or that running a windows system without av or pfw is a good idea.

In fact I am very much surprised how kind they all were to you, how
decent the discussion went on this time.
When I placed one time a Q abt ZA, I thought I started WW3!

Re: Norton vs Zone Alarm firewalls

> My Zone Alarm Pro firewall subscription expires in a few days and I
> recently bought a Norton Internet Security 2008 package that contains a
> firewall.
> I currently have the Norton firewall turned off and just use the Zone
> Alarm Pro firewall.
> I don't use the Win XP firewall because I heard that it's not a good idea
> to have several firewall on at the same time.
> We get internet through a Belkin pre-N wireless router that is supposed to
> have some sort of firewall built in and that one is turned on.
> My computer connects to the router with an ethernet cable and my son's
> computer uses a Belkin N usb wireless adapter. They both have the same
> current setup I describe regarding firewalls.
> Can anyone please advise on whether the Zone Alarm Pro firewall is any
> better than the Norton firewall in my situation?
> Should I renew the Zone Alarm Pro subscription or uninstall it when it
> expires and turn on the Norton firewall?
> Thanks for any advice.

Specifically with regard to your question I think an important part of the
answer is which firewall software you are more comfortable with. By that I
mean which product's interface and features make the most sense? Firewalls
have many features which can be often be configured in multiple ways. The
more you understand the product the more likely you will configure it
optimally and get the best protection. Zone Alarm is a good choice if you
want to be involved. On the other hand, some folks prefer security software
that requires as little user interaction as possible and the Norton products
are a good choice in that case because by default they handle a lot of the
decision making. I'm not familiar with the firewall included in NIS 2008 so
I can't comment specifically on it, but it did get a very good review at
pcmag.com. Hope this helps.

Re: Norton vs Zone Alarm firewalls

"Kayman" wrote in message
news:1vmjr84gxn0np$.tn0yxpzuscii.dlg@40tude.net...
>
> It is important that administrators follow the rule of least privilege.

Definitely.

Re: Norton vs Zone Alarm firewalls

"Ansgar -59cobalt- Wiechers" wrote in message
news:fika9uUka3L1@news.in-ulm.de...
> In comp.security.firewalls RalfG wrote:
>> "Gerald Vogt" wrote:
>>> RalfG wrote:
>>
>> One of the
>> reasons for monitoring outbound traffic is precisely to stop
>> unrecognized processes from making connections, either to the internet
>> or to other nodes on a LAN.
>
> Instead of restricting the communication of unrecognized processes you
> want to prevent unrecognized processes from being started in the first
> place. That's what AV software and SRP do.


I think you are both correct. Doing both makes it more difficult for
malicious software to work. Doing one without the other can be a
vulnerability.


Note: I am sorry that I had to add the other newsgroups back into the list
of recipients of this, but I am unable to send to just
comp.security.firewalls.

Re: Norton vs Zone Alarm firewalls

"Gerald Vogt" wrote in message
news:eN$4UbhMIHA.4476@TK2MSFTNGP06.phx.gbl...
>
> It cannot prevent some malware to put some mails into the outbox which is
> send out the next time the user sends something out.

Outlook Express won't send anything without some user involvement. In the
past, it was possible for unauthorized software to spread themselves in the
manner you describe but now Microsoft does not allow it. Certainly there is
potential for sophisticated software to bypass such things, but if it were
as easy as you say, we would sure hear about it.

Windows, at least prior to Vista, is surprisingly vulnerable to software
that is allowed to execute in a system. It is so vulnerable that it is
nearly impossible to make a system totally safe from software running in a
system. There are many ways for software to inject a DLL or other code into
another process. Good antivirus software will catch most of those, and
detection of injection is a critical way to catch most malicious software
and that is how antivirus software might also catch many valid utility
software.

Regardlous, use of OE in the manner you describe is not as easy as you
indicate.

Re: Norton vs Zone Alarm firewalls

Post removed (X-No-Archive: yes)