Confused, really confused...

From: sponge (yosponge@yahoo.com)
Date: 03/17/03


From: yosponge@yahoo.com (sponge)
Date: 16 Mar 2003 22:48:58 -0800

On 16 Mar 2003 21:50:07 -0800, VaKo@minley2.demon.co.uk (VaKo) wrote:

>I've been running Zone Alarm in various forms now for over a year,
and
>thought it was doing a good job. But i've been told that is crap
>compared to BlackICE, but I've also read that BlackICE is not a
proper
>firewall, its more of a intrusion detector. Which to be honest i
don't
>really understand. Whats the difference?
>
>At the moment i'm running Zone Alarm Pro and BlackICE together (i
also
>read that this is a good idea) but i've heard that Tiny Personal
>Firewall 4.5 is better.

TPF is apparently good albeit a bit buggy. It's sandboxing features
are nice.

>Other things i've noticed. If i run zone alarm or blackice or both,
my
>IP can be seen on a port scanner (this is me scanning myself). But if
>i run Tiny Personal Firewall 4.5 it can't be seen. Is TPF better? Or
>is it doing something else?

I'm not sure what you mean. Your IP can ALWAYS be seen unless you are
using some kind of web proxy (in which case the proxy sees it.) The
question is, can any ports be seen to be open to TCP or UDP? If so,
then something's not right. Try the tests at pcflank.com or sygate.com

>If i run TPF Kazaa Lite cannot connect. I think this is because i
>don't know enough to set the rules correctly. Is there a guide to
>setting them up somewhere?

Create a rule to allow KL access to the net. Then, set a remote port
of 1214 or your choosing. Depending on the version of KL, you may be
able to assign it another port than 1214. Whatever you do, make sure
KL's allowed remote port and the on in the Tiny rule match. You
generally have to allow KL to use any local port between 1024 and
49151 (actually, 10000 will do.) I'm not sure if KaZaa needs UDP, so
try setting it to allow TCP out only.

>Where can i read up on PC sercuity so i understand more about this
>all?

www.pcflank.com has some good firewall configuration into along the
left side of the page. Pardon me for plugging my own site, but if you
are a noob, it can help. It's in my sig line.

>And finaly, for someone who just wants to be sure that his PC is safe
>from bored computer studies students and your mate with portscanners
>scanning you all day what out of BlackICE, Zone Alarm Pro and Tiny
>Personal Firewall would stop them.

Mainly, they stealth your presence and also disallow many kinds of
network-based attacks. They also protect against some kinds of spyware
running on your system, which is probably a far more significant
threat. Firewalls don't help much against spyware that embeds itself
in IE or other trusted applications, so you need to use cleaners like
SpyBot and Ad-Aware 6 (both) and just be very careful about both what
you download and what info you give out on the net. I do have a list
of filters than prevents spyware from phoning home, but they are set
up for Kerio and might not be importable into TPF 4.5 (although since
Kerio started out as Tiny, TPF 4.5 may still be backwards compatible).
Firewalls will also not protect against many of the various browser
exploits, as these occur at a higher level than where the firewall is
working.

There are a few things you can do to harden your operating system to
make it immune from certain attacks, like turning off File & Print
Sharing (Universal Plug N Play in XP).

A lot of the worst stuff can be prevented by simply not using Internet
Explorer and Outlook or minimized by properly securing them.

Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge



Relevant Pages

  • Re: Confused, really confused...
    ... > i run Tiny Personal Firewall 4.5 it can't be seen. ... Your IP being seen or not being seen by some port scanner means nothing. ... BlackIce's job is to protect the *open* ports from attacks that can be found ... BlackIce does have a firewall that can be controlled ...
    (comp.security.firewalls)
  • Re: Port 4662 is not reachable and eMule
    ... > I get this message even I stop the firewall. ... And I believe that port 4662 is an inbound port that must be ... the machine and limit what you do out there on eMule. ... I or someone else will help you to set the firewall rules in BlackIce. ...
    (comp.security.firewalls)
  • Re: a question about port scan
    ... Since Blackice is not a microsoft product, you would get better advice from ... I might suggest installing Sygate firewall on ... > know newsgroups to which I should post. ... And it blocks me because there are too many port scans ...
    (microsoft.public.security)
  • Re: a question about port scan
    ... Since Blackice is not a microsoft product, you would get better advice from ... I might suggest installing Sygate firewall on ... > know newsgroups to which I should post. ... And it blocks me because there are too many port scans ...
    (microsoft.public.win2000.security)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)