Re: Best free firewall software Kerio vs. Zone Alarm?
From: Bob Ladbury (rladbury_at_kittymail.com)
Date: 12 Feb 2004 10:49:44 -0800
Markus Kraus <email@example.com> wrote in message news:<firstname.lastname@example.org>...
> On Thu, 12 Feb 2004 11:36:38 +0000, Geoff Lane wrote:
> >I thought IP tables and Personal FWs were basically different, IP
> >tables will not tell you if a particular application is trying to make
> >an outgoing connection
> Personal FWs are not reliably able to tell you that either. They claim
> they can, but that's just marketing blabla. Only applications that use
> the "official, nice way" to talk to the internet (by using the OS's IP
> stack, for example) can be monitored by a PFW.
My ZoneAlarm seems to be able tell me instantly if any application is
trying to make an outgoing connection. Any program that even thinks
about contacting the web is flagged by ZA, which spits out a warning
before I've even fully installed the program or realized its trying to
access the net. Another program I was looking at, Outpost, claims to
monitor at the "lowest level of the OS". So if I'm not mistaken, it
means a program doesn't have to "talk in a nice official way" to be
flagged by Outpost. Here's the blurb:
"Firewall engine resides on the lowest possible level of the operating
system, allowing Outpost filter RAW_SOCKET and direct packet sending
into drivers, thus bypassing the TCP/IP stack."
> Experience shows that the "bad programs" use more subtle approaches to
> talk to the internet, by bypassing PFWs. So PFWs even gives the user a
> false feeling of being secured, because that PFW is able to hinder an
> MS application to connect to the web in order to look for program
> updates, so users think it works with any application.
> Best regards,