Re: Best free firewall software Kerio vs. Zone Alarm?
From: Bob Ladbury (rladbury_at_kittymail.com)
Date: 13 Feb 2004 02:13:02 -0800
Markus Kraus <email@example.com> wrote in message news:<firstname.lastname@example.org>...
> On Thu, 12 Feb 2004 13:40:16 -0800, Markus Kraus wrote:
> >On Thu, 12 Feb 2004 22:10:44 +0100, bobas007 wrote:
> >>You are wrong.
> >Sure, that possibility exists. No doubt about that.
> >>Many of pfw will block Firehole now.
> >I tested NIS 2004, and it doesn't.
> Ah, I just noticed that BlackICE's intrusion detection system notices
> it (it alerts about that suspicious firedll.dll in the browsers'
> address space).
> Best regards,
Well, I tried your firehole test and Zone Alarm failed it with flying
colors. It started my Opera browser started without ZA flinching. So I
started looking at other firewall software. I installed the free ver.
of Sygate. It looked to be more powerful than ZA, and its one of those
new apps that overcomes the firehole problem with a switch called
anti-app hijacking. It was a lot more powerful and complex than ZA
(which isn't saying much). However, WHILE I was sitting there reading
some firewall sites on the web, I got infected with the Worm32 virus.
I noticed something was amiss when my computer would continually
reboot, with an "RPC" message. I guess you could say this was Sygate's
moment in the sun, its "chance to shine". Which it failed miserably.
Apparently, the only way I could have got this worm was through an
open port (135, especially). Thing I don't get is that after I removed
it, I went to Steve Gibson's GRC site, ran the complete port test (up
to about 1,038, which would include ALL ports the Worm32 virus
attacks). It said Sygate was stealthing ALL ports. Someone's not
telling me the truth. At any rate, even if Sygate didn't allow the
virus through, I still didn't like it much. It kept complaining about
suspicious DLL's, and then when I would disallow their use and
something wouldn't work (ie. web downloads), I couldn't see any option
in the program that would re-allow the DLL to be accessed. So I had to
actually reboot the system to get my apps to properly access the net.
I now have 3 more choices that I'm looking at; the latest Kerio,
BlackICE and Tiny Personal Firewall 5.5. They both can handle the app
hijacking problem. Tiny looks to be the most complex of all of them,
and may not have some productive features that Sygate or BlackIce
have. BUt since it is pretty powerful, perhaps it may be a keeper.