Re: ZoneAlarm blocks FTP apps

From: Jason Edwards (none1_at_invalid.invalid)
Date: 01/26/05

Date: Wed, 26 Jan 2005 19:00:57 -0000

"Melvin Klassen" <Klassen@UVic.CA> wrote in message
> On Mon, 24 Jan 2005 19:24:42, "Jason Edwards" <none1@invalid.invalid>
> wrote:
> > > >>> Turn on the Windows XP Firewall, and turn off the Zone Alarm
> > > >>
> > > >> Hahaha, yeah right! :)
> > > >
> > > > Try it. It works.
> > >
> > > Yes, but my PC's security is compromised greatly as a result.
> > > The Windows Firewall only protects data in one direction (in).
> If your PC is compromised, it is compromised,
> and ZoneAlarm may possibly prevent "rogue" applications
> from accessing the Internet (if the compromise hasn't compromised
> Z.A.).
> If your PC is not compromised, then you don't need ZoneAlarm
> acting as a "border-guard" to prevent traffic from going "out"
> of your computer without your knowledge/permission.

That's one reason why I don't use it.

> > Can you elaborate a bit more on what you mean by data in one direction.
> ZoneAlarm looks for "unsolicited" traffic,
> from the Internet to your IP address,
> and from your PC out to the Internet.
> > The PC I'm sitting at has the XP firewall turned on, but I'm still able
to view web pages so there must be data coming in. Why didn't the firewall
stop it?
> Hopefully, it was _you_ who sent IP-packets through the XP firewall to
> one IP-address on the Internet.

Nope it was my computer :)

> The XP firewall "poked-a-hole" in itself to allow that one IP-address
> to send "response" IP-packets to your computer.

Sounds very painful to me :)

> Similarly, you could telephone a telemarketer, but you wish that your
> telephone would block "unsolicited" calls from a telemarketer.

That's not a bad way to put it.
Note that once the call is established then data (talking) can flow in
either direction in both of your cases above.

> The XP
> firewall does block such "unsolicited" traffic.

It blocks unwanted incoming calls.

> ZoneAlarm would ask
> you for permission to complete a telephone call to a 1-900-HOT-SEX
> number that your teenager would try to place, but the XP firewall
> would not intervene in that case.

But if I were that teenager I would tell ZA to allow the outgoing call

Thanks for attempting an explanation that the average ZA user can
I've tried this myself in the past but it usually just goes in one ear and
out the other.