Re: ZoneAlarm blocks FTP apps

From: Jason Edwards (none1_at_invalid.invalid)
Date: 01/26/05


Date: Wed, 26 Jan 2005 19:00:57 -0000


"Melvin Klassen" <Klassen@UVic.CA> wrote in message
news:edkDsTLBzWmk-pn2-md7dqdMBwkpz@localhost...
> On Mon, 24 Jan 2005 19:24:42, "Jason Edwards" <none1@invalid.invalid>
> wrote:
>
> > > >>> Turn on the Windows XP Firewall, and turn off the Zone Alarm
firewall.
> > > >>
> > > >> Hahaha, yeah right! :)
> > > >
> > > > Try it. It works.
> > >
> > > Yes, but my PC's security is compromised greatly as a result.
> > > The Windows Firewall only protects data in one direction (in).
>
> If your PC is compromised, it is compromised,
> and ZoneAlarm may possibly prevent "rogue" applications
> from accessing the Internet (if the compromise hasn't compromised
> Z.A.).
>
> If your PC is not compromised, then you don't need ZoneAlarm
> acting as a "border-guard" to prevent traffic from going "out"
> of your computer without your knowledge/permission.

That's one reason why I don't use it.

>
> > Can you elaborate a bit more on what you mean by data in one direction.
>
> ZoneAlarm looks for "unsolicited" traffic,
> from the Internet to your IP address,
> and from your PC out to the Internet.
>
> > The PC I'm sitting at has the XP firewall turned on, but I'm still able
to view web pages so there must be data coming in. Why didn't the firewall
stop it?
>
> Hopefully, it was _you_ who sent IP-packets through the XP firewall to
> one IP-address on the Internet.

Nope it was my computer :)

> The XP firewall "poked-a-hole" in itself to allow that one IP-address
> to send "response" IP-packets to your computer.

Sounds very painful to me :)

>
> Similarly, you could telephone a telemarketer, but you wish that your
> telephone would block "unsolicited" calls from a telemarketer.

That's not a bad way to put it.
Note that once the call is established then data (talking) can flow in
either direction in both of your cases above.

> The XP
> firewall does block such "unsolicited" traffic.

It blocks unwanted incoming calls.

> ZoneAlarm would ask
> you for permission to complete a telephone call to a 1-900-HOT-SEX
> number that your teenager would try to place, but the XP firewall
> would not intervene in that case.

But if I were that teenager I would tell ZA to allow the outgoing call
anyway.

Thanks for attempting an explanation that the average ZA user can
understand.
I've tried this myself in the past but it usually just goes in one ear and
out the other.

Jason

>
>



Relevant Pages

  • Re: Root access removed
    ... >>The simple answer to this is that for systems connected to the internet, ... misconfigured firewall) and a root kit installed. ... >>compromise later on if the PC is connected to a network. ...
    (Fedora)
  • Re: firewalling and dmz - hmmmm...
    ... > A compromise of the first firewall or of a computer in the DMZ does not ... > on that server. ... > DMZ and the internet. ...
    (comp.security.firewalls)
  • Re: ZoneAlarm blocks FTP apps
    ... from accessing the Internet (if the compromise hasn't compromised ... If your PC is not compromised, then you don't need ZoneAlarm ... The XP firewall "poked-a-hole" in itself to allow that one IP-address ...
    (comp.security.firewalls)
  • Re: avast
    ... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.general)
  • Re: XP NOT RESPONDING
    ... Did you have a firewall going before connecting to the internet? ... Microsoft has these suggestions for Protecting your computer from the ... Why you should use a computer firewall.. ... are pay - some you can only download if you are registered - but it is best ...
    (microsoft.public.windowsxp.setup_deployment)