Re: Zonealarm / Email

From: Ryan P. (rpaque_at_delete.this.part.wi.rr.com)
Date: 10/06/05


Date: Thu, 06 Oct 2005 18:48:14 GMT

Volker Birk wrote:
> Ryan P. <rpaque@delete.this.part.wi.rr.com> wrote:
>
>> I prefer just shutting down all the extra services rather than using
>>Windows Firewall.
>
>
> So am I. http://www.dingens.org ;-)
>
>
>> Zone Alarm also has many features that WF does not
>>have, namely the ID lock, pop-up blocker, and active spyware monitor.
>
>
> To active spyware monitor:
>
> Usually, it's very difficult for lusers to handle an IDS, and they're
> failing regulary with acting on information of an IDS. But of course,
> one could use it, if one knows what to do.
>
> An IDS which runs on the same box as the spyware and even opens windows
> like active spyware monitor has a design flaw, of course, because like
> Chippy's autoclicker it's very easy to twit such an ridiculous IDS.
>
> Like an virus scanner, this should be run to search the hard disk offline,
> not booted from the same system. But I personally think, a virus scanner
> should be enough, because usually they're recognizing spyware, too.
>
> A pop-up blocker is with every graphical browser which should be mentioned
> for years now. So this is useless.
>
> First, ID lock is completely useless, if data is send out encoded or even
> encrypted, but not plain. If I would hack a malware, this would be my idea,
> of course. So for blocking already running malware on the box ID lock is no
> solution at all.
>
> ID lock is counterproductive, if one abuses it to remotely find out the
> protected data. This is, because the idea behind ID lock means totally
> misunderstanding the basics of data security.
>
> If you want to hide information, you may NOT filter it out of every
> data stream, because then the MISSING information is the one to hide.
>
> It's easier to purely remotely attack the corresponding feature of Symantec
> Norton, though, because this just filters out, and you can send all numbers
> between 0000 and 9999 in hidden fields in a POST for example, and Norton
> will help you by removing the bank PIN of the user - which you know
> afterwards.

  I never keep anything like passwords or PIN numbers anywhere on my
computer. Truely sensitive information should be kept completely
offline accessible ONLY to the person sitting at the desk on which the
computer sits. This includes passwords as well as PINs, account
numbers, etc.

  Its been a while since I've read the ZA take on it, but I don't
beleive they intend for you to store sensitive data in the ID lock.

>
> With Zonealarm's ID lock it's a little bit more tricky, because you have
> to make many single requests, because by clicking "no" the user blocks
> one complete transmission.
>
> So ID lock is mainly useless, only a little bit dangerous to have.
>
> As a result I must state, that all what you alleged is completely useless
> for a security system if not counterproductive.
>

  There are certain e-mails that come through that mine your
browser/email client for your e-mail address, and then sends them back
to a clearinghouse.

  Putting your e-mail address in the ID lock is a simple way to catch this.

  As you said though, if anyone with skill truely wants in on your
computer, they will get in. A software firewall will not stop them, nor
will a router. Of course, neither will a hardware firewall either.

>
>> Nothing is as good as a hardware firewall, or even a router.
>
>
> I really don't understand this. Why are so many people here believing
> in routers as security devices? Why not just having a differentiated view
> on them?

  I did not say they were the same thing. I said "or even a router"
meaning that it is much better that having nothing or just the windows
firewall enabled.

  One should also use some common sense when worrying about security.
If you don't have any truely sensitive material on it, you don't need
elborate security. Grandma, who only uses her computer to e-mail the
kids once in a while, only "needs" enough security to prevent her
machine from becoming a zombie to some spammer.



Relevant Pages

  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • Re: The Myth of the secure Mac
    ... You are screwed only if you use Outlook. ... >> 1) You fail to apply necessary recommended security patches after ... >> 3) In the case of a firewall, ... >> attached as common Windows files) Make sure this Junk Mail is moved to ...
    (comp.sys.mac.advocacy)
  • Re: Antivirus Programs
    ... Shenan-you wrote an excellent security book. ... >> May I install Norton AntiVirus and McAfee Security on my ... > Windows is not the only product you likely have on your PC. ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Microsoft Windows Network & Web Client Network - somebody connected to my computer?
    ... I use Windows XP. ... Doing the best I can at absorbing the necessary information about security. ... > UPDATES and PATCHES ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Messenger Service security breach
    ... > The attached graphic is an example of a Windows security ... > We've put off installation of a firewall appliance between ... > could plug the security holes on individual computers. ... downloading and installing MyNetWatchman or Dshield. ...
    (microsoft.public.security)