Re: Zonealarm / Email
From: Ryan P. (rpaque_at_delete.this.part.wi.rr.com)
Date: Thu, 06 Oct 2005 18:48:14 GMT
Volker Birk wrote:
> Ryan P. <email@example.com> wrote:
>> I prefer just shutting down all the extra services rather than using
> So am I. http://www.dingens.org ;-)
>> Zone Alarm also has many features that WF does not
>>have, namely the ID lock, pop-up blocker, and active spyware monitor.
> To active spyware monitor:
> Usually, it's very difficult for lusers to handle an IDS, and they're
> failing regulary with acting on information of an IDS. But of course,
> one could use it, if one knows what to do.
> An IDS which runs on the same box as the spyware and even opens windows
> like active spyware monitor has a design flaw, of course, because like
> Chippy's autoclicker it's very easy to twit such an ridiculous IDS.
> Like an virus scanner, this should be run to search the hard disk offline,
> not booted from the same system. But I personally think, a virus scanner
> should be enough, because usually they're recognizing spyware, too.
> A pop-up blocker is with every graphical browser which should be mentioned
> for years now. So this is useless.
> First, ID lock is completely useless, if data is send out encoded or even
> encrypted, but not plain. If I would hack a malware, this would be my idea,
> of course. So for blocking already running malware on the box ID lock is no
> solution at all.
> ID lock is counterproductive, if one abuses it to remotely find out the
> protected data. This is, because the idea behind ID lock means totally
> misunderstanding the basics of data security.
> If you want to hide information, you may NOT filter it out of every
> data stream, because then the MISSING information is the one to hide.
> It's easier to purely remotely attack the corresponding feature of Symantec
> Norton, though, because this just filters out, and you can send all numbers
> between 0000 and 9999 in hidden fields in a POST for example, and Norton
> will help you by removing the bank PIN of the user - which you know
I never keep anything like passwords or PIN numbers anywhere on my
computer. Truely sensitive information should be kept completely
offline accessible ONLY to the person sitting at the desk on which the
computer sits. This includes passwords as well as PINs, account
Its been a while since I've read the ZA take on it, but I don't
beleive they intend for you to store sensitive data in the ID lock.
> With Zonealarm's ID lock it's a little bit more tricky, because you have
> to make many single requests, because by clicking "no" the user blocks
> one complete transmission.
> So ID lock is mainly useless, only a little bit dangerous to have.
> As a result I must state, that all what you alleged is completely useless
> for a security system if not counterproductive.
There are certain e-mails that come through that mine your
browser/email client for your e-mail address, and then sends them back
to a clearinghouse.
Putting your e-mail address in the ID lock is a simple way to catch this.
As you said though, if anyone with skill truely wants in on your
computer, they will get in. A software firewall will not stop them, nor
will a router. Of course, neither will a hardware firewall either.
>> Nothing is as good as a hardware firewall, or even a router.
> I really don't understand this. Why are so many people here believing
> in routers as security devices? Why not just having a differentiated view
> on them?
I did not say they were the same thing. I said "or even a router"
meaning that it is much better that having nothing or just the windows
One should also use some common sense when worrying about security.
If you don't have any truely sensitive material on it, you don't need
elborate security. Grandma, who only uses her computer to e-mail the
kids once in a while, only "needs" enough security to prevent her
machine from becoming a zombie to some spammer.