Re: ZoneAlarm shuts down my DSL connection

jdarylh1@xxxxxxxxxxx wrote:
> "It should be noted that Windows Firewall is not as secure as MS would
> want you to believe since it does half the job a commercial firewall
> would do; which is to block both incoming and outgoing traffic. Windows
> Firewall only blocks or patrols incoming traffic and it can be easily
> turned off by another application, possibly a worm."
>
> You can read the whole article as well as testing results at:
> http://www.flexbeta.net/main/articles.php?action=show&id=76

This is ridiculous crap of people who obviously don't understand how
either TCP/IP and Windows are working.

| Stealth Test
| The stealth test checks to see if your computer is visible to the
| outside by sending packets to TCP:1 port on your machine. A good
| firewall should stealth your system from this connection attempt.

There is NO SUCH THING like "stealth" in the Internet. Either a host
does exists or it doesn't. In the latter case the last router *before*
that host will reply with a "destination unreachable" or "network
unreachable" ICMP message. In any other case you know that there is a
host.

| [...] So how important is it for a firewall to block both incoming and
| outgoing traffic? It is very important. Imagine you install a file and
| God forbid it contains a Trojan. Windows Firewall will let the Trojan
| connect and your PC will just be another zombie ready for orders to
| attack. Another draw back to Windows Firewall is that rival firewall
| makers claim that the API used to manage the Windows Firewall could
| also be used by attackers to modify the software or turn it off [...].

Bullshit. To disable or reconfigure the Windows-Firewall through the API
one needs administrative privileges, in which case one can do anything
on that host anyway [1,2]. With ANY software, including other personal
firewalls. And if malware really tries to bypass a personal firewall,
none of them will be able to prevent it from doing so [3].

> My AlphaShield hardware firewall blocks incoming (all ports except the
> one I'm using), I'm looking for a block for unauthorized outgoing.

That simply cannot be done reliably.

[1] http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
[2] http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx
[3] http://copton.net/vortraege/pfw/en.html

cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
.

Relevant Pages

  • Re: Cant download files with IE 6
    ... I do not have the windows firewall ... running a firewall, i don't know what that is. ... i do know that the "host" ... # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: Internet Explorer cannot display the web page
    ... "daviedoug" wrote: ... My wife's is connected via the Network. ... Firewall off and done the installation?. ... I don't know what you mean with windows Firewall, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Setup Error when connecting Xbox 360 to MCE2005 PC
    ... Attempt to add your Xbox 360 again via the Media Center Extender Manager ... but receive the Setup Error (stating problems with the firewall ... Microsoft KB911728 for opening ports and allowing traffic to/from XBox ... Unable to open ports in the Windows firewall. ...
    (microsoft.public.windows.mediacenter)
  • Re: Outpost firewall wont run
    ... the Windows Firewall in XP does a fantastic job ... Deconstructing Common Security Myths. ... Don't fall for software applications touted in publications relying on ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Firewall =?ISO-8859-15?Q?f=FCr_Netbook=3F?=
    ... "Windows Firewall" bezeichnet wird und nicht in einen Topf mit PFWs ... Artikel über Personal Firewall. ... Aktionsmöglichkeiten abdecken will und das ONU auch noch klarmachen ...
    (microsoft.public.de.german.windowsxp.networking)