Remote Denial of Service Vulnerability in BlackICE Products

When will people realize the best (and FREE) personal firewall software is ZoneAlarm? I'm not affiliated with ZA in any way but I am a huge advocate of their product for home/small office use.

 

Is it? Why? In what way is ZA better than TPF or Oupost?

 

Check out what Steve Gibson has to say about other personal firewall products and you'll see why I think ZoneAlarm is the best.

 

I would also like to know why it is best ?

And not just because it is free either. It may be the better FREE one but stil not be the best overall.

Is it really better than Norton Internet Secuity ?

I found it not to be.

I use NIS and even Mr Gibson reports all ports tested to be in the "STEALTH" mode.

How well any of them behave has a lot to do with the user and how well they keep things updated.

And which one works best may well depend on the machine and setup of same.

 

The following is a (very slightly OT) post which I copied from comp.security.firewalls which deals with Steve Gibson's assessment of ZAF/ZAP and BID. It's quite an interesting read:-

 

don't think you're 100% safe just because you plunk down $40 for Zone, BlackICE, Sygate, Tiny or any firewall.

Thank you Brett.

Like the SubSeven Brett mentioned, this **** will will ride in on what is supposed to be clean software. ESPECIALLY DOWNLOADED stuff

It is not blocked by the Firewall because it is not a driect attack.

The lines below also come from grc.com after testing my Slields


Before You Break Out
the Champagne...

***********

What I could NOT do today,
I MIGHT be able to do tomorrow.

************

A FALSE sense of security
is worse than being unsure.
------------------------------------------------------

It is of my own opinion that to keep our machines as clean as possible it takes;

Something such as Ad-Aware to clean out the SypWare that may get in from the Net and STORE BOUGHT software.

An Anti-Virus program running constanly and one that can be set to check e-mail BEFORE it gets to the inbox. ( after may be too late ) A couple of days ago 3 out of 6 of my e-mails had a virus in them. Thank you NAV for catching them.

Some of the newer AV programs have the capabliity of checking e-mail before it goes out. ( great addition ) I know NAV 2002 does.

A firewall running at all times to close as many ports as possible ( hopefully all ) and block attacks.

Something such as Cleaner3 to find and clean up any Trojan that might sneak through on Store Bought or downloaded software.

If we are on a DSL or Cable Modem the above become more important.

And most important of all, the above MUST BE KEPT UP TO DATE.

I know that running AV & a Firewall does use up a few resources. ( 8 on this machine ) But the protection they provided is well worth it.

AV & Firewall software may ( if purchased ) $70. But if they block just one Virus or Trojan it can save 100s of $$$$$$ in lost time and/or data and aggrevation in cleaning up the machine.

BillyBob

 

I simply scan on-demand using (the free) F-Prot for DOS which actually has a better detection rate than many "pay-for" products. I'm quite careful anyway about what I let onto my machine and for e-mail use The Bat! as it is somewhat more secure than the standard MS client.

I haven't had a misshap yet!

*fingers crossed*

 

Awesome post, brett! I stand corrected on Steve Gibson's assessment. I think he has some valid points but I agree with the statement,

I think the real key to the best virus/firewall protection is how savvy the user is. No software can ever guarantee that your computer will never be infected or hacked because all it takes is someone not paying close enough attention to an alert or an attachment. I keep my software up to date but I'm also aware of everything coming and going from my PC.

 

I myself Use Eudora which also seems to be a somewhat more secure than Outlook Express or Outlook ( neither of which are even on any of my machines )

I simply scan on-demand using (the free) F-Prot for DOS

Would the version of Windows being used have any effect on whether you could run that or not ?

I ask because Win95 thru 98SE have good DOS capabilities. But I find that ME was not as good for running DOS.

I had ME for awhile but went back to the original 98 because it seems to handle DOS software better.

Plus I was referring more to the average everday user that just starts up the machine and goes.

I was in a Computer ( well known chain ) store awhile back and overheard a customer mention DOS. The reply from the Salesperson was, DOS ! What is that ?

BillyBob

 

Yes. F-Prot will only run under Win9X and NT and on *nix machines. This is one of the reasons that I've remained with 98 rather than moving onto XP.

 

Thanks Brett.

That answer is prettty much what I expected.

And I have stayed with 98 for the same reason. Not the actuall software but for the DOS capabilities.

Hulka

I will 2nd, 3rd and 4th your paragraph regarding a great deal of the success ( or failure ) of AV/Firewall resting right at the tips of the fingers that operate the keyboard.

BillyBob

 

Scott:

I'll "fifth "(?) BillyBob's comments in relation to the above!

My intention in posting that usenet article was not to knock Steve Gibson, but rather to highlight the fact that SG is simply an individual and his opinions as to how good a piece of software may (or may not) be are invariably going to be contradicted by others. I am satisfied that SG is one of the "good guys" and, if nothing else, has raised awareness as to security related matters. His advice is pretty solid and by following his suggestions a person will only enhance their security (that is not to say that his suggestions are always the best suggestions!). SG does, however, to my mind at least, tend to promote ZAF/ZAP rather more vigorously than is appropriate for a supposedly independent person and as he has a fairly high profile his views do tend to be noted and followed.

ZAF and ZAP are not bad products; neither are they necessarily "the best ". What is "the best" will, as has already been pointed out above, depend on the users needs, level of knowledge and what sits comfortably on his or her system.

In my opinion, both TPF and Outpost (linked to above) are better options for the average user than either ZAF or ZAP. I would explain the reasons for my making this assertion, but time presses!

 

... which would appear to be quite unusual; I've on several occasions seen people viciously flamed on other boards and NG's for daring to question the wisdom of the great SG!

As I said in my previous post, I don't consider SG's self-serving scaremongering (oops ... typo ... I meant to write "advice" rather than "self-serving scaremongering" ... now how did that happen?) to be bad; it's just not always as good or as accurate as it could be. An example of this is this assertion by SG (which rather mystifies me):-

TPF is not difficult to use! It is lighter on resources than ZAF/ZAP, has none of the ZAF/ZAP uninstallation issues of which I regularly hear mention and, for the more advanced user, offers greater configurability than ZAF/ZAP whilst still remaining quite easy for a relative novice to set up. So why does SG review TPF in such a way as to frighten off all those who do not consider themselves to be experts when it comes to "firewall rules, ports, protocols, etc "? Furthermore, I'm not sure that ZAF/ZAP are in fact any easier to configure than TPF. ZAF/ZAP ask (something along the lines of ) of, "Do you wish to allow this application to act as a server? ". How many inexperienced users would know what this actually means and understand what the implications of assigning server rights may be? It's been quite some time since I last looked at ZA's FAQ, but when I did last peek this was certainly not well explained! I also don't like the words, "If Tiny's firewall works on your system ". Why wouldn't it work? This seems to imply that there is quite a good chance that TPF will not work on your system whereas ZAF/ZAP will. Pah!!!

Rant over

 

Heck, I never believe most of what I read on the softwares web page or whatever anyway.

Half of the time they are just knocking the other guy down and claim they are #1. And they ain't got the faintest idea how my machine is setup or what my personal preferences are.

I believe more of what I read on this site. Because it is coming for USERS that have used or at least tried it and can give us the real life problems ( or lack of ) about it.

I just read what the software has to offer and see if it might do what I want it to.

I try to see if the software setup is adjustable to my liking or do I have to except their defauts. This can be a tough one as most times it has to be installed before this can be checked.

I don't care whose software it is, some of it depends a great deal on whether it is compatable with the machine, the OS and other software on same.

It depends on whether it installs properly or not. This may depend somewhat on what is running in the background during the install. That would be a user created problem.

I will not say ZA is best or worse. I will not say Norton is the best just because I use it. I will say that I did not care for ZA. I will say that I have had no problems with NIS. And I feel it best for me.

I will also say that for Arie, Brett, or Hulka, It could be the other way around. Because we all have different machines and different proferences.

One thing I will say FROM EXPERIENCE. It IS NOT a good idea to install NIS and allow it to Auto create its own rules.

Most of the software mentioned during this post I have no idea as to whether it is good or bad so I won't say anything about them.

Machine specifics and personal preference play a very big part in whether one certain piece of software is better then the other.

BillyBob

 

Arie

What, if anything, do you know about the new(ish) Kerio PF? It would appear to be a new TPF beta, but I can find no mention of "Kerio" on Tiny's site.

Thanks.