Norton vs Zone Alarm firewalls
in [Firewalls]
|
From: Ansgar -59cobalt- Wiechers on 27 Nov 2007 08:24 In comp.security.firewalls Kayman <kaymanNoSpam(a)operamail.com> wrote: > On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote: >> Kayman added these comments in the current discussion du jour >>> "People think that putting one AV engine after another is somehow >>> defense in depth. They think that if one engine doesn't catch the >>> worm, the other will catch it," he said. "You haven't decreased your >>> attack surface; you've increased it because every AV engine has >>> bugs" >> >> I don't think anyone thinks that having more than one true AV utility >> running at a time is a good idea. But, what I listed running all the >> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all >> intended to do different things in different ways. And, running >> Ad-Aware and Spy Bot Search & Destroy as separate utilities >> periodically do yet another security-related purpose. So, I see no >> conflicts here. > > Conflict(s) is/are not the issue; The OS may appear working smoothly. > But installing anti-whatever applications has made your OS more > vulnerable to attacks. Not true. Conflicts between two on-access scanners are a very real issue and are indeed the main argument against installing concurring scanners. Also, installing applications does not necessarily make an OS more vulnerable. The OS only becomes more vulnerable if some application has an exploitable bug. Of course installing additional software does increase the chance of that happening, but it doesn't automagically make the OS (more) vulnerable. For example: you can easily run two or more on-demand virus scanners without a single problem, because they're running as simple userspace applications (and thus won't affect each other), and only run with the privileges of the user initiating the scan. However, that doesn't mean that it'd be okay to install arbitrary AV software, because several of them have issues aside from what I mentioned above. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: RalfG on 27 Nov 2007 10:37 It doesn't need to be a virus. I did encounter that one time when accessing a web page unexpectedly triggered OE and the firewall blocked it. A firewall may have the ability to block -any- application from sending email without explicit approval. Monitoring outbound traffic also entails differentiating the legitimate processes from suspicious ones or spoofs. All firewalls are not equal, but if the firewall is doing the job well it's not enough for a process to pretend to be "iexplore.exe" in order to pass the firewall, it has to be c:\program files\internet explorer\iexplore.exe, with additional identifying information, be it a specific version number, CRC etc. etc.. Viruses aren't smart, they're all constrained to operating within specific program parameters. Some are more cleverly written than others but the vast majority have already been beaten. Anyway this thread seems to be missing the point. It's analagous to saying that we shouldn't bother using crosswalks or crossing at the lights because it is always possible that some idiot driver might ignore the signals and run us down anyway. One side (anti-security) says avoid the problem by never crossing a street, the other side (pro-security) says use due caution and cross with the lights. I use a firewall mainly to keep unauthorised -people- out of my PC, AV and AS software to keep out or kill malicious software. "raylopez99" <raylopez99(a)yahoo.com> wrote in message news:fe3efb02-7235-4ff3-a386-229c92b53787(a)e23g2000prf.googlegroups.com... > On Nov 24, 9:50 am, "Poprivet" <popri...(a)devnull.spamcop.net> wrote: >> Hi Luis, > >> The XP firewall is "decent" but only checks incoming traffic, not >> outgoing, >> so if you had something that was calling home with your account >> passwords, >> it would miss it. It's real use is so that you CAN have a firewall when >> you >> first hit the internet and until you get all of your updates and other >> protection apps into place and updated. I seldom have to rebuild my >> system >> so I've only used it once or twice, but it does give basic protection but >> that's about all. >> > > I keep hearing this 'fact' about outgoing messages having to be > checked by a firewall, but, though I see the logic behind it, I'm not > entirely convinced. After all, if a virus is smart enough to > penetrate the incoming firewall, don't you think it will be smart > enough to penetrate the outgoing firewall? Say by pretending it is a > legitimate windows process (like MSFT Update) and then tricking the > user into approving of it? I think so. > > >> You're also correct in that having two software firewalls working at the >> same time is a no-no. They will step on each other's resources even if >> they >> seem to work together. Many firewalls won't even install until you >> disable >> any other one you have working. Some even make you actually Remove the >> other firewall before they'll install and XP also has a firewall monitor >> that'll complain to you. > > Two software firewalls may be a no-no, but I have three antivirus and > spyware programs (AVG AntiSpyware, Kaspersky Antivirus, and Webroot) > and they all happily play nicely together, with the most obnoxious of > the three programs being Kaspersky (the "heuristics" is a pain), > followed by Webroot (has given false positives in the past, though the > company is good at correcting these mistakes) and AVG (works so nice, > with no problems, that I sometimes wonder if it's doing anything at > all, since I've seen ads saying that of all the vendors AVG products > miss the most viruses, but when scanning your system AVG finds > tracking cookies that the other two programs miss). Also Blacklight's > free online Windows Explorer ActiveX product has found tracking > cookies that all three of the above programs have missed. > > RL
From: Unknown on 27 Nov 2007 11:17 I use absolutely no virus programs whatsoever, have never had a virus or malware. Can you tell me why? "Ansgar -59cobalt- Wiechers" <usenet-2007(a)planetcobalt.net> wrote in message news:fih5q5UogeL1(a)news.in-ulm.de... > In comp.security.firewalls Kayman <kaymanNoSpam(a)operamail.com> wrote: >> On Tue, 27 Nov 2007 06:43:39 GMT, HEMI-Powered wrote: >>> Kayman added these comments in the current discussion du jour >>>> "People think that putting one AV engine after another is somehow >>>> defense in depth. They think that if one engine doesn't catch the >>>> worm, the other will catch it," he said. "You haven't decreased your >>>> attack surface; you've increased it because every AV engine has >>>> bugs" >>> >>> I don't think anyone thinks that having more than one true AV utility >>> running at a time is a good idea. But, what I listed running all the >>> time, eTrust Pest Patrol, commercial Zone Alarm, and NAV 2006 are all >>> intended to do different things in different ways. And, running >>> Ad-Aware and Spy Bot Search & Destroy as separate utilities >>> periodically do yet another security-related purpose. So, I see no >>> conflicts here. >> >> Conflict(s) is/are not the issue; The OS may appear working smoothly. >> But installing anti-whatever applications has made your OS more >> vulnerable to attacks. > > Not true. Conflicts between two on-access scanners are a very real issue > and are indeed the main argument against installing concurring scanners. > Also, installing applications does not necessarily make an OS more > vulnerable. The OS only becomes more vulnerable if some application has > an exploitable bug. Of course installing additional software does > increase the chance of that happening, but it doesn't automagically make > the OS (more) vulnerable. > > For example: you can easily run two or more on-demand virus scanners > without a single problem, because they're running as simple userspace > applications (and thus won't affect each other), and only run with the > privileges of the user initiating the scan. > > However, that doesn't mean that it'd be okay to install arbitrary AV > software, because several of them have issues aside from what I > mentioned above. > > cu > 59cobalt > -- > "If a software developer ever believes a rootkit is a necessary part of > their architecture they should go back and re-architect their solution." > --Mark Russinovich
From: Unknown on 27 Nov 2007 11:23 The interesting thing is that you probably wouldn't have any problems even without AVG, A-Squared, Spybot and Comodo. "Robert" <magineeer(a)hotmail.com> wrote in message news:a30359fc-3992-4d7f-869f-58bf965f10b7(a)s12g2000prg.googlegroups.com... > On Nov 24, 3:31 am, "Luis Ortega" <lort...(a)ntlworld.com> wrote: >> My Zone Alarm Pro firewall subscription expires in a few days and I >> recently >> bought a Norton Internet Security 2008 package that contains a firewall. >> I currently have the Norton firewall turned off and just use the Zone >> Alarm >> Pro firewall. >> I don't use the Win XP firewall because I heard that it's not a good idea >> to >> have several firewall on at the same time. >> We get internet through a Belkin pre-N wireless router that is supposed >> to >> have some sort of firewall built in and that one is turned on. >> My computer connects to the router with an ethernet cable and my son's >> computer uses a Belkin N usb wireless adapter. They both have the same >> current setup I describe regarding firewalls. >> Can anyone please advise on whether the Zone Alarm Pro firewall is any >> better than the Norton firewall in my situation? >> Should I renew the Zone Alarm Pro subscription or uninstall it when it >> expires and turn on the Norton firewall? >> Thanks for any advice. > > I use to have Norton anti-virus and firewall and it caused nothing but > problems and is a resource hog. I eventually removed it, and glad I > did. I now use AVG for my anti-virus along with A-Squared and Spybot > for malware removable, and Comodo for my firewall, all of which are > free and I haven't had a problem since. > > > Robert
From: Poprivet` on 27 Nov 2007 11:39
HEMI-Powered wrote: > Kayman added these comments in the current discussion du jour > ... > >> On Tue, 27 Nov 2007 02:53:36 GMT, HEMI-Powered wrote: .... > > Interesting. What there's a "death" of, IMO, is people who're > aware enough to pay attention to safe computing and have at least > a modicum of defenses against the bad guys. The popular malware > utilities will catch the vast majority of common threats but if > one's PC is attacked by a sophisticated enough hacker or > whatever, it is doubtful that any software will catch it. Actually I think it's more akin to birth than death. The major problems are most always for the newbies who haven't yet been educated, have been mis-educated, or simply kept in the background by people purposely talking over their heads when they do try to learn. Pop` |