ZoneAlarm firewall good or bad ?

[Resident_H]

ZoneAlarm is a great firewall for the average user but if you are paranoid i would go for a hardware firewall, ZA has a few vulnerabilities one of which is: If the computer is running 256Mb of RAM or less ZA will keel over and die if there is a large scale attack involving 1000 ports or so. Other than this it is great , I use it on 4 of my boxes along with a Great hardware package.

[Wazz]

I would really check out Sygate Personal Firewall Pro. I have been through just about every other firewall and this seems to be the most functional and customizable....well besides Checkpoint but you need a damn PHD to run that one......Good luck.

[Mahdi]

The reason i've said that you should not use a firewall is because 4 months ago, when i've started to enter on the Internet, I used Zone Alarm Pro and somebody flood me. And the problem was that this guy wasn't a real hacker. He was just a newbie that used a program made by somebody else but he did this inspite of my firewall. he disconected me in 5 minutes. Perhaps the reason was that i use a dial-up conection (I am from Romania ) ). So I apologize if somebody thought that I gave that advice for dark reasons. And excuse my english - is not my native language.

[weddy]

I've seen many recommendations for many of the free firewalls. I've used three, Sygate being the most recent. My comments about ZA and Tiny (it was still TPF while I used it) are based on a few years ago; I'm wondering how they've improved.

Zone Alarm was very easy to configure; I just configured it to allow programs, or disallow. It notified me non-stop; very frightening to a firewall newbie LOL, till I figured that a lot of them were supposed to be happening, and I configured the notifications. After more studying, I wondered how I could have certain programs to have access to only certain ports, and domains or IPs. I couldn't find how to do that with ZA. I asked at some forum/board, and was notified that ZA couldn't do that, to try Tiny.

*Has this changed with newer versions of ZA (allowing the user to make rules that X program may have in or out connections through xxx port to xxx domain/IP)? After seeing so many recommending the current version of ZA (free), I'm curious if they'd started to allow advanced rules. After checking their comparison page, it doesn't look like they allow advanced rules to be made. Is this correct?

That computer died after we flooded. On my new pc I tried Tiny, since the newest version of ZA wouldn't run on my new pc (that was at the time that ZA wouldn't work with some computers after they'd upgraded for XP).

I couldn't figure it out; I DL'd their help PDF, and still had troubles with it. I joined their egroup, lurking till I'd worked up the courage to ask what I should search so that I could learn to make the rules. They sent me to a TCP/IP online book that I was to read first, then a rule making tutorial. It was a lot of studying, but a great learning experience.

Tiny's makers upgraded to another version, and many members had problems with it, so I didn't DL it. Many recommended changing to Sygate. So I tried that one.

Since I'd learned rule making with Tiny's egroup's help, Sygate was kind of easy to figure out. But it had more options it seemed (unless I'd not found all of Tiny's options while I had it). I denied everything, then went into advanced and made rules so that x program would have in/out access with xxx ports to xxx IP range (when applicable), and placed those rules over the deny all rule.

I don't have it on this pc to look up the exact terms, (that's why I'm searching on what free firewalls might be better), but there were a few things I didn't care for with Sygate:

[list=3][*]Run as a client had to be UNchecked for every rule I made (if I remember that correctly, maybe it was "as a service"). I read about that in Langa's newsletter.
[*]It wouldn't take domain names. I'd never had a problem having to put in IP ranges/blocks (rusty and can't remember which one), I'd look it up with Sam Spade. But I installed ICQ to chat with a friend, and apparently their IP# changed quite frequently. I had a really tough time with Sam Spade on that one I looked up on ICQ's help page with firewalls, and they wrote to enter in the DOMAIN name. I could never find a way to do that with Sygate.

I'm assuming that since ICQ wrote to enter a domain name, that other firewalls might have that option. That would be MUCH easier than looking up the IP stuff, I think.
[*]The free version wouldn't allow running stealth, and I believe it wouldn't export rules either (or maybe I couldn't figure it out, but I did try *S*)[/list=3]

I've read about Outpost here a lot, and am going to give that one a try on this pc. But if I don't care for it, I'll get Sygate again. Even though it had a few things I didn't care for, I still preferred it over the others free firewalls I've tried. I'll try to rememeber to comment on Outpost (or ask questions LOL), after I've had it long enough to feel comfortable with the configuration.

[luv2havefun1963]

I have used zone alarm for a couple years and I tried sygate too but found sysgate was a pain i use zonealarm pro now and it works fine as i have dsl and 96 yahoo email accts and a few elsewhere, and have made a few enemies because i take no ones crap. but it has stopped everyone so far.

I also run a internet washer and a adaware prog, and another windows cleaner set to wipe every hour and when i shut the browser down and when the comp shuts off.

The free anti virus of anti_vir is a great one at www.free-av.com and zone alarm works fine as most of the time i leave computer on 24/7

[bongpilot]

Gspeed,
I think you should give ZA a try and see what you think. It`s prolly better than what you have now,which i assume is nothing? Anyways get a feel for how software firewalls work,then after that move on to a firewall with a little more control. I like outpost,but as you can see from reading here that there are many choices.
I wouls suggest a hardware firewall. I have a linksys router and feel alot safer with that.
Drop the 80 bucks on it ,or whatever ,and right outta the box it will make you much safer.
As always read alot of tutorials and if ya have a question search google.
After you install the firewall of your choice go to a website that checks your security.by doing a portscan on your puter.
here are a few:

www.grc.com shields up test
www.pcflank.com

The idea is to be "stealth".....Good luck...

P.s. Luv2havefun1963....... 96 yahoo email accounts? LOL

[Sinister_Urge]

I too think that it is all up to personal preference .... i too used ZA, but i soon noticed bugs. It is easy to configure to your likings, but i just didnt get along with it.

I think ZA is more for the "firewall newbie". I didnt feel safe with it at all.

For more advanced users : Try using a combination of Sygate and BlackICE. Sygate gives good basic protection while BlackICE strengthens your computer even more. BlackICE is also built with a IDS, ALOT MORE options, and also gives you the option of actually completely CLOSING a port that is under attack from an intruder.

Anyways ... choose from personal preference. Its YOU that configures the firewall.

[marcbm57]

I have used the paid version of ZA for about 4 years and never had a problem. Easy to set up and use. It does the job for me. I run a small network at home (2000 and XP) and it integrates well with these OS's.
My 2 cents worth: Running ZA with a good AntiVirus and spyware program protects you pretty much from the outside.

[weddy]

Following up with my thoughts on Outpost...I was suprised out how different it was compared to Tiny (Kerio), and Sygate. It was so simplistic I was a bit nervous about it.

But, I was online in no time with my browser, email, and FTP. Haven't IRC'd or message'd yet, but I expect they'll probably be just as easy to configure.

There's pre-configured in a dropdown menu. Or you can right-click on an application (in the left pane), and make your own rules. The rules dialog box reminds me of making mail rules.


It has plugins that I didn't have with Sygate:
[list=1][*]Ads - removes ad images with many options[*]Content - can block words, or entire sites[*]DNS Cache [*]Active Content for mail, news, browser - ActiveX, cookies, referrers, scripts, applets, popups[*]Attachments Filter - renames and/or reports whatever extensions we'd like for email attachments, with many pre-entered: scraps, wsh, vbs, scr, reg, ect...[*]Attack Detection[/list=1]
The log is easier to get to, and read...it's right there in the browser.

Test Results:
[list=1][*]pcflank - stealth[*]GRC's shields up (all on the first row) - stealth (Leaktest passed too, still reported my referrer though)[*]dslreport - score=0[*]HackerWhacker - one smiley (couldn't do most of the tests w/o subscribing) [/list=1]

[ZeroOne]

Oh, the newest YAFWT - Yet Another FireWall Thread. I don't actually know if this is the newest one since it's some 4 months old when *someone* decided to bring it back on top.

Anyway, for what it's worth, my .02 euros... I use Kerio Personal Firewall which is free for personal use and much more professional than ZoneAlarm. It's not that ZoneAlarm wasn't a good firewall, it is, but it's like Windows XP at its easiest, too much eye candy and too many menus and sub menus. You can easily create per port/application/IP rules with Kerio and check/uncheck them when you need to enable/disable some rules. Kerio can even be remotely administrated if you want to, although I haven't tried that one nor enabled that functionality.

On using two firewalls at once. Someone compared it to using two condoms at once: it doesn't really give you any extra protection, just makes it more difficult to get the job done. Just get one good firewall, not two bad ones... >_<