September 1st, 2004, 01:34 PM
Win XP SP2 Firewall -v- Zone Alarm
For those beginners who don't have a clue what a firewall is, or have no clue how to install one, the Service Pack 2 firewall is great. It is in-built, quite powerful, is turned on by default, and it's the easiest option available. But one main difference that SP2's firewall doesn't do which other software firewalls (like ZA) do is: block and filter outbound connections. This allows spyware to collect information once it's on the computer and send it back to the author. This is invasion of privacy, which Zone Alarm (among others) would stop!
I'm in no way saying Zone Alarm is inpenetrable: it has faults of it's own. Also, over time, SP2's firewall will be unlikely to have many conflicts because of tech support/updates.
Please add any other major differences in the SP2 firewall and ZA/software ones and give your views.
September 16th, 2004, 05:12 PM
You give your opinion, but not tips on what to do with the SP2 firewall........
There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.
September 16th, 2004, 05:44 PM
That's kind of stretching it there, saying that because it doesn't do program control that it equals an invasion of privacy. Anyways, regardless of that I think most of you windows users have become pampered. And let me explain:
But one main difference that SP2's firewall doesn't do which other software firewalls (like ZA) do is: block and filter outbound connections. This allows spyware to collect information once it's on the computer and send it back to the author. This is invasion of privacy, which Zone Alarm (among others) would stop!
IPtables/Ipchains: One of the most commonly used packet handlers/firewalls for Linux. This checks for inbound and outbound connections, packet fragmentation, and a few other things.
But guess what it does -not- do? Program control. Know why:
1. Program control doesn't matter when it comes down to it. The user who has spyware is still going to run the program that gave them spyware. The user who had the lack of intelligence to let it get on their system is still most likley going to allow it to have access. In the end, the majority of users is still going to click "allow [x] remember this setting" because it is just one more pop-up and annoyance to them.
So all in all, Windows ICF is doing what ever linux firewall has only ever done: Check and filter packets according to header and content.
Therefore, I don't see the big deal about ICF not having program control?
September 16th, 2004, 10:09 PM
First, let me say I am glad Micorsoft included an enhanced firewall in SP2. As can be seen from various posts on this board, even among those who know enough to value a security-related discussion there are some who do not use a firewall of any kind -- hopefully they will allow the SP2 firewall to install and run.
One thing ZP and others add to the mix by providing program control is a record of the decisions made for each program. Therefore, even if someone foolishly allows a piece of malware to have outside access, there remains a record of that decision. I guess that doesn't stop anything, but it should help in diagnosing "what went wrong."
September 16th, 2004, 11:01 PM
I think that what the member was saying is that someone running a "phone home" program on your computer is an invasion of privacy?
That's kind of stretching it there, saying that because it doesn't do program control that it equals an invasion of privacy.
Zone Alarm (and many others) detect this, whilst SP2's firewall does not.
So what you say is "equals" should be "permits" or does not report?
just my interpretation
September 16th, 2004, 11:11 PM
I'll play devil's advocate here just for kicks.
Now I don't use either the Windows or ZA firewalls, as I moved over to Kerio, but, regarding the issue of discussion:
If you know how to secure your computer, do you really need your firewall blocking outbound connections? You should know enough already to guard yourself from infection, so there should be nothing malicious on your computer to worry about connecting to the outside without you telling it to do so. Following that train of though, the Windows firewall is fine not blcoking outbound connections; ideally it shouldn't have to.
I think that would be the MS argument anyway. Any thoughts to the contrary?