Printable View
I recently got into problems with ZoneAlarm. But mainly, it just isn't complex enough for me. I want more control, because sometimes I have an application that I want only a certain IP on the net to get to... AFAIK you can't really do that with ZA, it's too simplistic.
When last I tried, Symantec's security check was not able to see your IP behind a firewall/cache and checks out the firewall/cache instead of your own machine.Quote:
Originally posted by Bad_N3wZ
I personally dont think very much of Zone Alarm. Thats just my opinion though and as you can see from the previous posts alot of people think very highly of it. I personally use Tiny Softwares free firewall and would recommend it to anyone. Once you get on-line test out your security at-
www.symantec.com
Sygate's scanner is much more clever:
scan.sygatetech.com ;)
Zone Alarm does work extremely well....BUT...if you do put it on a computer with a 'worm', (as I did) it allows the worm access to the internet. The computer had outdated AV software. Once we killed the worm, all was right with the world.
One difficulty with Zone Alarm we discovered was using it on the @home network. We had to reduce it to 'medium' to view some sites. Something to do with the @home proxy.
Black Ice Defender does get a lot of bad press. What some don't realize is you can set it to 'paranoid' for best firewall protection.
I did use 'grc.com' and 'hackerwhacker' to test both, and used my own IDS to confirm their results.
i really like zone alarm .it is easy to set up etc etc... like everyone has already stated several times already.....however, i found when used with AOL (uh oh here come the comments of "get a real isp" and so on) it would not let the buddylist open until zonealarm was shut off, and if i turned it back on .. i would get kicked offline. besides that, i really like zone alarm alot and i have no problems using it with my other isps..just out of curiosity i was wondering if anyone else has heard of this(or experienced it)
Zonealarm was the first firewall i tried on my puter, though I could not get it set up correctly..... lol ..... Was experiencing problems with internet games. Hence I got Norton Personal Firewall, which I find is easy to use, and simple to set up, though one word of advice for the Norton F/W, dont allow it to set up automatic rule configuration, configure it so you set up the rules yourself - more control.
A thought for you, F/W dont log the trojans that make it through, good antivirus and regular scans are equally important.
Quote:
ZoneAlarm and ZoneAlarm Pro can be stopped from loading by creating a memory-resident Mutex (using a call to the CreateMutex API). Uninstalling\reinstalling ZoneAlarm in a different path has no effect.
The impact of this vulnerability is that a Trojan running on a victim's machine can prevent ZoneAlarm from loading, and thus leave the victim open for attack.
Zone Labs "ZoneAlarm" and "ZoneAlarm Pro" programs both use a Mutex - an event synchronization memory object - to determine if it has already loaded (to prevent loading a second instance of the firewall).
By design, ZoneAlarm\ZoneAlarm Pro has no way of determining which program actually set the Mutex, thus allowing a Trojan to use the Mutex and block both ZoneAlarm and ZoneAlarm Pro from loading.
Exploit:
A Trojan can easily set this Mutex ("Zone Alarm Mutex") with one simple call to the CreateMutex API (see msdn.microsoft.com for more information on Mutexes). ZoneAlarm and ZoneAlarm Pro are then prevented from loading as long as the Trojan is alive. If ZoneAlarm is running, all the Trojan has to do is terminate the processes of zonealarm.exe, vsmon.exe and minilog.exe first before creating the Mutex. Despite being services, vsmon.exe and minilog.exe can both be killed by any program by setting its local process token privileges to SeDebugPrivilege, giving it the power to kill any process/service.
Demonstration:
A harmless, simple, working executable to demonstrate the vulnerability, is available at:
http://www.diamondcs.com.au/alerts/zonemutx.exe (16kb).
While the demo program is running, you will not be able to load ZoneAlarm or ZoneAlarm Pro, and if it finds that ZoneAlarm\ZoneAlarm Pro is running, it will terminate the ZoneAlarm processes and services first using SeDebugPrivilege before stealing the ZoneAlarm Mutex. The demo also opens an echo server socket to listen on TCP 7, allowing you to test socket connectivity/data transfer (try telnetting to 127.0.0.1 on port 7 and saying hello).
Quote:
it's a "resource hog"...running both BlackICE & NeoWatch together take less resources than running one ZoneAlarm
Hi there, I have used zone alarm and pro and would recommend them both. However my favorite firewall at the moment is outpost, developed by agnitum.
HI i use Zone Alarm and i think it is great only one thing if your using it at the highest security setting it is way to sensitive. It was picking up all kinds of intercepted packets. Every minute i was getting a new popup. For Norton thats all i would ever use for AV protection i recemmend it to everybody :)
ANTI-HACKERS
Zonealarm hahahaha you mean that spy program I recommend getting nortons internet security firewall 2002 or sonicWALL
Go use Tom Liston's program called Outbound. You'll see that ZA is swiss cheese..Quote:
Originally posted by Simon Templer
Zone Alarm is GREAT! I never get on the net without using it.
You can find it at www.hackbusters.net
And then when you're done with that, hop on over to www. sygate.com and download their ver 5.0 of their personal firewall (cause it actually protects you).
Just tryin' to help.
Well i have to say thanks to Korp Death i,ve used Zone alarm for awhile until he gave the www for sygate wow what an awsome firewall!! :D I didn,t know all those firwalls where still letting all those packets out to the net.But sygate is tested by outbound and it doesn't let any packets out. Now i know i,m protected. I did a quick scan at the sygate site www.sygate.com to see if i had any open ports and i did without (firewall) my Net bios was open which isn't a good thing and a few others where open to anyway go to the site to do a scan to see if your current firewall works or not. You can do a variety of scans like a stealth scan, quick scan etc...
Thanks Korp Death
ANTI-HACKERS :)
Those can be suppressed from the options; I think there was a checkbox for every kind of warning which you can then (un)check if you want to see the popup or not.Quote:
Originally posted by ANTI-HACKERS about ZoneAlarm
Every minute i was getting a new popup.
-ZeroOne :cool:
I see both products as awesome Zone alarm has its strengths and weaknesses i wont post the weaknesses but the great strength of zone alarm is that it can see outgoing traffic such as trojan programs thats the beauty of Zonealarm .Blackice has a great mini IDS for monitoring the network it often gives false positives because of the peer to peer networks out there that ping everything and search for Morpheus and Kazaa programs out there .I personally dont see any reason to knock zonealarm it does the job, just remeber this elf's/Warning any software based firewall sitting on an insecure platform is succeptable to that platforms weaknesses.
Peace