Re: Zone Alarm & Wireless Access Point Security

Ajax wrote:
> On 11 Feb 2006 13:04:23 GMT, Ansgar -59cobalt- Wiechers wrote:
>> Ajax wrote:
>>> From the articles that I have read, the consensus among the people
>>> who spend their days with computer security issues is that Zone
>>> Alarm is a better firewall than what comes with XP.
>>
>> I'd like to see one (in words "one") technical reason why that would
>> be. C'mon, just one single reason. Can't be that hard if all those
>> "people who spend their days with computer security issues" are
>> right.
>
> Within my experience with Zone Alarm, I have watched it block
> outgoing connection from various programs that I don't want calling
> home whenever they desire. It has stopped programs from trying to act
> as a server on the Internet too.
>
> Most of this software is benign in nature, but it can take up
> bandwidth. Some of it is spyware and a lot of that is included with
> computer games.

Outbound control is not reliable, so this is not a security feature. It
doesn't make ZA a better Firewall.

Besides, outbound connections can be monitored by various means, even by
tools from Microsoft (e.g. PortReporter).

> On my nephew's computer, his computer games were installing all sorts
> of minor malware that was constantly trying to call home. Zone Alarm
> not only blocked these programs but it also alerted me to the fact
> that I needed to get them off the computer.

The canonical measure against malware is not to install it rather than
to suppress it's traffic after it got installed.

> But since some computer games will not install or run without
> installing these programs, all I have to do with Zone Alarm is to
> block the outgoing connections and the programs become harmless.

Or at least that's what you think. Again, there are many ways to bypass
outbound control, so if some program want's to install malware and
refuses to run (or be installed) otherwise: throw it away.

> Another factor is that around the world, Microsoft products are the
> targets of producers of malware. Though there have been attacks on
> other systems, the vast majority of exploited security flaws are on MS
> products.
>
> That is why I don't use MS Internet Explorer and why I think that
> third party applications are less vulnerable to attack.

Look at the history of ZA (or any other personal firewall) and you will
find them no less vulnerable than any Microsoft program (well, maybe
except for IE). The Windows Firewall has been present since XP RTM, and
has very few vulnerabilities up to now, so if there's a winner in *this*
contest, it sure isn't ZA.

Besides, this is not a technical reason.

> Secondly, Microsoft has not exactly been a world leader in computer
> security. In fact, most MS software has a third party competitor out
> there that is better.

This isn't a technical reason either. Plus, any third-party software
will still be running on Windows, thus you'll still have to rely on the
party that "has not exactly been a world leader in computer security".
Personal firewall software is still software. It doesn't magically run
apart from the operating system.

> The reason that I selected Zone Alarm is because it consistently is
> rated #1 for personal firewalls and because those folks who deal with
> security issues daily suggest that we all use a personal firewall.

Rated by whom? And for what (technical) reason? (actually that *was* my
original question, remember?)

Just because people tell you something it doesn't mean they're right.

[...]
> Can you answer my original question?

My answer would be the same as Volker's: Do not use ZoneAlarm. Period.

cu
59cobalt

-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq