lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Jan 17 23:17:46 2006
From: full-disclosure2 at pchandyman.com.au (Greg)
Subject: PC Firewall Choices



> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Nic Werner
> Sent: Wednesday, 18 January 2006 10:05 AM
> To: Steven
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] PC Firewall Choices
> Importance: High
> 
> 
> ZoneAlarm - gets in the way, and hard to diagnose problems. 
> You end up turning it off because it never remembers your 
> settings and you can't trust it.
> 

Rubbish. Sure it gets in the way. It is MEANT to get in the way. If you
close it down, it is likely because you don't know how to drive it. The prog
CAN be a little hard to newbies to understand if you want to go internet
banking etc but people on this list ought to know how to handle it.

As to trust, you have to be joking if you trust any firewall, software or
hardware, to keep you safe. About the only way to keep your computer out of
the reach of someone with the knowledge, initiative and will is to pull the
power plug out of the wall BEFORE they get to it. For every "I know what I
am doing" security professional, there is someone without credentials who
doesn't mind that professional thinking that at ALL.

> Kerio - I liked the best, but the GUI would crash when trying 

Keep track of what is going on with it. Personally I prefer vintage cheese
to Swiss Cheese.

> to display all your packets. This is a known bug. Allows you 
> to create rules, and to see how they are applied in 
> comparison to the system-generated rules. Definitely try.
> 
> 8Signs - Said it had stateful packet inspection, but didn't. 
> I gave up trying to poke a hole for TFTP.
> 

Haven't tried that one.

> I haven't tried Tiny, its next on my list. The toughest part 

Not worth even downloading. I did download it and I regret that.

If someone wants to supplement Windows XP firewall and doesn't really know
what they are doing, I always say to get the free ZA to start with and learn
from there THEN decide what they want to do. One thing that ZA does very
well is log things you want logged. I love that bit on it at least. I use it
to test hardware firewalls and installations in other ways behind routers.
You'd be amused at how many hardware/router "I'm SAFE" types go bug eyed
when I show them a simple log from ZA of innocuous and not-so-innocuous
things that have come right by their router/hardware firewall without
touching the sides and bounced off ZA.

Note - I am not spruiking FOR Zonelabs. I just like the logs bit and also
like to tell newbies to start there and build up their knowledge.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ