lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Jan 19 14:37:23 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: PC Firewall Choices

Nic Werner wrote in 
news:a050c2f00601171542o37d217d0r85a92048d6b62739@...l.gmail.com
> On 1/17/06, Greg <full-disclosure2@...andyman.com.au> wrote:
>>> -----Original Message-----
>>> From: full-disclosure-bounces@ On Behalf Of Nic Werner
>>> Sent: Wednesday, 18 January 2006 10:05 AM

>>> ZoneAlarm - gets in the way, and hard to diagnose problems.
>>> You end up turning it off because it never remembers your
>>> settings and you can't trust it.
>>>
>>
>> Rubbish. Sure it gets in the way. It is MEANT to get in the way. If you
>> close it down, it is likely because you don't know how to drive it. The
>> prog CAN be a little hard to newbies to understand if you want to go
>> internet banking etc but people on this list ought to know how to handle
>> it.
>>
>
> Getting in your way as opposed to letting you get work done are two
> different things. Kerio does a great job of popping up and explaining
> what is happening while I've seen more people confused by ZA and its
> dialogs
>
> No, we've turned ZA off as web sites or programs won't load
> (Ciscoworks, nGenius, etc) and even though we've checked the logs of
> ZA, nothing shows as being blocked. Turn it off and everything
> magically works. I will never run the bloat that is ZA.

  I'd like to second what Greg says.

  I've used ZA for years, through many changes of version.

  It's never forgotten its settings for me.
  It's never blocked anything it shouldn't or not blocked anything it 
should.
  It's not remotely bloated compared to similar packages like anything 
Norton/Symantec/McAfee[*]
  Nor do I find a dialog such as "Should internet explorer be allowed to 
connect to the internet" at all confusing.

  So I'm convinced the problem exists between chair and keyboard.

  Can you actually back up your claims?  For example, can you describe a 
simple procedure, that anyone with ZA installed could try out, that shows it 
to misbehave?  Or do you have detailed notes that you took at the time one 
of these problems occurred that shows the symptoms you observed and the 
steps you took to attempt to diagnose and solve the problem?

  Or can we just expect to hear "No, I didn't know what was going on, I 
didn't keep proper notes, I was in a rush and just needed to get things 
working so I didn't investigate"?  In which case it would be false to claim 
that you knew ZA to be the cause of the problem, rather than either pilot 
error or a faulty PC or any number of other confounding factors that could 
arise?

  I hear people slagging off ZA quite often, but not one of them has ever 
been able to actually demonstrate a real problem or even explain what the 
problem is in terms any more precise then "Uh I dunno it just went wrong".

    cheers,
      DaveK

[*] which I consider to be the gold standard for lousy, bloated, buggy, 
faulty software.
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ