software firewall recommendations?

Archived from groups: comp.security.firewalls (More info?)

Hi,

I have a router with some built-in firewall capability and I might
look at linux firewalls, but I would also like to run a software
firewall to stop programs from "phoning home".

I did try zonealarm, simply because I had read good reviews about it
but it caused a conflict with other software I had installed and when
I tried to contact zonelabs, they said they only support the pro
version, not the free version. Well, I am hardly likely to register a
program that is not working to get support am I? If they had given me
support and fixed the problem, then I would have paid for the product.
So I have deleted zonealarm from my system. I think their attitude is
wrong.

There seems to be much hatred of Norton firewall. I know Symantec have
abused the Norton name to sell their wares, and their programs seem to
be very bloated. But what are the criticisms of Symantec's firewall?
Is it just that people like to knock big companies, like Symantec and
MS, or are there valid criticisms?

Thanks.
3 answers Last reply
More about software firewall recommendations
  1. Archived from groups: comp.security.firewalls (More info?)

    nospam@nospam.org wrote:
    > I have a router with some built-in firewall capability and I might
    > look at linux firewalls, but I would also like to run a software
    > firewall to stop programs from "phoning home".

    Only programs, which want to be controlled, can controlled by
    "Personal Firewalls", so this is completely useless.

    > But what are the criticisms of Symantec's firewall?

    Symantec Norton "Personal Firewall" as well as Symantec Norton
    In Security open popups with useless information while running.

    They're vulnerable to the SelfDoS attack, just like Zonealarm.

    Both failed with the test, if they could prevent applications from
    "phoning home", already with an easy hack like my POC on
    http://www.dingens.org/breakout.c - together with the rest of the
    "Personal Firewalls".

    In the default configuration, any running malware can witch off Symantec
    Norton products anyway.

    Beside that the Symantec products are terribly bloaty (the "Personal
    Firewall" 2005 i.e. is installing 3556 registry keys with 5934 values,
    34 directories with 417 files, and 8 drivers (!) as an addition to 8 (!)
    system services), the Symantec team apparently are understanding really
    nothing about data security:

    The function to filter out PINs and other secrets out of outgoing data
    is resulting in publicizing your PINs to any webserver owner, you're
    using the webpages from.

    This is because if you filter out data, what is missing, is what was
    filtered out. So just hidden form fields with all numbers from 0000 to
    9999 are usually enough to get to know, what PIN the user entered into
    Symantec Norton "Personal Firewall" or In Security, because what is
    missing in the PUT back to the server is the PIN.

    This is a gross error, because this breaches security.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  2. Archived from groups: comp.security.firewalls (More info?)

    In article <43292af9@news.uni-ulm.de>, bumens@dingens.org says...
    > snip....
    > Only programs, which want to be controlled, can controlled by
    > "Personal Firewalls", so this is completely useless.
    > snip....

    Hi Volker, Could you please elaborate on that statement?
    This is one of the firewall flaws that I don't understand.
    Thank you,
    Casey
  3. Archived from groups: comp.security.firewalls (More info?)

    Casey Klc <casey@notspecified.net> wrote:
    > In article <43292af9@news.uni-ulm.de>, bumens@dingens.org says...
    > > snip....
    > > Only programs, which want to be controlled, can controlled by
    > > "Personal Firewalls", so this is completely useless.
    > > snip....
    > Hi Volker, Could you please elaborate on that statement?

    Yes, of course.

    Usually, a program which wants to send information to another host
    in the internet, uses connect() to make a connection. The "Personal
    Firewalls" all implement a filter, which catches those connect()s.

    But this is useless. The reason is, that a malicious software programmer
    of course knows that "Personal Firewalls" are doing this, and is hacking
    some kind of tunneling.

    It's for example very easy to tunnel arbitrary information through HTTP
    with your regular webbrowser using Windows-messages.

    I hacked a small proof-of-concept (POC) code for this, and we tried out
    with a set of the most common "Personal Firewalls".

    Even this very easy approach is enough to fool _every_ "Personal Firewall"
    I know. It was not neccessary to implement somewhat more complicated than
    ca. 25 lines of code. Here you can find this POC:

    http://www.dingens.org/breakout.c

    It is _NOT_ a problem of Internet Explorer, though. This works with any
    browser, so here you can find a POC i.e. for Mozilla Firefox:

    http://www.dingens.org/breakout-mozilla-firefox.c

    Alexander Bernauer hacked a small remote control software using this
    easy way of communication, the wwwsh:

    http://copton.net/vortraege/pfw/wwwsh.tar.bz2

    With this program you can have a remote shell on a Windows box without
    having your "Personal Firewall" even noticing that anything goes wrong.

    We tested these "Personal Firewalls":

    * Kerio Personal Firewall 4.1.2
    * Norman Personal Firewall 1.42
    * Agnitum Outpost Firewall Pro 2.5
    * Sygate Personal Firewall Pro 5.5
    * Tiny Firewall 6.0
    * Zone Labs ZoneAlarm Pro 5.5
    * Symantec Norton Personal Firewall 2005

    But this is a fundamental problem; to deny all sorts of tunneling just
    isn't possible without losing connectivity.

    The "Personal Firewall" providers are promising also here, what they
    cannot keep. Just like with the "stealthing" nonsense.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
Ask a new question

Read More

Firewalls Support Software Networking