Archived from groups: comp.security.firewalls (More info?)

Do any firewalls, especially the popular ZoneAlarm, provide firewall
protection for multiple user accounts on a PC with Win XP?

We occasionally wish to switch between a user and Family account, but
our Freedom security pkg (from ISP Adelphia cable) says it's not working
when we fast-switch to a user account while another account is active.

Thanks!

Archived from groups: comp.security.firewalls (More info?)

GeneM <NoSpam@noyahoospam.bom> wrote:
> Do any firewalls, especially the popular ZoneAlarm, provide firewall
> protection for multiple user accounts on a PC with Win XP?

Yes, the Windows-Firewall does, which is part of Windows XP.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

Archived from groups: comp.security.firewalls (More info?)

"GeneM" <NoSpam@NoYahooSpam.bom> wrote in message
news:8o2dnRstNMmHb7HeRVn-vA@adelphia.com...
> Do any firewalls, especially the popular ZoneAlarm, provide firewall
> protection for multiple user accounts on a PC with Win XP?
>
> We occasionally wish to switch between a user and Family account, but
> our Freedom security pkg (from ISP Adelphia cable) says it's not working
> when we fast-switch to a user account while another account is active.

Complain to your ISP. They won't do anything until the complaint count gets
high enough (which probably means never, in this case) but you may as well
be counted. Good luck getting through to someone who knows what fast user
switching is.

Jason

>
> Thanks!

Archived from groups: comp.security.firewalls (More info?)

> GeneM wrote:
>
>>Do any firewalls, especially the popular ZoneAlarm, provide firewall
>>protection for multiple user accounts on a PC with Win XP?

Volker Birk wrote:
> Yes, the Windows-Firewall does, which is part of Windows XP.

Thanks VB, but I would restrict consideration to firewalls which also
monitor, and block as prescribed, outbound traffic. My understanding is
that Win XP's firewall fails to monitor or restrict outbound traffic.

Thanks, again.
-- GeneM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> GeneM <NoSpam@noyahoospam.bom> wrote:
> > Do any firewalls, especially the popular ZoneAlarm, provide firewall
> > protection for multiple user accounts on a PC with Win XP?

> Yes, the Windows-Firewall does, which is part of Windows XP.
>

I don't know if teh toher personal firewalls do. But, it may not be
so good to keep recommending the windows firewall above other personal
firewalls.
because
The Sygate personal firewall has a great logging feature, listing
incoming and outgoing connections. It is far superior to the log
provided by the windows firewall.
I know of no other tools that doe this. MS Port Reporter is not as
good.

I don't actually need sygate for its firewall protection. But a port
logger like that is such an important tool to have.

Archived from groups: comp.security.firewalls (More info?)

GeneM wrote:
> > GeneM wrote:
> >
> >>Do any firewalls, especially the popular ZoneAlarm, provide firewall
> >>protection for multiple user accounts on a PC with Win XP?
>
> Volker Birk wrote:
> > Yes, the Windows-Firewall does, which is part of Windows XP.
>
> Thanks VB, but I would restrict consideration to firewalls which also
> monitor, and block as prescribed, outbound traffic. My understanding is
> that Win XP's firewall fails to monitor or restrict outbound traffic.
>

true, there is a debate (see recent threads). Many are on te side that
say blocking incoming is all you need and blocking outgoing is a
nuisance.

All agree about blocking incoming. (though stealth mode is stupid - see
recent threads)

Some Argumenets against blocking outgoing-

Firewalls that block outgoing will prompt you a lot , when any windows
process sends anything or when there is communication on your LAN. This
looks good for marketters, but is a nuisance to the user. (though,
mosto f these nuisances should be over and done with once the firewall
has been used once)

Apparently, from my reading of some posts, Smarter malicious program
can make outgoing connections that appear very innocent. Might not
trigger your personal firewall.

Average joe spyware that would make an outbound connection, you should
spot it anyway, with a program like Active Ports. And your intenet
connection wll prob slow down. These programs that don't hide
themselves very well are probably nothnig to be afraid of. e.g. if
you can stop a thief by putting a banana skin on your driveway, then
you'll catch him with a burglar alarm. No need for the banana skin.

It's a bit like locking yourself in your own home. Very Very
inconvenient.
You should know when programs are making outgoing connections and not
rely on a firewall!! So, they may send for 10 minutes before you
notice. Do you keep your credit card information online?


Besides Active Ports, you can also do netstat -b And it will
display established connections along with te process that is on your
comp communicating.

You shouldn't rely solely on the firewall to save yourself from malware
making outgoing connections. If you have it on your sysstem. You should
remote it properly. Not just block it

Archived from groups: comp.security.firewalls (More info?)

GeneM wrote:
> > GeneM wrote:
> >
> >>Do any firewalls, especially the popular ZoneAlarm, provide firewall
> >>protection for multiple user accounts on a PC with Win XP?
>
> Volker Birk wrote:
> > Yes, the Windows-Firewall does, which is part of Windows XP.
>
> Thanks VB, but I would restrict consideration to firewalls which also
> monitor, and block as prescribed, outbound traffic. My understanding is
> that Win XP's firewall fails to monitor or restrict outbound traffic.

see recent threads. there are arguments for not blocking outbound. 2
sides to the debate.

Archived from groups: comp.security.firewalls (More info?)

GeneM <NoSpam@noyahoospam.bom> wrote:
> My understanding is
> that Win XP's firewall fails to monitor or restrict outbound traffic.

Yes, and since I just tried out, my understanding is, that all the
"Personal Firewalls" fail also, see my POC on
http://www.dingens.org/breakout.c

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

Archived from groups: comp.security.firewalls (More info?)

jameshanley39@yahoo.co.uk wrote:
> But, it may not be
> so good to keep recommending the windows firewall above other personal
> firewalls.
> because
> The Sygate personal firewall has a great logging feature, listing
> incoming and outgoing connections. It is far superior to the log
> provided by the windows firewall.

But Sygate also is vulnerable to the SelfDoS attack, and installs
system services, which open Windows. This breaches security.

> I don't actually need sygate for its firewall protection. But a port
> logger like that is such an important tool to have.

Yes. And ethereal does exist, as well as:

http://www.sysinternals.com/Utilities/TdiMon.html

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

Archived from groups: comp.security.firewalls (More info?)

On Sun, 18 Sep 2005 00:50:38 -0400, GeneM <NoSpam@NoYahooSpam.bom>
wrote:

>Do any firewalls, especially the popular ZoneAlarm, provide firewall
>protection for multiple user accounts on a PC with Win XP?
>
>We occasionally wish to switch between a user and Family account, but
>our Freedom security pkg (from ISP Adelphia cable) says it's not working
>when we fast-switch to a user account while another account is active.
>
>Thanks!

Sygate does. You won't see the tray icon in the other limited user
accounts but it is still running and doing its job.

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> jameshanley39@yahoo.co.uk wrote:
> > But, it may not be
> > so good to keep recommending the windows firewall above other personal
> > firewalls.
> > because
> > The Sygate personal firewall has a great logging feature, listing
> > incoming and outgoing connections. It is far superior to the log
> > provided by the windows firewall.
>
> But Sygate also is vulnerable to the SelfDoS attack,

is that just when a comedian send some packets where src ip=your
router. and the PFW thinks there's an attack from that ip and blocks
packets from the router.

'cos that wouldn't happen often, and u could probably turn the PFW off
or check the PFW's configuration and remove the router's ip from any
attacker list. - leaving the windows firewall on.

>and installs
> system services, which open Windows. This breaches security.

ah

> > I don't actually need sygate for its firewall protection. But a port
> > logger like that is such an important tool to have.
>
> Yes. And ethereal does exist, as well as:

packet sniffers list lots. every single frame. far too much info. I
just want the connetions listed nicely, logged. ms port reporter is
close to sygate but not as good.

iris has a nicer gui than ethereal, but is not free. still, it's a
paket sniffer, so does give more on the screen than i want

> http://www.sysinternals.com/Utilities/TdiMon.html

TDImon can flood the screen with far more info than I want. It'd be
interesting if i was studying TCP and UDP, but not for logging
connections in and out.

-
besides the disadvantages to sygate that you jut mentione. i'll add
that i was running sygate and it crashed, was not visible in the
taskbar, and caused the blocking of all outgoing connections!

Though in sygate's favour

It still scores highly though 'cos of its nice GUI and its port
logger.

and mainly
sygate is the only one that includes date/time, incoming/outgoing, and
doesn't flood the screen with other information.

many of those jst flood the screen. and don't mention date/time,


I still see no alternatives for a port logger. i'm loking into
wallwatcher, but am not optimistic abotu being able to get my rotuer to
transmit its log to a comp. especially since i can't even view the log
in my router - at least i haven't figured out how yet.

Archived from groups: comp.security.firewalls (More info?)

jameshanley39@yahoo.co.uk wrote:
> > But Sygate also is vulnerable to the SelfDoS attack,
> is that just when a comedian send some packets where src ip=your
> router. and the PFW thinks there's an attack from that ip and blocks
> packets from the router.

Yes, something like that. A second option would be the source IP of
the DNS server, for example. Or any other host, which is neccessary.

> 'cos that wouldn't happen often, and u could probably turn the PFW off
> or check the PFW's configuration and remove the router's ip from any
> attacker list. - leaving the windows firewall on.

Yes. This is exactly, what I recommended - turing the "Personal Firewall"
off and leaving the Windows-Firewall on ;-)

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"