Small request for LowWaterMark and others if you wish too

Re: Small request for LowWaterMark8 and others if you wish too-the admisntrator...

I'm afraid I stopped using Zone Alarm (or any software firewall on my main desktop system) at the end of 2004, so, I am not up to date on which ones do what better, or with what levels of control.

Back then I was referring to the way ZAP had added the expert (advanced) rules for both the general firewall functionality, and individual rules on each program, and while it was fairly powerful, it wasn't quite as granular as say Kerio 2.1.5.

As for your other questions, I'll give you my thoughts...

It can be to make you more secure, however, I do not believe you need detailed rules to be secure. You make very specific rules to give you greater control and/or monitoring abilities. Or, perhaps it is better to say that you are not necessarily less secure because you decide not to make low level granular rules. It really depends upon the firewall package and the level of protection it provides right out of the box. Likewise, you are not necessarily more secure if you do define detailed rules. In fact, make your rules incorrectly and you might just make your system much less secure.

Having no service ports exposed to unsolicited inbound connections makes you very secure whether you have disabled all listening services, or are using a firewall to block incoming connections. (I personally don't believe in the need for "stealth" configurations. Closed is closed as far as I'm concerned.)

That's a good configuration for a PC that is only a user client... i.e. you use it to access outward and run no listening services that you expect unknown people to connect into. That should make you very secure.

I've never been a big believer in the super stealthy, undetectable, unstoppable, magic malware program...

Yesterday, it was the rumor of these types of files that started people down the path of ever more complicated leaktest protections. I think leaktests and firewalls adapting against all of them, has gone way overboard.

Today, people talk about the uber-rootkit which is not only undetectable once it gets installed on your system, but, it can install itself on your system no matter what protections you have, configurations you run, and no matter what you do - whenever it wants. And, if you do get infected, you have to throw out your PC because it transfers itself into video cards, sound cards, the motherboard, speakers, monitor, and can even survive a total disk wipe, or in standard RAM when you power the system off. It's always there... Shocking! (If it's not obvious, I don't buy it.)

 

Re: Small request for LowWaterMark8 and others if you wish too-the admisntrator...

Nothing running on my desktop PC. Late 2004 is when I got a second PC and finally converted from a direct connection desktop PC <> ADSL modem, to a router setup. With a good NAT/partial SPI capability in the router, I decided to stop using a software firewall on that PC.

If I ever have to revert to dialup or direct aircard connection, or using wireless on my notebook, I either use Windows Firewall or Ghost Security's GhostWall. (I firmly believe in having some sort of software firewall enabled if you are not behind any kind of firewall appliance or if you use a public network anywhere. But, at home behind your own router or firewall, I don't consider a software firewall essential. Although, I do happen to have a sandbox/early HIPS capability on the desktop PC, so, that covers a lot of what people consider necessary for execution control and program isolation.)

No, the people I'm talking about aren't making a passing joke and they post about them in a lot more places than here.