Small request for LowWaterMark and others if you wish too

Discussion in 'other firewalls' started by CoolWebSearch, Jun 5, 2008.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    Hi, LWM.
    I wanted to ask you for a favor.
    I saw the post started by you about ZA Pro 4.0, I think.
    You said that there are far more configurable firewalls than ZA Pro's Expert rules section.
    I wanted to ask you if you consider Outpost Pro 2008 more configurable than ZoneAlarm Pro 7.0473.000, what other firewalls besides Jetico2 and Look'N'Stop are more configurable than ZA Pro 7.0.473.000?

    Since you are much, much more advanced user than I'm, I do have 2 questions:
    Is the point of firewalls' configuration to make you more secure?

    Isn't simply enough to have all closed ports from 0 to 65535?
    Than no hacker will be able to penetrate to your computer.

    Does more complex firewall configuration make you more secure or is it a waste of time?
    If you simply block all protocols, ports, IPs, incoming DHCP, TCP, UDP, SMTP, ICMP, IGMP, NetBIOS and the rest of all known protocols in ZA Pro are you completely safe?

    ZA by default has all ports closed; I think that should be enough protection against hackers although thanks to my 2 years experience I did manage to learn to configure some of these things.
    Basically, I block absolutely everything inbound and only a few outbound connections are partially allowed (I set rule to "ask").

    Also, I've heard from a friend that hackers basically can make completely harmless file which when you open it, gives detailed information to a hacker about your IP, operation system, LAN and etc...
    I don't think any firewall can do anything at all when something like that happens, not even HIPS...

    Your opinions highly needed!!!
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Re: Small request for LowWaterMark8 and others if you wish too-the admisntrator...

    I'm afraid I stopped using Zone Alarm (or any software firewall on my main desktop system) at the end of 2004, so, I am not up to date on which ones do what better, or with what levels of control.

    Back then I was referring to the way ZAP had added the expert (advanced) rules for both the general firewall functionality, and individual rules on each program, and while it was fairly powerful, it wasn't quite as granular as say Kerio 2.1.5.

    As for your other questions, I'll give you my thoughts...

    It can be to make you more secure, however, I do not believe you need detailed rules to be secure. You make very specific rules to give you greater control and/or monitoring abilities. Or, perhaps it is better to say that you are not necessarily less secure because you decide not to make low level granular rules. It really depends upon the firewall package and the level of protection it provides right out of the box. Likewise, you are not necessarily more secure if you do define detailed rules. In fact, make your rules incorrectly and you might just make your system much less secure.

    Having no service ports exposed to unsolicited inbound connections makes you very secure whether you have disabled all listening services, or are using a firewall to block incoming connections. (I personally don't believe in the need for "stealth" configurations. Closed is closed as far as I'm concerned.)

    That's a good configuration for a PC that is only a user client... i.e. you use it to access outward and run no listening services that you expect unknown people to connect into. That should make you very secure.

    I've never been a big believer in the super stealthy, undetectable, unstoppable, magic malware program...

    Yesterday, it was the rumor of these types of files that started people down the path of ever more complicated leaktest protections. I think leaktests and firewalls adapting against all of them, has gone way overboard.

    Today, people talk about the uber-rootkit which is not only undetectable once it gets installed on your system, but, it can install itself on your system no matter what protections you have, configurations you run, and no matter what you do - whenever it wants. And, if you do get infected, you have to throw out your PC because it transfers itself into video cards, sound cards, the motherboard, speakers, monitor, and can even survive a total disk wipe, or in standard RAM when you power the system off. It's always there... Shocking! :eek: (If it's not obvious, I don't buy it.)
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Small request for LowWaterMark8 and others if you wish too-the admisntrator...

    Ad 1: what are you using now then?

    Ad 3: Agree, resistance is futile ;)

    Ad 2: When 3 would be true, why bother for leaktests :eek: I never understand people theathening with 3 and still trying to obtain a leakless setup. The only leakless setup is a disconnected computer :D

    Regards Kees
     
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    When people talk about these uber rootkits, I'm never sure if they are being serious or just satiring the Wilders paranoia.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Re: Small request for LowWaterMark8 and others if you wish too-the admisntrator...

    Nothing running on my desktop PC. Late 2004 is when I got a second PC and finally converted from a direct connection desktop PC <> ADSL modem, to a router setup. With a good NAT/partial SPI capability in the router, I decided to stop using a software firewall on that PC.

    If I ever have to revert to dialup or direct aircard connection, or using wireless on my notebook, I either use Windows Firewall or Ghost Security's GhostWall. (I firmly believe in having some sort of software firewall enabled if you are not behind any kind of firewall appliance or if you use a public network anywhere. But, at home behind your own router or firewall, I don't consider a software firewall essential. Although, I do happen to have a sandbox/early HIPS capability on the desktop PC, so, that covers a lot of what people consider necessary for execution control and program isolation.)

    No, the people I'm talking about aren't making a passing joke and they post about them in a lot more places than here.
     
  6. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    Re: Small request for LowWaterMark8 and others if you wish too-the admisntrator...

    Hi, LowWaterMark.
    Thank you for the answers.
    I just was on some potentially dangerous websites and I downloaded some cracks for games (well, even the website itself warns by showing you a skull to be quite dangerous). Crack is in txt format, which means it can't harm me, however there was an file called "YAG"-now I did check with every possible anti-malware product and re-checked it with several HIPS products, but found nothing, so I decided to open it up.
    What I found that rumors of hackers bringing in an file that is completely harmless but gives you detailed information might be true.
    The fact is I opened this file and it gave the complete analysis of what operation system I use, how much RAM memory the IP adress of LAN and etc...
    But it didn't do any harm to my computer.
    The only problem I have is that I personally don't believe this file sent an information to hacker about my Operation system and all that, I simply don't I'm quite sure that ZA or Comodo or whatever firewall would have asked me-unless firewall thinks that file is completely harmless and lets it to connect to the internet.
    Very doubtful, if you ask me.

    Also, one more question:
    I'd like to to hear your opinion about leak-tests-do you think leak-tests are important part of testing or not?
    What I found out this is a very controversial theme even between security experts-the question is why?
    I'd like to hear your opinion on leak-tests.
    Big thanks, again.
     
Thread Status:
Not open for further replies.